Silk Road forums
Discussion => Security => Topic started by: ChillyP on January 23, 2012, 08:53 am
-
Ok, it's a bit dated, but this is definitely food for thought:
From http://news.cnet.com/8301-10784_3-9741357-7.html
A recent court case provides a rare glimpse into how some federal agents deal with encryption: by breaking into a suspect's home or office, implanting keystroke-logging software, and spying on what happens from afar.
An agent with the Drug Enforcement Administration persuaded a federal judge to authorize him to sneak into an Escondido, Calif., office believed to be a front for manufacturing the drug MDMA, or Ecstasy. The DEA received permission to copy the hard drives' contents and inject a keystroke logger into the computers.
That was necessary, according to DEA Agent Greg Coffey, because the suspects were using PGP and the encrypted Web e-mail service Hushmail.com. Coffey asserted that the DEA needed "real-time and meaningful access" to "monitor the keystrokes" for PGP and Hushmail passphrases.
The aggressive surveillance techniques employed by the DEA were part of a case that resulted in a ruling on Friday (PDF) by the 9th Circuit Court of Appeals, which primarily dealt with Internet surveillance through a wiretap conducted on a PacBell (now AT&T) business DSL line used by the defendants. More on that below.
The DEA's pursuit of alleged Ecstasy manufacturers Mark Forrester and Dennis Alba differs from the first known police use of key-logging software, which snared reputed mobster Nicodemo Scarfo in 1999. In the Scarfo case, the FBI said in an unclassified affidavit (PDF) at the time, a keylogger that also was planted in a black bag job was disabled when the Internet connection became active.
Note requirement for 'real-time' access / Excerpt from DEA Agent Greg Coffey affidavit
Not much more is known about the DEA's keylogger in the Forrester-Alba case. An affidavit prepared by DEA agent Coffey in July 2001 asks for permission to enter the Escondido office "by breaking and entering, if necessary, for the purpose of installing, maintaining, and removing software tools" that "will enable agents to capture and record all keyboard keystrokes."
Note there's no evidence the DEA used the FBI's keystroke logger known as Magic Lantern, which reportedly can be installed remotely by taking advantage of operating system vulnerabilities without having agents physically break into an office.
Keyloggers are hardly unusual nowadays, of course. In 2003, a former Boston College student was indicted for allegedly installing key-logging software on campus computers. More recent surveys indicate that plenty of workplaces are infected by spyware with key-logging abilities.
Who created PGP? It was actually Phil Zimmermann. / Excerpt from DEA Agent Greg Coffey affidavit
Keyloggers: Unresolved questions
The use of keyloggers by police, however, seems to be uncommon: A search on Monday through legal databases for terms such as "keylogger" turned up only the Scarfo and Forrester-Alba cases.
When used by police, they raise novel legal issues. That's because it's not entirely clear in what circumstances they're permitted under the U.S. Constitution and wiretap laws (which is why, in the Scarfo case, the FBI cleverly ducked this issue by, according to sworn testimony, disabling the keylogger when the modem was in use).
Even so, Scarfo's defense attorney claimed that a keylogger is akin to a "general warrant" permitting the DEA to seize "any record, including e-mail, simply because it was typed on a computer." General warrants are prohibited by the Fourth Amendment, which requires that warrants specify the "things to be seized." Another potential legal obstacle is whether wiretap laws apply--including their requirement of minimizing the interception of irrelevant conversations.
A federal judge eventually ruled that the unique design made the Scarfo logger permissible. But in the Forrester-Alba case, because Alba did not challenge the keylogger directly, the 9th Circuit never weighed in.
DEA claims that alleged Ecstasy/MDMA lab operators use encryption frequently / Excerpt from DEA Agent Greg Coffey affidavit
Eavesdropping without probable cause
Instead, the 9th Circuit spent much of its time evaluating whether government agents can eavesdrop on the Internet addresses Americans visit and the e-mail address of their correspondents without obtaining a search warrant first.
The judges' conclusion: federal agents did not violate the Fourth Amendment when spying on the Escondido DSL line without any evidence of criminal wrongdoing on his behalf, a legal standard known as probable cause. All the feds must do is prove the information is "relevant" to an ongoing investigation.
The wiretap was done at PacBell's connection facility at 650 Robinson Rd. in San Diego. The DEA obtained what's known as a "mirror port," a feature that many network switches made by companies including Cisco Systems include for troubleshooting purposes.
