Silk Road forums
Discussion => Newbie discussion => Topic started by: Imintrouble on May 22, 2013, 04:57 am
-
Hey...
Recently had my house raided and laptop and phones confiscated.
I was wondering if anybody could tell me how much will be discoverable by police forensic analysis.
This is completely serious.
Thanks.
-
No one can tell you that without knowing what your set up was. For instance, were you using Tor? Were you using Tails? Were you using encryption? What kind of security were you using?
-
What sort of set up do you guys run ?
This would be a good opportunity for someone to give me a run down on an excellent security set up
Im using PC Win 7 ToR and PGP ... what else should i know?
Not hijacking or anything
-
i'm in trouble what are the details that led to your bust.. always interested in what went wrong...
-
Holy SHIT dude, SO sorry. :'( :'( :'(
Scout, WHAT is tails, should I be using it?
-
Hey...
Recently had my house raided and laptop and phones confiscated.
I was wondering if anybody could tell me how much will be discoverable by police forensic analysis.
This is completely serious.
Thanks.
LE knows what they are doing, but if you were using tor + pgp properly and not doing SR-related things on your machine, they shouldn't be able to find details of your activities. hope this helps.
Holy SHIT dude, SO sorry. :'( :'( :'(
Scout, WHAT is tails, should I be using it?
TAILS is a self-contained operating environment optimized for privacy. more info: (clearnet warning) https://tails.boum.org/
-
Yeah, this sucks. The forensic analysis will depend on your set up, as others have mentioned, but probably also the extent of the charges against you, your jurisdiction, the "level" of LE you're dealing with (local cops vs DEA), etc.
What sort of set up do you guys run ?
This would be a good opportunity for someone to give me a run down on an excellent security set up
Im using PC Win 7 ToR and PGP ... what else should i know?
Not hijacking or anything
Good: an encrypted thumb drive with the browser bundle and a portable PGP program like GPG4USB.
Great: Tails on a thumb drive with the persistent volume enabled.
Your setup: potentially very bad. I'm assuming that you're not using any type of encryption. Do you have bookmarks to SR and the forum in TorBrowser, or a text file? Do you have passwords saved anywhere? Your PGP private key is encrypted, but do you have encrypted messages stored on the hard drive? Do you have *unencrypted* messages stored on the hard drive? Even if the messages are encrypted, there's a saying that "metadata in aggregate is content". LE can find the key IDs in the encrypted PGP messages and match them up to key IDs of vendors on SR, thus proving evidence that you were communicating with them. There are ways to anonymize the recipients, but you'd have to convince the vendors to do. It's better to keep all that data on an encrypted volume than to rely on someone else doing the right thing for your security.
-
Fwaaaaaaaark so much to learn. Serious business.
Worth learning... Ok i need to put some time into re thinking my set up.
PC yes. No encryption no. Sr bookmarks in Tor. Guilty. (FECK!) No passwords saved. Not that stupid.
Im not sure if my PGP private key is encrypted. No unencrypted messages stored.
Im thinking to set up all of this bizzo on a USB stick and have no trace on my PC, i have a laptop/pc and access to many computers so i want it to be flexible and portable with no trace left on the computers i use.
I just downloaded keypassx then and am gonna look at it.
Tails is for my USB stick yeh? Ill download that now too.
Thanks Astor true bro.
-
Holy SHIT dude, SO sorry. :'( :'( :'(
Scout, WHAT is tails, should I be using it?
You should definitely be using TAILS, and can find an excellent setup guide here:
http://dkn255hz262ypmii.onion/index.php?topic=114141.0
It only takes a few minutes to set up and the security benefits of running TAILS over the regular Tor Browser through Windows are unquantifiable!
Libertas
-
Tor was used with no encryption.
A laptop that may have been used for SR transactions by someone I know has been confiscated and federal charges are likely to follow.
I believe there was nothing saved on it but wondered if they could find traces of any transactions on the computer alone. There are bookmarks to the SR login page. -> I'm hoping the bitcoins are not traceable and that there is no cached/saved information on the computer without access to the SR account.
What could they possibly find??
