Schneier on Security
A blog covering security and security technology.
« How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID |
| Why It's Important to Publish the NSA Programs »
October 7, 2013
Silk Road Author Arrested Due to Bad Operational Security
Details of how the FBI found the administrator of Silk Road, a popular black market e-commerce site.
Despite the elaborate technical underpinnings, however, the complaint portrays Ulbricht as a drug lord who made rookie mistakes. In an October 11, 2011 posting to a Bitcoin Talk forum, for instance, a user called "altoid" advertised he was looking for an "IT pro in the Bitcoin community" to work in a venture-backed startup. The post directed applicants to send responses to "rossulbricht at gmail dot com." It came about nine months after two previous posts -- also made by a user, "altoid," to shroomery.org and Bitcoin Talk -- were among the first to advertise a hidden Tor service that operated as a kind of "anonymous amazon.com." Both of the earlier posts referenced silkroad420.wordpress.com.
If altoid's solicitation for a Bitcoin-conversant IT Pro wasn't enough to make Ulbricht a person of interest in the FBI's ongoing probe, other digital bread crumbs were sure to arouse agents' suspicions. The Google+ profile tied to the email@example.com address included a list of favorite videos originating from mises.org, a website of the "Mises Institute." The site billed itself as the "world center of the Austrian School of economics" and contained a user profile for one Ross Ulbricht. Several Dread Pirate Roberts postings on Silk Road cited the "Austrian Economic theory" and the works of Mises Institute economists Ludwig von Mises and Murray Rothbard in providing the guiding principles for the illicit drug market.
The clues didn't stop there. In early March 2012 someone created an account on StackOverflow with the username Ross Ulbricht and the firstname.lastname@example.org address, the criminal complaint alleged. On March 16 at 8:39 in the morning, the account was used to post a message titled "How can I connect to a Tor hidden service using curl in php?" Less than one minute later, the account was updated to change the user name from Ross Ulbricht to "frosty." Several weeks later, the account was again updated, this time to replace the Ulbricht gmail address with email@example.com. In July 2013, a forensic analysis of the hard drives used to run one of the Silk Road servers revealed a PHP script based on curl that contained code that was identical to that included in the Stack Overflow discussion, the complaint alleged.
We already know that it is next to impossible to maintain privacy and anonymity against a well-funded government adversary.
EDITED TO ADD (10/8): Another article.
Posted on October 7, 2013 at 1:35 PM
• 72 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Basically he should never have used his real name for anything related to this. He should have created another normal name for the resumes and if that was linked to his aliases that wouldn't have been such a big deal.
I wonder why he didn't get caught before. My only guess is that the team that found these clues only were put on the case a few months before this, and that the rest of the folks working on it apparently lacked imagination.
They probably knew he founded Silk Road for a long time. The rest of the time was just trying to find ways they could prove it in a court of law without revealing the true source of the info (NSA).
Why waste time randomly digging through forums when you can have the power of the NSA find him first. Once you know who he is, finding the supporting evidence gets a lot easier. Thanks to Edward Snowden we know the NSA leaks data to the DEA regularly.
We don't know how long they had that information; it's not enough to convict off of, it's just a starting point so that they can build a case which probably takes some time for something like this.
The Snowden revelations may even have freed the FBI's hands to some extent for this particular endeavor, as denial of some NSA programs became a moot point.
How did the FBI actually find the "overseas server"? It doesn't specify anywhere. Tor HS 0day perhaps?
I am of two minds on this question. On one hand I doubt that if Tor is compromised anyone in the security complex is going to admit it. Of course they are going to say it is opsec because admitting how busted Tor is would only make people go somewhere else. Tor makes a nice honeypot.
On the other hand opsec is really really hard for one simple reason: human error. The government can make 100,000 mistakes and all it needs to be right is once while the person trying to stay anonymous can be right 100,000 times and only needs to be wrong once. The power equation is that lopsided.
So what the real story here? I don't know. What I do know is that two significant Tor presences have now bit the dust in quick succession: Freedom Hosting and Silk Road. Something is going on and anyone using Tor would be foolish to ignore it.
There are several theories about how he was caught. (1) these slips; (2) unknown NSA methods; (3) buying fake IDs from an FBI agent; (4) FBI involvement in a physical cocaine deal; (5) leakage from the seized server. I don't see any reason to believe the FBI's account.
Yeah, it may be almost impossible to prevent a really good attacker/investigator from finding you out, but using your real name while conducting a criminal enterprise and mixing up your social profile and your anonymous business role is just stupid.
Fortunately my own online anonymity is a matter of convenience, not a 5th amendment necessity. I imagine it would take a skillful investigator about 5 minutes to determine my identity from the standing start of reading this post, but at least "Miramon" is not my real name, for pity's sake....
