from the not-as-dark-as-we-thought dept.
Silk Road 2.0 and 400 other sites believed to be selling illegal items including drugs and weapons have been shut down. The sites operated on the Tor network - a part of the internet unreachable via traditional search engines. The joint operation between 16 European countries and the US saw 17 arrests.
Although details of how the sites were identified are not given, it does suggest that software now exists that removes the veil that behind which the DarkNet once hid. Any Soylentils have any ideas of how this might be achieved? This story might be the clue.
More information can be found here : http://www.bbc.co.uk/news/technology-29950946
Krebsonsecurity reports that new court documents released this week by the U.S. government in its case against "Dread Pirate Roberts" suggest that the feds may have some explaining to do.
Last month, the U.S. government released court records claiming that FBI investigators were able to divine the location of the hidden Silk Road servers because the community’s login page employed an anti-abuse CAPTCHA service that pulled content from the open Internet — thus leaking the site’s true Internet address.
But lawyers for alleged Silk Road captain Ross W. Ulbricht (a.k.a. the “Dread Pirate Roberts”) asked the court to compel prosecutors to prove their version of events. And indeed, discovery documents reluctantly released by the government this week appear to poke serious holes in the FBI's story.
The FBI claims that it found the Silk Road server by examining plain text Internet traffic to and from the Silk Road CAPTCHA, and that it visited the address using a regular browser and received the CAPTCHA page. But Weaver says the traffic logs from the Silk Road server (PDF) that also were released by the government this week tell a different story.
"The server logs which the FBI provides as evidence show that, no, what happened is the FBI didn’t see a leakage coming from that IP," he said. "What happened is they contacted that IP directly and got a PHPMyAdmin configuration page." See this PDF file for a look at that PHPMyAdmin page. Here is the PHPMyAdmin server configuration.
Bruce Schneier reckons FBI's story is a botched parallel construction on hints from NSA.
Little is known about how U.S. and European law enforcement shut down more than 400 websites, including Silk Road 2.0, which used technology that hides their true IP addresses. The websites were set up using a special feature of the Tor network, which is designed to mask people’s Internet use using special software that routes encrypted browsing traffic through a network of worldwide servers.
The Tor Project, is a nonprofit that relies in part on donations. The project “currently doesn’t have funding for improving the security of hidden services,” wrote Andrew Lewman, the project’s executive director, in a blog post on Sunday. ( https://blog.torproject.org/blog/thoughts-and-concerns-about-operation-onymous )
It is possible that a remote-code execution vulnerability has been found in Tor’s software, or that the individual sites had flaws such as SQL injection vulnerabilities. But Lewman wrote The Tor Project had little information on the methods used by law enforcement in the latest action.
“Tor is most interested in understanding how these services were located and if this indicates a security weakness in Tor hidden services that could be exploited by criminals or secret police repressing dissents,” he wrote.
Can anybody help Andrew Lewman understand what happened ?
"Apparently these researchers were paid by the FBI to attack hidden services users in a broad sweep, and then sift through their data to find people whom they could accuse of crimes," Dingledine writes. "Such action is a violation of our trust and basic guidelines for ethical research. We strongly support independent research on our software and network, but this attack crosses the crucial line between research and endangering innocent users."
Tor's statement all but confirms that Carnegie Mellon's attack was used in the late 2014 law enforcement operation known as Operation Onymous, carried out by the FBI and Europol. That dark web purge took down dozens of Tor hidden services, including several of the most popular Tor-based black markets for drugs including the Silk Road 2, and led to at least 17 arrests. Tor, for its part, has made efforts to subsequently block the attack, which it says it first detected in July of 2014.
When WIRED contacted Carnegie Mellon, it didn't deny the Tor Project's accusations, but pointed to a lack of evidence. "I'd like to see the substantiation for their claim," said Ed Desautels, a staffer in the public relations department of the university's Software Engineering Institute. "I'm not aware of any payment," he added, declining to comment further.
Tor's Dingledine responded to that call for evidence by telling WIRED that it identified Carnegie Mellon as the origin of the attack by pinpointing servers running on Tor's network that were used in the de-anonymization technique. When it asked Carnegie Mellon if the servers were being run by its researchers—a suspicion based on the canceled Black Hat conference presentation—the anomalous servers disappeared from the network and the university offered no response. The $1 million payment, Dingledine says, was revealed to Tor by "friends in the security community."
July 26, 2014: Russia Offers $111,000 to Break TOR Anonymity Network
September 30, 2014: Tor Executive Hints at Firefox Integration
November 8, 2014: Huge Raid to Shut Down 400-plus DarkNet Sites
November 10, 2014: Tor Project Mulls How Feds Took Down Hidden Websites
November 17, 2014: Is Tor a Honeypot?
December 22, 2014: Servers Seized After Tor Developers Warn of Potential Government Attempt To Take Down Network