Silk Road forums
Discussion => Off topic => Topic started by: Evanescence on January 31, 2012, 05:27 pm
-
Since I just placed my first SR order, now my mind is thinking how could I be busted.
I thought of at least at two strategies that could be used and want to ask on the forum, "how come they couldn't do this to bust us?"
Is it not good to throw out ideas that could be potentially used against us?
Or is good because it would allow weaknesses to be thought through and fortified against?
-
The latter.
-
They know what we're doing. They have access to all the information we have. It's just not financially feasible for an agency to seriously pursue SR, at least not yet. That may change in future.
-
There also isn't kingpin amount of drugs being shipped on SR. If this was a mega wholesaling forum they would be more motivated to shut it down but almost everything is a few g at most being shipped.
That said it is slightly disturbing SR is contracting out for a database admin publically. Wonder how many feds applied for the job.
-
The richest dealers aren't on SR, you know how the gov works. The power of economic dominance has taken slight priority over the power to control the freedom of the people, which used to be their main pursuance, concerning the drug war.
Why did megaupload get millions seized, but btjunkie is going strong? because no one working for btjunkie is making billions, would be my guess. and thr same thoughts apply here.
-
as a buyer you always have the excuse that you never ordered anything / anyone with your address can mail illegal stuff to your address.
-
just buy small amounts.
the feds won't be kicking in your door for a few grams of kush.
-
That said it is slightly disturbing SR is contracting out for a database admin publically. Wonder how many feds applied for the job.
That's actually really insightful. I'll have to think about that now. Maybe there's some kind of review process for code, and they only develop in a test environment (heard that one before).
Damn you for your comment. Damn you.
-
That said it is slightly disturbing SR is contracting out for a database admin publically. Wonder how many feds applied for the job.
That's actually really insightful. I'll have to think about that now. Maybe there's some kind of review process for code, and they only develop in a test environment (heard that one before).
Damn you for your comment. Damn you.
That's a very interesting prospect, indeed. I'd be interested to know more about that, though I have to wonder why I didn't think about that.
-
When I saw that SR was hiring publicly, I too was a bit concerned, but I'm sure that there is a VERY thorough interview process etc. Not to mention they will be looking at how long each applicant has been a member at SR, their purchase history, involvement, feedback, etc.
-
When I saw that SR was hiring publicly, I too was a bit concerned, but I'm sure that there is a VERY thorough interview process etc. Not to mention they will be looking at how long each applicant has been a member at SR, their purchase history, involvement, feedback, etc.
The DEA are some sneaky mother fuckers. They would blend in so easily with everybody else. They would make purchases AND contribute on the forums. Although I'm not too sure if even during a undercover op they could sell drugs as a vendor without retrieving them immediately. If not, then hiring a past vendor for the position would be the only safeguard. Still, they can do just about anything short of murder while undercover. So sketchy to hire publicly.
-
while I have faith in the admin here, they will throw all their forces of darkness behind this if they have to, and unless the admin is an extremely thorough and cautious mofo (I have no reason to suspect he isn't) they will find a way in. even then that might not be enough. :P
that sounds really melodramatic but you know what I mean
-
The latter.
Ok then here's what I would try:
1) Monitor Tor nodes to find the most active IP address based in the US. Assume the most active IP is a vendor/big buyer. Setup your own Tor nodes and you get this without a warrant and no decryption is necessary.
2) Use the IP address to geo-locate a home address. Use address to get your identity. Use identity and IP address to correlate the shit out of activity on the clear Internet. Full list of facebook, friends, posts, everything natually "leaked" on the net.
3) Bring down the station and interrogate with lame tatics: "Obviously we know everything or you wouldn't be here right now...".
At this point identity is known and all standard LE techniques apply for a full investigation.
Not a slam dunk but enough to put them fully on the ass of all the top SR participants.
-
The latter.
Ok then here's what I would try:
1) Monitor Tor nodes to find the most active IP address based in the US. Assume the most active IP is a vendor/big buyer. Setup your own Tor nodes and you get this without a warrant and no decryption is necessary.
2) Use the IP address to geo-locate a home address. Use address to get your identity. Use identity and IP address to correlate the shit out of activity on the clear Internet. Full list of facebook, friends, posts, everything natually "leaked" on the net.