Don't know anything about this story. The guy was just plain foolish
though, that's obvious.
Something else is obvious. Unless your crime is big enough or white
collar enough (banks, financial speculation, fraud, you name it) you
draw the interest of the long arm.
So where actually is the moral here?
His bad OpSec doesn't explain how they found his server though. They had plenty of circumstantial evidence leading to his identity but only confirmed it when they imaged the SR servers and discovered his really awful ssh conf that restricted access to his VPN (which was later traced to his surrounding area). How did they get the hidden service IP? I suspect there will be some parallel construction by the FBI to cover up spy agency exploits or traffic analysis. Then again maybe they just sat in the library where he was in plain view logging into his site.
Where did the money go?
If Ulbricht really had a huge pile of Bitcoins, why was he living with a roommate?
It seems rather odd that someone who has reportedly reaped massive amounts of proceeds from narcotics traffic was living so modestly. Of course, with the reported lapses in opsec, I suppose he might have been sending them to a former Nigerian dictator or some such thing.
Brian M: my guess is the roommate thing is an anonymity thing. When you are the one signing a contract with a landlord there are all sorts of checks available to them to look you up in databases and you get splattered across all sorts of records. No landlord is going to rent to someone anonymously in cash. But if you shop around you can totally find someone already renting who will let you bum around in their spare room for cash and not officially register with the landlord...
He must have realized he made mistakes early on as well because of that Forbes interview where he claimed he was the new owner. Probably hoped to throw them off but his fate was sealed at that point. Article was out today that the FBI suspect they have his 600k Bitcoins seized but the drive is encrypted. I dont see how he has any chance of seeing the light of day again with hundreds if felony trafficking, laundering, and computer hacking charges (prob broke into wireless to use). Not to mention a second trial for ordering hits on a witness. He is screwed, that is maximum security time too. His only hope is expose the poisonous spy agency tree if they used NSA assistance
Interesting to me that StackOverflow says they were not forced to hand over information about frosty to the NSA. But, along the lines of others who HAVE BEEN forced to share information with the NSA, they too seem to have a gag order in while expressing *how many* times or *how many* users they have had requests for.
To wit: " This happens very, very rarely. I have more than enough fingers to count the times this has occurred since I started working here a year and a half ago. I wouldn't need a single toe, and I'm pretty sure I wouldn't need both hands. "
Converting that much money in bitcoins back into cash would be difficult, and suspicious. There are 11,767,925 bitcoins in existence as of this posting (http://blockchain.info/charts/total-bitcoins) with an average mtgox price of $137/BTC. 600k BTC is just under 1/20th of the total value of the currency. No exchange has the cash to support a trade of that value. Attempting to unload that much onto the market would drop the price of bitcoins. After a certain point the potential value becomes meaningless, since the bitcoins can't be used to purchase anything useful.
Gonna be tough to find a lawyer that takes payment in bitcoins...
Something else is obvious. Unless your crime is big enough or white
collar enough (banks, financial speculation, fraud, you name it) you
draw the interest of the long arm.
I'm not certain about that. The first staged of thr trail regarding Burney Made Off (with all my grandma's pension fund) started I believe last week. There still has been no criminal prosecution for the securitized asset debacle. Forty trillion dollars in world wide assets (you can argue whether paper is an asset) poof--disappeared. But hey, luckily no one was shorting those CDS and CDO instruments. I mean that would have been messed up--imagine if a bank did that!
"Gonna be tough to find a lawyer that takes payment in bitcoins..."
Lol. Something tells me this is going to be a quick trial anyway....
Somehow I doubt the agency is revealing the actual details of how they tracked him down. It had nothing to do with the widespread exploitation of Tor browsers? It didn't have to do with other surveillance capabilities?
If they control the story, I no longer believe them. Not in full. It sucks that I feel that way.
@ Secret Police
"His bad OpSec doesn't explain how they found his server though. They had plenty of circumstantial evidence leading to his identity but only confirmed it when they imaged the SR servers and discovered his really awful ssh conf that restricted access to his VPN (which was later traced to his surrounding area). "
Knowing the Feds they might have just found it with good investigative work. Remember that they can pull emails, StackOverflow data, ISP records, etc. They can also tap the Internet activity. I think the circumstantial evidence was pretty good and would be more than adequate to get warrants for more detailed surveillance. This might have confirmed the use of Tor, showed him doing maintenance on a server in a traceable way, etc. An initial arrest and forensic imaging could then provide the rest.
