tilray (OP)
Member
Offline
Activity: 84
Merit: 10
|
|
September 11, 2014, 04:03:15 PM |
|
The Silk Road was an Amazon-style online marketplace that was hosted on the Deep Web launched by “Dread Pirate Roberts”, accessible only through the anonymity network TOR. The site used Bitcoins as a viable payment option due to its peer-to-peer yet anonymous nature. The TOR network was originally designed by the US Navy. Military personnel initially designed the software in the mid 90s to carry out covert government spying operations on United States citizens, as well as any potential activists on watchlists. The browser allows users to anonymously surf the internet, concealing their activities, as well as their location from government agencies as well the ISPs, or anyone general. More at http://cryptoconspiracy.com/silk-road-was-not-seized-by-the-fbi-the-site-was-manually-shut-down/
|
|
|
|
dankkk
|
|
September 11, 2014, 11:17:01 PM |
|
The US government worked with the Iceland government to have the site be shut down at a specified time, a time after which they had planned to have arrested Ross (so as to not tip him off). The data was then provided to the US government.
|
|
|
|
moni3z
|
|
September 11, 2014, 11:40:01 PM |
|
The US government worked with the Iceland government to have the site be shut down at a specified time, a time after which they had planned to have arrested Ross (so as to not tip him off). The data was then provided to the US government.
They had the data first, which revealed his feeble authentication of using his VPN IP in the SSH config. They (supposedly) then could trace the VPN to that library and other locations figuring out it was him. FBI asked Iceland to copy the entire state of his server(s) then shut it down later. In the future, should anybody be foolish enough to run a similar service and risk life in prison, this is not how it's done. If you're going to go for security through secret kind of a deal to protect your open SSH port then manually add +x amount of AES or ChaCha20 rounds to OpenSSH on both the server and your client. Now only that specific SSH install can even negotiate a session. ie: add 3 rounds to AES, every attacker must have exactly same setup. This is much better than port knocking security theater or pasting in your VPN IP so the FBI can use it to find you.
|
|
|
|
Soros Shorts
Donator
Legendary
Offline
Activity: 1617
Merit: 1012
|
|
September 12, 2014, 12:11:55 AM |
|
Semantics - in fact taking over a TOR hidden service is closer to the definition of "seize" than just taking over the DNS of a regular internet domain.
|
|
|
|
2112
Legendary
Offline
Activity: 2128
Merit: 1073
|
|
September 12, 2014, 12:53:14 AM |
|
In the future, should anybody be foolish enough to run a similar service and risk life in prison, this is not how it's done. If you're going to go for security through secret kind of a deal to protect your open SSH port then manually add +x amount of AES or ChaCha20 rounds to OpenSSH on both the server and your client. Now only that specific SSH install can even negotiate a session. ie: add 3 rounds to AES, every attacker must have exactly same setup. This is much better than port knocking security theater or pasting in your VPN IP so the FBI can use it to find you.
Your advice is questionable legally and operationally. 1) From the legal point of view, finding such a modified software would be a definite proof that the law enforcement located a true culprit 2) From the operational point of view the need to compile/carry your own modified software makes it difficult to be truly mobile and evasive While "port knocking" could be construed a "security theater" it has offsetting advantages. 1) From the operational point of view intelligent port knocking can be done without specific tools. You can do it yourselves from any computer or you can describe it to somebody over the phone and have unrelated people knock on your ports to disperse the attention and the resources of the adversary 2) From the legal point of view it would be easier to "reasonably deny" the actions made using a shared/unmodified computer. Like one of the PirateBay guys who's now imprisoned and all the evidence prosecution has was from a machine anyone in his office could access.
|
|
|
|
moni3z
|
|
September 12, 2014, 01:02:05 AM |
|
In the future, should anybody be foolish enough to run a similar service and risk life in prison, this is not how it's done. If you're going to go for security through secret kind of a deal to protect your open SSH port then manually add +x amount of AES or ChaCha20 rounds to OpenSSH on both the server and your client. Now only that specific SSH install can even negotiate a session. ie: add 3 rounds to AES, every attacker must have exactly same setup. This is much better than port knocking security theater or pasting in your VPN IP so the FBI can use it to find you.