3) Bring down the station and interrogate with lame tatics: "Obviously we know everything or you wouldn't be here right now...".
At this point identity is known and all standard LE techniques apply for a full investigation.
Not a slam dunk but enough to put them fully on the ass of all the top SR participants.
By TOR nodes, I'll assume you mean the computers which are at the periphery of the TOR network i.e. the outer shell of the onion.
Some objections to your thought experiment:
1. How do you even know you have a periphery node or exit node? Sure, you can setup your own TOR nodes. But I'm really not sure you can specify that you have an exit node. And I'd imagine with more nodes, the layers of the onion grow deeper, since that seems to make sense.
Some experienced TOR geek should chime in here on that subject.
2. Ok, assuming for arguments sake that you do have an IP address of a user. You get data to geo-locate from ISP et al.
The problem with your idea of of IDing everything in clearnet, is that 99.99% of us have *no idea* who the others on the Silk Road are. For all we know, Silk Road himself/herself could be a 90 year old witch doctor in the Congo. At the most, you get 1 guy or girl. Either a frequent buyer/seller. At most you're picking up a couple of grams or ounces of some drug, most likely weed. Doesn't seem worth it to me economically, but maybe it would be done as scare tactics or something.
3. How is frequently using the TOR network probable cause? I mean, don't judges have to sign things like arrest/search warrants? Hurr Durr, this guy uses TOR a lot isn't exactly indicative of him being a major SR seller. Hell, you'd probably find more pedophiles and conspiracy theorists this way!
4. If you use/operate your own bridge, which I assume smart sellers would, then the ISP doesn't even know that the seller is accessing the TOR network full stop.
5. Assuming you bust ALL USA sellers somehow. The Silk Road still lives on. There's a heavy preponderance of English, Australians and others here. Congratulations LEO, you just managed to increase profits for ex-USA sellers.
6. Silk Road itself is not small, it is big. 150,000 people are on it. Even assuming 1 out of 10 are legitimate buyers or sellers means you would need to arrest 15,000 people. I mean, wat? Meanwhile back in RL the big fish are running rings about LEO due to their resource exhaustion.
-
Pine first off, since I like your profile picture so if you don't mind I'll pretend that's really how you look, that you're actually female, and will try to ignore the fact you are actually a 90 year old witch doctor in the Congo.
Regarding your points
1) Maybe - I'm not a Tor expert. But I am a tech person and know this for a fact: One time a LEO came down to my workplace and asked for some technical volunteers to help track and bust child porn dudes. Our very best guys jumped on it who were some serious experts in security/networking. My only point is I realized that it is quite easy for any LEO to get any experts to work for free because of the glory/coolness of the challenge. For sure child porn is a level of evil that is not comparable to us, but still you have to assume they can easily access the best technical minds.
2) One they get your real IP address there are all kinds of ways to find your clear net activity by correlating that IP to public sites, logs, etc.
3) Don't see how you need probable cause to do anything I suggested.
4) Don't know how that works, I hope you're right.
5) Even if they only bust 10 people out of 150,000, if they issue a press release every time I bet it would have a huge effect on usage.
By TOR nodes, I'll assume you mean the computers which are at the periphery of the TOR network i.e. the outer shell of the onion.
Some objections to your thought experiment:
1. How do you even know you have a periphery node or exit node? Sure, you can setup your own TOR nodes. But I'm really not sure you can specify that you have an exit node. And I'd imagine with more nodes, the layers of the onion grow deeper, since that seems to make sense.
Some experienced TOR geek should chime in here on that subject.
2. Ok, assuming for arguments sake that you do have an IP address of a user. You get data to geo-locate from ISP et al.
The problem with your idea of of IDing everything in clearnet, is that 99.99% of us have *no idea* who the others on the Silk Road are. For all we know, Silk Road himself/herself could be a 90 year old witch doctor in the Congo. At the most, you get 1 guy or girl. Either a frequent buyer/seller. At most you're picking up a couple of grams or ounces of some drug, most likely weed. Doesn't seem worth it to me economically, but maybe it would be done as scare tactics or something.
3. How is frequently using the TOR network probable cause? I mean, don't judges have to sign things like arrest/search warrants? Hurr Durr, this guy uses TOR a lot isn't exactly indicative of him being a major SR seller. Hell, you'd probably find more pedophiles and conspiracy theorists this way!