@Carl 'SAI' Mitchell:
I wonder what the government will do with the Bitcoins! (If they ever decrypt the drive, that is. "Ulbricht, you can have a cell with either Mongo or Herman. Now, what's the password to your drive?")
Have they raided the grocery store where Ulbricht bought milk? Seriously, let's discern legal from illegal. May be I missing something, but articles refer the Mises Institute or the Austrian school of economics in this context as something very illegal. I'm not sure what kind of clues can it give to any authorities. But this school of thought has been around for quite a while. Hayek got awarded the Nobel prize. The theory has nothing to do with the illicit drug market. Posting on StackOverflow is not illegal. Using Tor is not illegal as long as it's used for legal activities.
Somehow the lines got blurry too much.
I've seen other stories that allege he hired a hit man (with $80,000 in BC) to kill one of his former employees, and provide a video (preferred) or pictures (acceptable) as proof of the killing. The problem was the hit man was an undercover cop. (Aren't they all?) I also saw allegations that he had ordered a bunch of fake IDs with his real picture from Canada that was found in a routine mail search.
"I also saw allegations that he had ordered a bunch of fake IDs with his real picture from Canada that was found in a routine mail search."
I once tried to order a bunch of fake IDs with my picture, as a demo for a conference I was speaking at.
It was harder than I expected, and eventually I gave up.
@Miramon and Nick P
"Knowing the Feds they might have just found it with good investigative work."
Maybe. But maybe not. The problem here is that we know nothing about the true order in which events unfolded. The FBI may have broken into his server via a Tor compromise, found out who he is, and then backtracked to find all the "incriminating evidence" rather than following a random trail of breadcrumbs to the source. Why was the FBI looking at that forum? Why did that post have any meaning to them at the time? They are lots of patterns that look obvious in hindsight but which reasonable people would have never foresaw. In fact, there is a term for this type of thinking: hindsight bias. The whole discussion around opsec in this case is riddled with hindsight bias.
@ Matt Tardy
> I have more than enough fingers to count the times
> this has occurred since I started working here a year
> and a half ago. I wouldn't need a single toe, and
> I'm pretty sure I wouldn't need both hands.
When I count on my fingers I use binary. So -- something around 31?
Nick P, I think you are missing the point that Secret Police was making. The FBI's story is incoherent. They make several, inconsistent claims about how they identified Ulbricht. Maybe they found the server from man, but they also at least imply that they found Ulbricht from the server. Incoherence doesn't mean that they're lying; indeed, people usually plan smooth stories for lies. But it does mean that you shouldn't interpolate the details you like and throw out the rest.
I always lol when people clammer about "faulty opsec" when an individual is acting w/o legal immunity like intel agencies/coppers/soldiers. If you want perfect opsec, dig a hole and starve to death. You can find 20 or so of them, keep tabs on them, but not really send them a message while they're working on your case. Maybe I can compare it to my fantasies of crystal clear executions in my computer; I know the radio waves are anything but, voltage leaks in diodes that aren't ideal. Staring at a pristine sine wave, I know the reality is very jagged and chaotic, not perfect. Do you get 120VAC from the power company?--Hell no, more like 119.34 or 117.89...I think that's a rip off but considering the route maybe it's someone else's fault.
--You're reminding me of a few years ago. I could get ID's from inside the U.S. You can get anything on the black market; guns, coke, ecstasy. The point of getting the license was for buying alcohol though and that was an even easier and cheaper problem to solve, so I didn't buy.
Just in case anyone thinks drug enforcement agencies and coppers are really doing anything about movement of illegal goods; trivially simple and it simply got boring to me.
When I count on my fingers I use binary. So -- something around 31?
--Lol, you're what we call...special. :) I def. need spacing for binary and need to keep track of my counting b/c if I lose my spot I'll get mad. Favorite binary joke is the "there's only 10 types of people" ones.
I once tried to order a bunch of fake IDs with my picture, as a demo for a conference I was speaking at. It was harder than I expected, and eventually I gave up.
Somehow they sensed you didn't want a fake ID just to sneak into bars. Not sure what though. Maybe a tip-off, maybe something in your correspondence, maybe the grey beard, maybe the comb-over. We'll never know for sure.
The only 'legit' ID vendor is Wave, who is a wanted fugitive from an earlier fraud forum sting. He is still sitting on TorChat/jabber selling his IDs like nothing happened. I guess being doxed by the Secret Service doesn't matter when you have your own ID factory. When you order such things its common tradecraft to manipulate your picture before sending to avoid being found in facial recognition software, like widening the space between your eyes and manipulate hair line/forehead space. The test ID I ordered (also for a security presentation) came back with me looking like cromag Riker from that one TNG episode where they devolve lol. Total caveman ID
I don't know about "next to impossible". He made a couple of mistakes which, in the context of somebody with govt-level resources, proved to be his undoing.
