Silk Road forums
Discussion => Security => Topic started by: erugbp on September 06, 2012, 12:15 pm
-
Don't get me wrong, I love SR, and hope it prospers further.
But technically speaking how does SR server stay safe?
Police can't find IP address of the server because of TOR layer?
or what?
-
Don't get me wrong, I love SR, and hope it prospers further.
But technically speaking how does SR server stay safe?
Police can't find IP address of the server because of TOR layer?
or what?
That's just it though. If you knew how it's servers were kept safe and secure then it would be a sure bet LE would also know. Following the discovery of the servers, it would be a matter of time before they were taken down. However, as it stands now, it seems to be working O.K but I'm sure DPR is closely monitoring things and keeping his finger on the pulse.
-
Passive or active really has nothing to do with it, it is the percentage of the network that the attacker has the ability to monitor that does. If I watch your internet traffic by eavesdropping on the packets your wireless card sends to your router I am a passive attacker, but that does not mean I can deanonymize a hidden service. The quickest way to deanonymize a hidden service is actually a mixture of active and passive attack. The active attack involves forcing the hidden service to quickly open circuit after circuit, which is currently allowed by the design of Tor. Since you can make it open as many circuits as you want, you can greatly reduce the amount of time it takes for it to create a circuit that you own one of the nodes on. Eventually the node you own will either be one of the hidden services entry guards or a middle node that is directly connected to an entry guard. Once you own the middle node and can identify the entry guard then the easiest way to deanonymize the hidden service would be to passively monitor the entry guard and send the hidden service some data until it goes through the entry guard and you can then identify the hidden service with a timing attack. It really shouldn't be very difficult for the feds to pull this off, but it is not because they are a passive attacker that they can do it....I mean like I said originally I am a passive attacker just by monitoring the packets leaving your wireless network card but that doesn't help me trace a hidden service at all.
-
I also wonder how :o
But as u guys will hope over here,i want this site up & running smoothly until the day i die! 8)
-
because the police are stupid, if you're a passive attacker like a law enforcement agency, deanonymizing a hidden service is pretty easy
I would never say the police are stupid, underestimating the state's capability to understand, manipulate and carry out attacks on the internet is stupid. The state has other priorities to focus on the internet rather than a small scale drugs site. If TOR, bitcoins and SR reached the success of even a small scale clear net sites then expect a change in assigned resources. And they won't shut down SR they will shut down Bitcoin, turn off the money you will turn off the site.
It is very difficult to fight the state, ask the Syrians, I am sure they will let you know this.
-
because the police are stupid, if you're a passive attacker like a law enforcement agency, deanonymizing a hidden service is pretty easy
I would never say the police are stupid, underestimating the state's capability to understand, manipulate and carry out attacks on the internet is stupid. The state has other priorities to focus on the internet rather than a small scale drugs site. If TOR, bitcoins and SR reached the success of even a small scale clear net sites then expect a change in assigned resources. And they won't shut down SR they will shut down Bitcoin, turn off the money you will turn off the site.
It is very difficult to fight the state, ask the Syrians, I am sure they will let you know this.
Whilst I agree it is never a good idea to underestimate one's enemy, how on earth do you think it would be possible for them to shut down Bitcoin without performing a 51% attack to fork the Blockchain?! ???
-
man this stuff to me a computer rookie is like trying to explain to a wild tiger that the zebra is its friend... this shit is so complex I dont think anyone really knows what the fucks is going on....
As for attacking btc... can you please elaborate further.. is this possible... what if I want to trade btc like a day trader.. are you saying if I,m playing around and trying to make some money flipping btc one day i could wake up and all my btc are gone?????
is that even possible..
-
man this stuff to me a computer rookie is like trying to explain to a wild tiger that the zebra is its friend... this shit is so complex I dont think anyone really knows what the fucks is going on....
As for attacking btc... can you please elaborate further.. is this possible... what if I want to trade btc like a day trader.. are you saying if I,m playing around and trying to make some money flipping btc one day i could wake up and all my btc are gone?????
is that even possible..
Attacking Bitcoin IS possible, yes, but it would require the attacker to control enough of the hashing power of the network to perform a 51% attack.
I'm currently far too tired to type out an explanation of all that this would entail (this computer screen is burning into my brain as we speak!) but you can read up on Bitcoin threats at the following (clearnet) links:
https://www.privateinternetaccess.com/blog/2012/03/bitcoin-war-the-first-real-threat-to-bitcoin/
http://gavintech.blogspot.ie/2012/05/neutralizing-51-attack.html
(by Gavin Andresen, the Bitcoin project leader)
https://en.bitcoin.it/wiki/Weaknesses
(the Bitcoin Wiki)
http://bitcoin.stackexchange.com/questions/658/what-can-an-attacker-with-51-of-hash-power-do
Sorry I can't summarise it all here; if I tried it would probably end up being terribly confusing!