4. If you use/operate your own bridge, which I assume smart sellers would, then the ISP doesn't even know that the seller is accessing the TOR network full stop.
5. Assuming you bust ALL USA sellers somehow. The Silk Road still lives on. There's a heavy preponderance of English, Australians and others here. Congratulations LEO, you just managed to increase profits for ex-USA sellers.
6. Silk Road itself is not small, it is big. 150,000 people are on it. Even assuming 1 out of 10 are legitimate buyers or sellers means you would need to arrest 15,000 people. I mean, wat? Meanwhile back in RL the big fish are running rings about LEO due to their resource exhaustion.
-
Yes, with red eyes and leprous sores 8)
1. Sure. It's an arms race between geeks. But we know that certain technologies are very difficult to counter. Public key cryptography is an example. Algorithms can be developed that are like scrambling eggs. Easy to achieve, and highly improbable or computationally expensive to counter.
1.1. The first key thing is the diversity of networks. Let's say somehow SR is taken down. Well, then there's alternatives like BMR. Let's say TOR is taken down entirely. Well, then there's Freenet and others. Let's say Bitcoin is destroyed. The communities will simply flock to the next medium of exchange like a shoal of startled herring.
Once the illusion that the government can track everybody and everything is dispelled, you cannot put the genie back into the box. It's now already far too late for that. To put it bluntly, there are too many people like you and me.
1.2. The second key thing is 'price'. Most things are technologically possible. In theory you can make computer software do anything you can imagine. In practice there are definite real world constraints. The government has a large checking account, but even that has definite limits. Even the genius expertise of the Stazi in East Germany and the technological sophistication of the Soviet military intelligence services using 50%+ of GDP of a superpower state could not prevent the fall of communism. Fighting markets, is an exercise in futility even for the smartest people on the planet.
In some sense, the brainpower and computer power of LEO is not bigger than the organizational ability of the black market. It is positively diminutive in comparison. It's just not obvious that this is the case.
1.3. The third key thing is that there are many here and elsewhere I've seen who are busily at work on completely distributed systems which are far more formidable than our current incarnation of Silk Road and TOR.
2. Sure. But even my ISP doesn't know me. In fact they think I'm somebody else. Deeper and deeper into the Rabbit Hole Alice! Some buyers and sellers are naive, but a goodly number of us are real professionals using many varied methods of camouflage that we don't necessarily describe on the Silk Road forums.
Now, for the average user, it could be a problem. Not everybody can be behind "Over Nyan Thousand Proxies" after all. But I don't think we've hit a critical mass yet. General anonymity for geeks is one thing, generalized anonymity for the population is another. It's a problem, but not a serious one today.
3. You have to have some evidence in the first place in order to setup arrest warrants. Let's say you have 'reasonable ground for suspicion that user X is using TOR for illegitimate purposes'. Your argument was that consistently high traffic would serve as grounds for monitoring in RL or arrest right? Well, that puts everybody operating exit nodes under watch and also anybody downloading/uploading data. Using email and websites is not data intensive, you'll be sweeping up dozens of users into the net for no reason. Judges notoriously dislike having their time wasted.
Widespread key-logging on the other hand, that could be a problem. i.e. magic lantern antics. They can only achieve such a thing with 'defense of the realm' bullshit (patriot act), and whatever else we are, we're certainly not terrorists. Hell, you'll not find more fervent defenders of the western ideals of markets and democracy except for the Silk Road.
4. Take a look at the TOR cloud project sometime.
5. Probably. But let's face it, it's much easier to bust buyers than sellers. Then what do you have? Nothing. It's comparable to arresting the Johns to deter prostitution. You cannot bust large amounts of sellers. Sellers who take reasonable precautions never reveal their real world address. There is simply no reason for them to ever do so. It has to be taken on a case by case basis. It is an order of magnitude easier to bust sellers in RL. LEO loves large numbers. $XXX million in street value. over nyan thousand dealers off the streets. That kind of thing. Even if the Silk Road was the same size as the offline black market, it wouldn't attract more LEO resources in the long term.
