Silk Road forums

I've wondered about this. If you read up on the main way a vendor is vulnerable in these forums it seems the most likely sequence would be for LE to intercept packages to draw a mailing radius and then see who within the radius is using Tor. Not exactly easy or definitive.

This may be easier than it looks, since the number of users who fit the behavioral profile of SR vendors (ie, logging on daily) is about 20 in a city with 100K people, and 200 in a city with 1M people:

http://dkn255hz262ypmii.onion/index.php?topic=158464.msg1124077#msg1124077

Read that post, then read the one below it where I update my estimate.

I've yet to read of a single instance where LE has caught a SR vendor based solely on hacking.

Here's what LE could do. They find a vendor who is selling a range of drug amounts, like 1 gram up to an ounce of cocaine. They check the reviews to make sure the vendor is getting sales and actually pushing that product. This would be someone with many ounces of cocaine. Then they buy 1 gram off the vendor. Only costs $150 and they know the vendor's city.

They hand the ISP a list of Tor entry guards and known bridges, and request the subscriber info of everyone who connects to those IP addresses, say 5 days out of the next 7 days. In a week they are down to a list of 10 - 200 people. They start watching those subscribers and messaging the vendor, looking at the response times, so it's basically a low grade correlation attack, similar to what they did to this guy:

http://arstechnica.com/tech-policy/2012/03/stakeout-how-the-fbi-tracked-and-busted-a-chicago-anon/

They watched his local network with a tap and trace device installed in his computer and correlated it to his IRC activity (which he accessed over Tor).

What percentage of those daily users will be online at the specific hour when a message is received from the vendor? 10%, 20%, 50%? Even in the "worst" case scenario for LE, they can exclude half the people on their list every time they receive a message. How many halvings does it take to get down to one person that they can start investigating IRL?

Even if they start with a list of 200 people, surprisingly it takes only 9 halvings, which is 9 messages. Unfortunately for them, there is a small percentage of users who stay online all the time (like on IRC), so those people will never be excluded from the list. LE would have to investigate all of them.


I should note that it's easy to defend against this attack. Use a VPN or rent a VPS and set up a private bridge.


So why hasn't this happened yet? Surely the computer experts that they employ have thought of it.

I think SS is right, LE either doesn't care, or it's too inefficient. Maybe the the last leg isn't worth it. ie, they reduce 200 users to 20 or 30 who are always online, but investigating all of them is too much work to bust someone pushing the amounts of drugs that SR vendors push.

And if anything I said is remotely true, then you can help vendors by using Tor all the time.

@d0z3r

What are you afraid can happen?

The Dwolla -> MtGox method had the most stringent verification requirements of any bitcoin purchasing method. If it got shut down, what hope is there for the rest of them?

They will never have enough evidence to arrest you if they can't find anything on your PC

That depends on where you live.  The 5th Amendment (or its equivalent) doesn't exist everywhere and in many countries you can be forced to incriminate yourself. We're not talking about backwards third world countries either. As the Tails dev said above, key disclosure laws exist in the UK and France. In the UK, you can get up to 2 years for not providing a password. I'm belaboring this point, because we have a lot of Brits on this forum, so its relevant to them.

Now, if hidden volumes become popular, LE could assume everyone is using them. So if they find no incriminating evidence after you truthfully provide the password to the only encrypted volume on your computer, they could assume you're still hiding something. Plausible deniability becomes plausible suspicion, and grounds to keep you locked up (in the best case).

So you can simply just say FUCK YOU LE.

If you are protected from self incrimination and key disclosure, then you don't need a hidden volume. You can just say Fuck You LE when they ask for your password.

So hidden volumes are either dangerous or useless.

Well, that's their argument anyway. I don't really care one way or the other.

That sounds epic; I think the Windows truecrypt is the only one that offers the OS encryption thingy  .  I wish they'd get that for the linux distros.

