Silk road shut down (allegedly)

returnNull · 02-10-2013 10:14PM

Khannie wrote: »

This about sums it up, but the way they nailed that child porn lad was very slick. Hats off to them tbh.

Its a very good example of where your glad a hosting company didnt update their server software!

Seachmall · 02-10-2013 10:14PM

Khannie wrote: »

It's not untraceable at all tbh. I bought bitcoin once, waited a while, then sold it. It would be trivial for a law enforcement agency to trace the bitcoin to me. To properly use bitcoin anonymously you would need to be technically savvy and purchase the coins with cash and / or mine them yourself.

Every transaction ever made with bitcoin is public.

You could send the bitcoin in small segments through dozens, even hundreds, of addresses to disguise who originally purchased them.

It's not perfect but it creates enough of a gap between the original purchase of the bitcoin and the spending of the bitcoin to allow for plausible deniability.

It's essentially the same idea as more traditional money laundering.

Once upon a time there was a site that allowed you to purchase by credit/debit card. If they were still active it'd be much easier to stay relatively anonymous (via prepaid cards for example).

returnNull · 02-10-2013 10:15PM

Mark Twain wrote: »

Technically easy. The number of users of TOR is small. It isn't a huge technical undertaking to control many of the exit nodes. Or to spoof exit nodes.

approx 500,000

Fukuyama · 02-10-2013 10:16PM

returnNull wrote: »

you'd need a stupid amount of exit nodes to make sure you got enough packets to trace the IP of the person your tracking.Then you'd also have to break the encrption on those packets that TOR puts on them and again the information in those IP packets could of been encrpted before they were sent over the TOR network.

Now the NSA have deals done with IBM to create special chips for breaking encrption.Some american professor reckons they can decrypt the data packets used by TOR users in a few hours on an older version of TOR which has a different type of encrption to the latest version.A fairly high % of TOR users are running the older version.

Tor was developed by the US Navy. Let's not forget that.

They've multiple reports of both 1st gen and 2nd gen Tor being broken by brute force and by mapping and tracking nodes.

Brute force isn't an option anymore as the network is simply too large and shifting. Nodes can be tracked.

But yeah. I agree with a previous poster. The easiest way to catch these guys is likely to use good old detective work /ask around etc...

For example, a small fry hacker such as a credit card fraudster could get nabbed. Say he tells the FBI he knows a little about the Silk Road. I'm sure his case would go away pronto if he led them to a more higher up hacker. Who could flip. And so on. The average geek isn't going to be willing to do time in a fed supermax or withstand an interrogation. They'd rather go back to their ma's spare room and code.

As with more law efforts in this area, they've cut the head off the snake and instead of one network there'll be dozens tomorrow morning up and ready for business.

Seachmall · 02-10-2013 10:19PM

Mark Twain wrote: »

Technically easy. The number of users of TOR is small. It isn't a huge technical undertaking to control many of the exit nodes. Or to spoof exit nodes.

So lets say you have 100% of the exit nodes.

What next?

Walk me through this...

And how does one "spoof" an exit node? It's either an exit node or it's not.

Fukuyama · 02-10-2013 10:22PM

Seachmall wrote: »

You could send the bitcoin in small segments through dozens, even hundreds, of addresses to disguise who originally purchased them.

It's not perfect but it creates enough of a gap between the original purchase of the bitcoin and the spending of the bitcoin to allow for plausible deniability.

It's essentially the same idea as more traditional money laundering.

Once upon a time there was a site that allowed you to purchase by credit/debit card. If they were still active it'd be much easier to stay relatively anonymous (via prepaid cards for example).

You still can purchase by CC - but it'd have to be through a less than legit source. Such as by topping up a prepaid CC, paying a guy into his anon PayPal account and then him sending you Bitcoins.

But the hassle of the whole thing turns away small time users. With time, energy, transaction fees. You could have grown a farm of weed by the time you see your little bag drop through the letterbox :P

For money laundering / tax avoidance etc... bitcoin is safe in that it is HARD to trace. But your money fluctuates wildly with the Bitcoin markets. For example, anyone with a transaction in process today will be annoyed seeing as the value is plummeting.