Let me say one thing that has probably already occurred to you. We expect to see a wave of 'moral panics' in the future regarding the Silk Road. That will attract attention and LEO resources for sure. But over time LEO will come to recognize the points I mentioned in 1.1, 1.2, 1.3. They will ultimately STFU and focus on offline interception activities because it's in their interest to do so.
They are servants to what economists call the principal agent problem. It is not in their self interest to draw attention to the Silk Road, and they will justify this as 'not wanting the word to spread', but it'd be more accurate to state that they like feeling strong and not feeling weak. The illusion of invincibility is more important to LEO than actual results. That is why we recently heard of 'biggest multi-million dollar drug bust in 15 years' when in reality when you analyzed the situation you found that 10k of drugs and 10k in cash was actually discovered. Nonetheless, they handed down a century in prison to those amateurs to make themselves look better.
-
if you want to add some level of anonymity, you'd only have to connect from open access points or hacked servers / vpns. but that would be only necessary for someone with a really high profile. if you are a bit paranoid, change your MAC address, go close to some mc donalds or hotel with free wifi access (always switch locations), launch TOR and you are all set.
as to the DBA job: that's really strange. maybe it's a set up to find out who might be a gov agent?
-
By TOR nodes, I'll assume you mean the computers which are at the periphery of the TOR network i.e. the outer shell of the onion.
Tor nodes is commonly used terminology for the nodes that route communications on the Tor network. Although it should be noted that technically clients could be considered Tor nodes, this isn't how the term is very commonly used.
How do you even know you have a periphery node or exit node? Sure, you can setup your own TOR nodes. But I'm really not sure you can specify that you have an exit node. And I'd imagine with more nodes, the layers of the onion grow deeper, since that seems to make sense.
You can specifcy that you have an exit node. It is also very easy to see if you are being used for an entry node, simply compare the IP addresses sending you data to the public list of Tor node IP addresses that all clients have. If an IP sending you information isn't another public Tor relay it is either a bridge (easy to confirm by trying to use it as a bridge) a hidden service or a client.
Adding nodes to the network to enumerate Tor client IP addresses is one of the least effective ways to go about it, since clients select three nodes that they always use to enter traffic into the network if they are up. These are called entry guards and they protect from a lot of attacks. It would be much easier to just get a warrant to passively monitor some of the directory authority nodes, where all Tor clients that do not use bridges directly connect to bootstrap a list of all public Tor nodes. After all you need to get a list of Tor node IP addresses if you want to use the Tor network. If you use a bridge it acts as a proxy between you and the directory authority nodes though.
2. Ok, assuming for arguments sake that you do have an IP address of a user. You get data to geo-locate from ISP et al.
The biggest problem with his thought experiment is that he assumes the most active Tor clients are drug vendors or buyers. The Tor network had over a hundred thousand users before there was even a single Tor hidden service drug forum (that I knew about anyway, although I am pretty sure I was a member of the first hidden service drug forum several years ago).
He needs to tweak his attack a little. Instead of assuming that the most active Tor nodes are drug vendors, you need an additional bit of information. This is rough geolocation of vendors. This leaks when they send mail out via the postal network. Now you can see the Tor clients who are within say a fifty miles of where packages were roughly shipped from. There are a shit ton of Tor clients that are very active and that have absolutely nothing to do with the drug trade. There are probably very few Tor clients in any given fifty mile radius, and unfortunately vendors leak their rough geolocation when they send mail out. This is a very dangerous attack and it will be quite effective at fucking vendors,(probably) particularly if they don't use bridges.
The problem with your idea of of IDing everything in clearnet, is that 99.99% of us have *no idea* who the others on the Silk Road are. For all we know, Silk Road himself/herself could be a 90 year old witch doctor in the Congo. At the most, you get 1 guy or girl. Either a frequent buyer/seller. At most you're picking up a couple of grams or ounces of some drug, most likely weed. Doesn't seem worth it to me economically, but maybe it would be done as scare tactics or something.
Didn't SR ship product out before? The postmark will leak his rough geolocation at least down to city he mailed from if not more. I wonder how many people use Tor in that area? Probably not many.
Also you are totally brainwashed to think it isn't worth it economically to the police to bust small scale drug users. They are spending free money that they steal from the tax payers, and as far as they are concerned a bust is a bust. Maybe the feds only care about larger scale traffickers usually, but you are naive if you think that local police forces will not attack SR as well. If the local police in small Texas City find a SR user in New York they will just seamlessly forward the case on to the NY police. There is actually substantial coordination between local police forces, particularly against small scale cyber criminals. If you don't think your local police department cares if you buy a few grams of coke, why is it that there are people in jail over a few grams of coke?
