Silk Road forums

On that cheerful note...

I'm sure you have something - random key entry person - you certainly seem to know your stuff. But I also guess it's down to how badly they feel a need to 'shut it down'. Or perhaps more importantly, if they can afford the time and financial cost in the knowledge that another site will pop up somewhere anyway. Let's face it, there are an increasing number of ways to source drugs online now.

But aside from a PR coup, shutting this place down (and others) achieves nothing. The traffic here - in the grand scheme of the world drugs trade - is worthless.

I'm pretty sure that SR's life is sadly limited, but maybe it's worth their while to keep it up for a while longer so they can have a good old snoop.

But I don't buy your last point. The surveillance and privacy wars have been going on since we climbed down from the trees. I doubt one side will win anytime soon.

i never claimed they would trace SR even if they could. They will use it for a human intelligence honeypot long before that. They might never even take the thing down even if they took control of the server. Human intelligence is by far the most worrying thing. Nym sybil attacks are cheap to do on silk road and there is no trust rank system or connection to private groups to prevent someone from flooding nyms. Charging for seller accounts adds somewhat of a limitation to the size of their flood, but they do have a lot of money. Selling accounts is actually a great security measure on SR's part, although if it isnt a flat rate price it should be im not sure if it is currently auctioned off but an auction can be gamed easier by a malicious SR to tilt human intelligence nodes towards the feds. I actually have some good cryptographic solutions for a secure membership recruitment system that attempts to maintain anonymity while verifying presence in a community prior to a certain date (assuming that at some point in time feds will begin massively nym flooding public internet drug discussion forums with nyms to poison the 'probably not a fed' recruitment well)

interception is also always a worry even if you are sound on the human intelligence front, but we were working on developing a technical solution to this based on measurement and signature intelligence themes, check out the interception detection thread in security subforum here if you are interested in the technical details

and of course the privacy wars will go on forever, but all it takes is for their surveillance technology to beat your security implementation a single time before you are fucked, so i dont care if privacy gets ahead sometime in the future if the currently available privacy software wont keep my ass out of prison today

it really is only a matter of time before the feds do a massive technical bust of some sort against people using techniques that were considered to be secure very recently.

Tor hidden services record the local host IP address for every single user, as far as the web server cares we are all coming from 127.0.0.1 or some other internal IP address.

That's a rather disingenuous example to use.

It is an example of a technical solution for tracing a hidden service isn't it? Application layer exploits are one of the main technical solutions for tracing Tor hidden services. Also, if you remember, I also gave links to three papers, one of which explains traffic analysis based attacks for deanonymizing Tor hidden services, two of which explain measurement and signals intelligence attacks for deanonymizing Tor hidden services, and I also gave a link to freehaven which has over a dozen papers discussing technical solutions for tracing hidden services from a variety of security disciplines. So I think my *abundance* of cited examples showing that there are various methods from various fields which can be used for tracing Tor hidden services is adequate. Seriously what the fuck else do you want to be convinced, I never could understand people that ignore abundances of evidence dumped in front of them or how I can convince them to change their mind about subjects if not by an abundance of documented research from world experts.

In that example, they used an apache exploit to gain root access to a VM. So they 'destroyed' thousands of images by deleting them and pwning the server. But being in a VM, even then they couldn't get the physical location of the hidden service and the hardware it was running on. Rooting a VM won't get you its location.

No in this case the hidden services were not being run isolated in virtual machines, the servers were fully deanonymized and located in the united states. This is not the freedom hosting case, isolation protected them from deanonymization when they had virtual machines rooted. Anyway being in a VM in itself offers zero additional protection from application layer traces, you need to have network facing applications isolated in virtual machines away from external IP address and away from Tor. Also I was the first person to introduce this technique to the scene so please spare your breath trying to explain things to me that you indirectly learned from me anyway.

I wish I knew half of what you do kmf...but you do have anger issues my friend

Maybe. I certainly have issues with people spouting off a bunch of bullshit acting like they are experts about things they know nothing about. I also have serious issues when these same people ignore all evidence. These are dangerous people who will lull noobs into a false sense of security, people like this put others lives in serious danger and it pisses me off.

Quote from: Munchies on January 03, 2012, 03:47 pm

You give us a whole spiel about how tor isn't secure then link us to an apache exploit as an example  (btw, didn't freedom hosting handle all of that pretty well, and arn't those child porn websites up and running again? The best anonymous could do was grab the mysql database and determine the server was somewhere in the USA.(http://pastebin.com/88Lzs1XR)(anon isn't the best example but a quick one to procure and they arnt amazing hackers but there was some skill involved with their attacks)

Again, I gave reference to ways hidden services can be tracked with hacking, signals intelligence / traffic analysis and measurement and signature intelligence attacks. I also gave a link to freehaven, which documents many more technical solutions. Nobody specified that the technical solutions for tracing hidden services had to be from any particular field, but I think selecting attacks from three fields, including two which have been carried out on the live Tor network and resulted in deanonymized hidden services, is more than adequate to support my claim that hidden services can be traced with known technical solutions. The police in the mentioned story were not related to anonymous and the hidden services that they deanonymized on the application layer were not hosted by freedom hosting, although similar attacks were done against freedom hosting isolation saved them from being traced.