Your advice is questionable legally and operationally. 1) From the legal point of view, finding such a modified software would be a definite proof that the law enforcement located a true culprit 2) From the operational point of view the need to compile/carry your own modified software makes it difficult to be truly mobile and evasive While "port knocking" could be construed a "security theater" it has offsetting advantages. 1) From the operational point of view intelligent port knocking can be done without specific tools. You can do it yourselves from any computer or you can describe it to somebody over the phone and have unrelated people knock on your ports to disperse the attention and the resources of the adversary 2) From the legal point of view it would be easier to "reasonably deny" the actions made using a shared/unmodified computer. Like one of the PirateBay guys who's now imprisoned and all the evidence prosecution has was from a machine anyone in his office could access. Load up tails Connect to private bitbucket clone you made and download new OpenSSH over Tor Run it Reboot all evidence is gone. If you're busted they find a generic tails disc. Obviously what you download from the private bitbucket server will be encrypted, preferably with AES-GCM or anything that isn't block encryption/XTS for reasons Niels Ferguson laid out in his objections about XTS to NIST. (read his paper, mind blown). Port knocking makes the operator feel secure, it doesn't actually do anything except security through obscurity.
|
|
|
|
2112
Legendary
Offline
Activity: 2128
Merit: 1073
|
|
September 12, 2014, 01:31:56 AM |
|
Load up tails Connect to private bitbucket clone you made and download new OpenSSH over Tor Run it Reboot all evidence is gone. If you're busted they find a generic tails disc. Obviously what you download from the private bitbucket server will be encrypted, preferably with AES-GCM or anything that isn't block encryption/XTS for reasons Niels Ferguson laid out in his objections about XTS to NIST. (read his paper, mind blown).
I still disagree with you. The knowledge and access to "the private bitbucket server" is still very incriminating. And this: Port knocking makes the operator feel secure, it doesn't actually do anything except security through obscurity.
is just a trope. Security through obscurity is an excellent defense when the defending group is small (like one person). Intelligent port knocking will look quite innocuous and will enable a range (or ranges) of possible sources, not a single address. And instead of SSH (Swiss Army Crutch of bad sysadmins) use good old telnet reinforced with IPsec or Kerberos.
|
|
|
|
hayabusa911
|
|
September 12, 2014, 02:10:21 AM |
|
"Still very incriminating".
Good thing that doesn't mean a damn thing. They still have to prove a crime took place.
|
|
|
|
moni3z
|
|
September 12, 2014, 02:15:44 AM Last edit: September 12, 2014, 03:13:12 AM by moni3z |
|
Load up tails Connect to private bitbucket clone you made and download new OpenSSH over Tor Run it Reboot all evidence is gone. If you're busted they find a generic tails disc. Obviously what you download from the private bitbucket server will be encrypted, preferably with AES-GCM or anything that isn't block encryption/XTS for reasons Niels Ferguson laid out in his objections about XTS to NIST. (read his paper, mind blown).
I still disagree with you. The knowledge and access to "the private bitbucket server" is still very incriminating. And this: Port knocking makes the operator feel secure, it doesn't actually do anything except security through obscurity.
is just a trope. Security through obscurity is an excellent defense when the defending group is small (like one person). Intelligent port knocking will look quite innocuous and will enable a range (or ranges) of possible sources, not a single address. And instead of SSH (Swiss Army Crutch of bad sysadmins) use good old telnet reinforced with IPsec or Kerberos. The federal agent with the telnet or SSH 0day won't be slowed down by port knocking. A secret algorithm however is a different story. Also, how would they know you maintained the bitbucket server when you access it through Tor, and the only thing sitting on it is an encrypted file with no knowledge of what's inside. You could also just download regular OpenSSH from the yandex.ru openbsd port mirror and manually edit it, compile and run, all in Tails easily, or another live distro. You could do this on a phone running Replicant, I build my own kernels on the device should be no prob building OpenSSH. He could of also run a paid botnet with tinyscheme, puppet and emacs receiving ED25519 signed JSON feeds never having to touch http/ssh/anything. Could have automatically moved his servers every x amount of time inside a sea of 300+ decoy gateways and it would have cost him under 1% of his revenues. I guess he also could have lived in Russia too for that matter. Edit: Use both if you want, port knocking plus make your algorithm secret: http://www.thoughtcrime.org/software/knockknock/
|
|
|
|
2112
Legendary
Offline
Activity: 2128
Merit: 1073
|
|
September 12, 2014, 03:13:30 AM |
|
The federal agent with the telnet or SSH 0day won't be slowed down by port knocking. A secret algorithm however is a different story.