Frankly, account history at StackOverflow -- is that even something a normal visitor can see in somebody's profile?
When I count on my fingers I use binary. So -- something around 31?
Err shouldn't that be 15 unless thumbs count as well as fingers ;-)
More seriously back in the days of the Z80 I used to use my left hand to do binary addition/subtraction/2's complement. As a sort of "accumulator" with the "thumb" as over/under flow. Eventually I managed to do it in my head, untill I got my first hex calculator.
Slightly later I learned Baudot and got to the point where mentaly I could add streams and bash them straight into a "telytype" that looked a lot like a KSR33...
I never have problems getting fake IDs made in order to sneak out of the palace.
Getting back to the topic at hand: carelessness never succeeds. If he had played around with names - frinstance, a label like "Bloodgoth" or "Darkangel" or "HellSpawn" would've got him a lot of stick, but it would've also made it seem to the in[ve]stigating agency that he was merely a script-kiddy on a hormonal drive to nowhere. Using a label like "SaniAbacha" or "GeorgeWashington" or "MaximilienRobespierre" would made them think he had delusions of grandeur. Using one's real name - like me :) - is generally a no-no unless you can back it up.
In short, using one's real name in a case of dubious legality or clear illegality's a no-no. Any name you can come up with that leads the opponent to persistently misunderstand and underestimate you is a good thing.
I saw that, Willy! Get back to your wife, right away!
Another aspect - if one is going to quote recondite academic authorities such as Mises, it is surely a better thing to quote them through a sock-puppet - such as the Economist, which for one doesn't accept that prohibition's ever worked with narcotics. If your "real" profile is going to quote Mises, make sure your secondary profiles quote anything but.
and Willy - sorry, "John Henry" - Katherine die Grosser's fuming. A beer with the boys after a footy match is no excuse, not now.
It's not about them collecting too much information. It's just that he was plain stupid.
In my country once an hacker defaced the main postal website. I could find out who he was and where he lived based only on a haiku he left on the defaced website... Too peculiar... In just half an our of googoling, using the haiku, account names and interests, I had is name, address and school...
I even contacted him and it turned out lots of other people did... It's just easy if you leave all the traces...
I'm surprised nobody has pointed this out yet, but Tor architecture is known to be vulnerable to traffic analysis. It can't be used to locate hidden services, unless you already know where to look or can tap pretty much the whole internet backbone, which is implausible. No, wait a second...
@Valtteri Kokkoniemi: do you think that Freenet combined with TOR would do the job ?
Skeptical: I suspect that tor hidden services aren't as hidden as people think. Either that or they used a bug in OpenSSH, apache or whatever other daemons were running on his server to login (likely the server is running tor and also has a real IP. This can also be leaked by software, e.g. apache error messages. Obviously the best idea is having a router running tor in between with a red and green NIC interface so the server doesn't even have a real IP.)
Bruce: regarding fake IDs and an til counterfeiting tech- I can't believe that in this day and age we still have printers that deliberately leak time/date/serial in yellow dots. The secret service supposedly requested the feature (along with digital watermarking to stop Photo shopping of notes and a simpler algorithm 'euro constellation' for embedded stuff like photocopiers) to stop fraud and counterfeiting but c'mon, seriously? We need to get behind the EFF and friends and stop this nonsense.
DPR moved his servers around every month, and was sloppy at it too with noticeable downtime. Instead of using a web server that didn't leak information he appeared to use apache. He also failed to use an isolating proxy to prevent disaster like early this year when his php app dumped debugging information to the login screen and somebody found the current IP.
Newest black market 'Sheep Marketplace' screwed up already by not scrubbing comments out of css files, indicating he is located in the Czech Republic. He alao failed to custom build his framework ripping out error messages and server signature, he is using Nettle php framework which is wide open to exploitation. You can also find exif data galore in his logo pics.
If you don't know what you are doing probably shouldn't build the next illegal marketplace
That should be Nette framework. Anyways, these people are crazy trying to make SR 2.0 they will end up just like Ross Ulbricht. The admin of Black Market Reloaded is a well known figure. In fact Anonymous once showed up to his door when he ran a different site Since he hasn't been busted, and literally half the hacker community knows who he is I can only assume he is an informant
No, as "the job" is defined as running an interactive web server in hidden location. Freenet fails at the interactivity part and any solution, on top of it or otherwise which does not, is likely to be vulnerable to traffic analysis because of that exact property.
When the majority of people who make use of privacy enhancing technology are either privacy advocates themselves or drug dealers, the community might want to reassess its approach.
Tor as a honeypot? Feasible.
