Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday November 08 2014, @07:18PM   Printer-friendly [Skip to comment(s)]
from the not-as-dark-as-we-thought dept.

Silk Road 2.0 and 400 other sites believed to be selling illegal items including drugs and weapons have been shut down. The sites operated on the Tor network - a part of the internet unreachable via traditional search engines. The joint operation between 16 European countries and the US saw 17 arrests.

Although details of how the sites were identified are not given, it does suggest that software now exists that removes the veil that behind which the DarkNet once hid. Any Soylentils have any ideas of how this might be achieved? This story might be the clue.

More information can be found here : http://www.bbc.co.uk/news/technology-29950946

Related Stories

Silk Road Lawyers Poke Holes in FBI’s Story 13 comments

Krebsonsecurity reports that new court documents released this week by the U.S. government in its case against "Dread Pirate Roberts" suggest that the feds may have some explaining to do.

Last month, the U.S. government released court records claiming that FBI investigators were able to divine the location of the hidden Silk Road servers because the community’s login page employed an anti-abuse CAPTCHA service that pulled content from the open Internet — thus leaking the site’s true Internet address.

But lawyers for alleged Silk Road captain Ross W. Ulbricht (a.k.a. the “Dread Pirate Roberts”) asked the court to compel prosecutors to prove their version of events. And indeed, discovery documents reluctantly released by the government this week appear to poke serious holes in the FBI's story.

The FBI claims that it found the Silk Road server by examining plain text Internet traffic to and from the Silk Road CAPTCHA, and that it visited the address using a regular browser and received the CAPTCHA page. But Weaver says the traffic logs from the Silk Road server (PDF) that also were released by the government this week tell a different story.

"The server logs which the FBI provides as evidence show that, no, what happened is the FBI didn’t see a leakage coming from that IP," he said. "What happened is they contacted that IP directly and got a PHPMyAdmin configuration page." See this PDF file for a look at that PHPMyAdmin page. Here is the PHPMyAdmin server configuration.

Bruce Schneier reckons FBI's story is a botched parallel construction on hints from NSA.

Tor Project Mulls How Feds Took Down Hidden Websites 32 comments

Little is known about how U.S. and European law enforcement shut down more than 400 websites, including Silk Road 2.0, which used technology that hides their true IP addresses. The websites were set up using a special feature of the Tor network, which is designed to mask people’s Internet use using special software that routes encrypted browsing traffic through a network of worldwide servers.

The Tor Project, is a nonprofit that relies in part on donations. The project “currently doesn’t have funding for improving the security of hidden services,” wrote Andrew Lewman, the project’s executive director, in a blog post on Sunday. ( https://blog.torproject.org/blog/thoughts-and-concerns-about-operation-onymous )

It is possible that a remote-code execution vulnerability has been found in Tor’s software, or that the individual sites had flaws such as SQL injection vulnerabilities. But Lewman wrote The Tor Project had little information on the methods used by law enforcement in the latest action.

“Tor is most interested in understanding how these services were located and if this indicates a security weakness in Tor hidden services that could be exploited by criminals or secret police repressing dissents,” he wrote.

http://www.pcworld.com/article/2845352/tor-project-mulls-how-feds-took-down-hidden-websites.html

[Related]: https://blog.torproject.org/blog/hidden-services-need-some-love

Can anybody help Andrew Lewman understand what happened ?

Tor Says Feds Paid Carnegie Mellon $1M to Help Unmask Users 28 comments

Wired and others are reporting on a Tor blog post claiming that Carnegie Mellon University researchers were paid by the Federal Bureau of Investigation to help attack Tor hidden services:

"Apparently these researchers were paid by the FBI to attack hidden services users in a broad sweep, and then sift through their data to find people whom they could accuse of crimes," Dingledine writes. "Such action is a violation of our trust and basic guidelines for ethical research. We strongly support independent research on our software and network, but this attack crosses the crucial line between research and endangering innocent users."

Tor's statement all but confirms that Carnegie Mellon's attack was used in the late 2014 law enforcement operation known as Operation Onymous, carried out by the FBI and Europol. That dark web purge took down dozens of Tor hidden services, including several of the most popular Tor-based black markets for drugs including the Silk Road 2, and led to at least 17 arrests. Tor, for its part, has made efforts to subsequently block the attack, which it says it first detected in July of 2014.

