Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
The Courts Privacy Security

Feds Say NSA "Bogeyman" Did Not Find Silk Road's Servers 142

An anonymous reader writes The secret of how the FBI pinpointed the servers allegedly used by the notorious Silk Road black market website has been revealed: repeated login attempts. In a legal rebuttal, the FBI claims that repeatedly attempting to login to the marketplace revealed its host location. From the article: "As they typed 'miscellaneous' strings of characters into the login page's entry fields, Tarbell writes that they noticed an IP address associated with some data returned by the site didn't match any known Tor 'nodes,' the computers that bounce information through Tor's anonymity network to obscure its true source. And when they entered that IP address directly into a browser, the Silk Road's CAPTCHA prompt appeared, the garbled-letter image designed to prevent spam bots from entering the site. 'This indicated that the Subject IP Address was the IP address of the SR Server,' writes Tarbell in his letter, 'and that it was "leaking" from the SR Server because the computer code underlying the login interface was not properly configured at the time to work on Tor.'"
This discussion has been archived. No new comments can be posted.

Feds Say NSA "Bogeyman" Did Not Find Silk Road's Servers

Comments Filter:
  • ... as long as there is no resourceful federal agency trying to get you.
    • by sinij ( 911942 ) on Monday September 08, 2014 @09:24AM (#47852093)
      No you don't have expectation of anonymity anywhere, but with Tor breaching your anonymity is prohibitively expensive for most scenarios.
    • Here's the thing:

      Did the Feds have a warrant for searching this particular server? Quote the 4th Amendment:

      ... and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

      Did they have a warrant specifically describing the place to be searched, and the persons or things to be seized?

      If not, they were violating the CSRA, by accessing a server without authorization, which is exactly what they tried to charge Aaron Schwarz with.

      It is not permissible to break the law in order to enforce the law. This is a principle older than the United States itself.

  • In other words: perjury, but you can't prove it.
  • We'll never know (Score:5, Insightful)

    by sasparillascott ( 1267058 ) on Monday September 08, 2014 @09:35AM (#47852199)
    Back in 2006 it was already out that the NSA was sharing information with the FBI among others:

    http://www.washingtonpost.com/... [washingtonpost.com]

    With multiple leaders of the U.S. intelligence apparatus having been caught lying under oath, we'll never know. One of the techniques is for the NSA to pinpoint something then the FBI look at the target and find something else they can label as the "reason" they found out about it.

    At this point, because of our government's shortsighted decision's (Bush/Obama) to pursue and institute a surveillance state (ala East Germany), we'll never know what the story was here and have to take any claim from the Feds with a huge dose of skepticism.
  • by phorm ( 591458 ) on Monday September 08, 2014 @09:57AM (#47852395) Journal

    It's not about a server misconfiguration.
    TOR connections are tunnels. You don't have to configure your webserver etc for TOR, your machine just has to behind a firewall etc that doesn't allow the traffic out (or really, a router that just doesn't NAT it in). The only way to access the webserver would be through the tunnel, so no TOR=no access.

    I find it a bit hard to believe that a guy who is able to get one of the largest black-market enterprises running on a server/farm connected to an anonymous/decentralized network isn't smart enough to *not* give it a public IP and/or put the equivalent to a home internet router in front of it.

    • by raymorris ( 2726007 ) on Monday September 08, 2014 @10:09AM (#47852493) Journal

      > I find it a bit hard to believe that a guy who is able to get one of the largest black-market enterprises running on a server

      Do you find it hardto believe that Paypal's engineers make significantly more obvious mistakes? They do, of course. The thing about crime, and security, is that you can do a hundred things just right, and be taken down by the one thing you missed. It's adversarial like sports, but unlike sports 47-2 is a losing score for the team who scored 47. Those two items on which you let the authorities score put you in prison.

      • I find it a bit hard to believe that a guy who is able to get one of the largest black-market enterprises running on a server/farm connected to an anonymous/decentralized network isn't smart enough to *not* give it a public IP and/or put the equivalent to a home internet router in front of it.

        People make mistakes all the time. Even smart people.

        You've never made a mistake? Never missed a bug? Never misconfigured a system? Ever?

        Do a hundred things right, and one thing wrong, and just guess which one will get caught.