On Tor Blog https://blog.torproject.org/blog/
Reference the article "Reimbursement of Tor exit operators [Sept 25/2013]"
You will find this:
"Moritz wrote again on the the tor-relays list to announce that reimbursements are scheduled to begin at the end of this month, drawn from a one-time donation by the U.S. Government's Broadcasting Board of Governors."
Unusually odd relationship, wouldn't you say?
The most interesting part to this is the "Fake IDs from Canada" part of the story.
Did the FBI develop all this intelligence independently?
Or did the order for the Fake IDs from a foreign national in a foreign nation provide a nexus where the NSA could hand over it's dossier (as has been alleged in DEA & IRS cases), which the FBI could then engage in an evidence-laundering process so once they knew where to look and what they were looking for, they could look in a legally clean investigation?
Have you used Freenet?
Freenet is quite different from Tor, and there would be no point in layering one atop of the other. Freenet also has a nearly awful browsing experience. While you can, eventually, load information, the problem is that if it's not popular, then it has to be brought in over many nodes to you. This can take quite a while, even for pages in the main index. An eBay-like system could be created, but you wouldn't be able to zip around and do fast searches. Doing things like messaging requires plugins, and allocating a good chunk of memory to nothing but Freenet activity. A shopping system would require that all nodes involved run the shopping plugin, and your node might need to be up 24/7.
I don't believe the poor opsec story for a second. Actually the more familiar somebody is with these things the more likely they are to find the entire thing suspect.
Just one example of a myriad of them: Thought experiment. If you were operating the world's largest internet black market would you a) request a motorcycle gang murder somebody followed by b) asking for fake IDs from the _exact same people_, meaning that you give them you real name and photograph and a real contact address.
No. Because that would be insane.
Another example: if you were running a hidden service on a vps in some foreign country then, a) why would you need id for that as has been suggested and more importantly b) why would you connect via a vpn instead of tor?
We have to believe some pretty weird and unusual things to see the FBI story as consistent.
I know Bruce has his hands full right now, but the title is sloppy. There should be an 'alleged' in there somewhere.
In light of the recent information from Snowden's leaks, there is only one possible logical explanation that hangs together consistently, and that is parallel construction.
This is just crying out for a real journalist with time on his or her hands to investigate it fully.
Oh and the idea of somebody 'making a hit' using a bank wire while they know how to build and use an bitcoin mixing service. Really? It is ludicrous.
Yep. Let's all ignore the man behind the curtain why don't we. Schneier has his hands full but the rest of the media has no such excuse.
Hanna: yeah, I agree. Look - I agree the guy isn't the sharpest of tools in the shed but I don't buy the official story. They used unconstitutional eavesdropping and then used what information they had gleaned to construct a plausible story.
In Re: Finding his server.
Once they had their suspect, they merely watched him and noted he was using the internet connection at the cafe. They got a warrant on the cafe's internet connect for "meta data" or "pen register" for port 22 connections. "Its just IPs your honor."
Once they had the destination IPs of SSH connections that occurred while he was at the cafe... they had the server. A hidden service is only accessible on Tor, but the server running the hidden service is still managed via an ssh connection.
You will note the mention of the cafe and the SSH keys in the documents/articles. The govt has a tendency to reveal 1/2 of the story openly and then the other half is filled in during the trial. It will all make sense soon and it will match what I have typed above.
And don't believe the spin that the ultra-efficient CBP "found" the package during a normal inspection.
It was more OpsSec issues.
A friendly piece of advice to the next person(s) who are researching before opening the next SilkRoad - Don't include a forum. If you choose to include a forum, never post on it under any circumstances. Forums do not benefit your quality suppliers, your quality customers, or your long term need for life outside of prison.
It was harder than I expected, and eventually I gave up.
I can recommend Khao San road in Bangkok. The guys on the street selling cheap stuff are not going to come up with anything complicated, but they can lead you to more specialised colleagues.
@ Valtteri Kokkoniemi, @ Locker, @ Brian M.
The folks at Freenet are quite open about possible attack vectors.
The important thing to understand is that solutions like Freenet and I2P are works in progress that don't make any claims whatsoever about guaranteed privacy or anonimity. Neither does Tor. The only way for them to get more traction, funding and development is by using and supporting them, even - and particularly - when you have nothing to hide. In doing so, you're causing Spooks United (SU) an additional headache, which is its own reward.
It would be totally cool if Ulbricht's seized bitcoins were donated to these intiatives, but I'm dreaming again.
... there is only one possible logical explanation that hangs together consistently, and that is parallel construction.
Without underestimating the resources and capabilities of the FBI, that was the first thought that came to my mind too.