When WIRED contacted Carnegie Mellon, it didn't deny the Tor Project's accusations, but pointed to a lack of evidence. "I'd like to see the substantiation for their claim," said Ed Desautels, a staffer in the public relations department of the university's Software Engineering Institute. "I'm not aware of any payment," he added, declining to comment further.

Tor's Dingledine responded to that call for evidence by telling WIRED that it identified Carnegie Mellon as the origin of the attack by pinpointing servers running on Tor's network that were used in the de-anonymization technique. When it asked Carnegie Mellon if the servers were being run by its researchers—a suspicion based on the canceled Black Hat conference presentation—the anomalous servers disappeared from the network and the university offered no response. The $1 million payment, Dingledine says, was revealed to Tor by "friends in the security community."

Previously:

July 26, 2014: Russia Offers $111,000 to Break TOR Anonymity Network
September 30, 2014: Tor Executive Hints at Firefox Integration
November 8, 2014: Huge Raid to Shut Down 400-plus DarkNet Sites
November 10, 2014: Tor Project Mulls How Feds Took Down Hidden Websites
November 17, 2014: Is Tor a Honeypot?
December 22, 2014: Servers Seized After Tor Developers Warn of Potential Government Attempt To Take Down Network


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by cafebabe on Saturday November 08 2014, @07:53PM

    by cafebabe (894) on Saturday November 08 2014, @07:53PM (#114100) Journal

    Any Soylentils have any ideas of how this might be achieved?

    If I was in the surveillance business, I'd be dumping all TCP SYN packets to a giant OLAP database. From here, it is trivial to perform a PageRank [wikipedia.org] in the manner that I'd process telephone calls [soylentnews.org].

    To locate a specific site in an onion routing network, inject TCP requests to locate all nodes. Omissions are not critical. From the subset of TCP SYN packets emitted from these nodes, find paths which converge on one IP address. Even with a dataset of one billion rows, it would be possible to find likely candidates with one SQL query.

    To find high volume darknet markets, rank the quantity of TCP SYN packets from exit nodes and then investigate each site for illegal commerce. An investigation of the top 1,000 sites may yield about, oh, 400 marketplaces.

    How would this type of sieving be avoided? Erm, don't use anything which works like a TCP SYN packet.

    --
    1702845791×2
    • (Score: 1, Informative) by Anonymous Coward on Saturday November 08 2014, @08:01PM

      by Anonymous Coward on Saturday November 08 2014, @08:01PM (#114101)

      "To find high volume darknet markets, rank the quantity of TCP SYN packets from exit nodes and then investigate each site for illegal commerce. An investigation of the top 1,000 sites may yield about, oh, 400 marketplaces."

      Tor hidden service traffic does not leave the Tor network. No exit nodes are involved.

      Among other things, this means to run a Tor hidden service you don't need to disclose your location or IP, you don't need a fixed IP, and you don't need a globally routable address: you can serve Tor hidden services from behind NAT with a fire wall and a dynamic IP. It's pretty nice for home servers even if you don't need the privacy.

      • (Score: 2) by cafebabe on Saturday November 08 2014, @08:29PM

        by cafebabe (894) on Saturday November 08 2014, @08:29PM (#114103) Journal

        I define an exit node as the last node in the chain to emit a TCP SYN packet. Sites of interest receive large numbers of TCP SYN packets but don't emit a corresponding number.

        --
        1702845791×2
        • (Score: 0) by Anonymous Coward on Saturday November 08 2014, @09:47PM

          by Anonymous Coward on Saturday November 08 2014, @09:47PM (#114116)

          Tor hidden service connections as far as TCP go are outgoing from both the user and the server. They meet somewhere in the middle of the Tor network. This makes clients and servers pretty similar from a traffic perspective.

      • (Score: 0) by Anonymous Coward on Sunday November 09 2014, @06:18PM

        by Anonymous Coward on Sunday November 09 2014, @06:18PM (#114301)
        Your traffic to the hidden service is likely to have its last hop be through a tor node (if it goes straight from you to the service it probably means tor is broken right?). Guess who owns and runs many of those tor nodes?