A mirror port duplicates all the Internet traffic of one user to a second port on the same switch, without the suspect being alerted that electronic surveillance is under way. The scheme is probably easier to accomplish with a static Internet Protocol (IP) address, which is what the Escondido case involved.
According to the DEA, only IP addresses of Web sites (such as 216.239.122.200 instead of cnet.com) and e-mail headers are captured, and not the rest of the communication stream. That, they argue, makes it akin to existing precedent dealing with pen registers, which capture telephone numbers dialed and are permitted without any proof of probable cause of wrongdoing.
The 9th Circuit agreed, ruling on Friday that "e-mail and Internet users have no expectation of privacy in the To/From addresses of their messages or the IP addresses of the websites they visit because they should know that these messages are sent and these IP addresses are accessed through the equipment of their Internet service provider and other third parties." This follows the lead of a Massachusetts judge who said much the same thing in November 2005.
Both Forrester and Alba were sentenced to 30 years in prison (PDF) on charges including conspiracy to manufacture and distribute Ecstasy. In a decision made on unrelated grounds, however, the 9th Circuit reversed Forrester's conviction and partially reversed Alba's. Forrester faces retrial.
-
I figured keyloggers could beat PGP/hushmail/etc. I've even installed a keylogger on a computer in the past.
So what's the best defense against keyloggers? A good antivirus program? An on-screen keyboard? TAILS? A Linux live CD? Liberte Linux on a flash drive?
-
Full disk encryption. Or a Liberte live usb that is hidden in a VERY good hiding place.
-
On keyloggers, don't be naive. They are way more powerful than some of you seem to imagine. I have a lot of personal experience in this area. Even most geeks aren't aware of how powerful these damn things have gotten in the last five years.
There are many many different kinds of keyloggers, some of which are even more sophisticated than the one I'm about to describe.
Assuming that the DEA or FBI will use software keyloggers is... not a good idea.
Because if I were the DEA or FBI, I'd install a hardware USB keylogger, and then escalate up to the abilities of a software keylogger once I had admin access.
N.B. A hardware USB keylogger, a electronic circuit hidden inside a cable or keyboard, *cannot* be discovered by any form of software because it doesn't interact with the operating system. Additionally, all that encryption of Hard Disks and Emails is a complete waste of time. Using different Operating Systems is a waste of time.
With the kind of keylogger I'm talking about every single time you touch the keypad/keyboard, on a PC, laptop, a phone, any electronic device, that information of the key press is transmitted via a special wireless chip for a distance of something between 1/2 km and 15 km.
Additionally, keystrokes can be saved and transmitted in a burst so that the wireless chip is not working constantly, so that it only 'wakes up' at certain times. Which makes detection even harder obviously.
The other thing is that virtual keyboards on the screen won't work either. They have keyloggers for monitors too that take screenshots at set time intervals, or communicate to another keylogger inside a mouse so that all information is captured.
Lastly, software keyloggers worth their salt these days are capable of using OCR technology to capture any characters being hovered over by a mouse.
tldr; if you're serious about security, then I suggest you use a laser keyboard in addition to Liberte. This way, there is no keyboard. Additionally, it is highly portable and easily replaced. That in combination with Liberte is a fine thing. Expensive though.
-
I had to google this laser keyboard but I want one now... THIS is cool shit!
-
I had to google this laser keyboard but I want one now... THIS is cool shit!
More secure + more Matrix/Neuromancer vibe appropriate to SR. Win/Win situation really ;-)
-
the downside to ALL encryption is that at some point, some how you must input your authentication.
whether it be biometrics (ie, voice/thumb/retina/dna) or plain old keyboard - any data in can be captured.
there's no circumventing this other than using a medium that can self-destruct if certain conditions aren't met.
-
I had to google this laser keyboard but I want one now... THIS is cool shit!
yea, it's cool, but what happens when an agent swaps the i/o chip on your motherboard and captures data at the hardware level? think i'm kidding? even more plausable is data capture in the usb/ps2 housing at the end of the cable. i don't know if this level of spytech would happen for small-time shit like SR, but for serious espionage - you better believe it.
-
I had to google this laser keyboard but I want one now... THIS is cool shit!
yea, it's cool, but what happens when an agent swaps the i/o chip on your motherboard and captures data at the hardware level? think i'm kidding? even more plausable is data capture in the usb/ps2 housing at the end of the cable. i don't know if this level of spytech would happen for small-time shit like SR, but for serious espionage - you better believe it.
Yes, but if your computer is portable computer like an iPad or small laptop, and you have your laser keyboard, then you can carry it around where ever you go. They'd have to do some seriously cool ninja-fu to counter that. More likely they'd adopt a new attack vector.