Quote

What you are telling us is that tor hidden services are 'fucked' and can be tracked, but only you and a few other people know how.

Anyone with the time to read through some of the documents on freehaven, who has a basic knowledge of networking and can program, can do many of these attacks against hidden services.

Quote

Now I'm not saying TOR hidden services are perfect, but they do seem to be holding up atm, and while silkroad may be the sole target of the DEA, all the child porn sites, the 'terrorist' sites, and other illegals are  targets of other organizations, and they are still running. So until we start seeing other hidden services get de-anonymized we shouldnt have reason to believe that SR is in imminent danger/compromised.

If real terrorists used Tor they would be traced by the NSA in a matter of seconds. NSA can break though many layers of isolation and are not stopped by systems like ASLR, they also stockpile very sophisticated exploits and have teams that constantly analyze software looking for vulnerabilities. SR and all Tor hidden services are in imminent danger of having their servers deanonymized, they just don't currently have any competent attackers. DEA doesn't have any Tor experts working for them.

Quote

By the way, calling other people names, being condescending, and tooting your own horn is not a good way to convince people of anything.

This is true, although the people I care about will ignore the way I talk and instead be convinced by the huge amount of research papers I have linked to.


Here is the worst traffic analysis attack against tor hidden services:

The attacker adds some nodes to the Tor network, this is called a Sybil attack. Now, the attacker uses a malicious client to open an arbitrary number of connections to the target hidden service. A hidden service opens a new circuit for every connection request, so the client can force the hidden service to open an arbitrary number of new circuits. Now the attacker can send data modulated in a specific pattern to the hidden service, and scan all of the data passing through their sybil nodes looking for that pattern in interpacket arrivial times. Before Tor had entry guards this attack was carried out live against the tor network and it resulted in research hidden services being traced in time periods ranging from 24 hours to one week, exact time required depended on a number of variables. Tor attempted to mitigate this attack by introducing entry guards, three nodes through which a Tor client enters all of its traffic into the network. The theory was that unless the attacker owned one of the entry guards, they would never be in an active position to observe the interpacket arrival pattern reaching the hidden service. However, it is inherently obvious that now this attack will result in the deanonymization of three nodes each one hop away from the server in a matter of time ranging from approx 24 hours to one week (maybe a little longer now the network is bigger than when this attack was carried out). After identification of these servers, the compromise of any of them will allow the attacker to identify the hidden services IP address. This compromise can be legal, technical, etc, probably le will use a trap and trace pen register order and get the ip of hidden service in 24 hours if any of the entry guards are in USA, otherwise it will take a little bit longer for international cooperation but international cooperation will come fairly fast no matter where the entry guards are located. Even if the node owner doesnt participate in the attack, somewhere upsteam will for sure and they will do a passive attack.

That is one of many traffic analysis attacks directly against Tor hidden services. I will explain a few more pure signals intelligence attacks if people are interested.

I see my post about the federal police being sub-human scumbags who deserve to die was censored, well before it got to play out to its intended potential. Is it possible for me to get a list of censored topics so that I can make sure not to say anything offensive please? I apparently mistakenly thought that this was a forum that supported free speech.

Sorry for the epic triple post but here is a link to an article about how the feds traced a few tor hidden services with application layer exploits. There are roughly infinite potential application layer exploits that could be used to trace a Tor hidden service, but even if you don't count that class of attack there are plenty in the field of signals intelligence (and at least two in the MASINT field).

Is late 2011 recent enough for you?

https://www.tmcnet.com/usubmit/-dutch-police-trace-hidden-child-porn-websites-/2011/08/31/5743979.htm

Well, you get the "flaming douchenozzle of the day" award.

Funny I also got the "knows about security" prize, and the "provides links to academia for citations" award, you got the talk out of your asshole award for flapping your lips about shit you know absolutely nothing about

I'm not convinced of the viability of any of those approaches, and yes I've read them, and many others. Shout when you find a paper published sometime recently with something new in it.

Well who gives a fuck what you think you are not a SIGINT specialist you are not a MASINT specialist you are not a hacker, the people who wrote those papers have PH.ds in many cases you have your opinion which doesn't mean shit write a paper and get it peer reviewed if you think Tor can resist the theoretical attacks against it and we already know it is weak to many of the documented attacks against it because they have been run on network simulators or in some cases even live on the network.

I'm not going to try to convince you, because clearly you're one of those people who makes large unsupported assumptions to puff up your own ego.