- grahamgreene
-
Re: How come SR server is not busted yet?
it could be because the admin(s) of the site are fucking code wielding ninjas who are ahead of every attempt to shut them down. It could be because they have an informant placed in the tech division of each LE agency that could be investigating them. But it could also be (this one is my favorite) just dumb fucking luck that it's still up and running. Everyone should treat it as though it is either already compromised or will be tomorrow.
wretched
-
k thanks for the links... I just opened them all and plan on doing some learning!!
-
Maybe we should just be happy it isn't?
-
Because the SR server is floating on a yacht in the international waters somewhere in the Pacific guarded by eastern european babes in bikinis.
-
Because the SR server is floating on a yacht in the international waters somewhere in the Pacific guarded by eastern european babes in bikinis.
God that'd be the ONE.
-
k thanks for the links... I just opened them all and plan on doing some learning!!
You're welcome. :)
-
It's only a matter of time unfortunately. Even if the networks are impenetrable, humans are not.
But the idea will never die.
-
because the police are stupid, if you're a passive attacker like a law enforcement agency, deanonymizing a hidden service is pretty easy
I would never say the police are stupid, underestimating the state's capability to understand, manipulate and carry out attacks on the internet is stupid. The state has other priorities to focus on the internet rather than a small scale drugs site. If TOR, bitcoins and SR reached the success of even a small scale clear net sites then expect a change in assigned resources. And they won't shut down SR they will shut down Bitcoin, turn off the money you will turn off the site.
It is very difficult to fight the state, ask the Syrians, I am sure they will let you know this.
Whilst I agree it is never a good idea to underestimate one's enemy, how on earth do you think it would be possible for them to shut down Bitcoin without performing a 51% attack to fork the Blockchain?! ???
They won't attack it they will just legislate against it.
-
man this stuff to me a computer rookie is like trying to explain to a wild tiger that the zebra is its friend... this shit is so complex I dont think anyone really knows what the fucks is going on....
As for attacking btc... can you please elaborate further.. is this possible... what if I want to trade btc like a day trader.. are you saying if I,m playing around and trying to make some money flipping btc one day i could wake up and all my btc are gone?????
is that even possible..
A wild tiger wouldn't even know what a zebra was, they are from different continents
-
because the police are stupid, if you're a passive attacker like a law enforcement agency, deanonymizing a hidden service is pretty easy
I would never say the police are stupid, underestimating the state's capability to understand, manipulate and carry out attacks on the internet is stupid. The state has other priorities to focus on the internet rather than a small scale drugs site. If TOR, bitcoins and SR reached the success of even a small scale clear net sites then expect a change in assigned resources. And they won't shut down SR they will shut down Bitcoin, turn off the money you will turn off the site.
It is very difficult to fight the state, ask the Syrians, I am sure they will let you know this.
Whilst I agree it is never a good idea to underestimate one's enemy, how on earth do you think it would be possible for them to shut down Bitcoin without performing a 51% attack to fork the Blockchain?! ???
They won't attack it they will just legislate against it.
Who, exactly, will legislate against it? ???
I'm going to go ahead and presume you're American, and as such you likely have typical American-centric views. You clearly think that if the American government try to make something illegal that that'll be the end of it. Not only would that be failing to take into account that Bitcoin is a global P2P crypto-currency, it would also be failing to take into account that prohibition hasn't exactly worked in the past, as is evident by the prevalence of drugs in our society, and the ease with which we can attain them.
You cannot 'legislate against' something such as Bitcoin in an effort to destroy it - doing so would be futile. It's clear that you know very, very little about Bitcoin, it's design, and how it actually works; you'll need to do a lot more reading in order to save yourself from making similarly ludicrous statements in future.
- grahamgreene
[EDIT: Having read a couple of your previous posts, it would seem you aren't American after all. My apologies for the presumption, but you did espouse typical American-centricity.)
-
Even if the networks are impenetrable, humans are not.
your mom's impenetrable
sorry, couldn't help it
-
because the police are stupid, if you're a passive attacker like a law enforcement agency, deanonymizing a hidden service is pretty easy
I would never say the police are stupid, underestimating the state's capability to understand, manipulate and carry out attacks on the internet is stupid. The state has other priorities to focus on the internet rather than a small scale drugs site. If TOR, bitcoins and SR reached the success of even a small scale clear net sites then expect a change in assigned resources. And they won't shut down SR they will shut down Bitcoin, turn off the money you will turn off the site.
It is very difficult to fight the state, ask the Syrians, I am sure they will let you know this.