        So they can figure out which hidden services are popular.
    • (Score: 2, Interesting) by Rosco P. Coltrane on Saturday November 08 2014, @08:35PM

      by Rosco P. Coltrane (4757) on Saturday November 08 2014, @08:35PM (#114105)

      I have a feeling it's nothing as complicated as that. The Tor network is pretty secure, but browsers aren't if you don't know how to configure them, and there's always plain old social engineering and police infiltration work. The weak link in anything secure is the users, and you can often circumvent it altogether by fooling or conning them.

      • (Score: 3, Insightful) by cafebabe on Saturday November 08 2014, @08:56PM

        by cafebabe (894) on Saturday November 08 2014, @08:56PM (#114108) Journal

        I'd like to credit old-fashioned police detective work but I find it more likely that a panopticon of Zircon, Echelon, Prism and suchlike is sieved by central agencies before parallel construction [soylentnews.org] is done by local agencies.

        Regarding infiltration, deny anyone who pushes for privileges. This approach also reduces technical problems.

        --
        1702845791×2
    • (Score: 2) by Dunbal on Saturday November 08 2014, @09:28PM

      by Dunbal (3515) on Saturday November 08 2014, @09:28PM (#114110)

      It's the same theory as the one behind why DRM will never work. If your computer can find it, my computer can find it.

      • (Score: 2) by cafebabe on Saturday November 15 2014, @01:12PM

        by cafebabe (894) on Saturday November 15 2014, @01:12PM (#116183) Journal

        If a service is made available to untrusted parties via indirection and the indirection relies upon volunteers who cannot be trusted and establishment of connections is logged by untrusted parties then the service can be located without indirection by one or more parties.

        --
        1702845791×2
    • (Score: 4, Interesting) by edIII on Saturday November 08 2014, @10:55PM

      by edIII (791) Subscriber Badge on Saturday November 08 2014, @10:55PM (#114140)

      I don't necessarily agree with you on the implementation, but the basics are if you control the whole network there is no anonymity.

      TCP/IP isn't designed for anonymity and it certainly doesn't support it. What TOR does is provide a deniable property to communications, but only as a matter of scope. It's not a true property, or in other words, emergent. The real problem is that regardless of hidden services, it's possible for Eve to record all of the traffic activity with known addresses (TCP/IP can't support anything else).

      Your neighbor might not be able to defeat that deniable property, your local law enforcement or ISP couldn't defeat that deniable property, but a national intelligence community collecting packets from all the Tier 1 providers just might.

      If you collect enough instances of the traffic (especially if you initiate it) I'm sure that math and science support the notion that you could determine a likely node with a suitable degree of confidence. It's 100% confidence to nail you in court (theoretically), but it can be much less to identify a lead in an investigation which likely screws you with surveillance ultimately. I can't possibly see how over time an attacker is gaining more and more nodes involved in these illicit communications and not being able to identify nodes accessing it more often.

      What TOR has to overcome is a design in which it's assumed all network traffic activity is recorded for the whole network all the time, in addition to ensuring an equal distribution of access to services across the entire TOR network. Anything less, and it starts becoming apparent that the child porn is hitting your TOR node far more often than statistically believable. At that point, it seems like a five minute conversation with the judge and FBI as to whether or not they can install malware. Which is of course hilarious. The FBI asking permission.

      Delivering anonymity in the light of who we are really trying to be anonymous from, is a little disheartening.

      Although, my intuition tells me this has much less to do with TOR onion routing protocols and topology, and is more likely to be tools to gain access remotely through an .onion addressed server and then initiate identification from the remote end directly akin to tracing wires in a building. With everything else coming to light about the seemingly massive critical bugs in our software it's not an entirely unfounded fear as an attack vector. So we shouldn't throw the TOR network away yet and claim it's tainted.

      If I was operating a TOR hidden service I would do everything absolutely possible to look at information leakage through interactions with the service itself. This includes firewall rules to prevent a server from sending out packets at all unless it's routed through the TOR network.

      Additionally, I wouldn't be so adverse to the idea of researchers creating fake criminal honeypots to see if they can catch the intelligence apparatuses at work and determine how they are doing it so we can put a stop to it. What's the difference between Mafia Wars and real life? Perspective.