Here's the technical reason why hidden volumes don't exist for LUKS/dm-crypt:

https://code.google.com/p/cryptsetup/issues/detail?id=7

But here are the philosophical reasons why many people don't think it's a good idea, straight from a Tails developer.

https://tails.boum.org/forum/Plausible_deniability_of_encrypted_storage/

===============

Regardless of TrueCrypt's "less than open nature" and other issues there might be very real security reasons to not include it exactly because it supports plausible deniable encryption. Below I will detail some thought I've been entertaining for the last couple of years that I feel are ripe for venting now:

While a very cool idea, simply possessing tools supporting plausible deniable encryption could be dangerous in itself if you live in an area where the "law" either practices rubber-hose "cryptanalysis" (i.e. torture), or has a key disclosure law (which includes countries like UK, France, Canada). As you know, it's precisely these practices and laws that plausible deniable encryption is intended to protect against. So, imagine that you live in such an area, get suspected or arrested for some crime, that the authorities seize you computer as a result, and that they find your TrueCrypt installation on it.

Problem 1: If a TC volume indeed is indistinguishable from random junk, then any file that looks like random junk may be considered as TC volumes by your adversaries, even those that in fact are not TC volumes or encrypted data.

Hence, even if you hand out keys and passphrases to the real TC volumes, your adversaries may demand keys and passphrases for the other random looking (but non-TC volume) files. You can truthfully deny that they are TC volumes all you want, but they will torture you, or throw you in jail. You're screwed.

As have been pointed out, it may still be possible to determine whether a file is a TC volume or not by using analyzers such as TCHunt. However, after learning TCHunt's technique I must say it looks pretty weak and simplistic, and that it very easily can produce false positives. In fact, I did a simple test:

TMPDIR=$(mktemp -d)
for X in $(seq 1 100); do
    dd if=/dev/urandom of=${TMPDIR}/test.${X} bs=1b count=20000 2> /dev/null
done
echo $TMPDIR
# run TCHunt on ${TMPDIR}, i.e. the directory printed above

So, I generated 100 files of ~10 MB (but divisible by 512 bytes) of pseudo-random data generated from Linux' PRNG and then ran TCHunt on these. Every single one of them was incorrectly identified as a TC volume, so we have a 100% false positive rate. There may be better commercial alternatives to TCHunt, though. If not, the problem with false positives just strengthens problem 1. Personally I generate such files from time to time for various reasons, so I would be screwed.

Problem 2: Since TC supports hidden volumes, even if you disclose all your keys and passphrases to your adversaries they may insist that you have hidden volumes when you in fact don't.

This could for instance happen if your adversaries didn't find what they were looking for in the "normal" TC container that you supplied them keys and passphrases for. Or perhaps they found what they wanted, but the prosecutor (naturally) just wants to fuck you even more by adding a few additional years on your prison sentence for refusal of (non-existing) key disclosure. You're screwed.

The essence, or generalization, of these two problems is that plausible deniable encryption gives your adversaries "plausible suspicion" (in lack of a better term). Since there are so few encryption tools that allow plausible deniable encryption, choosing a tool that supports it (like TC) instead of a tool which doesn't (like dm-crypt/LUKS) may give them strong reasons to believe that you are indeed using that specific feature, and thus that you're not cooperating with them even when you really are cooperating as much as you can.

For the above reasons it seems like plausible deniable encryption will only work as intended if either one of the following statements are true:

1. You live in a sane country with no practice of rubber-hose cryptanalysis/torture, and no key disclosure laws. (Note that if you do, you really don't need plausible deniable encryption -- "undeniable" encryption is enough.)

2. The implementation of plausible deniable encryption you use is completely secret; it isn't public, widely used or documented anywhere. You and everyone else using it must be able to keep that secret even under torture and serious legal threats/implications.

3. You live in a future where more or less all encryption software supports plausible deniable encryption, so it's nothing out of the ordinary. (OTOH, in such a future key disclosure laws may just be upgraded to a complete ban on encryption. Who knows?)

Let's see how these statements pan out with Tails:

We distribute Tails globally, and since there are countries for which 1 isn't true, 1 wouldn't be true for all Tails users. Hence inclusion of TC (or similar tool) would make Tails potentially dangerous for those users. 2 is trivially untrue for TrueCrypt in particular, and tautologically untrue (per definition) in general for any other such encryption tool we ever would ship with Tails. And 3 is not the case (yet?) as you probably know.

That said, I'd love to have the above proven wrong as I see plausibly definable ecnryption as a very desirable feature.

Huh? Those aren't my results. I didn't take the second test.

Neurotypical with respect to autism. There are a thousand things that test doesn't test for.


BTW, look at the nice normal curve in the poll results. As expected. We're just shifted up by 6 points compared to controls.