      • by gweihir ( 88907 )

        Paypal engineers do not go to prison for an extended period of time when they are caught. Paypal engineers are also the cheapest possible that can just about get the job done.

        • > Paypal engineers do not go to prison for an extended period of time when they are caught.

          Neither does the script monkey that Ulbricht hired to set up the captcha.

          • by gweihir ( 88907 )

            You believe that he did not do this himself? Seriously, this guy evades the FBI for years and then he hires some Noob to do critical work on his servers?

            • He had a huge criminal enterprise to run, tons of money to launder, murders to order, and hopefully he'd make some time to enjoy his ill-gotten gains before he eventually made a mistake and got busted. If he was wasting his time setting up a captcha, that was pretty stupid. The smart thing would be for him to have someone eho understands banking and finance take care if the banking and finance, someone who understands programming take care of the programming, someone who understands high-capacity ser

    • by _xeno_ ( 155264 ) on Monday September 08, 2014 @10:11AM (#47852503) Homepage Journal

      The only way I can think of to accidentally do what the FBI is claiming is if he just grabbed an poorly written CAPTCHA program off the Internet and it constructed its own URLs back to the server using the server's IP address.

      Why it would do that instead of using the configured server name or, even better, just use a relative URL would be anyone's guess. But it's the only plausible way for the FBI's explanation to make any sort of sense.

      (Or, to put it another way, they're almost certainly lying.)

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        The only way I can think of to accidentally do what the FBI is claiming is if he just grabbed an poorly written CAPTCHA program off the Internet and it constructed its own URLs back to the server using the server's IP address.

        Why it would do that instead of using the configured server name or, even better, just use a relative URL would be anyone's guess. But it's the only plausible way for the FBI's explanation to make any sort of sense.

        (Or, to put it another way, they're almost certainly lying.)

        Well, you c

        • by _xeno_ ( 155264 )

          Well, you could actually read the dam court documents. If you put random junk into the CAPTCHA boxes sometimes you would get an error page back - over TOR - but which contained the true IP address of the server.

          Where do you get this? Because the court documents in the article certainly don't say that. In fact, they seem to be saying that the IP packets themselves contained the IP:

          Upon examining the individual packets of data being sent back from the website, we noticed that the headers of some of the packets reflected a certain IP address not associated with any known Tor node as the source of the packets.

          That's not an error message, that's (apparently) an HTTP(S?) request being sent straight to the Tor servers. And the only way I can think of to screw up a CAPTCHA implementation to do that would be to have it construct a complete URL using the host IP instead of just using the configured host name, which would be insane.

          Again: according t

    • The issue seems to be not one of what IP address you give it, nor whether its public facing or not, but that he was leaking data via some other means (captcha call back or license file?) which exposed the real servers location rather than the Tor hidden one.

    • by TheCarp ( 96830 ) <sjc AT carpanet DOT net> on Monday September 08, 2014 @10:14AM (#47852537) Homepage

      > I find it a bit hard to believe that a guy who is able to get one of the largest black-market enterprises running on
      > a server/farm connected to an anonymous/decentralized network isn't smart enough to *not* give it a public IP
      > and/or put the equivalent to a home internet router in front of it.

      as much as I would like to not believe it, this is one of those cases where, he has to be perfect every time, they have to catch him slipping up once.

      I don't know what his stack was, but typically, there are a lot of places information can leak. Including in error messages.

      The reality is, no hidden service (that isn't intentionally also a non-hidden one) should have a public IP where it can be reached. The last public endpoint should be its tor node, and the tor node itself should then only contact it via private IPs. It should then also only contact its backend databases by private IPs.

      If that means you have to setup backend VPNs for the transport.... then guess what....that means you have to setup backend VPNs for the transport.

      Frankly, what this guy did, overall, wasn't all that impressive. He put a bunch of tools together. He didn't develop tor, he just made the obvious leap. Being more willing to take the risk doesn't mean you are the best of the best, it just means you are confident enough to risk a fall on your face.

    • I've been thinking about this over the last few days, ever since the story popped up in wired.

      If they exceed the captcha's rate limit, the captcha -might- leak information in its rate-limiting error message. The message would be something like "your server at IP has exceeded its request limit."

      This is likely because if you exceed the rate limit you'd kind of want to know which one of your front-ends was be the bad one.