      Maybe we should all just create a massively fun game where we sell and send plastic bags of "weed" and "coke" you can buy from the grocery store, and create Darknets to do it. I'm betting that might be the most effective way to put a monkey wrench into their toy.

      --
      Technically, lunchtime is at any moment. It's just a wave function.
      • (Score: 1, Insightful) by Anonymous Coward on Sunday November 09 2014, @03:35AM

        by Anonymous Coward on Sunday November 09 2014, @03:35AM (#114188)

        Maybe we should all just create a massively fun game where we sell and send plastic bags of "weed" and "coke" you can buy from the grocery store,

        Bad idea. Selling obviously fake drugs under the impression that they're real will get you convicted for trafficking. Thats not a new thing either, its been happening for decades. Although on the plus side, this "game" would force more people to realize how destructive prohibition is by ruining even more innocent lives.

      • (Score: 0) by Anonymous Coward on Sunday November 09 2014, @06:13AM

        by Anonymous Coward on Sunday November 09 2014, @06:13AM (#114223)

        > It's 100% confidence to nail you in court (theoretically),

        My understanding that "beyond reasonable doubt" is reckoned to be about 75% confidence

      • (Score: 2) by cafebabe on Saturday November 15 2014, @01:24PM

        by cafebabe (894) on Saturday November 15 2014, @01:24PM (#116187) Journal

        firewall rules to prevent a server from sending out packets at all unless it's routed through the TOR network.

        Default route considered harmful [wikipedia.org].

        --
        1702845791×2
  • (Score: 2) by Justin Case on Saturday November 08 2014, @08:50PM

    by Justin Case (4239) on Saturday November 08 2014, @08:50PM (#114106) Journal

    > sites believed to be selling illegal items

    Believed? No evidence? No trial?

    > joint operation between 16 European countries and the US

    Otherwise known as governments believed to be overstepping their authority, so of course, the good guys will be shutting them down too, right?

  • (Score: 2) by Appalbarry on Saturday November 08 2014, @08:52PM

    by Appalbarry (66) on Saturday November 08 2014, @08:52PM (#114107) Journal

    At the end of the day it all seems to come down to one thing: a lot of criminals, especially in the lower regions of the drug trade, are pretty dumb. [gawker.com]

    Benthall didn't make FBI work very hard. According to the complaint, Benthall allegedly registered the server he hosted Silk Road 2.0 on with his own email address.... Benthall also retweeted a post about the relaunch of Silk Road on the very day it went online...

    Years ago (pre-digital) a friend who worked as a bank teller told me how the police usually managed to catch bank robbers, "These guys come into the bank, and they're incredibly nervous, and without thinking they write their hold up note on the back side of their pre-printed deposit slip."

    • (Score: 5, Interesting) by melikamp on Saturday November 08 2014, @10:13PM

      by melikamp (1886) on Saturday November 08 2014, @10:13PM (#114120) Journal

      More to the point, online market operators are at the bottom of the criminal food chain. They are retailers who need all the hardware power of a laptop and a script kiddie skill set. The illegal drug trade business model is designed to recover from periodic shutdowns. If a wholesaler can contract a TOR store a few times a year or so and collect as little as half of the profit, the margins are still sky-high. The law enforcement likes to make strong-sounding statements like "we'll never back down", but as usual they are just expressions of desperation. The drug lords are basically crushing them at this game. Before the narcs could do with a few knuckleheads raiding the downtown and arresting a bunch of black teenagers. New retailers have a similar entry barrier (almost none), access to millions of customers, and cannot be shut down without an international task force of highly qualified professionals working around the clock.

      Even if TOR hidden service can be traced, what we hear is a proof that it works well enough to allow drug trade on the scale that was unthinkable before. Every time we see a ramp-up in drug seizures we can safely assume that the trade is up, not down, and this is the case here. First they shut down 1 silk road, and one year later they took down 400 silk roads. Far from being deterred, the criminals seem to be very happy with TOR.

      • (Score: 2) by edIII on Sunday November 09 2014, @12:27AM

        by edIII (791) Subscriber Badge on Sunday November 09 2014, @12:27AM (#114165)

        Can we just agree to mod his post +5 right now and be done with it?