Thank you for your responses. I really appreciate as much knowledge as possible on this topic.
-
PC yes. No encryption no. Sr bookmarks in Tor. Guilty. (FECK!)
If LE intercepted a package and did a controlled delivery, any plausible deniability you might have had would be destroyed when they found links to SR on your computer. Many small data points add up to a tell a story. Having a bookmark to SR alone doesn't prove anything. Lots of curious people visit the site without buying anything. But having a package of drugs with your name on it, AND links to SR, and AND a PGP key, all add up to tell a story: that you were buying drugs online.
Im not sure if my PGP private key is encrypted. No unencrypted messages stored.
Do you need a password to decrypt messages? Then your private key is encrypted.
Im thinking to set up all of this bizzo on a USB stick and have no trace on my PC, i have a laptop/pc and access to many computers so i want it to be flexible and portable with no trace left on the computers i use.
I just downloaded keypassx then and am gonna look at it.
Tails is for my USB stick yeh? Ill download that now too.
Thanks Astor true bro.
Those are good choices. :)
-
Out of curiousity how were you caught? Just brief details...controlled delivery? Vendor? Street dealer?
-
Tor was used with no encryption.
A laptop that may have been used for SR transactions by someone I know has been confiscated and federal charges are likely to follow.
I believe there was nothing saved on it but wondered if they could find traces of any transactions on the computer alone. There are bookmarks to the SR login page. -> I'm hoping the bitcoins are not traceable and that there is no cached/saved information on the computer without access to the SR account.
What could they possibly find??
If you are asking whether the act of browsing SR left a trace on the computer, no. TorBrowser does a good job of state isolation. It caches nothing to disk, flushes browsing history, cookies and various other things on shutdown, uses separate plugins, so even if you used Flash, that would no mix state with a system installed version.
The only way it leaks browsing activity is through positive actions taken by the user, such saving bookmarks. (It even goes so far as to disable some positive actions, like saving passwords)
The biggest thing in your case is the bookmark to SR.
-
Yes PLEASE share as much non detailed info as possible regarding what led up to the bust . . .
Did anything tip you off before the big raid??
Were you a vendor, or patron? How long were you on the sight before all this?
-
good luck man, you will need it
-
I just wanted to let everyone know an easy way to approach security to prevent sensitive data recovery in this sort of situation. What I like to do is use a program called Truecrypt that is available for all major operating systems. Take a small flash drive, for example a 16gb and use Trucrypt to create a virtual encrypted disk of several gb. Once the virtual disk is created mount it in Truecrypt and store a clean Tor bundle on the virtual disk.
Now every time you want to run Tor, open Truecrypt, mount the virtual disk, and run Tor from the virtual disk. When finished using Tor unmount the disk in Truecrypt and now you can unplug the flash drive and hide it or destroy it if you have to. With the low price of flash media, if you have to destroy it it's no big deal.
-
Best of luck brother.
-
I just wanted to let everyone know an easy way to approach security to prevent sensitive data recovery in this sort of situation. What I like to do is use a program called Truecrypt that is available for all major operating systems. Take a small flash drive, for example a 16gb and use Trucrypt to create a virtual encrypted disk of several gb. Once the virtual disk is created mount it in Truecrypt and store a clean Tor bundle on the virtual disk.
Now every time you want to run Tor, open Truecrypt, mount the virtual disk, and run Tor from the virtual disk. When finished using Tor unmount the disk in Truecrypt and now you can unplug the flash drive and hide it or destroy it if you have to. With the low price of flash media, if you have to destroy it it's no big deal.
Very good advice. Gonna get onto this.
-
I just wanted to let everyone know an easy way to approach security to prevent sensitive data recovery in this sort of situation. What I like to do is use a program called Truecrypt that is available for all major operating systems. Take a small flash drive, for example a 16gb and use Trucrypt to create a virtual encrypted disk of several gb. Once the virtual disk is created mount it in Truecrypt and store a clean Tor bundle on the virtual disk.
