FBI arrests Silk Road drugs site suspect

Discussion in 'malware problems & news' started by ronjor, Oct 2, 2013.

  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Well, each Tor relay connects to many other Tor relays. But one could use traffic correlation to at least somewhat focus the search back through the Tor network. However, Tor circuits don't last very long, normally on the order of minutes, so the adversary would need to work very quickly. Indeed, they would need to have all the intercepts set up in advance. Still, there are only a few thousand Tor relays, and they're all (except for bridges) listed publicly. So it's doable for at least some global adversaries. The key limitation, I suspect, is false positives in traffic correlation. See The 23rd Raccoon [2008] How I Learned to Stop Ph34ring NSA and Love the Base Rate Fallacy at http://archives.seul.org/or/dev/Sep-2008/msg00016.html.
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,412
    Location:
    Slovenia
    http://threatpost.com/in-wake-of-takedown-tor-looking-for-answers
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    I'm guessing that there were ownership and/or management associations among the sites taken down in Operation Onymous. Remember Freedom Hosting? We know that Pink Meth (a site that deserved to die horribly) was a DoxBin offshoot. Maybe Silk Road 2.0 was too. It for sure appeared very quickly after Silk Road went down.
     
  4. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,154
    Actually when you think about it they should be able to easily find all the servers in the entire Tor network by analyzing traffic logs from ISP's and data centers around the globe, starting with the Tor's bridge/entry servers they would see the IP addresses they connect too and so on. I wouldn't be surprised if the FBI already has a general map of Tor now.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Not necessary.

    https://atlas.torproject.org/
    https://metrics.torproject.org/
     
  6. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,154
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    There's no need to "find" all of the Tor relays, because the Tor Project publishes the information. And generating a network map would be trivial.

    But tracing the millions of simultaneous circuits is still hard.
     
  8. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,412
    Location:
    Slovenia
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
  11. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    The good thing about criminals using tor and probably tails is they expose the fact these so called anonymity projects are a joke. Without them getting busted while using these services the rest of us would be oblivious to that fact. Perhaps now this has become obvious other developers will create a real anonymity project.
     
  12. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    ~ How a Russian Dark Web Drug Market Outlived the Silk Road (And Silk Road 2) ~
    http://www.wired.com/2014/11/oldest-drug-market-is-russian/
     
  13. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,412
    Location:
    Slovenia
  14. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    I think the success of RAMP is more about the lack of action by Russia than the anonymity of the service.
     
  15. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Whether it's Netflow or some other intercept technology, I don't see the technical problem for a well-financed "adversary" with the ability to measure at many different points, in doing traffic correlation. The false positive rate is something that could be followed up by examining the connections of all those possible positives in a more detailed trawl. Then home in on the favoured suspects with targeted attacks. I guess this would also mean having unpicked VPN chains (where they can doubtless do similar timing attacks). They will of course have started with attacks on the servers, presumably with varying degrees of success. Plus informants!

    I've never been comfortable with Tor from the perspective of the different node types and their connection to the real internet. If you are going to persist with that, then I think you need to ditch the notion of having really low latency, and do stuff like introducing timing jitter and mess with packet sizes etc. Then, if you're effectively going store-and-forward, then some kind of mesh network would be the thing. But then, being a Luddite, I'm very sceptical of the value of being tied to a computer screen, and would much rather most of my connectivity were asynchronous and long latency doesn't bother me.

    What really bothers me about what the security services and law enforcement is doing though, is that because they do not have a proper deal with the population and are not acting constitutionally/lawfully, techniques and services will evolve which will be far harder to monitor than Tor plus weak opsec. People are very inventive when it comes to money and crime, and by definition, evolution of "successful" services will be done on the basis of those who elude capture.
     
  16. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,412
    Location:
    Slovenia
    Yes I agree with you. But I still like their approach :)
     
  17. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Yes, low latency makes anonymity tough. I go on at length about these issues here: https://www.ivpn.net/privacy-guides/adversaries-and-anonymity-systems-the-basics

    For what it's worth, my current favorite candidate is Aqua:
    Le Blond et al. (2013) Towards Efficient Traffic-analysis Resistant Anonymity Networks
    https://www.mpi-sws.org/~stevens/pubs/sigcomm13.pdf
    There's also national security, which is where Tor started, and still a source of funding. The radical aspect was making Tor open-source. Anonymity requires collaboration among adversaries. Although powerful adversaries could subvert the code, that would put the system (and their security) at risk. But the same dynamic could work for Aqua, or whatever.
     
  18. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From the first link in post #135:
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Thanks. That comment wasn't there when I read the post. I'm somewhat reassured. But still, there are concerns about parallel construction. The FBI might not want to reveal technical capabilities, or help from the NSA, and so they emphasize conventional methods.
     
  20. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Feds to auction off second tranche of Silk Road Bitcoins worth $19 MEEELLION
    http://www.theregister.co.uk/2014/1...nche_of_silk_road_bitcoins_worth_20_meeelion/
     
  21. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
  22. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
  23. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
  24. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
    OnionDuke: APT Attacks Via the Tor Network.

    -- Tom
     
  25. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    120,896
    Location:
    Texas
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.