        --
        Technically, lunchtime is at any moment. It's just a wave function.
    • (Score: 2) by darkfeline on Saturday November 08 2014, @10:15PM

      by darkfeline (1030) on Saturday November 08 2014, @10:15PM (#114121) Homepage

      Nah, it's just selection bias. The only criminals that are discovered then arrested are stupid, hence they were discovered and arrested. The smart criminals are still plying their craft as usual (and I'm not making a dig at the politician-corporation complex, either).

      --
      Join the SDF Public Access UNIX System today!
  • (Score: 2, Interesting) by Rosco P. Coltrane on Saturday November 08 2014, @09:35PM

    by Rosco P. Coltrane (4757) on Saturday November 08 2014, @09:35PM (#114111)

    when they put their collective mind to it. Imagine that: a 16-country effort to arrest 17 terribly dangerous individuals.

    Yet no such effort is ever undertaken to arrest corrupt bankers, politicians, rich fucks and corporations who don't pay their taxes, clever attorneys who help the aforementioned sumbitches funnel billions to tax havens... Heck, even Youtube (on the clearnet) is guilty of massive copyright infringement - but hey, Google is untouchable don't you know...

    Strange isn't it?

    Seems Lady Justice's blindfold has slipped a little.

    • (Score: 0) by Anonymous Coward on Saturday November 08 2014, @10:38PM

      by Anonymous Coward on Saturday November 08 2014, @10:38PM (#114128)

      The scales may look like they can tip but the crossbar is welded into place.

    • (Score: 1) by deimios on Sunday November 09 2014, @04:47AM

      by deimios (201) Subscriber Badge on Sunday November 09 2014, @04:47AM (#114194) Journal

      OK I'll bite.

      You state that Google is untouchable. It's not that it's untouchable, more like it can move MASSIVE amounts of people if need be. No politician wants to appear on the front page of a shut down youtube as the cause.

      Regarding the rest of the scumbags and legal grey-area exploiters: campaign funds don't come for free you know. Unless the whole system is overhauled, you will never ever see those guys in jail, even in countries where bribes are illegal.

      But dealing with drugdealers (ok this one is starting to slip because of legalization in some parts), sites depicting child abuse (think of the children) and copyright stealing pirates (these directly influence the income of the MAFIAA and the amount of campaign funds they can funnel) is considered a politically safe and pretty straightforward activity.

      • (Score: 2) by urza9814 on Monday November 10 2014, @04:05PM

        by urza9814 (3954) on Monday November 10 2014, @04:05PM (#114527) Journal

        It's a bit of both actually. It's not just that politicians don't want to be on the news -- there really does seem to be this unwritten rule that white guys in suits don't just get arrested, even when there's no political agenda involved.

        Check this out:
        http://www.theatlantic.com/national/archive/2013/12/i-got-myself-arrested-so-i-could-look-inside-the-justice-system/282360/ [theatlantic.com]

        Guy wanders around NYC with cans of spraypaint and a stencil reading “N.Y.P.D. Get Your Hands Off Me” -- that alone is illegal, he walks by dozens of officers and most say nothing, a few notice but don't even give him a warning. So he steps it up -- actually uses them to vandalize city hall. With the police watching. None of them do anything. Then after seeing a news report about the crime the next day, saying it was committed by "unknown suspects" (despite him doing this in broad daylight, on camera, with officers watching him) he goes to turn himself in. Walks up to the cops, hands them his ID, tells them what he did...and they tell him to go home. He spent weeks trying to turn himself in, every day, and every day he got told to go home because nobody arrests the white guy in a suit.

    • (Score: 2) by LoRdTAW on Monday November 10 2014, @12:19AM

      by LoRdTAW (3755) on Monday November 10 2014, @12:19AM (#114376) Journal

      Because the rich fucks profit from selling the government goons the toys they need to track down a bunch of disposable, low level crooks. And that profit keeps them going as it affords them things like campaign contributions and other get out of jail free cards.