Very interesting to read about though. The deep web is something not a lot of people know about and it makes up around 80% of the Internet.

Mark Twain · 02-10-2013 10:22PM

returnNull wrote: »

approx 500,000

Many of which can be spoofed. An overlay network created by various law enforcement agencies would fire that up in a couple of weeks.

returnNull · 02-10-2013 10:25PM

Dean0088 wrote: »

For example, a small fry hacker such as a credit card fraudster could get nabbed. Say he tells the FBI he knows a little about the Silk Road. I'm sure his case would go away pronto if he led them to a more higher up hacker. Who could flip. And so on. The average geek isn't going to be willing to do time in a fed supermax or withstand an interrogation. They'd rather go back to their ma's spare room and code.

pretty much.Remember reading a case about a child molester in the states who got caught,plea bargained with cops and gave over his password/username to a website that he used(and was apparently hard to get on to)and was a high level admin on that website.

wexie · 02-10-2013 10:26PM

returnNull wrote: »

you'd need a stupid amount of exit nodes to make sure you got enough packets to trace the IP of the person your tracking.Then you'd also have to break the encrption on those packets that TOR puts on them and again the information in those IP packets could of been encrpted before they were sent over the TOR network.

So just to get this clear in my head, an exit node can just be any device running TOR right? So the more devices you can control that are running TOR the more exit nodes you control?

How many do you think is a stupid amount? (I understand that might be hard to answer). I doubt 'they' would go through the trouble for something as trivial as Silk Road to use brute force but surely the facilities would be there?

This datacenter houses several 100 thousand servers and there are a few more like it worldwide, albeit maybe not quite that size. Most of which are controlled by US multinationals (MSFT, Google, Facebook etc).

(I appreciate we may well be getting into conspiracy theory territory but it's an interesting thought, wonder if 'they' monitor imagefap :eek:)

Fukuyama · 02-10-2013 10:27PM

Mark Twain wrote: »

Many of which can be spoofed. An overlay network created by various law enforcement agencies would fire that up in a couple of weeks.

Spoofing the Tor network could be done (I guess in theory) but not for this kind of small fry. It's not like the Silk Road was THAT big of a deal. The feds and NSA are too busy elsewhere.

I think detectives just chance their arm, fire off emails to those talking the talk on message boards etc and see where they end up.

Besides, everything on Tor is randomly encrypted in different packets so it gets tricky. All you can do is find out where they originate from. Then you need to hack their PC etc...

Why not just find them the old fashioned way and get a warrant. Just about every hacker has been caught due to their ego or letting their 'empire' sprawl out of their tight control. Human error and a dash of stupidity.

Much less expensive than taking down a military grade anonymity network.

Fukuyama · 02-10-2013 10:31PM

wexie wrote: »

So just to get this clear in my head, an exit node can just be any device running TOR right? So the more devices you can control that are running TOR the more exit nodes you control?

How many do you think is a stupid amount? (I understand that might be hard to answer). I doubt 'they' would go through the trouble for something as trivial as Silk Road to use brute force but surely the facilities would be there?

This datacenter houses several 100 thousand servers and there are a few more like it worldwide, albeit maybe not quite that size. Most of which are controlled by US multinationals (MSFT, Google, Facebook etc).

(I appreciate we may well be getting into conspiracy theory territory but it's an interesting thought, wonder if 'they' monitor imagefap :eek:)

How much would that cost though? Who signs that cheque?!

I'd say the only time something that massive would be given the nod is if there was a nuke pointed at the White House or something.

Seachmall · 02-10-2013 10:31PM

returnNull wrote: »

pretty much.Remember reading a case about a child molester in the states who got caught,plea bargained with cops and gave over his password/username to a website that he used(and was apparently hard to get on to)and was a high level admin on that website.