How is frequently using the TOR network probable cause? I mean, don't judges have to sign things like arrest/search warrants? Hurr Durr, this guy uses TOR a lot isn't exactly indicative of him being a major SR seller. Hell, you'd probably find more pedophiles and conspiracy theorists this way!
Yes this is why his theory is incorrect. Drug users are a small minority of Tor users. Although this may be changing thanks to all of the publicity SR has been getting. Also understand the difference between evidence and intelligence.
4. If you use/operate your own bridge, which I assume smart sellers would, then the ISP doesn't even know that the seller is accessing the TOR network full stop.
Using your own bridge to access the Tor network is certainly helpful against a wide variety of serious attacks. But it isn't impossible or even particularly hard to tell that someone is using a Tor bridge. It is a lot harder to tell someone is using a Tor bridge than to tell someone is using the Tor network without a bridge though.
5. Assuming you bust ALL USA sellers somehow. The Silk Road still lives on. There's a heavy preponderance of English, Australians and others here. Congratulations LEO, you just managed to increase profits for ex-USA sellers.
Again drinking the koolaid that LE want to stop drugs. LE want to make money for LE and justify their budgets. Of course they make more money for their department / agency when they steal it from a big coke lord, but busting people for minor drug offences is a large part of an individual agents bread and butter.
6. Silk Road itself is not small, it is big. 150,000 people are on it. Even assuming 1 out of 10 are legitimate buyers or sellers means you would need to arrest 15,000 people. I mean, wat? Meanwhile back in RL the big fish are running rings about LEO due to their resource exhaustion.
15,000 new people in jail = big profits for the private prison industry, parole industry, drug testing companies etc. It isn't small bucks for them, and they don't care how much it cost to bust those 15k people because it isn't like they are spending their own money on it.
-
1. Sure. It's an arms race between geeks. But we know that certain technologies are very difficult to counter. Public key cryptography is an example. Algorithms can be developed that are like scrambling eggs. Easy to achieve, and highly improbable or computationally expensive to counter.
GPG isn't going to help you much when a firefox vulnerability is exploited and you are rooted. Then they will just steal your private key or spy on your plaintexts.
The first key thing is the diversity of networks. Let's say somehow SR is taken down. Well, then there's alternatives like BMR. Let's say TOR is taken down entirely. Well, then there's Freenet and others. Let's say Bitcoin is destroyed. The communities will simply flock to the next medium of exchange like a shoal of startled herring.
We were using pecunix and liberty reserve with exchanger chaining and anonymous ATM cards / fake ID wires for cashing in/out drug money long before Bitcoin + financial mixes were the standard, or even around. Eventually the online free market community will be highly redundant and fully decentralized. Having centralized targets like SR and BMR is a bad idea that needs to be fixed. Sooner or later it will be.
Once the illusion that the government can track everybody and everything is dispelled, you cannot put the genie back into the box. It's now already far too late for that. To put it bluntly, there are too many people like you and me.
e a
Well the US government would have absolutely no problem pwning the shit out of SR if they put their military and intelligence agencies on it. But the feds are not so l33t.
1.2. The second key thing is 'price'. Most things are technologically possible. In theory you can make computer software do anything you can imagine. In practice there are definite real world constraints. The government has a large checking account, but even that has definite limits. Even the genius expertise of the Stazi in East Germany and the technological sophistication of the Soviet military intelligence services using 50%+ of GDP of a superpower state could not prevent the fall of communism. Fighting markets, is an exercise in futility even for the smartest people on the planet.
True but then again you are paying for your own enslavement thanks to taxation.
1.3. The third key thing is that there are many here and elsewhere I've seen who are busily at work on completely distributed systems which are far more formidable than our current incarnation of Silk Road and TOR.
These projects are required, and they are slowly attracting attention from people who can make them a reality.
2. Sure. But even my ISP doesn't know me. In fact they think I'm somebody else. Deeper and deeper into the Rabbit Hole Alice! Some buyers and sellers are naive, but a goodly number of us are real professionals using many varied methods of camouflage that we don't necessarily describe on the Silk Road forums.
