As the trial of alleged Silk Road drug market creator Ross Ulbricht approaches, the defense has highlighted the mystery of how law enforcement first located the main Silk Road server in an Icelandic data center, despite the computer being hidden by the formidable anonymity software Tor. Was the FBI tipped off to the server’s location by the NSA, who used a secret and possibly illegal Tor-cracking technique?
The answer, according to a new filing by the case’s prosecution, is far more mundane: The FBI claims to have found the server’s location without the NSA’s help, simply by fiddling with the Silk Road’s login page until it leaked its true location.
http://www.wired.com/2014/09/the-fbi-finally-says-how-it-legally-pinpointed-silk-roads-server/
Silk Road Prosecution 4th Amendment Rebuttal:
http://www.scribd.com/doc/238796613/Silk-Road-Prosecution-4th-Amendment-Rebuttall
FBI Explanation of Silk Road Vulnerability:
http://www.scribd.com/doc/238844570/FBI-Explanation-of-Silk-Road-vulnerability
Related Stories
A few days ago we had a submission here on SN about the FBI's claim on how it located the Silk Road's servers. Some researchers have now opined that the FBI's claim may not be accurate and suggested that they may have achieved their means in less that legal ways. One suggestion includes exploiting known bugs to discover the server's IP address.
If this is true, it would mean the FBI may have participated in potentially unlawful actions to help them close the case.
(Score: 0) by Anonymous Coward on Sunday September 07 2014, @10:45PM
Funny how it probably resembles succesful black hat attacks of credit card systems and the like, although of course Tor wouldn't be an issue in the latter. Just keep probing until you notice something that shouldn't be there. When it comes to cybersecurity, it's far easier to play offense than defense.
(Score: -1) by Anonymous Coward on Sunday September 07 2014, @11:49PM
shutdown -h now
(Score: 5, Informative) by Anonymous Coward on Monday September 08 2014, @01:33AM
My ego may be getting the better of me in this posting but it's been bruised once too often now by the editors so I'm going to bitch (and go on record now). You can mod me up or down based upon your own experiences with worthy submissions being rejected seemingly out of hand.
Not long ago I submitted an article to the queue about the Ross Ulbricht defense's motions to dismiss based upon perceived 4th amendment violations and it was rejected. There were no other submission on that topic in the queue. And now here is THIS, which just happens to be the a follow through of the EXACT story I submitted.
I'm obviously not going to be making any friends of the editors now (not that I really wanted that) but I really don't give a fuck anymore and I haven't submitted anything for a while because of it. If I want to be ignored, I'll go back to Slashdot and suffer through the commercialism of that place.
To the editors, I DON'T submit shit. Why should I take the time to write the submission and do the other things to increase its quality if it's going to be rejected.
So, in short, if you want to keep your submitters happy, START EXPLAINING WHY IT WAS REJECTED AND TO HELL TO THOSE WHO WANT TO KNOW. How in the hell am I going to figure out what the editors like and don't like if I don't know what's wrong with it?
(Score: 5, Interesting) by mendax on Monday September 08 2014, @01:37AM
Oops.... I made the decision to go on record but forgot to clear the anonymous check box. The bitch session above is mine.
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: -1, Flamebait) by Ethanol-fueled on Monday September 08 2014, @02:38AM
Come on, man, you're being silly. You're acting like you were cheated out of a winning lottery ticket or a date with a supermodel. Really, is it that big a deal?
If you need validation that badly you can call a phone-sex line and talk to some ol' bag about your life all night -- you know, there are guys who actually do that -- or do what I do and spew racial slurs and dick pictures all over #Soylent, then laugh when they kick you out.
(Score: 1, Redundant) by mendax on Monday September 08 2014, @01:50AM
And I ought to have said "TO HELL WITH THOSE WHO DON'T WANT TO KNOW".
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: 5, Interesting) by tynin on Monday September 08 2014, @02:17AM
Some time ago, an editor commented about this, answering something very similar to your own question... alas, i haven't purchased an account yet, so I cannot see far enough back in my own comment history where i thanked them for the answer.
I think it went something like... ~"There are many editors. Not all of the editors have the same opinions, nor equal amounts of time free, to devote to editing."
This is an ad hoc community doing a rather decent job of keeping the ball moving forward, and in my opinion has been getting better over time. Further, the editors just like us are (mostly) human. Sometimes our views of the moment are overly stained with the mood we are in, and not entirely based on the value of its content. I think you are making this rejection overly personal, but I understand how it can seem that way, many rejections can cut you similarly.
It would be nice to have a field for the editors to fill in on why a submission was rejected. While in nature it could(will in some cases) create additional friction with that submitter, it would provide a transparent view for the community that could help let them know to "Man up, Nancy!"