Yeah, mythical omnipotent "Feds" with access to secret OS-independent "0days" that hack back the telnet clients (not the server)! I think this the new height of paranoia that I've encountered. Also, how would they know you maintained the bitbucket server when you access it through Tor, and the only thing sitting on it is an encrypted file with no knowledge of what's inside. You could also just download regular OpenSSH from the yandex.ru openbsd port mirror and manually edit it, compile and run, all in Tails easily, or another live distro. You could do this on a phone running Replicant, I build my own kernels on the device should be no prob building OpenSSH.
He could of also run a paid botnet with tinyscheme, puppet and emacs receiving ED25519 signed JSON feeds never having to touch http/ssh/anything. Could have automatically moved his servers every x amount of time inside a sea of 300+ decoy gateways and it would have cost him under 1% of his revenues. I guess he also could have lived in Russia too for that matter.
I don't think you have your threat model right for the things you keep proposing. Or maybe you keep changing your threat model, I don't fully understand your writing. What I proposed was an excellent defense for a single person trying to evade being by using various locations and various machines with various OS-es. As a second line of defense if located that single person wants to hide behind plausible deniability to evade or weaken prosecution. What you were originally proposing (modifying a cipher by changing an implementation constant) would be a decent defense for an already known group of people (lets say a fraternity) who want to hide their internal communication from competing groups (other malicious pranking fraternity) and also spread and weaken possible prosecution of their own malicious pranks.
|
|
|
|
moni3z
|
|
September 12, 2014, 03:33:48 AM |
|
The federal agent with the telnet or SSH 0day won't be slowed down by port knocking. A secret algorithm however is a different story. Yeah, mythical omnipotent "Feds" with access to secret OS-independent "0days" that hack back the telnet clients (not the server)! I think this the new height of paranoia that I've encountered. The server running Telnet or sshd, not the client. What I proposed was an excellent amateur defense for a single person trying to evade being by using various locations and various machines with various OS-es. As a second line of defense if located that single person wants to hide behind plausible deniability to evade or weaken prosecution. No, you proposed port knocking, and kerberos and telnet. Wide open to replay and timing attacks. I proposed adding rounds to OpenSSH on the server, and keeping an encrypted custom version of OpenSSH because the server won't even talk to any clients that don't know the algorithm, that you can download, decrypt and run in under 30 seconds with any live CD. What you were originally proposing (modifying a cipher by changing an implementation constant) would be a decent defense for an already known group of people (lets say a fraternity) who want to hide their internal communication from competing groups (other malicious pranking fraternity) and also spread and weaken possible prosecution of their own malicious pranks. So custom crypto engineering is 'fraternity' level while running telnet and kerberos, behind port knocking will defeat the FBI. I look forward to your white paper
|
|
|
|
Verse
Newbie
Offline
Activity: 48
Merit: 0
|
|
September 12, 2014, 03:52:05 AM |
|
2) From the legal point of view it would be easier to "reasonably deny" the actions made using a shared/unmodified computer. Like one of the PirateBay guys who's now imprisoned and all the evidence prosecution has was from a machine anyone in his office could access.
That hasn't kept Svartholm out of solitary confinement since being shipped back to Sweden, so that's not a very good example. I suspect keeping them 'out' is more useful than not-looking-suspicious on the internet. Ulbrich was in a public library when he was arrested, using what was presumably public wifi, so using public resources does not constitute a good defense--as you've said, it's obvious who dun it. We need a TorCoin or something to help create a sustainable/more decentralized/more secure onion network. Tor is the weak link in too many stories.
|
|
|
|
toleng
|
|
September 12, 2014, 04:05:47 AM |
|
The US government worked with the Iceland government to have the site be shut down at a specified time, a time after which they had planned to have arrested Ross (so as to not tip him off). The data was then provided to the US government.
