Silk Road forums

did the enter key fuck your mother?

If someone was using a lap top and every time they accessed SR they went war driving and found an open network making sure all information coming from their computer was properly encrypted and their mac masked. what then?

Then this attack wouldn't work, but it would still be possible to pwn them if an attacker with enough skills wanted to try. It would probably require a lot of resources though. Maybe exploit a browser zero day vulnerability and then geoposition with WPS, if you can control the police you could try and have them get to the target before their session ends. Not saying that it would be easy at all, but it would be firmly in the realm of possibility.

I am not surprised to see no mention of NSA. Although certainly unfortunate news it is to be expected. Law enforcement are currently operating largely in the past, modern technological advancements are fucking their ability to carry out surveillance. This unit will likely be focusing on developing zero day exploits to by pass proxies and encryption. Remember, you can have unbreakable encryption and be behind a billion mixes and it doesn't mean shit if the FBI roots you. This is the type of technique they are going to be forced to use if they want to be able to intercept any data once the point comes that essentially all communications are encrypted.

You can perfectly counter their ability to perform a remote intercept of communications by using airgaps. The best airgap is simple, you download encrypted messages on a machine connected to the internet, then you type the ciphertext over by hand to a machine that is not connected to the internet. You could also burn the ciphertexts to a one time use CD to transfer them to the machine not connected to the internet, but you will need to type messages you encrypt into the machine that is connected to the internet or else the airgap will be broken. ECC will be nicer than RSA, the following key has the security parameters of a 15,000+ bit RSA key but is obviously much smaller

-----BEGIN PUBLIC KEY-----
MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBmnrL42AZNRYiEfspsY0KUaYqD5CS
B92lMtm5J/XkqCaOuTihy1qhIf0vMNTW0XAFybJQ6N0RYzNoXQonPmeCnNIBV2ox
XmELJk3ZCphttb4yl+1n9swIplnFAIzt5aJQ/wP8ZVm0aUPC70Yl9ql5+su2N6oS
e8bNTcoYoRq4T58heVg=
-----END PUBLIC KEY-----

it produces ciphertexts that are much smaller also (it is also much faster), so easier to type things across with airgaps. Using airgaps prevents 100% of pure hacking based intercept technology, and that is the sort of shit the FBI is probably developing with this unit.

ciphertext of the above sentence with 256 bit symmetric and (what is equal to) 16k bit RSA security:

MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAa/hNYXvgZjpra1WKiJ6b/RuCjKDk
0HfaMXyzZmrp7RpB8fvkL2juNRjpAeaypxtwS36Q+QpT90lB37L5ZwlQgt0BY06j
mClDoTgqunJ1kGJNL5zzQ7tOrh4VQB3SsX4WVb0pYQIXsT0BgOY8dggKtZvSKJUh
Cqe1CZjD3IeOmVdtQTQ=6DtmhEdsf91yIhrS9ylNVX9Q42WkNOoIJejKc+/drdrY93
mULRJOSDZYo6Y9fsnkftBbtXJMyXgFBfguJl0V9P7tVpuxdQPMOWvi56SWKY
O8RHNz9j7DeHtG0CFZJcKCepT0EEe/UtGwUMC2/mqVo/P8DHn4l+pRaJOrkSfbX25
PsiBJMiHQeycXMn0mWpqhC/L8i6kaFj4cSPuyLgTzQQ1w8C3tL8azcEo1ZwPN
lBjqG0gmU2U9Nq91pyWz9QiCigKdg2UHaMkAYQtG8lqt4K8pNbfpxLnLspWPV
2PAmM5EBWYDWQQ2lokLcyxUHtjN9FtofzLuS77/h5RB4meBgvJrLv4OkCtpexYUF7IE

here it is with GPG default equal security parameters

ME4wEAYHKoZIzj0CAQYFZysBBAwDOgAEb/149f4sGZWr01HDDOpG0y0aJPz8i7RC
3Nx5bJe0BgpzEGEU7AZXxaz8XxzORW0EQB6pdjFJE+I=WLjxfdXZjFT9n7xfGPcNL
XhcJHOeiwggfOTesT9RZ/8JxKhOdUrF+DtNWcrP4ZtU/mxDsDqSO4ASCSG/
Mc4+VHuMOOPzIgqm5M6FsRd1o3nXHLIqGHjc47F5M/+U6eAs366JErdf3ac3oOXbs
AG8i8cniMoCQw2q6c7MB4GImNNK579GPHGIuGqcGtdgdtZJoZnbSBzCBNbw5
N4rd8nNyRioPS7+du05DVTqq16VJgFhGC7VqfDTUA20YwBj84yZzoCQjqfnR1Bwg
PFJ59eXMfFRJ2nYUchp3HnL4EIF7yyRW4pHBEQDJli0gTYQGPOt3e0lZ
4v3eu5x2mmQNTroaFhgWkJO+ieM24jAdHHk

and 2,048 bit RSA key strength equivalent public key

-----BEGIN PUBLIC KEY-----
ME4wEAYHKoZIzj0CAQYFZysBBAwDOgAEb/149f4sGZWr01HDDOpG0y0aJPz8i7RC
3Nx5bJe0BgpzEGEU7AZXxaz8XxzORW0EQB6pdjFJE+I=
-----END PUBLIC KEY-----