  • (Score: 0) by Anonymous Coward on Sunday November 09 2014, @06:08AM

    by Anonymous Coward on Sunday November 09 2014, @06:08AM (#114219)

    You guys are over complicating it. When you order something over these networks someone has to pay for these items. How do they plan tp pay, by credit card, cash, money order? The feds can order something and track where that money goes and find someone to arrest. Additionally they can attempt to track the packages and their place of origin via the mail system. IOW, good old investigative work.

    • (Score: 2) by hemocyanin on Sunday November 09 2014, @02:21PM

      by hemocyanin (186) on Sunday November 09 2014, @02:21PM (#114268) Journal

      I'm pretty sure the favored currency is bitcoin. I'm not a bitcoin user so I don't know the various ways a user could be traced through the coin's transaction history, but I'm pretty certain there is no place to send a subpoena to for account information, unlike visa, banks, etc.

      • (Score: 0) by Anonymous Coward on Sunday November 09 2014, @07:02PM

        by Anonymous Coward on Sunday November 09 2014, @07:02PM (#114310)

        While Bitcoin is another payment option you are still missing the big picture.

        Bitcoins can, to some extent, be traced. But the point is that even if these guys are using bitcoins at some point those coins must either be converted to cash, credit card funds, or to something physical that can be purchased. If you try to buy a house with it the feds are going to investigative where you got the money to buy this nice property with no job. Furthermore they can purchase items themselves with bitcoins and try to trace where their expected packages are coming from and how their coins are being turned into cash and things someone can buy.

        • (Score: 0) by Anonymous Coward on Monday November 10 2014, @01:33PM

          by Anonymous Coward on Monday November 10 2014, @01:33PM (#114489)

          And the way to do this is relatively easy. They set up an address that wouldn't otherwise receive mail and they order their items to be sent to that address. They then alert USPS, UPS, etc... to tell them if they receive a package intended for this destination. If they do it pops up on the computer and the feds get alerted about which post office first received the package. Then they know that whoever dropped that package off did so within the jurisdiction of this post office. They then order another package and continue their investigation from there.

          What the online drug cartels might be able to do is try to drop their packages at different locations. Then it becomes a game of cat and mouse

          • (Score: 2) by urza9814 on Monday November 10 2014, @04:13PM

            by urza9814 (3954) on Monday November 10 2014, @04:13PM (#114531) Journal

            Yeah, they really don't have to do anything special there. I too get alerted whenever UPS picks up a package destined for my address. Doesn't cost me anything, just have to register with their app. When my dad sent me his laptop to fix a while back, it popped right up with the UPS store where he made the shipment. Then the cops just go to that store and ask for a record of who made the purchase. If they paid cash, you pull up the store surveillance video. How hard is that?

            Of course, that all depends what's being ordered. If it's small enough to fit in a regular mail envelope that can be dropped in any box on the street...that might need something more complicated.

            But that's just to track the sellers. My understanding was that Silk Road was more of a marketplace for others to sell stuff. Unless the admin was stupid enough to be selling things themselves (which is not at all unlikely) those tricks wouldn't work to shut down the site as a whole.

            • (Score: 0) by Anonymous Coward on Monday November 10 2014, @04:49PM

              by Anonymous Coward on Monday November 10 2014, @04:49PM (#114548)

              True but how are the admins making money? Bitcoins? Even if so bitcoins can be traced to some extent. At some point those bitcoins need to eventually be turned into real money or property or something valuable and they can trace that.

              and who's paying the admins their money? Advertisers? They can trace who advertisers are sending money to and investigate from there.

              Do the users or sellers pay the admins a fee? How is that money being paid? They can trace that. Even if it's through bitcoins they can trace who's exchanging bitcoins for bank funds or cash (if you are exchanging bitcoins directly for cash then who's giving you the cash? A fed? Someone working or being subpenaed by the feds?). It's not like you can buy a house with bitcoins and no one will notice. The feds will notice if you suddenly have a nice house in your name with no job. How are you paying for this? Bitcoins? Where are you getting these bitcoins and what are you doing to get them?

              • (Score: 0) by Anonymous Coward on Monday November 10 2014, @04:54PM

                by Anonymous Coward on Monday November 10 2014, @04:54PM (#114552)

                and if the sellers pay an admin fee the feds can set themselves up as a seller and try to trace where the funds are going. They can send themselves a package, pay for it, and continue their investigation from there.