Using hacked or open WiFi in addition to Tor is probably a good idea for vendors. Customers probably don't need to be doing this.
Now, for the average user, it could be a problem. Not everybody can be behind "Over Nyan Thousand Proxies" after all. But I don't think we've hit a critical mass yet. General anonymity for geeks is one thing, generalized anonymity for the population is another. It's a problem, but not a serious one today.
Even if you are behind 9,000 proxies you will be pwnt if the attacker can passively watch you at your ISP and passively or actively watch your traffic arrive at its destination. Traffic confirmation for the win.
3. You have to have some evidence in the first place in order to setup arrest warrants. Let's say you have 'reasonable ground for suspicion that user X is using TOR for illegitimate purposes'. Your argument was that consistently high traffic would serve as grounds for monitoring in RL or arrest right? Well, that puts everybody operating exit nodes under watch and also anybody downloading/uploading data. Using email and websites is not data intensive, you'll be sweeping up dozens of users into the net for no reason. Judges notoriously dislike having their time wasted.
Well first they use intelligence (this person uses Tor and lives within twenty miles of where a known vendor shipped product from. Only ten other people in this radius use Tor) to narrow in on evidence (let's inspect these ten peoples mail extra close looking for drugs). They don't ask for an arrest warrant until they have enough evidence. Confusing evidence with intelligence is common and dangerous.
Widespread key-logging on the other hand, that could be a problem. i.e. magic lantern antics. They can only achieve such a thing with 'defense of the realm' bullshit (patriot act), and whatever else we are, we're certainly not terrorists. Hell, you'll not find more fervent defenders of the western ideals of markets and democracy except for the Silk Road.
Yeah hacking is scary because it can be used to go around encryption and anonymity systems. And it is very difficult to protect from. And even moderately protecting from it requires a lot of technical know how and a lot of time into system configuration. Although just using Linux or BSD and the tor browser bundle will put you significantly ahead of the bell curve.
4. Take a look at the TOR cloud project sometime.
Isn't that for getting a lot of bridges to the Tor network? Not sure.
5. Probably. But let's face it, it's much easier to bust buyers than sellers. Then what do you have? Nothing. It's comparable to arresting the Johns to deter prostitution. You cannot bust large amounts of sellers. Sellers who take reasonable precautions never reveal their real world address. There is simply no reason for them to ever do so. It has to be taken on a case by case basis. It is an order of magnitude easier to bust sellers in RL. LEO loves large numbers. $XXX million in street value. over nyan thousand dealers off the streets. That kind of thing. Even if the Silk Road was the same size as the offline black market, it wouldn't attract more LEO resources in the long term.
It is probably a lot easier to bust buyers than sellers, but most sellers are putting way too much faith in Tor keeping them anonymous without understanding the limitations of the Tor network. The most dangerous thing they are not understanding is that Tor doesn't hide the fact that you use Tor unless you use a bridge, and the postal network doesn't hide the rough location a package was sent from. When these two data bits are combined vendors may be in serious trouble (who all uses Tor and lives within X radius of where this package was shipped from? One of them is probably the vendor. And there are not that many of them.)
Let me say one thing that has probably already occurred to you. We expect to see a wave of 'moral panics' in the future regarding the Silk Road. That will attract attention and LEO resources for sure. But over time LEO will come to recognize the points I mentioned in 1.1, 1.2, 1.3. They will ultimately STFU and focus on offline interception activities because it's in their interest to do so.
It is in LE interests to do whatever makes them money and justifies their expanding budgets
They are servants to what economists call the principal agent problem. It is not in their self interest to draw attention to the Silk Road, and they will justify this as 'not wanting the word to spread', but it'd be more accurate to state that they like feeling strong and not feeling weak. The illusion of invincibility is more important to LEO than actual results. That is why we recently heard of 'biggest multi-million dollar drug bust in 15 years' when in reality when you analyzed the situation you found that 10k of drugs and 10k in cash was actually discovered. Nonetheless, they handed down a century in prison to those amateurs to make themselves look better.
It amazes me that people see small time drug dealers being caught with 10k of drugs and called multi million dollar drug traffickers, but they still think LE wont do the same shit to them when their small order is intercepted. LE lie. And the laws on the books are much much harsher than many people here seem to realize. Plus drugs in mail is always a federal offense.