You aren't going to try to convince me because you have absolutely no facts to back up your complete and utter bullshit claim, I gave cites to academic papers on traffic analysis in my post, you gave a pile of shit that you barfed up out of your mouth, if you don't know what you are talking about instead of trying to say something to seem like you are educated on the matter or helpful, shut the fuck up instead lest we turn this forum into a pile of stinking shit instead of a high quality resource with factual information available and easy to filter out of the shit

Rather than try to convince you that something is secure, because clearly that is a futile point to be made (nothing is "secure"...which is why I used the phrase "no KNOWN technical solution"), I'll instead appeal to a more common sense argument, one that can be followed by people who aren't sure what to make of your blustery hand waving and quick use of google to find research papers from half a decade ago that detail theoretical approaches which can be mitigated and are of questionable use in the first place.

Tor does have KNOWN technical solutions for tracing it, just because you don't know them doesn't mean they don't exist you know, I know of several, I gave you links to several I gave you a link to a website with over a dozen, you don't know a fucking thing about what you are talking about and you ignore the evidence I linked to you so go fuck yourself and stop wasting my time please. Quick use of google no I actually have been reading papers from freehaven for the past six years over which time I tought myself computer security and traffic analysis to a professional level, but no I am not as good as the people in the papers I linked to although I certainly put you to shame.

None of the things I linked to have been mitigated, the most serious traffic analysis attack against hidden services was partially mitigated but it only changed tor hidden services on the live network from being traceable in 24 hours by researchers to three nodes each one hop away from the hidden service being traceable theoretically (not live afaik, it hasnt happened yet) in the same time frame. Show a paper showing how tor mitigated these issues or the age of these articles makes no sense. The earth being round was discovered a long time ago do you think it went flat because you haven't seen any breaking academic research regarding it?

Put simply: If they could crack Tor, who would they go after? The terrorists, the child pornographers, or the drug traffickers?

How is this what you said put simply? this is completely unrelated to what you said. If "they" could trace tor they would go after the drug traffickers the child pornographers and the terrorists simultaneously dumbfuck. Guess what, child porn people say the same shit about drug traffickers carders say the same shit about drug traffickers drug traffickers say about carders and child porn people fuck osama bin laden probably thought the nsa was to busy with SR to go after him judging by my experiences with every single other type of criminal, don't fall into this PSYOP cognitive trap...btw your cognitive trap has been identified and labeled in the field of intelligence analysis its called mirror imaging and it means the person who interprets intelligence thinks that his adversary thinks as he does and interprets the intelligence through his eyes instead of his adversaries...you think you are not a target but you are THE target of the DEA not a pedophile

That, of course, proves nothing. But linking to a bunch of PDFs you found with google doesn't do much more.

No I quickly found those pdfs without google because I am extremely well versed in security and particularly traffic analysis and I actually know more about the Tor network than almost anyone else in the world who knows anything about Tor and doesn't work for a signals intelligence agency or do post-grad work in a traffic analysis research group. If PH.d research papers don't prove much about the topics they are written on then obviously you are a fucking retard.

Put simply:

If hidden sites were traceable, there are several dozen that would have been shut down years ago.

That doesn't mean TOR is secure. It does, however, support my original statement that there are "no known technical solutions for tracing TOR hosted sites".

I never said law enforcement can trace tor hidden services right now, just that some people can with varying degrees of ease. Law enforcement are way behind the bell curve when it comes to security and intelligence but guess what they are catching up fast and you shouldnt count on a network with known anonymity vulnerabilities against its hidden services to keep a hidden server anonymous plain and simple. Even Roger dingledine said Tor hidden services are fucked in the #tor IRC room, did you even know #tor had an IRC room? His name is Arma there and he is the lead Tor dev, I suggest you ask him if he thinks there are no known traceability attacks against hidden services but you probably already know better than he does

Even better, there is no known technical solution to determine where a TOR-hosted site actually physically gets hosted from.

New rule: if you say something as a certainty and it turns out to be complete bullshit, you get a 'I can't be trusted at all' title under your name. You get that title, please refrain from flapping your lips about things you know absolutely nothing about because your misinformation is dangerous. There are MANY 'technical solutions' for tracing Tor hidden services, here is a small selection:

http://freehaven.net/anonbib/cache/hs-attack06.pdf
http://www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf
http://www.cl.cam.ac.uk/~sjm217/papers/usenix08clockskew.pdf

you can find papers on a few dozen other methods of tracing Tor hidden services here:

http://freehaven.net/anonbib/date.html

and of course almost all of these papers are on pure traffic analysis / signals intelligence attacks, let's not forget that application layer attacks being used to by pass Tor are often the best solution for deanonymize Tor using targets....and last I checked these are technical solutions.

Thanks for wasting your time talking out of your asshole though.