They had the data first, which revealed his feeble authentication of using his VPN IP in the SSH config. They (supposedly) then could trace the VPN to that library and other locations figuring out it was him. FBI asked Iceland to copy the entire state of his server(s) then shut it down later. They had data as of a certain date as well as the routing information. If they knew that the server was accepting connections connections from a certain IP address then they would know with reasonable certainty who was "behind" the website. The government could simply get warrants for the routing data for the IP address who was connecting to the SR servers to figure out who DPR nka Ross is. IMO a much better way to protect his anonymity would have been to connect to a VPN/VPS via TOR that allows for 2FA via a GPG signed message and/or a bitcoin address signed message. I will certainly be watching this case very closely.
|
|
|
|
2112
Legendary
Offline
Activity: 2128
Merit: 1073
|
|
September 12, 2014, 04:20:06 AM |
|
The server running Telnet or sshd, not the client.
Feds already had the server, they didn't need to hack into it. The feds were trying to locate the owner of the server and collect the evidence. No, you proposed port knocking, and kerberos and telnet. Wide open to replay and timing attacks. I proposed adding rounds to OpenSSH on the server, and keeping an encrypted custom version of OpenSSH because the server won't even talk to any clients that don't know the algorithm, that you can download, decrypt and run in under 30 seconds with any live CD.
I proposed to use widely known & deployed technologies (IPsec&Kerberos) for which attacks are theoretical/academic or of concern to the paranoia-security-set only. A form of port knocking is still widely deployed and used on nearly all Cisco IOS routers/switches (Cisco Lock&Key) and nobody is proposing that as an only line of defense, only as the first one, essentially a defense against port-scanning and password-brute-forcing. What you proposed is a textbook example of "security by obscurity": changing a constant in the cipher implementation. I still think that "security by obscurity" is a valuable tool in evasion and counter-intelligence, but not discussed in the cryptography textbooks. So custom crypto engineering is 'fraternity' level while running telnet and kerberos, behind port knocking will defeat the FBI. I look forward to your white paper
I reread your posts in this thread and I noticed that you've numerous times tried to switch the subject of the discussion. Normally I would suggest the standard "switch to decaf", but this thread is about Silk Road and they didn't sell coffee. So I don't know what you should switch to, sorry.
|
|
|
|
2112
Legendary
Offline
Activity: 2128
Merit: 1073
|
|
September 12, 2014, 04:51:41 AM |
|
That hasn't kept Svartholm out of solitary confinement since being shipped back to Sweden, so that's not a very good example. I suspect keeping them 'out' is more useful than not-looking-suspicious on the internet. Ulbrich was in a public library when he was arrested, using what was presumably public wifi, so using public resources does not constitute a good defense--as you've said, it's obvious who dun it.
Well, the Svartholm case is still open, but is the good example of "prosecuting a person" is not the same as "prosecuting a computer with certain IP address". There are other cases, where such a defense was successful. While I don't know the specifics of Ulbrich's case I recognize a pattern in similar cases: getting lazy and mentally attached to the same laptop with favorite OS, same network adapter, same phone, same SIM-card, etc. Nobody will comment publicly on pending/unsolved cases, but I've heard some non-public comments from my friends in IT. I've also seen what a skilled sys-admin can do on a Windows Home Edition hotel-loaner machine with telnet and IPsec control panel. I think I have a broad understanding of which cases weren't prosecuted and why. But in general discussing security on an open forum is difficult for a professional. Nearly every person that I know will have the knowledge that is "off record" and shared only with friends. There's this old saying: "Those who know, don't tell. Those who tell, don't know."
|
|
|
|
moni3z
|
|
September 12, 2014, 05:23:43 AM |
|
Feds already had the server, they didn't need to hack into it. The feds were trying to locate the owner of the server and collect the evidence.
That's the whole point of my first post. Read it again. Ulbricht's feeble authentication method was to only allow his VPN IP to connect to sshd. This was his decided method to keep out anybody trying to get into the open SSH port. When the feds found the server (through other means), and had the hosts in Iceland copy the server state they discovered this IP address in sshd_config, traced it and found him. I suggested that the correct way to do this kind of security by obscurity, instead of pasting in your VPN IP to a remote server for anybody to find is to add x rounds to a specific cipher in OpenSSH, so negotiating with it would be impossible, unless you had the secret client you made yourself that matches sshd's algorithms on the server. SSH is not the only protocol you can tweak either. Add another few rounds to your IpSec solution and ditch the port knocking. I wouldn't be so quick to venerate Cisco IOS either, considering last year they were caught using unsalted base64 in their so-called new and improved IOS Type 4 hash used for IpSec auth http://tobtu.com/cisco4tosha256.php
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
September 12, 2014, 07:34:52 AM |
|
Don't forget that you could also use Whole or Full Drive Encryption. TrueCrypt just "died" but the software still works, and there are alternatives that also work.
