Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

Silk Road bust hints at FBIs new cybercrime powers (New Sci)

To stay ahead of new and evolving threats, cryptostorm has always looked out past standard network security tools. Here, we discuss and fine-tune our work in bringing newly-created capabilities and newly-discovered knowledge to bear as we keep cryptostorm in the forefront of tomorrow's network security landscape.
User avatar

Topic Author
cryptostorm_team
ForumHelper
Posts: 159
Joined: Sat Mar 02, 2013 12:12 am

Silk Road bust hints at FBIs new cybercrime powers (New Sci)

Postby cryptostorm_team » Tue Oct 08, 2013 12:32 pm

Silk Road bust hints at FBI's new cybercrime powers
04 October 2013 | Hal Hodson | New Scientist


The biggest drug marketplace on the internet has been busted. The illicit empire of the Silk Road came crashing down on Wednesday after its founder Ross Ulbricht, aka Dread Pirate Roberts , was arrested and charged with narcotics trafficking, money laundering, computer-hacking and attempted murder. He was caught through ads and coding queries related to Silk Road, posted to the web in the early days of development, and tagged using his real email address.

The end of Silk Road means the FBI has now brought down two of the most famous services on Tor, the anonymising software that lets users access hidden parts of the internet, known as the darknet.

Earlier this year, it busted shady web-hosting company Freedom Hosting – known for turning a blind eye to child porn websites. Although Ulbricht was caught though a couple of small mistakes, the computers running Silk Road and Freedom Hosting were supposed to be impossible to find, running as hidden services within Tor, obscured from the rest of the internet by layers of routing computers. The FBI not only found the hidden servers, but managed to take complete control of them without their owners even noticing, logging the activity of the services' users and, in the case of Freedom Hosting, distributing malware to identify them.

Investigators at Baneki Privacy Labs, a non-profit internet research collective, say that's highly unusual. Despite reports in the Guardian newspaper today that the NSA has been attempting to unmask Tor users, such sophistication is unprecedented for the FBI. "Not many people in the world were taking heavier security measures than Freedom Host and the Silk Road," a Baneki investigator who did not want to be named told New Scientist.

He says that Ulbricht was meticulous in his administration of the Silk Road server, and that it's very unlikely that he shared it with any associates. The FBI usually access servers by putting pressure on someone with administrative access, but not this time.

The Baneki researcher says the FBI managed to get administrative access to the Silk Road servers and make a copy of the hard drives, then sit in the background watching all the traffic."We don't know how that was done, are aware of no routine techniques that would enable that kind of intrusion. If there's technology to do that, it's very advanced."

Many Silk Road buyers and sellers are panicking about the bust. One, called jayman62, wrote on Reddit: "all our money is gone. i just loaded mine 10 minutes before they seized it. im screwed. it wasnt all my money and its very dangerous people i now owe large sums too. im a dead man."

The Silk Road take-down also has implications for two important internet technologies – Tor and digital currency Bitcoin.

Bitcoin lost 40 per cent of its value as soon as news broke that the FBI had seized Silk Road servers, taking 27,000 Bitcoins with them, worth around £2.2m, as well as transaction records. "Silk Road was an important part of the Bitcoin economy, and probably the largest use of Bitcoin as a currency, as opposed to a speculative instrument," says Nicolas Christin of Carnegie Mellon University in Pittsburgh, who published a paper analysing Silk Road in 2012.

Tor may see a more chilling effect. Baneki researchers argue that FBI busts of the two highest-profile Tor services will destroy any trust the public had in the system, which has also been used by dissidents in repressive regimes to organise themselves. "The masses will never trust Tor again," the Baneki investigator says.

The Tor Project argues that Ulbricht's slip-ups do not mean that Tor itself has been compromised. But the FBI complaint against Ulbricht does not explain how the organisation tracked down the Silk Road server, which was supposed to be hidden by Tor. The FBI declined to comment, but there are a number of possibilities. A handful of recent and upcoming research papers have shown that the Tor network is no longer a safe place to run hidden services.

"In general, Tor architecture is not suited for protecting anonymity of long-term, popular web services," says Alex Biryukov of the University of Luxembourg. The Tor Project acknowledged as much earlier this year, and even laid out a roadmap to fix the issues, if and when it can find the resources. Its current insecurity isn't stopping other black markets from filling the void left by Silk Road's demise. Sheep Marketplace and Black Market Reloaded both offer drugs and weapons and are both still accessible via Tor – for now.

Biryukov and his co-authors examined Tor's hidden services in a research paper presented at the IEEE Symposium on Security and Privacy earlier this year. It took them $11,000 and eight months to get into a position where they could have revealed the real IP address of a hidden service (they avoided actually learning the IP address to preserve privacy). In a later paper, they found that the majority of hidden .onion sites, which require Tor to access, are either botnets – used to send spam or launch attacks on institutions – adult sites or black markets.

Another paper by researchers at Georgetown University and the US Naval Research Laboratory, both in Washington DC, shows that Tor users can be unmasked in as little as a day with a given amount of control over the network, control which, thanks to Edward Snowden, we know that the NSA does have. The paper will be presented in November at the Conference on Computer and Communications Security in Berlin, Germany.

For the Baneki investigator, there is no doubt that the NSA is behind the FBI's newfound powers. "The underlying firepower is all NSA, what your ten billion dollars a year buys you," he says.

In the "post-Snowden world", the NSA's capabilities have been revealed to be beyond what even the most paranoid had previously feared. "We're in a different world now. We now know there's an 800-pound gorilla in the corner," says the investigator. "The Silk Road came up, and the gorilla has smashed it."
cryptostorm_team - a shared, team-wide forum account (not a person)
PLEASE DON'T SEND PRIVATE MESSAGES to this account, as we can't guarantee quick replies!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: support@cryptostorm.is
live chat support: #cryptostorm

User avatar

parityboy
Site Admin
Posts: 1234
Joined: Wed Feb 05, 2014 3:47 am

Re: Silk Road bust hints at FBIs new cybercrime powers (New

Postby parityboy » Tue Oct 28, 2014 10:28 am

Happened across this. Thought I'd post it here. I (won't) apologise for the necro. :P

The FBI investigation and uncovering of the IP address was taking place at the exact same time bugs that were known to expose the IP address of Silk Road were present on the site. A more likely scenario for how the FBI uncovered the real IP address would thus be that they either saw the debug information, or – more likely – took advantage of a security vulnerability in the login page and forced the server to output its $_SERVER variable (which includes the real IP (although it shouldn’t)).

This would explain why the FBI included the statement about “typing in miscellaneous entries into the username, password, and CAPTCHA fields”, because they needed to enter an exploit command to prompt the server to either dump or produce the IP address variable.


Source


Return to “cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity”

Who is online

Users browsing this forum: No registered users and 6 guests

Login