There was a similar story about a carding* forum called "Carder Profit" or something.

The feds set it up to lure carders and after a couple of years they made arrests. One of the folk they arrested turned out to be an owner of another carding forum, more arrests were made.

*Carding is the trading of stolen credit cards.

My name is URL · 02-10-2013 10:31PM

returnNull wrote: »

approx 500,000

How many of them know how to use it, though? It's a cliché, but a chain is only as strong as it's weakest link.

I know dozens of people who 'use' Tor, and only about 10% of them know how to use it properly... eejits doing their everyday browsing with it, and watching flash videos and downloading PDFs believing they were being stealthy in doing so.. some may see those people as being useful idiots!

returnNull · 02-10-2013 10:32PM

wexie wrote: »

So just to get this clear in my head, an exit node can just be any device running TOR right? So the more devices you can control that are running TOR the more exit nodes you control?

How many do you think is a stupid amount? (I understand that might be hard to answer). I doubt 'they' would go through the trouble for something as trivial as Silk Road to use brute force but surely the facilities would be there?

This datacenter houses several 100 thousand servers and there are a few more like it worldwide, albeit maybe not quite that size. Most of which are controlled by US multinationals (MSFT, Google, Facebook etc).

(I appreciate we may well be getting into conspiracy theory territory but it's an interesting thought, wonder if 'they' monitor imagefap :eek:)

in august or september this year the number of TOR clients jumped from around the 500k to 2.5 million.At the time it happened the experts thought it was a very big botnet.But strangely all the new clients werent all that active.In the article I linked to some of the experts think possibly it could be an american law enforcement botnet.

Fukuyama · 02-10-2013 10:33PM

My name is URL wrote: »

How many of them know how to use it, though? It's a cliché, but a chain is only as strong as it's weakest link.

I know dozens of people who 'use' Tor, and only about 10% of them know how to use it properly... eejits doing their everyday browsing with it, and watching flash videos and downloading PDFs believing they were being stealthy in doing so.. some may see those people as being useful idiots!

It's not a chain though.

It's like a three dimensional net going in all directions with a rubics cube at each little intersection. Each intersection automatically pops up elsewhere when broken too.

Good luck!

wexie · 02-10-2013 10:35PM

Dean0088 wrote: »

How much would that cost though? Who signs that cheque?!

I'd say the only time something that massive would be given the nod is if there was a nuke pointed at the White House or something.

As someone already pointed out that probably wouldn't even be a blip on the NSA's budget. If TOR really only has about half a million users you could get 10% (ish) of the exit nodes with 100000 machines. NSA may well have that capacity in house.

But you're right I can't see it happening over something like silk road. They've gotten lots of publicity but it's not that big a deal in the grand scheme of things.

Seachmall · 02-10-2013 10:37PM

My name is URL wrote: »

How many of them know how to use it, though? It's a cliché, but a chain is only as strong as it's weakest link.

I know dozens of people who 'use' Tor, and only about 10% of them know how to use it properly... eejits doing their everyday browsing with it, and watching flash videos and downloading PDFs believing they were being stealthy in doing so.. some may see those people as being useful idiots!

There were a team of botnet operators arrested in London a couple of years back after one of them used the dedicated botnet computer (which operated through tor) to check his Facebook page.

They were making about a million pounds a month if I remember correctly and that's how they got caught.

Idiots be everywhere!

Also, people keep talking about controlling exit nodes. There's little benefit in controlling exit nodes unless the user is a moron (as described above). It's just not feasible to get from the exit node to the originator. That's the whole point of Tor.

returnNull · 02-10-2013 10:37PM

My name is URL wrote: »

How many of them know how to use it, though? It's a cliché, but a chain is only as strong as it's weakest link.

I know dozens of people who 'use' Tor, and only about 10% of them know how to use it properly... eejits doing their everyday browsing with it, and watching flash videos and downloading PDFs believing they were being stealthy in doing so.. some may see those people as being useful idiots!