-
ChillyP, thank you for posting this article. Now if only we had an intelligence forum to drop it into... ._.
-
It seems like one way to counter this sort of surveillance would be simple sterilization. Basically, use two computers: one, connected to the net, to acquire your pgp messages. Then you have another computer that has never been connected to anything but a power cord (at least since formatting). You could then simply type out character by character the pgp message into the sterile machine and use that to decrypt, write a reply, encrypt it, and then enter the ciphertext back into the net machine character by character. Maybe there is some absolutely secure way to transfer the text between the two machines without using this impractically tedious method, I don't know, but it doesn't seem like this sort of system could be easily compromised unless LE got hold of the sterile machine and implanted some spy shit. If you just used a small **disconnected** phone or a tablet or micro netbook that you could easily stash, that could be mostly overcome. Maybe there's a hole I see in here?
Generally speaking, it might not be a bad idea for high volume i.e. loaded vendors to use disposable machines. You can get tablets, small netbooks, and droid phones that run Tor and PGP for less than $100. Use the shit for a couple weeks, physically destroy it, and start fresh. How the fuck could they do anything about that?
Or you could set up a relay with a very trusted party in some fucked up jurisdiction. They acquire your data and get it back to you using completely different methods that are physically isolated form the means with which they received yours.
To me it seems like there are pretty solid solutions if you were really motivated to implement them. The obvious problem is that most people aren't that motivated, and scalability would be challenging. I think there are ways to accomplish what is happening here with a level or security that wouldn't keep you wondering at night though.
-
http://texastechno.blogspot.com/2011/10/acoustic-cryptanalysis-keylogging.html
:o
-
I notice you said it was a little outdated and it's from 07' I'm interested purely out of curiosity, what sort of keylogger did they use (software/hardware?) and I wonder what the overall security habits of the guys who got bagged were? It doesn't look like it's clear from the article itself.
Hardware keyloggers I don't think there really would be any way around but I wonder if this sort of pgp key grab would be possible with the current release because it doesn't allow ctrl-c or ctrl-v so I wonder if that has any effect on a software keylogger or not?
-
Generally speaking, it might not be a bad idea for high volume i.e. loaded vendors to use disposable machines. You can get tablets, small netbooks, and droid phones that run Tor and PGP for less than $100. Use the shit for a couple weeks, physically destroy it, and start fresh. How the fuck could they do anything about that?
I think this method is the most practical in the long term. If your operation is taking hundreds of thousands of dollars a week then a few thousand dollars on mobiles/computers isn't going to matter. So long as there's no pattern to your acquiring the mobiles/computers.
--
Some thoughts:
I think in reality however, this is a bit academic. LEO mostly uses snitches to break sophisticated operations down. We're mostly a black box for them and they can't spend all their time hacking through every piece of software/hardware at our disposal.
But since we are Anonymous there is little connection between most of us, except for our internet connections. That's a bitch of a nut to crack. Snitches won't work if we ourselves don't know much solid information about each other. Otherwise they're just downing in hearsay and it'll never stand up in a courtroom. Similarly with Bitcoin, it is really the ace in the hole because knowing the transaction network is completely pointless if you don't know who is who. I hear threats of traffic analysis. Bullshit! Traffic analyze away, it'll get you nowhere if you don't know the source and destination entities.
Nor will making Bitcoin illegal work. This is because Bitcoin can be exclusively used for SR transactions and still operate without a hitch. There is always going to be buyers wanting B$ for drugs and sellers wanting cash for B$ i.e. although having a legal Bitcoin economy is nice, it's unnecessary for the SR to continue to exist.
To provide Identity in a network like this, you need postal addresses and names of the real people + times and IDs of every Bitcoin address they've ever had. And that's just to *begin* building a case. Still haven't shown anything illegal was done.
Most importantly of all, the thing I just mentioned only works on Buyers. Sellers never need to supply their real world address ever. The only way to catch them, is to catch them with their hand putting the package into a postbox. Biometric data from packages is simply unlikely.
So, back to square one. Having a snitch do in the seller through his regular offline network is the most likely way SR operatives will be caught.
-
Bitcoing is an interesting thing in and of itself, it seems recently people are suggesting that bitcoin isn't anonymous and people should be leery of it. This being said I think it's fair to assume that is more applicable if people are not using it behind tor? I guess I fail to see how bitcoin would create any kind of paper trail to someone if sending and recieving is proxied through tor no?