Whilst I agree it is never a good idea to underestimate one's enemy, how on earth do you think it would be possible for them to shut down Bitcoin without performing a 51% attack to fork the Blockchain?! ???
They won't attack it they will just legislate against it.
Who, exactly, will legislate against it? ???
I'm going to go ahead and presume you're American, and as such you likely have typical American-centric views. You clearly think that if the American government try to make something illegal that that'll be the end of it. Not only would that be failing to take into account that Bitcoin is a global P2P crypto-currency, it would also be failing to take into account that prohibition hasn't exactly worked in the past, as is evident by the prevalence of drugs in our society, and the ease with which we can attain them.
You cannot 'legislate against' something such as Bitcoin in an effort to destroy it - doing so would be futile. It's clear that you know very, very little about Bitcoin, it's design, and how it actually works; you'll need to do a lot more reading in order to save yourself from making similarly ludicrous statements in future.
- grahamgreene
[EDIT: Having read a couple of your previous posts, it would seem you aren't American after all. My apologies for the presumption, but you did espouse typical American-centricity.)
I thank you for your apology, my views on this are not American centric. Money laundering regulations are wide spread, it only requires more forceful legislation around providing ID to get bitcoin through exchanges, or money cards. We have already seen that with Mt Gox and many others. Getting bit coins without ID is the predominant issue that we face. It isn't getting any easier that is for sure, choke the money supply you choke SR.
You don't have to directly legislate against bitcoin, just the method of getting hold of it. I do work in lobbying and politics in real life, so I have a good understanding of how governments trade things off. In the scheme of things Bitcoin is not a big economic driver or vote loser. look at the recent pressure applied to Switzerland by Germany to provide ID or transfer the tax owed . Switzerland's whole economy relies on private banking and they were forced to change and meet global regulations on money laundering/ Private banking is under heavy threat http://www.guardian.co.uk/business/2012/jul/22/private-banks-swiss-accounts-coutts-tax
I am fully on board with the issues around drugs and society. But while right wing arse holes are in power and while drugs is a political issue and not a scientific one we will remain being screwed.
Society is also moving towards electronic payments for even cash. But by the time that is in force i expect drugs regulation to be removed. All in all I expect SR to close because drugs laws change.
-
I thank you for your apology, my views on this are not American centric. Money laundering regulations are wide spread, it only requires more forceful legislation around providing ID to get bitcoin through exchanges, or money cards. We have already seen that with Mt Gox and many others. Getting bit coins without ID is the predominant issue that we face. It isn't getting any easier that is for sure, choke the money supply you choke SR.
You don't have to directly legislate against bitcoin, just the method of getting hold of it. I do work in lobbying and politics in real life, so I have a good understanding of how governments trade things off. In the scheme of things Bitcoin is not a big economic driver or vote loser. look at the recent pressure applied to Switzerland by Germany to provide ID or transfer the tax owed . Switzerland's whole economy relies on private banking and they were forced to change and meet global regulations on money laundering/ Private banking is under heavy threat http://www.guardian.co.uk/business/2012/jul/22/private-banks-swiss-accounts-coutts-tax
I am fully on board with the issues around drugs and society. But while right wing arse holes are in power and while drugs is a political issue and not a scientific one we will remain being screwed.
Society is also moving towards electronic payments for even cash. But by the time that is in force i expect drugs regulation to be removed. All in all I expect SR to close because drugs laws change.
Again, you obviously know very little about how Bitcoin actually works. Money laundering regulations will not be a problem for Bitcoin as it is a Peer 2 Peer currency.
There is no legislation that can stop people from using a Peer 2 Peer crypto-currency. They've already made sharing copyrighted files (music, movies etc.) illegal in most countries right? We can see how well that's worked out for them!.
Bitcoin uses peer-to-peer technology to operate with no central authority: managing transactions and issuing money are carried out collectively by the network.
They can attempt to legislate Bitcoin out of existence all they want with AML laws. It won't matter at all precisely because it is P2P.
Using myself as an example, I buy a relatively large amount of Bitcoin every couple of weeks, however I only buy about 5 - 10% of that - if even - through Bitcoin exchanges. The rest I buy from individual OTC traders or in privately conducted trades.
Getting Bitcoin without ID is absolutely no problem at all. I've never had cause or reason to use ID to purchase my Bitcoin. Even using an exchange like Mt.Gox you're able to withdraw up to 200BTC per day without needing to verify your identity. If a government can somehow manage to significantly reduce that amount, a Bitcoin exchange hosted in a country with loose AML laws or that is an enemy of the government trying to cripple Bitcoin would circumvent that. There's a lot to be said for an exchange hosted in a country such as Iran, for example. For them Bitcoin would provide a relatively good way of circumventing international trade sanctions and if the Western governments are against something then you can almost bet that the Iranian government will want to support it.