It just sounded too neat and too dumb to be real. My initial reaction was that is was fabricated.
Well, I actually agree with Craig's opinion.
Despite the time frame being supposedly consistent with that of the Silk Road history, there is no guarantee that anything pointed out as a clue have actually being made by Ross Ulbricht. That is, I believe, one of the dangers of today's Internet, that we have seen in similar cases: proofs being taken out of nothing just to serve law enforcement's purpose.
I just wonder the what will be the actual value that these facts will have as an evidence in corresponding criminal case!!
João: indeed. Everything they write may be truth but there is no way I will believe them after NSAgate.
@ Douglas Knight
"Nick P, I think you are missing the point that Secret Police was making. The FBI's story is incoherent. They make several, inconsistent claims about how they identified Ulbricht."
It's possible. Of course, as Flaco pointed out, they could be obfuscating parts of their investigation waiting for the rest to play out in court. They actually do that sort of thing a lot.
@ Mike the goat
"NSAgate" is NSA. This is FBI. Different groups with different capabilities, cultures and MO's. We can't make the mistake of treating all agencies like they're the same. If we do, we miss out on opportunities to capitalize on their weaknesses and poor coordination when defending against them.
Nick: that's true but we have to assume they are collaborating. Given the exploit they used on Freedom Hosting matches what we'd expect given what we have seen in the leaked documents I suspect that they are indeed working in concert. Yes, it probably isn't exactly a streamlined process to organize interagency assistance but I suspect it occurs frequently with "high level" targets.
@ Mike the goat
I'm sure there's plenty of collaboration between federal police and spooks. I just think it's a tiny part of overall Fed activity. So, the question is, are there any giveaways for us to find when we're asking that question?
Send them on wild goose chases. If they want info, give them more than they can handle!
Bruce, I found this discussion which reveals how Freedom Hosting and Silk Road were busted. Hint: The official story about detective work is a complete ret-con lie. Tor is broken. The inner circle of Tor designers knows the truth and is not talking about it for fear of scaring everyone away. Here's the exchange:
----- Sinner@3pp1+a8NbBmh8G488R3CM0iV5Kk ----- 2013.10.11 - 18:42:29GMT -----
Don't use Tor, man.
You have to wonder how Freedom Hosting and Silk Road's server IPs were both found.
I think all of Tor is FBI/NSA compromised and that they can read all traffic.
Tor routes all traffic via a bunch of intermediary nodes. If LEA owns enough nodes, they would just have to be the node that starts a request and ends a request, to find both your IP and the hidden services' IP:
You (18.104.22.168)->NSA node->other node (maybe NSA, doesn't matter to them)->NSA node->Hidden service (22.214.171.124).
They can then see that communication took place between 126.96.36.199 and 188.8.131.52 and will know that one is the hidden service and the other is an adversary.
This is one way they could have found the IPs of all of the sites they wanted to bust.
The other method is via weaknesses in the webserver software, getting it to give up its real IP, and that's very possible as well. That's the story the NSA wants us to believe took place.
But we just don't know, and I would not touch Tor anymore until the situation is clear.
----- moony@FB5nvW5PTcpK_03pkeBMahqq3Us ----- 2013.10.11 - 23:41:30GMT -----
> You (184.108.40.206)->NSA node->other node (maybe NSA, doesn't matter to them)->NSA node->Hidden service (220.127.116.11).
There are actually 6 nodes between you and a hidden service. Hidden services also use 3 relays And don't forget that communication is encrypted, so nodes along the way can't read it. The NSA nodes can correlate traffic at either end to determine that you are *likely* visiting the hidden service.
----- Sinner@3pp1+a8NbBmh8G488R3CM0iV5Kk ----- 2013.10.12 - 04:16:13GMT -----
Oh yeah, I see now that it's 3 nodes for exit points and 6 nodes for hidden services. Then they'd need to infect 4 of the 6 intermediary nodes in a chain to do such a correlation attack, which is much more difficult.
However, I just came up with a much easier attack:
Let's say that you want to find the IP of hidden service "opva2...onion". All onion addresses are cryptographic keys used for communicating with them. So, your goal is to find a computer that answers to this key. But Tor clients (like a hidden service, or you) will only talk directly to the Tor entry nodes they're using to connect to the network. They won't accept random incoming connections.
Knowing this, here are the steps you'd take:
1. Infect the network with a very large amount of Tor entry nodes under your control.
2. Wait for lots of computers & hidden services to connect to your entry nodes. If, for example, the OPVA server has to re-start and then reconnect to the Tor network, there's a very high chance it will pick your Tor entry node if you own enough of them.
