MESO-Rx

Anabolic Steroids

How the US Government discovered geographic location of Silk Road servers

Millard

Millard

Member
Staff member
10+ Year Member
20+ Year Member
Millard Baker said:
The big mystery in the Silk Road bust is how the feds located the server for the SR hidden service. I look forward to hearing more about this. :popcorn:
Click to expand...

It's always been a big mystery how the federal government discovered the geographic location of the Silk Road servers. After all, the Silk Road website was a hidden service on the anonymous TOR network. There have been several conspiracy theories. But it turns out that it was a very low-tech mistake overlooked by Silk Road administrators that gave them away.

It was the CAPTCHA service that leaked Silk Road's true IP address:

And this is how the feds say they located the Silk Road servers:

“The IP address leak we discovered came from the Silk Road user login interface. Upon examining the individual packets of data being sent back from the website, we noticed that the headers of some of the packets reflected a certain IP address not associated with any known Tor node as the source of the packets. This IP address (the “Subject IP Address”) was the only non-Tor source IP address reflected in the traffic we examined.”

“The Subject IP Address caught our attention because, if a hidden service is properly configured to work on Tor, the source IP address of traffic sent from the hidden service should appear as the IP address of a Tor node, as opposed to the true IP address of the hidden service, which Tor is designed to conceal. When I typed the Subject IP Address into an ordinary (non-Tor) web browser, a part of the Silk Road login screen (the CAPTCHA prompt) appeared. Based on my training and experience, this indicated that the Subject IP Address was the IP address of the SR Server, and that it was ‘leaking’ from the SR Server because the computer code underlying the login interface was not properly configured at the time to work on Tor.”
Click to expand...

Source: http://krebsonsecurity.com/2014/09/dread-pirate-sunk-by-leaky-captcha/
 
The feds may have lied about using the CAPTCHA to identify the geographic location of the Silk Road servers!

Lawyers for Ross Ulbricht (aka “Dread Pirate Roberts”) compelled the government to turn over evidence during discovery that strongly suggest it was impossible for government to obtain IP info via the CAPTCHA.

Nicholas Weaver, secuity expert at UC-Berkeley, explains to Brian Krebs why the FBI may not be telling the truth...

The response that holds perhaps the most potential to damage the government’s claim comes in the form of a configuration file (PDF) taken from the seized servers. Nicholas Weaver,a researcher at the International Computer Science Institute (ICSI) and at the University of California, Berkeley, explains the potential significance:

“The IP address listed in that file — 62.75.246.20 — was the front-end server for the Silk Road,” Weaver said. “Apparently, Ulbricht had this split architecture, where the initial communication through Tor went to the front-end server, which in turn just did a normal fetch to the back-end server. It’s not clear why he set it up this way, but the document the government released in 70-6.pdf shows the rules for serving the Silk Road Web pages, and those rules are that all content – including the login CAPTCHA – gets served to the front end server but to nobody else. This suggests that the Web service specifically refuses all connections except from the local host and the front-end Web server.”

Translation: Those rules mean that the Silk Road server would deny any request from the Internet that wasn’t coming from the front-end server, and that includes the CAPTCHA.

“This configuration file was last modified on June 6, so on June 11 — when the FBI said they [saw this leaky CAPTCHA] activity — the FBI could not have seen the CAPTCHA by connecting to the server while not using Tor,” Weaver said. “You simply would not have been able to get the CAPTCHA that way, because the server would refuse all requests.”

The FBI claims that it found the Silk Road server by examining plain text Internet traffic to and from the Silk Road CAPTCHA, and that it visited the address using a regular browser and received the CAPTCHA page. But Weaver says the traffic logs from the Silk Road server (PDF) that also were released by the government this week tell a different story.

“The server logs which the FBI provides as evidence show that, no, what happened is the FBI didn’t see a leakage coming from that IP,” he said. “What happened is they contacted that IP directly and got a PHPMyAdmin configuration page.” See this PDF file for a look at that PHPMyAdmin page. Here is the PHPMyAdmin server configuration.
Click to expand...

Source: https://krebsonsecurity.com/2014/10/silk-road-lawyers-poke-holes-in-fbis-story/
 
You must log in or register to reply here.

Similar threads

M
  • Sticky
Digital Privacy and Anonymity: Why it's important and how to achieve it! How to maintain your privacy online.
2 3
Replies
54
Views
10K
BuffGold2024
B
W
How Police Secretly Took Over a Global Phone Network for Organised Crime
Replies
3
Views
1K
MFAAS
M
mands
Orlanda Harvey - Study Support for non-prescribed anabolic androgenic steroids users
Replies
11
Views
3K
The Alchemist
The Alchemist
theSilence
Stay Safe - A non How-To to staying Safe
Replies
7
Views
2K
Brawny
Brawny
P
It’s About To Get Even Easier to Hide on the Dark Web
Replies
4
Views
2K
MindlessWork
MindlessWork

Sponsors

Latest posts

Back
Top