2806
Security / Re: Who on SR orders from their home computer?
« on: May 21, 2012, 07:05 am »
Tor and SR already are vulnerable, so is essentially everyone on Tor. There are hackers out there who can completely pwn pretty close to possibly even 100% of the users here, spying on their plaintexts and getting their real IP addresses. But there are not many of them. The stereotypical really good hacker is not likely to find issue with silkroad, the traditional underground hacker culture of old tends to be quite libertarian (of course the same is true for cypherpunks, probably to an even greater extent), and the modern era ones are into organized crime themselves. The really good hackers who would work for government agencies are far more likely to be hired by military or intelligence agencies than police agencies. The really good hackers who work as civilians develop premade attack combinations and sell them for hundreds of thousands or millions of dollars each often to military and intelligence agencies who prefer to keep them as secret as possible, and they are highly secretive and don't share such things with feds. Look at things like Core Impact, a restricted license to get updates for that penetration testing kit costs $30,000-$60,000 a year, and a lot of companies use this sort of tool for securing their own networks / client networks. There are hackers out there who could bring SR down, but probably none who can bring SR down and care enough about it to do so.
Not to mention agencies like NSA can not only defeat SR they can do so in a variety of different ways, they employ some of the best hackers in the world and they also have a massive state of the art signals intelligence apparatus that can defeat Tor via traffic analysis (and then after they locate you they will spy on your monitor from down the street with their TEMPEST equipment, making your encryption worthless).
The FBI probably has some good hackers though. I think they may be too busy taking care of very serious shit to focus on most small time drug dealing, although it is worry to think that enough political pressure could force them to do something against the online scene. It is also worrying that they could make prepackaged zero day exploits for lesser skilled police to use, and keep the attacks secret from companies like Mozilla so they are never patched until someone else notices and fixes the vulnerability. However I have seen the quality of hacking toolkits that feds are using and I have not seen much exceptionally impressive yet, they seem to rarely use zero days but that may be because most targets have shit security and unpatched systems. I think they probably work mostly on cases of counter terrorism, counter espionage and cases where there are kidnappings with hostage demands sent through the internet or serial killers contacting police electronically and other shit like that. A lot of them probably focus on tracing people who are abusing their kids and posting pictures online while using strong security measures. Actually a good proof of the limitation of the FBI's technical capabilities is the fact that they fail to technically trace the more secure people who engage in such activities, relying always on the potentially much slower photographic forensics route of identification. This is a pretty good indicator imo that they do not have any world class hackers. But yeah the real demand for world class hackers is in military / intelligence and the private industry FBI position can't match the power of the first or the pay of the second.
Not to mention agencies like NSA can not only defeat SR they can do so in a variety of different ways, they employ some of the best hackers in the world and they also have a massive state of the art signals intelligence apparatus that can defeat Tor via traffic analysis (and then after they locate you they will spy on your monitor from down the street with their TEMPEST equipment, making your encryption worthless).
The FBI probably has some good hackers though. I think they may be too busy taking care of very serious shit to focus on most small time drug dealing, although it is worry to think that enough political pressure could force them to do something against the online scene. It is also worrying that they could make prepackaged zero day exploits for lesser skilled police to use, and keep the attacks secret from companies like Mozilla so they are never patched until someone else notices and fixes the vulnerability. However I have seen the quality of hacking toolkits that feds are using and I have not seen much exceptionally impressive yet, they seem to rarely use zero days but that may be because most targets have shit security and unpatched systems. I think they probably work mostly on cases of counter terrorism, counter espionage and cases where there are kidnappings with hostage demands sent through the internet or serial killers contacting police electronically and other shit like that. A lot of them probably focus on tracing people who are abusing their kids and posting pictures online while using strong security measures. Actually a good proof of the limitation of the FBI's technical capabilities is the fact that they fail to technically trace the more secure people who engage in such activities, relying always on the potentially much slower photographic forensics route of identification. This is a pretty good indicator imo that they do not have any world class hackers. But yeah the real demand for world class hackers is in military / intelligence and the private industry FBI position can't match the power of the first or the pay of the second.