      Nobody really would test that sort of thing either.

  • by portwojc ( 201398 )

    How many sites out there are HTTPS but deliver some data via HTTP by mistake or oversight? Looks like that applies here too. Good job tracking this down. Plain old inspecting what your receiving and digging into it.

    • Yeah I agree. This seems like unremarkable good detective work. Well done, coppers, you caught a criminal.

      Whether we need to change the law is a separate question to whether this guy broke it.

    • by q4Fry ( 1322209 )
      Posting to remove accidental downvote.
    • by gweihir ( 88907 )

      Oh, sure. And nobody found this in a site that gets attacked all the time. Really believable.

  • by sjames ( 1099 ) on Monday September 08, 2014 @10:37AM (#47852779) Homepage Journal

    We have discovered so many lies from various LEAs and NSA about parallel construction (they even lie to judges and prosecutors) that it is impossible to believe them without iron-clad evidence at this point.

    Perhaps they'd care to show us the code? Show us the log of the exploit? Bare assertions won't do.

    • by GuB-42 ( 2483988 )

      So you prefer the explanation that the NSA used super secret TOR breaking software over a simple exploit ? The FBI explanation seems totally plausible to me. If it were the NSA they probably would have used similar techniques.

      My idea is that hackers from the NSA, FBI or black hats are like magicians. It looks like they have some kinds of superpowers or really advanced tech while they just use simple tricks. Finding good tricks and executing them correctly is hard but the trick themselves are often stupidly

      • by sjames ( 1099 )

        Some days, I question if the FBI knows how to turn a computer on.

        They certainly don't know how to process forensic evidence.

        Meanwhile, we do know that the NSA has illegally hacked a great many routers and tapped many fiber connections. I find it more likely that they used their illegal resources to locate the server through traffic analysis. No need to invoke any superpowers.

        I find it at least plausible enough to require proof from the FBI in a criminal investigation (not that it will likely be forthcoming

      • by gweihir ( 88907 )

        The explanation is plausible only to a simple mind. Remember that this service was up a long time and certainly got attacked all the time. Somebody would have found that problem a long time before the FBI if it was real. Much more likely they did a targeted attack and found some real vulnerability, which they do not want to disclose and hence are lying about, like any common criminal. This has nothing to do with the rule of law anymore. Next step, which I am sure they have already taken in less high-profile

  • Now TOR (or whom ever) can fix it.

    • by ledow ( 319597 )

      Security software cannot fix stupidity.

      In this case, one of the scripts on a Tor service pulled data from and thus advertised it's globally-addressable IP address.

      Sure, they can improve their processes and pull that script and replace it with a Tor-compatible version - but Tor can't detect this kind of stupidity and fix it for you. If you're stupid enough to put your home address on a Tor service, there's nothing Tor can do about that either.

      The most interesting thing about this story is that all the "Tor

  • For every lie NSA gets printed on the news...

    The thing about writing the website or configuring the system to tunnel data through any kind of proxy/tor is that for every packet or http request or whatever you work with you have to EXACTLY specify what happens as in what comes in and what goes out, the lie is just too retarded.

    I've made like a dozen network backends for different kinds of applications and progarms. I know.
  • Where a group of FBI boffins are cheering, hooting and hollering about the find, and a group of NSA boffins, rolling their eyes and being coy, "Awe! Look at them, you'd think they just broke codes!".
  • Who would be so stupid to run a server like that without masquerading? That is not credible at all. A simple masquerading firewall before the actual server makes sure that a) no non-TOR traffic ever reaches or leaves the actual server and b) the server itself does not know the public IP it is reachable under. This is really basic protection and set up withing a few hours. It also makes sure nothing like the FBI claims can ever happen.

    The only sensible explanation is that the FBI is lying through its teeth.

  • The IP will probably be revealed as being 127.0.0.1.

    The judge will accept it as evidence, and the jury will convict because we are still living in a society of imbeciles trying to impose on how everyone should live under the premise that they know better as a collective decider.

    We are destroying basic human rights and severely punishing people simply so we can "show them a better path" in life.

    It's absurd. Why can't we just close all these ineffective branches of government fighting pseudo crimes already?

Keep up the good work! But please don't ask me to help.

Working...