FBI arrests Silk Road drugs site suspect

Well, each Tor relay connects to many other Tor relays. But one could use traffic correlation to at least somewhat focus the search back through the Tor network. However, Tor circuits don't last very long, normally on the order of minutes, so the adversary would need to work very quickly. Indeed, they would need to have all the intercepts set up in advance. Still, there are only a few thousand Tor relays, and they're all (except for bridges) listed publicly. So it's doable for at least some global adversaries. The key limitation, I suspect, is false positives in traffic correlation. See The 23rd Raccoon [2008] How I Learned to Stop Ph34ring NSA and Love the Base Rate Fallacy at http://archives.seul.org/or/dev/Sep-2008/msg00016.html.

 

http://threatpost.com/in-wake-of-takedown-tor-looking-for-answers

 

I'm guessing that there were ownership and/or management associations among the sites taken down in Operation Onymous. Remember Freedom Hosting? We know that Pink Meth (a site that deserved to die horribly) was a DoxBin offshoot. Maybe Silk Road 2.0 was too. It for sure appeared very quickly after Silk Road went down.

 

Actually when you think about it they should be able to easily find all the servers in the entire Tor network by analyzing traffic logs from ISP's and data centers around the globe, starting with the Tor's bridge/entry servers they would see the IP addresses they connect too and so on. I wouldn't be surprised if the FBI already has a general map of Tor now.

 

Not necessary.

https://atlas.torproject.org/
https://metrics.torproject.org/

 

can you elaborate?

 

There's no need to "find" all of the Tor relays, because the Tor Project publishes the information. And generating a network map would be trivial.

But tracing the millions of simultaneous circuits is still hard.

 

How a Russian Dark Web Drug Market Outlived the Silk Road (And Silk Road 2)

http://www.wired.com/2014/11/oldest-drug-market-is-russian/

For those socially inclined follow Andy Greenberg on Twitter: https://twitter.com/a_greenberg

 

81 percent of Tor clients can be identified with traffic analysis attack

http://securityaffairs.co/wordpress/30202/hacking/tor-traffic-analysis-attack.html

 

See this Tor Project blog for context:
https://blog.torproject.org/blog/traffic-correlation-using-netflows

I also recommend his PhD thesis:
Sambuddho Chakravarty (2014) Traffic Analysis Attacks and Defenses in
Low Latency Anonymous Communication
http://www.cs.columbia.edu/~angelos/Papers/theses/sambuddho_thesis.pdf

 

The good thing about criminals using tor and probably tails is they expose the fact these so called anonymity projects are a joke. Without them getting busted while using these services the rest of us would be oblivious to that fact. Perhaps now this has become obvious other developers will create a real anonymity project.

 

~ How a Russian Dark Web Drug Market Outlived the Silk Road (And Silk Road 2) ~

http://www.wired.com/2014/11/oldest-drug-market-is-russian/

 

I know it's a drug market, but I like their approach to security. Simplicity...

 

I think the success of RAMP is more about the lack of action by Russia than the anonymity of the service.

 

Whether it's Netflow or some other intercept technology, I don't see the technical problem for a well-financed "adversary" with the ability to measure at many different points, in doing traffic correlation. The false positive rate is something that could be followed up by examining the connections of all those possible positives in a more detailed trawl. Then home in on the favoured suspects with targeted attacks. I guess this would also mean having unpicked VPN chains (where they can doubtless do similar timing attacks). They will of course have started with attacks on the servers, presumably with varying degrees of success. Plus informants!

I've never been comfortable with Tor from the perspective of the different node types and their connection to the real internet. If you are going to persist with that, then I think you need to ditch the notion of having really low latency, and do stuff like introducing timing jitter and mess with packet sizes etc. Then, if you're effectively going store-and-forward, then some kind of mesh network would be the thing. But then, being a Luddite, I'm very sceptical of the value of being tied to a computer screen, and would much rather most of my connectivity were asynchronous and long latency doesn't bother me.

What really bothers me about what the security services and law enforcement is doing though, is that because they do not have a proper deal with the population and are not acting constitutionally/lawfully, techniques and services will evolve which will be far harder to monitor than Tor plus weak opsec. People are very inventive when it comes to money and crime, and by definition, evolution of "successful" services will be done on the basis of those who elude capture.

 

Yes I agree with you. But I still like their approach

 

Yes, low latency makes anonymity tough. I go on at length about these issues here: https://www.ivpn.net/privacy-guides/adversaries-and-anonymity-systems-the-basics

For what it's worth, my current favorite candidate is Aqua:
Le Blond et al. (2013) Towards Efficient Traffic-analysis Resistant Anonymity Networks
https://www.mpi-sws.org/~stevens/pubs/sigcomm13.pdf

There's also national security, which is where Tor started, and still a source of funding. The radical aspect was making Tor open-source. Anonymity requires collaboration among adversaries. Although powerful adversaries could subvert the code, that would put the system (and their security) at risk. But the same dynamic could work for Aqua, or whatever.

 

From the first link in post #135:

 

Thanks. That comment wasn't there when I read the post. I'm somewhat reassured. But still, there are concerns about parallel construction. The FBI might not want to reveal technical capabilities, or help from the NSA, and so they emphasize conventional methods.

 

Feds to auction off second tranche of Silk Road Bitcoins worth $19 MEEELLION

http://www.theregister.co.uk/2014/1...nche_of_silk_road_bitcoins_worth_20_meeelion/

 

Many Tor-anonymized domains seized by police belonged to imposter sites.

-- Tom

 

That is a hoot

Edit: And so are the comments. Those folk on Ars are clueless

 

US authorities to sell bitcoins worth $19.8m seized from alleged Silk Road owner

http://www.theguardian.com/technolo...-bitcoins-seized-from-alleged-silk-road-owner

 

OnionDuke: APT Attacks Via the Tor Network.

-- Tom