Now every time you want to run Tor, open Truecrypt, mount the virtual disk, and run Tor from the virtual disk. When finished using Tor unmount the disk in Truecrypt and now you can unplug the flash drive and hide it or destroy it if you have to. With the low price of flash media, if you have to destroy it it's no big deal.
Very good advice. Gonna get onto this.
Thanks! It really isn't that difficult and I think it is pretty secure. Just use a REALLY good password and name your virtual disks inconspicuously. You can even make different virtual disks for different sites and then if somehow you leave a disk mounted and your system is taken they won't get everything.
-
Damn dude. Hoping you come out okay. Keep us updated.
-
Tor was used with no encryption.
A laptop that may have been used for SR transactions by someone I know has been confiscated and federal charges are likely to follow.
I believe there was nothing saved on it but wondered if they could find traces of any transactions on the computer alone. There are bookmarks to the SR login page. -> I'm hoping the bitcoins are not traceable and that there is no cached/saved information on the computer without access to the SR account.
What could they possibly find??
Thank you for your responses. I really appreciate as much knowledge as possible on this topic.
did they raid your house because of online activity like SR or was it something else in the "real world"?
this freaks me out. i'm always paranoid i'm not doing enough.
if you are not booting to a usb drive i'm pretty sure they will be able to find all kinds of information. they can recover old files from years ago on formatted hard drives.
-
Firstly, thank you all for your answers and support. My head-space is ridiculously messed up right now and your help is incredibly appreciated.
There was nothing else happening in the real world. This seems to have started by customs seizing a number of packages which apparently allowed for a warrant and the search confiscated about a few pills, phones, hard drives, a laptop and a few other pieces.
I am not a dealer or vendor. I admittedly have quite a high use. Any drugs found were for personal use but the method of obtaining them seems to be the factor in question.
-> You guys really should keep your laptops and drugs off the premises you live in... Basic stuff.
As far as I can guess, if the bitcoins are not traceable and they cannot access any SR accounts to view history the only way anyone could get in shit is if the computer logged information. I have bookmarks to SR but that in itself is surely not incriminating enough??
Thanks again.
-
Personally I use truecrypt to encrypt the whole of my pc. And using tor on an ironkey, the most secure usb drive I have ever owned! They even sell biometric hard drives! CLEARNET: http://www.ironkey.com/en-US/
-
As far as I can guess, if the bitcoins are not traceable and they cannot access any SR accounts to view history the only way anyone could get in shit is if the computer logged information. I have bookmarks to SR but that in itself is surely not incriminating enough??
no, its not illegal to visit SR. i could see it only being used to link you to the packages and paint a picture in court of what they believe you were doing. international drug package, bookmark to a site to purchase international drugs. maybe they will use to build a case.
-
On a related note, this is a forensic analysis that one of the Tor Project developers did, to see what kinds of traces the browser bundle leaves behind on a Windows system:
http://dkn255hz262ypmii.onion/index.php?topic=148291.msg1152452#msg1152452
What it means is that if you deleted TBB from your computer, even if LE didn't analyze the free space for deleted files, they could find evidence that it existed. However, they wouldn't find evidence of what you were browsing.
In OP's case it doesn't matter (I just thought it was useful related information), he had TBB on his computer and a link to SR. But if you want to absolutely hide your Tor use, you must extract the browser bundle on an encrypted volume, preferably a thumb drive that can be disposed of easily.
-
As I am by no means an encryption expert, I request nobody accept the following without another's confirmation. That said, it seems to me that the only ones who would benefit from the USB TAILS system are those who who trying to hide their use of TOR and be able to save certain keys and encrypted files on there: in other words, a vendor. For even a consistent user of SR, it doesn't seem to be necessary. The only incrimination it prevents is the purely circumstantial use of TOR.
Granted, there's nothing wrong with extra security, and if I were a computer wiz, I'd be all over TAILS, but it just doesn't seem too necessary for me.
If I am wrong in any way, please correct me.
-
sorry dude
-
Hope all works out for you. Seriously, TrueCrypt, free, open-source, AES encryption. If they have no success, and hopefully they won't, do encrypt your laptop/desktop. It's as useless to them then as a blank hard drive if you configure it properly.