The other thing to worry about is them hacking you and discovering your IP address. Then they can get your plaintexts also, potentially with local TEMPEST or other fancy 'keylogging' technology. The best bet against FBI being able to deanonymize you by hacking is to use hardware based isolation techniques, run Tor on one machine (it can be cheap as hell) with a connection to the internet. This machine should be a very minimalist installation of a very secure OS, I would suggest OpenBSD. You then connect to the Tor machine with the machine that you use for browsing the web, and it forwards all the traffic it gets on to Tor and returns the reply. Now if your browser machine is rooted the attacker can still be prevented from getting your real IP address unless they can also pwn Tor running on a minimalist OpenBSD box, of course with full ASLR. I believe you can even isolate Tor with software techniques and make it so even if Tor is compromised the attacker can not get your real IP address unless they break the isolation (I have heard others talk of this technique but never implemented it myself), although they will always be able to trace you to your entry guards in this case. You will also need to use firewall rules to prevent them from just switching to entry guards they own to get your real IP address. Not the best to be traced to your entry guards, but essentially the same security as provided by a hidden service so maybe not so bad.

Airgaps + hardware isolation with security oriented operating systems will give the FBI a run for their money, NSA would still cut through it though.

Seriously either he snitched, posted a multi million dollar bail or the judge is fuck-tarded and let someone facing life without parole who he knows can get fake docs and support himself anonymously online out of prison. 

People IRL tend to use cellphones. So many vulnerabilities in this. Let's say you are Bob the average lower to mid level IRL dealer. You probably sell out of your house. You probably have a lot of people coming and going to your house. They all probably carry cellphones. This pattern of heavy traffic can be passively identified. What is worse is that half of your customers are probably known drug users and this can also be identified. They might not be able to find your home with cellphone positioning technology, depending on how accurate it has gotten, but they can certainly narrow in on some restricted geographic area that has a large portion of known drug users going to it in patterns that are consistent with obtaining narcotics. Further narrowing would potentially need to be manned. This sort of attack is realistic and it probably doesn't require a warrant.

Also I can't believe how many people who sell drugs just use their regular contract cellphone to do so. I sure wouldn't want to end up as identified as someone who a substantial number of known drug users frequently call for time periods that are associated with drug deals being made. Police can legally get the entire topology of cellphone based social networks without a warrant, it isn't a wiretap if they look at who calls who and for how long, as long as they don't look at communications. It is a trap and trace / pen register and requires absolutely no warrant, and all of this information is certainly stored by phone companies and ripe for LE picking and dragnet analysis.

Give me Tor and mail any day of the week. Not to mention that from a vendors perspective none of my customers will know who the fuck I am so they can't possibly snitch on me with any info that the police can't readily get themselves, which is nothing. From a vendors perspective online drug dealing is infinitely more secure than IRL dealing. 

WUTEVAH, I DO WHAT I WANTS

A. Make a fake website that looks like a news website of some sort. I could just spider out a legitimate website and change the branding, and register a legit sounding domain name. The news article will be relevant to SR and will link to yet another URL that claims to have a .pdf that has leaked with information on SR. The PDF will phone home as soon as it is opened, and give a list of all of the IP addresses of those who opened it without proper countermeasures. The entire time I will be running a script to check the who is online section of the forum and who all has visited the thread versus the non Tor IP addresses seen downloading the PDF. Any found IP address can immediately be narrowed to the crowd size of users who viewed the thread, I could also attempt various strategies to narrow further on who the IP address belongs to, perhaps I could DDOS it on a few occasions while monitoring who is online and see if I can cause a pattern in knocking someone off of SR (this will be even easier to do if they happen to visit the SILC channel). Perhaps I can monitor if you continually browsed SR after viewing that thread or if you had a pause that is consistent with someone switching their focus to the news article and downloading and reading the fake PDF. The timing between when you view the thread and when you open the PDF will also be useful for narrowing in on you. Perhaps you are a vendor and I know where you ship from, and I can geoposition all of the non-tor IP addresses well enough to leave you as the only suspect .

B. Do the same thing as above but using a link to a flash video.

The moral of the story is make sure you protect yourself from these simple proxy bypass attacks, I am willing to bet that at least some people here open PDFs without having a fully isolated OS or being behind a transparent proxy or opening it in a restricted VM or having proper firewall rules or access controls. I also imagine several have flash enabled. I could probably also do the news thing and a lot of people would probably infact visit the article without even using Tor, I have seen several people here indicate that they use a different browser that isn't behind Tor to open clearnet links that they find on SR.

edit: Hm actually this would work better against a private forum since anonymous viewing is allowed here. That would make this attack less easy to carry out but not impossible, it would introduce some noise but probably wouldn't make it impossible to deanonymize at least some of the people who open the PDF (they would just need to be logged in when they go to the thread, although just intel on IP addresses could be useful if coupled with knowledge of vendors shipping locations). If I owned the SR server I could do some additional things as well, if any real IP addresses visit the news site I could compare their browser fingerprint to the browser fingerprints of SR users and attempt to further narrow the crowds based on this or find a correlation. I could also very quickly link IP addresses to pseudonyms with the DDOS / who is online monitoring technique, since I would quickly be able to see if any latency patterns arise in pseudonymous users streams after I DDOS the suspect IP address.

Ohhh I could also do that new remote website fingerprinting attack against the identified IP addresses over a long period of time, and compare the times they are detected as browsing SR forum to the who is online list and intersect the resulting crowds. That would probably be the best technique to link an IP address to its SR pseudonym. Of course you would need to not be taking proper countermeasures with PDFs first....but I bet that is true for many of you.

violence