-
Bitcoing is an interesting thing in and of itself, it seems recently people are suggesting that bitcoin isn't anonymous and people should be leery of it. This being said I think it's fair to assume that is more applicable if people are not using it behind tor? I guess I fail to see how bitcoin would create any kind of paper trail to someone if sending and recieving is proxied through tor no?
Bitcoin is not anonymous, and in fact was designed to have the financial transfer topology be public to prevent counterfeiting. Tor can provide network level untraceability (attackers will not be able to trace coins back to your IP address) but not unlinkability (the coins were purchased by you), which is imho the key part of anonymity (although I am sure you will find differing opinions on this part). Ultimately, unless you use a blind mixing service, you are as linkable to the coins as the method you used to purchase them and whatever method is used to cash them out (and as such a chain can be created from you to vendor X or whoever you're sending money to). Also not using blind mixes makes you susceptible to various financial intelligence attacks but that is of more interest to vendors than occasional buyers. I have elaborated upon this in previous posts and am too lazy to dig up the link, sorry.
-
Bitcoing is an interesting thing in and of itself, it seems recently people are suggesting that bitcoin isn't anonymous and people should be leery of it. This being said I think it's fair to assume that is more applicable if people are not using it behind tor? I guess I fail to see how bitcoin would create any kind of paper trail to someone if sending and recieving is proxied through tor no?
Bitcoin is not anonymous, and in fact was designed to have the financial transfer topology be public to prevent counterfeiting. Tor can provide network level untraceability but not unlinkability, which is imho the key part of anonymity (although I am sure you will find differing opinions on this part). Ultimately, unless you use a blind mixing service, you are as anonymous as the method you used to purchase the bitcoins and whatever method is used to cash them out. (Also not using blind mixes makes you susceptible to various financial intelligence attacks but that is of more interest to vendors than occasional buyers.) I have elaborated upon this in previous posts and am too lazy to dig up the link, sorry.
Precisely, couldn't have said it better.
-
Actually I went back and edited my post to hopefully make a few things less confusing. The last comment I have on mixing is that even a non-blind mix would properly unlink you from your coins, unless the mixing service you use is operated by an attacker. I don't know the details of SR's tumblers, whether it's a real mix without same-coin contamination or whether it's just a series of proxies but I would not count on it to protect you either way.
-
Bitcoin is not anonymous, and in fact was designed to have the financial transfer topology be public to prevent counterfeiting. Tor can provide network level untraceability (attackers will not be able to trace coins back to your IP address) but not unlinkability (the coins were purchased by you), which is imho the key part of anonymity (although I am sure you will find differing opinions on this part). Ultimately, unless you use a blind mixing service, you are as linkable to the coins as the method you used to purchase them and whatever method is used to cash them out (and as such a chain can be created from you to vendor X or whoever you're sending money to). Also not using blind mixes makes you susceptible to various financial intelligence attacks but that is of more interest to vendors than occasional buyers. I have elaborated upon this in previous posts and am too lazy to dig up the link, sorry.
Right I understand it's not anonymous (and haven't assumed it was unless you are using various ways to tumble it like SR does supposedly). I guess what I am driving at is the following pattern:
I buy btc with moneypak on SR.
I withdraw btc to a torified wallet
I send them to mtgox (or some other exchange) then perhaps to another location and back to a wallet and back to SR.
None of these places have my IRL identity attached to them and all but one (mtgox) have been torified. So I guess the question is After this is all said and done, how would that bitcoin trail actually identify 'you' as the person and you be actually identifyable? Perhaps I am misunderstanding how bitcoin works in general. If this is not the right place for this than sorry. I'm not claiming that btc is anonymous but it seems to be somewhere in between if you take some precautionary measures. It's not like my real name is tied to them (obviously) or my real IP, or even an email address that is tied to my identity. So if you keep your bitcoins within the bitcoin 'economy' does this to some extent mitigate this? I ask because this is what I generally try to do is keep from having to cash out bitcoins to a real currency or purchase them with funds through say dwolla or some other transfer option.
Although this is sorta going off topic anyways, perhaps there is a better place for this...
-
No, that's a really good question (and this is the security forum so I don't see where else it would belong). Like I said, without a mix it's all about how unlinkable you are to the initial method of purchase (the moneypak) and the final method of cashing out (whatever your vendor does). The way you buy coins, you are for all practical purposes already unlinkable to them although you are putting a lot of faith into the opsec of the person you are buying btc from (this is the part of the chain that an adversary would want to target to get financial intelligence). You're also correct in that your name and IP address are not linked to the coins, but you are still susceptible to some (admittedly extremely difficult and unlikely) ways of identifying you. This is still no reason not to use the extra security that a mix provides, I know bitcoin fog has a location hidden service and charges a commission of only 2%, bitcoin laundry charges 4.5% but suffers from minor same-coin contamination.