TLDR: Editor feedback on rejected submissions would be good. But if a rejected submission or two hurt your ego, you may need thicker skin.
(Score: 2) by mendax on Monday September 08 2014, @05:56AM
Indeed, he did. I was the one complaining, that time anonymously.
As far as being thin skinned, you're damned right, at least for today. My skin thickens and thins depending upon my mood. My mood has not been good the last couple days and so it pissed me off.
I can understand why the editors stopped sending reasons for rejecting submissions. After all, it pissed off submitters. But I WANT to know so I know what they're looking for. The solution is simple. And since there doesn't seem to be a way to bitch about it except by using the IRC channel (I don't do chat rooms for personal reasons so I won't use it) I air my dirty laundry here. At least I found the huevos to do it for the record today, even if I did muddle it up a bit.
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: 2, Informative) by Anonymous Coward on Monday September 08 2014, @08:15AM
Here's another little prod for explaining rejections. I think I've had a few perfectly good submissions omitted. Kinda made me sad and baffled. Also, I didn't submit for awhile afterwards.
Kudos for mendax for bringing this problem to the limelights.
(Score: 2) by tynin on Wednesday September 10 2014, @11:54AM
After some further thought, I think you might have better luck raising the issue in the IRC channel. Best of luck and good on you for saying your mind.
(Score: 5, Insightful) by mendax on Monday September 08 2014, @01:56AM
The problem with the FBI explanation is that there is no way the defense will ever be allowed to actually test the veracity of the government's claims. For all we know, they used the NSA's dirty tricks to locate it, went to Iceland, and slipped in a bit of code that allowed them to claim what they are claiming. It seems an independent forensics examination is in order here. That's the only way I will believe that the government used hacked into it fair and square. In as important a case as this one, the FBI is not beyond such highly illegal and corrupt practices.
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: 1, Insightful) by Anonymous Coward on Monday September 08 2014, @02:14AM
It's quite possible that the NSA knows enough about Tor that it found this vulnerability in Silk Road, then tipped the FBI.
That would be similar to black hats tipping one another, or getting tipped by a crooked employee of the victim organization.
(Score: 4, Insightful) by Anonymous Coward on Monday September 08 2014, @03:19AM
The term you are looking for is "Parallel Construction". It is not new, and I have no doubt the FBI would have done that if they had got the information from illegal channels first.
The problem is, we will never know from the outside.
(Score: 3, Insightful) by tftp on Monday September 08 2014, @04:13AM
It would be nearly impossible to prove who inserted the code that leaked the address. This could be, as an example, a simple HTML comment with a hardcoded IP address. How could anyone prove who inserted it if the job was done with physical access to the server? For all we know, the server was imaged, partitions mounted, and then the root password was cracked by brute force, with access to /etc/shadow and friends (not sure how it is done today.) The defense does not have a pristine backup of the server that is not touched by the prosecution. Any examination will only say that yes, we found this here leak in all images and in all backups.
(Score: 3, Funny) by SlimmPickens on Monday September 08 2014, @01:08PM
That's the only way I will believe that the government...hacked into it fair and square
There's precious few sentences I have enjoyed more than that one.
(Score: 0) by Anonymous Coward on Monday September 08 2014, @01:54PM
Why?
There is reasonable doubt the government did something illegal and fishy to get a conviction. => not guilty.
It's up to the government to remove that reasonable doubt, and they can't convince me with the NSA in place as it is.
(Score: 2) by tangomargarine on Monday September 08 2014, @02:49PM
Reasonable doubt is something the government gives to the people, not the other way around.
Assuming the gov't is acting in your best interests seems to lead to where we are now (hypothetical oversight that does jack shit). Don't trust, verify where possible.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 5, Interesting) by _NSAKEY on Monday September 08 2014, @04:17AM
This analysis is a good read: https://www.nikcub.com/posts/analyzing-fbi-explanation-silk-road/ [nikcub.com]
(Score: 5, Insightful) by tonyPick on Monday September 08 2014, @05:58AM
They would come up with something realistic, wouldn't they? Remember Parallel Construction - To quote the original Reuters:
federal agents are trained to "recreate" the investigative trail to effectively cover up where the information originated
https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intelligence-laundering [eff.org]
(Score: 0) by Anonymous Coward on Monday September 08 2014, @08:35AM
This is why we need them.
First dangle a big carrot. (Not big enough to land you in federal for years though... just imply it would) Rig them with all sorts of intrusion detection systems and run a really really tight logging regime. And then see exactly what's happening.
(Score: 4, Funny) by tibman on Monday September 08 2014, @01:47PM
Every time i venture into /var/log I feel like all my systems are honeypots : /
SN won't survive on lurkers alone. Write comments.
(Score: 2, Informative) by ghost on Monday September 08 2014, @01:46PM