There is simply no way to 'choke the money supply' when that money supply is Bitcoin. For instance, even if the US (as an example) were to attempt to shut down its citizen's internet access sometime in the future and switch over to an internal national intranet, all it takes is for one person to be able to access the external internet to update their Blockchain in order for all others in the country to be able to update theirs as well. There will be a lot more than one person doing this, so the security of the network would not be at stake at all. To destroy citizen's internet access the US would have to physically sever the seafloor telephone cables that link it to the rest of the world. That would have worked back in the early 90's, but now we have satellite internet access, so it becomes impossible for a country to cut its citizens off from the internet.
North Korea has succeeded in doing this to a great degree by limiting the technology that its citizens can acquire for generations, but it would be impossible for any other country to do this now.
There's an excellent thread over on bitcointalk.org concerning the internet cut-off scenario (I can't find it at the moment, though I'm sure if you spend 5 minutes searching it'll pop up) that basically outlines the reasons that Bitcoin cannot be destroyed by governments using currently available methods (including legislation). Legislation is absolutely NO threat to Bitcoin. It may make it a little more difficult for some people to obtain it, but then again, the same is true for drugs right?! :P
If my country were to make Bitcoin illegal tomorrow, there's nothing stopping me from buying Bitcoin from a trader in another jurisdiction. Through the magic of encryption, the government wouldn't even know I have the Bitcoin client installed should the newly formed Bitcoin Gestapo come knocking at my door demanding access to my computer.
'Legislation' is just another word for enslavement, and people are getting sick of governments legislating about what an individual can and cannot do. I can imagine a scenario in a hundred years time where people need to consult a handheld book of laws before they do ANYTHING because legislation has gotten so out of control. I can imagine it, but I can't see it happening. People will take back their freedom long before then.
As far as Switzerland's banking laws are concerned, they consent to regulation changes in order to ward off becoming an international pariah, and were constrained by previous agreements that they signed with the international community. If they did not fear international condemnation (and this is hugely simplifying the situation, but the point I'm making still stands) they could easily have left their laws unchanged, or indeed re-introduced completely private banking and experienced a MASSIVE boon to their economy with every black market trader (and wealthy tax evader) moving their funds to Switzerland. Shadow economies account for 22.67 percent of world GDP, with a monetary estimate of $10 trillion USD (which is incorrect of course - the real number is almost certainly a great deal higher).
Charging a flat 5% fee on this for completely secure, completely private banking would amount to $500 BILLION USD a year (approximately 7.96 times the Swiss federal budget for 2010). Switzerland could regulate its banking sector so that its national bank becomes the only competitive bank with which to do business, and that $500 billion goes straight into the Swiss government's coffers. Factor in the wealth of tax evaders et al and that amount would increase significantly.
As I mentioned, the situation would obviously be much more complex than that, but it is something that would be a possibility were Switzerland not intent on bending the knee to the international community and accepting banking transparency laws being thrust upon it.
I am well aware of government's push (not society's move) towards electronic (trackable) payments instead of cash - Belgium's cash limits etc. - but this is the reason why Bitcoin is going to become SO important! I'll be damned if I'm going to let any government tell me how much I can spend using actual currency. No way. The police state is getting out of control, and I won't allow my rights to be eroded in the interests of "protecting the people", a smokescreen for government control. No. Way.
I will die a free man, whether that be fighting for my freedom or living out my golden years in a society that has freed itself from state tyranny. I simply refuse to accept the idea that my children and my children's children will be born in chains, and I will do all that I can to prevent that. The state underestimates its enemy. It sees dogs where it should see wolves.
Introducing more legislation that curbs personal freedom will only serve to agitate those wolves further.
I wandered a little off topic there, but my point is that a large majority of those that support Bitcoin are people who value their freedom, and they will not stand idly by whilst those freedoms are even further eroded. There is only so much straw that the camel can hold before its back breaks. That final straw is only a couple more legislative stalks away.
As for SR disappearing in the event of drug legalisation, I don't think that'll happen. I reckon it'll grow even bigger as it becomes freely accessible to all, with no risk attached to the products sold. Perhaps you'd like to try a cannabis strain that isn't available locally, or you want to buy Peruvian cocaine directly from the source rather than from a local middleman etc. I also think we'll see a large 'legal goods' section pop up here. If legalisation kicked in there'd be no worry about police selling legal goods in order to obtain addresses and the like. As it currently stands I'd buy legal goods from a separate buyer's account exclusively for that purpose. I'd much rather pay for goods with Bitcoin than FIAT currency, supporting the Bitcoin economy and supporting Silk Road through commission in the process.
- grahamgreene