I would also definitely rethink about using moneypak if you are a big vendor or know you have some heat on you. I'm going to write something on why moneypak and especially reloadable visas and greendots suck ass, but that's a post for another day.
-
It seems like one way to counter this sort of surveillance would be simple sterilization. Basically, use two computers: one, connected to the net, to acquire your pgp messages. Then you have another computer that has never been connected to anything but a power cord (at least since formatting). You could then simply type out character by character the pgp message into the sterile machine and use that to decrypt, write a reply, encrypt it, and then enter the ciphertext back into the net machine character by character. Maybe there is some absolutely secure way to transfer the text between the two machines without using this impractically tedious method, I don't know, but it doesn't seem like this sort of system could be easily compromised unless LE got hold of the sterile machine and implanted some spy shit. If you just used a small **disconnected** phone or a tablet or micro netbook that you could easily stash, that could be mostly overcome. Maybe there's a hole I see in here?
You can use burned CD. Burn gpg ciphertext from computer with internet to CD, put CD in computer with no internet access to decrypt. That prevents plaintexts to you and private keys from being vulnerable to hackers. It is harder to do this for responses though, because you need to load public key from the machine that has internet access to a machine that you encrypt your outgoing plaintexts on that also never has internet access or contact with anything that ever will (after you start typing plaintexts on it). This is called an airgap system.
Generally speaking, it might not be a bad idea for high volume i.e. loaded vendors to use disposable machines. You can get tablets, small netbooks, and droid phones that run Tor and PGP for less than $100. Use the shit for a couple weeks, physically destroy it, and start fresh. How the fuck could they do anything about that?
What advantage does that give?
-
mtgox, and probably every other major exchange is now starting to request papers if you access them through tor.
be concerned.
-
Don't they need a warrant to break in to your residence and install their surveillance? If they are this close to you then you are probably fucked anyway.
-
Don't they need a warrant to break in to your residence and install their surveillance? If they are this close to you then you are probably fucked anyway.
LE doesn't always play by the rules either. They could break in, install a keylogger, and then come trial time say that the keylogger was remotely installed and that because of how it operates it wasn't technically considered a wiretap. Because your machine is in evidence at that point and it's their word against yours, you're effectively fucked.
-
Don't they need a warrant to break in to your residence and install their surveillance? If they are this close to you then you are probably fucked anyway.
LE doesn't always play by the rules either. They could break in, install a keylogger, and then come trial time say that the keylogger was remotely installed and that because of how it operates it wasn't technically considered a wiretap. Because your machine is in evidence at that point and it's their word against yours, you're effectively fucked.
I am pretty sure that they need a warrant to legally install a keylogger by network intrusion as well, otherwise they are violating the law themselves. Hacking is a crime, and while they all think they are, cops aren't above the law. A defense attorney can always petition the court to have his own specialist examine the evidence for trial, so it's not effectively locked away in a evidence locker without access.
But you are right cops lie all the time. Take the case of drug sniffing dogs hitting on cars with no drugs in them for instance. They are trained to alert on the handlers command, not on the actual detection of drugs.
-
mtgox, and probably every other major exchange is now starting to request papers if you access them through tor.
be concerned.
Ahhh the joys of fake id.
-
mtgox, and probably every other major exchange is now starting to request papers if you access them through tor.
be concerned.
Ahhh the joys of fake id.
Fake ID is nice but useless if you dont know how to handle it correctly.
I thought of it and I wouldnt just have to get one, no I have to make a new "me". Only if I would separate my real "me" from the fake one it will work. For online verification, ok but its a bit expensive for only OV.
For vending with a new ID someone has to make serious steps. New apartment, car and so on.
At least that is what is needed to benefit most of a fake ID, in MY head.
-
you don't seem to understand how fake ID is used then
-
that can certainly be the case. No I know I dont understand the benefits of it.
I got in touch with the fake ID thing on OVDB and read a bit, but I dont think I need one.
the only reason I wanted one was to open a PO box on a false name. But for my personal needs in drugs, and that is what I use online vendors for, I dont see the requirement for one.
If I want to vent for my self, well that would be an other case. But then I had to learn much other things, too, before I would fell safe.