I'm not sure how much time you would have between "Freeze!" and turning off your computer/laptop. But if you had decent physical security, you'd have more than enough time to shut down (or insta-crash it.)
I wouldn't really know as I've no experience operating hidden services through VPNs in a public library.
|
|
|
|
2112
Legendary
Offline
Activity: 2128
Merit: 1073
|
|
September 12, 2014, 07:51:49 AM |
|
That's the whole point of my first post. Read it again. Ulbricht's feeble authentication method was to only allow his VPN IP to connect to sshd. This was his decided method to keep out anybody trying to get into the open SSH port. When the feds found the server (through other means), and had the hosts in Iceland copy the server state they discovered this IP address in sshd_config, traced it and found him.
I suggested that the correct way to do this kind of security by obscurity, instead of pasting in your VPN IP to a remote server for anybody to find is to add x rounds to a specific cipher in OpenSSH, so negotiating with it would be impossible, unless you had the secret client you made yourself that matches sshd's algorithms on the server. SSH is not the only protocol you can tweak either. Add another few rounds to your IpSec solution and ditch the port knocking.
It wasn't "feeble authentication", it was "feeble anti-denial-of-service defense". What you proposing is workable, but worsens the denial-of-service attacks by increasing the CPU load. The better way would be to lower the number of rounds instead of increasing it, or change other constants that have no influence of the CPU load. If the goal is to simply make an unmodified program unable to connect then the simplest and least CPU intensive solution is to change the handshaking prompts/response. At least the failure will be immediate and will not require any CPU intensive cryptography before the disconnect. Port knocking (properly, intelligently implemented) is not an authentication measure, but anti-DoS, anti-scan & anti-brute-force measure. Only after successful port knocking the regular, CPU-intensive authentication can be attempted. Without proper port knock nearly all port-scans will fail and nearly all incoming packets are ignored. The objective is to prevent from creating any meaningful load on the defended equipment, no matter what the network protocol is being attacked. I find it quite common that people underestimate the CPU and network load that the SSH daemon under attack can create on a machine. I wouldn't be so quick to venerate Cisco IOS either, considering last year they were caught using unsalted base64 in their so-called new and improved IOS Type 4 hash used for IpSec auth http://tobtu.com/cisco4tosha256.php I don't consider Cisco's implementation (Lock&Key) a "venerable" implementation, it is basically a telnet login (on an alternate port) that always looks like failure. But it is reasonably successful in its main goal: drastically reducing the CPU load on the attacked router/switch and making brute-forcing of any equipment behind it impossible. For any OS different than Cisco IOS there are much better port-knocking implementations available. But the Cisco's implementation is probably the most widely used one and therefore still worth mentioning despite being phased-out and considered obsolete.
|
|
|
|
2112
Legendary
Offline
Activity: 2128
Merit: 1073
|
|
September 12, 2014, 07:58:59 AM |
|
I'm not sure how much time you would have between "Freeze!" and turning off your computer/laptop.
Nobody yells "Freeze!" anymore. AFAIK all law enforcement is now trained to first create a distraction by e.g. activating the alarm on the suspect's car. There's apparently a great overlap between various computer hackers/fraudsters and the expensive car enthusiasts. Only after the suspect runs away from the computer he gets served with the warrant.
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
September 12, 2014, 08:12:32 AM |
|
I'm not sure how much time you would have between "Freeze!" and turning off your computer/laptop.
Nobody yells "Freeze!" anymore. AFAIK all law enforcement is now trained to first create a distraction by e.g. activating the alarm on the suspect's car. There's apparently a great overlap between various computer hackers/fraudsters and the expensive car enthusiasts. Only after the suspect runs away from the computer he gets served with the warrant. Oh.. That makes total sense. I guess I'd need to put some sort of time-out / screen saver / auto-log-off thing on my laptop, in case I'm actually operating a hidden site through a VPN in a public library. Cars have this thing called an immobilizer. That goes back to physical security. You can avoid this by accessing the hidden site only when you are in a secure location, and where you should be able to see law enforcement coming, or at least notified a few seconds before they can serve the warrant.
|
|
|
|
|