3. Now use all of your Tor entry nodes to send fake packages to every Tor client (all of the hidden services & all clients connected to that bridge). The packages you send out will be encrypted with the "opva2..." public key, which means that the only node that will be able to decrypt and understand that message and reply to it will be the OPVA2 hidden service.
4. When you get a reply from one of your Tor clients, you've conclusively found the hidden service's IP.
I'm not sure this is how they did it, but either way Tor is fucking dead at the moment. We need to be cautious and wait. Maybe the network itself is still pretty safe for end-users, but it's definitely suicide to start new hidden services now. There are several ways that they can find service IPs.
----- alt.fan.yardbird@iRUHGZ+v8TOpwKsP+y_FH0AumD8 ----- 2013.10.12 - 04:59:45GMT -----
> I'm not sure this is how they did it
Verrrrry good, Sinner! That's how it's done. Used to be a hidden service was unmaskable in half an hour that way. So Tor was patched to stay with the same 3 guard nodes forever. Later, when the balance got upset, some guards had too many clients, they returned to switching guards but only monthly, not moment-by-moment. Now unmasking takes months, not minutes. Not good for anonymity against a persistent adversary with large resources. Talk among devs is maybe delay the selection of new guards to once every three months. This would only prolong the needed attack time but provides no sure cure.
The attack on the Tor network proceeded unimpeded for some months. It began with breaking into the hidden service directories and harvesting every in-use hidden service address. Then a probe came once per day, about the same time each day. One single probe and that was it. After FH was taken down and half the hidden service addresses disappeared, the probe came earlier each day. Since the probe was no longer predictable, you couldn't have your service down at probe time. Then it became necessary to shut everything down.
And there are sites back up and running!!! That would be unbelievable so clearly the site admin believes he's anonymous when he pays for the service. Probably the server owner doesn't even know a hidden service is being hosted on one of their accounts. I cannot envision any other way for this current situation, with on-topic hidden services still running, to exist. Maybe they don't truly understand the risk, or maybe they don't care about protecting the hoster. The probe is buried in the access logs, but if the site is super busy, who has the time to search them?
That perfectly explains the FBI's official Silk Road court documents, which state that they located the Silk Road IP in mid-2013, and then asked the hosting provider to silently provide an image of the entire hard disk. It doesn't go into details of how the IP was found. We now know how it was done.
I believe Yardbird above. He ran a big hidden service that recently went dark for this exact reason. There's no way to run hidden services. Your IP will be found.
Here's a breakdown of how broken Tor is (2 out of 3):
* Using Tor to host hidden services: Suicide. Your IP will be found using the method above.
* Using Tor to browse the open web: Whether it's safe or not depends on what you are doing. The NSA and other agencies operate large amounts of exit nodes that snoop on all data. You need HTTPS for any sensitive exchanges, and even that is unreliable since the NSA has cracked lots of HTTPS certificates and can get the plaintext data of the exchanges.
* Using Tor to talk to other Tor users and exchange files directly (via things like Torchat), basically peer-to-peer entirely inside the network: Very safe. There's no way for them to snoop on what is going on since it's all within an encrypted exchange between two regular-user nodes on the network. No data leaves the network, and no hidden services are involved.
The only way Hidden Services still have any meaning, is when the service provider doesn't care about their real IP being found. This could for example be the case with something like Wikileaks, where they want people to be able to anonymously submit data, without caring if the government knows the IP of their server. But if you want your Hidden Service IP to remain secret, then forget about it. That aspect of Tor is completely dead.
Here's the last part of the discussion. I don't know about the validity of any of this but it makes a lot of sense. Everything below is from the discussion thread I discovered:
----- Fox Mulder@rw+dWzFimzZw2Eab9PtWuSh2h1Y ----- 2013.10.13 - 01:14:17GMT -----
LOL. Your post made me laugh.
That shit you posted is the LEA's dream.
As you can read here, you will see that LEA can't break TOR that way.
This one is from when the exploit was deploid on the zh servers. As you can see here the exploit was uploaded after Eric was arrested and not before. He was arrested on july, the exploit was uploaded on aug 04.
And in this post you can see he was moving large amounts of money through his bank accounts. Including accounts on the US. Dumb guy.
----- Sinner@3pp1+a8NbBmh8G488R3CM0iV5Kk ----- 2013.10.13 - 02:10:48GMT -----
You're not worth debating whatsoever so I'll just say these brief things, for the benefit of other people:
1. Articles written by the illiterate press.
2. Articles written by the illiterate press.
3. Articles based on lies by the FBI, and on outdated NSA slides.
4. Articles based on lies by the FBI, and on outdated NSA slides.
Now, let's move on to the technical details of busting a hidden service, for the rest of you:
To connect to the Tor network you HAVE TO connect to entry nodes. Those "nodes" are nothing more than other computers on the internet. ANYONE can become an entry node. Even you. Even the NSA.