Not very many I'd say tbh.The older version of TOR would have a weaker form of encrption that can be(or thought to be ) broken and again a high% of users havent updated to the latest version.
And as deano888(is that his name?

) says its very slow(because of the way the packets are bounced around) and then you have numpties that use it for torrenting lol.

Shout Dust · 02-10-2013 10:42PM

I like the way the FBI are calling it a victory, yet this apparently sloppy lone graduate eluded them for 2.5 years. Wonder will this stop the online trade in its tracks or will new sites spring up?

wexie · 02-10-2013 10:48PM

Seachmall wrote: »

There were a team of botnet operators arrested in London a couple of years back after one of them used the dedicated botnet computer (which operated through tor) to check his Facebook page.

I'm sure he's right popular with his mates these days

Also, people keep talking about controlling exit nodes. There's little benefit in controlling exit nodes unless the user is a moron (as described above). It's just not feasible to get from the exit node to the originator. That's the whole point of Tor.[/QUOTE]

So how would any tracking work then? Would it only work if you controlled all nodes but the originating node? Or can it just not be done?

Seachmall · 02-10-2013 10:58PM

wexie wrote: »

So how would any tracking work then? Would it only work if you controlled all nodes but the originating node? Or can it just not be done?

If you controlled all the nodes would be the easiest but of course then nobody would use Tor.

If you control some nodes (entrance and exit nodes) it can be done, the most recent idea being called Traffic Correlation, but there's also Timing Analysis and Tagging/Replay attacks

As far as I'm aware all of these are entirely theoretical and have yet to be used to actually break anonymity on Tor.

02-10-2013 11:02PM

Much easier to use a combination of social engineering and/or a 0day exploit injected in the sites hosting server to reveal true ip.

hmmm · 02-10-2013 11:09PM

In this case it appears the owner was simply sloppy (see "now onto how he got caught")
http://www.reddit.com/r/SilkRoad/comments/1nl7p9/sr_shutdown_fallout_discussion/ccjlwgp

Meangadh · 02-10-2013 11:15PM

spurious wrote: »

I don't understand what this thread is about. At all, at all.

Same. Not a clue. Have never heard of any of the stuff these people are talking about.

oppenheimer1 · 03-10-2013 12:00AM

Seachmall wrote: »

Tor is an anonymizing network.

99% of the time it does exactly what is says on the tin.

The biggest risk of losing anonymity on Tor is not a problem with Tor, it's a problem with those who use it.

TOR is 60% funded by the US government. You really think its that anonymous?

Seachmall · 03-10-2013 12:06AM

oppenheimer1 wrote: »

TOR is 60% funded by the US government. You really think its that anonymous?

Absolutely.

It's open source.

I don't need to trust the US government to trust Tor. I just need to trust that others don't trust the US government to trust Tor.

returnNull · 03-10-2013 12:09AM

Seachmall wrote: »

Absolutely.

It's open source.

was just about to say that.Every line of code would be checked for bugs and also for backdoors.I'd say the NSA or whoever would have a hardtime getting a backdoor into an update.

Shout Dust · 03-10-2013 12:10AM

returnNull wrote: »

was just about to say that.Every line of code would be checked for bugs and also for backdoors.I'd say the NSA or whoever would have a hardtime getting a backdoor into an update.

Did they not do something like that to catch the guy hosting the child porn servers?

Seachmall · 03-10-2013 12:13AM

Shout Dust wrote: »

Did they not do something like that to catch the guy hosting the child porn servers?

No, they used an exploit to catch him.

Which is a lot different from releasing an update with a backdoor into an open source project.

Using an exploit is like breaking into a house through a window. Releasing an update with a backdoor into an open source project is like selling a "secure" house while trying to hide the fact it has no walls (i.e. someone is going to notice).

srsly78 · 03-10-2013 12:16AM

Shout Dust wrote: »

Did they not do something like that to catch the guy hosting the child porn servers?

They got that guy with "spear phishing", ie targeted malware I think.

Silk road shut down (allegedly)

Comments