Stories
Slash Boxes
Comments

SoylentNews is people

posted by azrael on Tuesday October 21 2014, @07:42PM   Printer-friendly
from the end-justifying-the-means dept.

Krebsonsecurity reports that new court documents released this week by the U.S. government in its case against "Dread Pirate Roberts" suggest that the feds may have some explaining to do.

Last month, the U.S. government released court records claiming that FBI investigators were able to divine the location of the hidden Silk Road servers because the community’s login page employed an anti-abuse CAPTCHA service that pulled content from the open Internet — thus leaking the site’s true Internet address.

But lawyers for alleged Silk Road captain Ross W. Ulbricht (a.k.a. the “Dread Pirate Roberts”) asked the court to compel prosecutors to prove their version of events. And indeed, discovery documents reluctantly released by the government this week appear to poke serious holes in the FBI's story.

The FBI claims that it found the Silk Road server by examining plain text Internet traffic to and from the Silk Road CAPTCHA, and that it visited the address using a regular browser and received the CAPTCHA page. But Weaver says the traffic logs from the Silk Road server (PDF) that also were released by the government this week tell a different story.

"The server logs which the FBI provides as evidence show that, no, what happened is the FBI didn’t see a leakage coming from that IP," he said. "What happened is they contacted that IP directly and got a PHPMyAdmin configuration page." See this PDF file for a look at that PHPMyAdmin page. Here is the PHPMyAdmin server configuration.

Bruce Schneier reckons FBI's story is a botched parallel construction on hints from NSA.

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by tibman on Wednesday October 22 2014, @03:03AM

    by tibman (134) Subscriber Badge on Wednesday October 22 2014, @03:03AM (#108519)

    All true : ) But i'll also never fall victim to someone finding an outdated/vulnerable version of phpmyadmin. The whole folder tree should not be viewable by just anyone. Mine is only viewable if the source addr is localhost. So i have to ssh tunnel in and connect that way. The machine is headless.

    About the 404 blocker. If i ran a site that people actually visited then i'd worry more about automated crawlers being blocked. But right now it is not intended to be listed. 90% of the current traffic is automated vulnerability scanners (well, i hope it's automated, lol). There isn't much i can do about proxy ips and dynamic ips. If someone was using Tor, for example, the server would end up blocking all the exit nodes and nobody could reach the site via Tor anymore. Those kinds of issues don't have simple answers. White-listing ips that actively spew garbage at your server is an uncomfortable compromise. Thankfully, it is not one i need to worry about right now. The best solution i know for dynamic ips is to just block them for shorter periods of time. Maybe a week or two. It'll shut up a noisy scanner but someone who inherits a previously blocked ip will be in a temporary situation. It's another compromise : /

    --
    SN won't survive on lurkers alone. Write comments.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2