FBI Reveals Exactly How They Hacked Silk Road

[MicroGuy]

The defense in Ross Ulbricht’s case has accused the government of conducting illegal searches, and questioned exactly how law enforcement officials could have pinpointed the location of the Silk Road data center, considering it was hidden inside the TOR network.

The answer came just a hours ago in new court filings published by the prosecution as part of its rebuttal, describing the precise method used by the FBI to track down the marketplace used primarily for illegal drug trafficking.

As investigators typed “miscellaneous” strings of characters into the Silk Road login page’s entry fields, they noticed an IP address that didn’t match any known Tor “nodes,” the computers that bounce information through Tor’s anonymity network to obscure its true source.

And when they entered that IP address directly into a web browser, the Silk Road’s CAPTCHA prompt appeared, the garbled-letter image designed to prevent spam bots from entering the site.

“This indicated that the Subject IP Address was the IP address of the SR server,” writes former FBI agent Christopher Tarbell, “and that it was ‘leaking’ from the SR server because the computer code underlying the login interface was not properly written to work on the TOR network.”

That discovery by the FBI, the prosecuting attorneys in Ulbricht’s case argue, means that no illegal spying techniques were used or needed to pinpoint the world’s largest anonymous market for illicit drugs.

In fact, they stated, the evidence revealing the server’s physical location was left in plain sight due to faulty website code.

Full Story: http://altcoinpress.com/2014/09/fbi-reveals-exactly-how-they-hacked-silk-road/

[dankkk]

I would not be surprised if Ross's defense team question just what the FBI agent's definition of "entering misc text" in the Capha field on the login screen means. I would think this would be something much more then an FBI agent simply typing the incorrect code, or even typing it incorrectly multiple times in a manual fashion. If this was the case then another attacker would almost certainly have been able to figure out the IP address of the SR servers. I would suspect that the FBI agent was likely using somewhat of a more sophisticated method of attack, maybe something to do with DDoS, or maybe something else.

[wasserman99]

I would not be surprised if Ross's defense team question just what the FBI agent's definition of "entering misc text" in the Capha field on the login screen means. I would think this would be something much more then an FBI agent simply typing the incorrect code, or even typing it incorrectly multiple times in a manual fashion. If this was the case then another attacker would almost certainly have been able to figure out the IP address of the SR servers. I would suspect that the FBI agent was likely using somewhat of a more sophisticated method of attack, maybe something to do with DDoS, or maybe something else.

I think the former FBI agent likely left out material details in his affidavit. It took the government too long to take down SR in order for them to find the location that easily. They either found a backdoor and changed the settings of the capha or there is something more to the story.

[Tomatocage]

Very sneaky, sis...

[itsAj]

As investigators typed “miscellaneous” strings of characters into the Silk Road login page’s entry fields, they noticed an IP address that didn’t match any known Tor “nodes,” the computers that bounce information through Tor’s anonymity network to obscure its true source.

I don't buy this. I am not a fan of people of buying and selling drugs (or using drugs), on the internet or otherwise, but I am a fan of people getting a fair trial in court.

If it was really this easy then one of the many people that wanted to blackmail/extort DPR and SR would have likely figured this out before the FBI did.

[twiifm]

Thats cool that they have to wear the jackets with giant FBI letters on it in the office

[herebittybittybitty]

Eh. I don't believe anything a 3-letter agency says anymore.

Congrats though, now there's nowhere to buy drugs on Tor. 

[haploid23]

I don't buy this either. It sounds like an extremely simplified version so the nubs in court can understand, but I'm sure the hack job was much more stringent.

[grappa_barricata]

I've read the report... seems legit. I think it was something like a faulty Securimage (or similar) setup. They probably used the Securimage code as-is, and when found out that it wasn't working over the tor pseudo-device (or proxy), they messed with iptables until it worked  .

[oceans]

I'm another who is not buying this either. Something just does not seem right about this. I understand that they want to track down and eliminate problems such as this, but I always thought that every human being had a right which meant also a right to a fair trial.

[dankkk]

I've read the report... seems legit. I think it was something like a faulty Securimage (or similar) setup. They probably used the Securimage code as-is, and when found out that it wasn't working over the tor pseudo-device (or proxy), they messed with iptables until it worked  .

My concern is that they did not provide the technical details of what exactly they did to get the IP address via the headers. I would speculate that the FBI launched an attack that would likely be considered to be malicious against the SR site.