Entry nodes get a direct connection to your computer and are responsible for passing all messages to/from Tor and your computer. They are literally THE gateway you use to communicate with Tor. EVERYTHING passes through them.
As a result, these gateways/entry nodes have FULL access to you and can send fake messages to probe who you are and instantly find out if you are a running hidden service such as OPVA (by crafting a message intended for OPVA and seeing if your computer responds to it - bingo!).
They HAVE to be able to do this, because that's how Tor works; if the entry nodes couldn't send you fake messages to find out who you are, then they would not be able to route any kind of messages to/from you and the rest of the network. It's impossible to fix this problem. By design, the entry node is your gateway and your computer/hidden service server cannot tell fake gateway messages apart from real ones. It only knows what the gateway tells it. (In fact, a fake gateway could emulate the entire Tor network if it wanted to, while not actually being connected to Tor at all. But that's a separate issue and just demonstrates the power that entry nodes have.)
So, obviously great risk lies in the possibility of certain entry nodes being law enforcement. Tor's protection for hidden services relies on those entry nodes being clean, good guys that don't whatsoever monitor who you are. But they know that it's impossible to guarantee, so they designed the "Entry Guard" feature which means that your node picks a random set of entry nodes and sticks with them for a long time.
They did this because they realized that there is no way that you can guarantee that an entry node is clean or not, so it's statistically better to stick with the same, narrow, random set and hope that 100% of the ones you picked are clean (with an added risk of being connected to an evil entry node for longer periods, if you were unlucky in your random selection), than to rapidly switch all the time and be *guaranteed* to hit an evil node very soon.
The issue was that, as yardbird described, certain entry nodes became overloaded with way too many connections, so they once again had to begin rotating entry node selection, on a monthly basis.
So, each month you will select some new random entry nodes, and along comes the HUGE risk that you will connect directly to an NSA entry node.
When you do - the game is up.
There are only ~3000 entry nodes around the world. It's absolutely trivial to own enough of them that you're guaranteed that the hidden service you're targeting will select your entry node.
Then, when the probe is done, and with the real hidden service IP's in hand, you simply subpoena the webhost and get them to mirror the harddrives.
This is exactly what happened. I know a fuckload about networking and programming, which is how I was able to casually come up with the attack that Yardbird just confirmed. Everything I say makes perfect sense to anyone with any network design knowledge whatsoever. And Yardbird confirms that they did indeed probe via the method I described. Case closed.
This is how the FBI was able to get the IP of the Silk Road server and subpoena the webhost to mirror the harddrive contents for them. It's the reason that their official indictment says "we... uh... got the IP and told the webhost to mirror the server for us..." without any details of how they got the IP.
This is how the FBI got the IP and contact details of the Freedom Host webhost and got them to change the passwords to give control over to the FBI. It's how they were able to trace the admin IP or payment details back to Eric Eoin Marques and bust him. It's how they were able to gain control of the websites install malware on all websites. As an aside, the malware was not intended for busting Freedom Host. They had already busted it. They just used the malware to collect proof that Americans were accessing Freedom Hosting sites, to provide evidence/reasons for an extradition hearing from Ireland to USA. I would be surprised if they ever bust any of the IPs they logged, because that wasn't the purpose of the exploit at all.
This is why the press is going crazy, wondering how the hidden service IPs are being discovered left, right and center all at the same time.
This is the answer.
Sinner: I agree wholeheartedly. Tor hidden services are broken.
This is hilarious! Sinner actually casually came up with an attack that has finally been academically published in May 2013. Wonder why it took the rest of the world so long? It amuses me to no end that some random guy theorized about this and stumbled on *the* attack on Tor hidden services.
Here's the paper:
"VI. OPPORTUNISTIC DEANONYMISATION OF HIDDEN SERVICES
The fact that an attacker always controls one side of the communication with a hidden service means that it is sufficient to sniff/control a guard of the hidden service in order to implement a traffic correlation attack and reveal the actual location of the hidden service. In particular, an attacker can:
* Given the onion address of a hidden service with unencrypted list of introduction points determine if her guard nodes are used by this hidden service.
* Determine the IP addresses of those hidden services that use the attacker’s guard nodes.
* Determine if the attacker’s guard nodes are used by any of the hidden services, even if the list of introduction points is encrypted."
could you provide the source for that discussion??
I've searched for The answer's source but could not find it with google. It was posted on torproject.org, too, with almost exactly the same text.
The way it's presented looks very fishy to me, but I could not find a flaw in its content - but then again I'm a total amateur.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.