-
Good replies, I think we are getting somewhere.
"Mail" in the Middle Attack version 0.1
----------------------------------------
1) Choose a SR vendor to attack
2) Place order from vendor to get postmark info
3) If vendor ships from multiple locations, use Geographic profiling to derive a focus area
4) Get list of IP addresses using TOR within the focus area (multiple ways to do this as discussed)
How long after this to narrow it down farther?
-
I would actually call it a membership observability attack coupled with an intersection attack , using rough geolocation intelligence as the second parameter
I think for some vendors, particularly those in rural areas, that it will be enough to fuck them. It is really bad for everyone though. Bridges probably help. They might not be enough.
Using WiFi from random locations + tor and not using Tor from home is of course the best bet though
if i were a vendor I would consider doing this.
How many people do you think use Tor in your city? The lower the number the more you have to worry. And that is before other techniques are used to remove noise...for a simple example how many of them use Tor in patterns that fit with your observed usage patterns? Tor doesn't hide the fact you use it or how often you use it or when you use it.
-
You also have to consider that going on SR or using TOR by itself isn't illegal (unless if I'm wrong), so if they track you going on here it doesn't mean that you are doing it to traffic drugs, but buy and sell the legal products on here. There's a lot of ambiguity, the more the better.
-
You also have to consider that going on SR or using TOR by itself isn't illegal (unless if I'm wrong), so if they track you going on here it doesn't mean that you are doing it to traffic drugs, but buy and sell the legal products on here. There's a lot of ambiguity, the more the better.
This is an attack for pwning people who ship drugs and use Tor , not an attack for finding who is going to SR. Tor does a fairly decent job of keeping them from knowing that you are going to SR. It does nothing to hide the fact that you use Tor, unless you use bridges. The attacker already knows that vendors here use Tor. They can find roughly where they are geolocated by placing orders from them. Then they can say "Well, we know this vendor uses Tor and ships from this location. There are two Tor users in this area. One of them is probably the vendor". Now of course you can say so what using Tor isn't illegal, but this is where the distinction between evidence and intelligence comes into play. They will not use the intelligence in court, but they will use it to (legally) pull over the two Tor users (when they are speeding)...or they will (legally) pay extra special attention to the mail going to those two people.
You hide with a crowd. Tor assumes that your initial crowd is "everyone in the world who uses Tor". When you make your initial crowd "Everyone in this rough geolocation who uses Tor" you are seriously fucking hurting your anonymity. Tor doesn't take into consideration the mail part of our threat model, as far as Tor is concerned the attacker doesn't know your rough geolocation.
this is why it is important to actually know about security....if you don't know the limitations of your tools you will end up fuxx0red
but this also assumes the feds know what they are doing, and it really seems to me like they don't although I know some government people do, its really hard for me to wrap my mind around how they are both completely incompetent and ultra leet simultaneously but it tends to be true. Even within the federal police agencies themselves , disregarding military and intelligence.
-
Thanks for the comprehensive reply kmfkewm, I frequently find useful information in them
Some thoughts:
1. Is there a good book on the TOR network/anonmity you'd recommend? I can read wikipedia all day but I prefer a book.
2. The idea of 'mail geolocation' had occured to me before in combination with the ISPs knowing which IPs are using TOR, but only in a vague way.
To surmise it seems the most anonymous route for sellers who are transacting in large volumes is:
A: Be in large population density area.
B: Use a mobile broadband widget (fake ID etc for the ISP guys and prepaid card for the bills) to connect to the internet.
I'm uncomfortable with using hacked or open wi-fi. This is because I would want a solid reliable connection when transacting business. If you know a better way, then say so.
C: Connect to TOR via bridge. (maybe use your own personal proxy to bridge?)
D: Conduct business etc
E: Deliver post at a different location everyday e.g. cover majority of distincts in New York city.
What other ideas/refinements would you suggest?
3. The TOR cloud thing is here: https://cloud.torproject.org/.
-
I suggest reading through the papers at freehaven
http://freehaven.net/anonbib/date.html
-
I should also note that since Tor is so popular it is automatically safer from this sort of attack than say I2P. I2P has like 5k users total last time I checked. They are spread through out the entire world. And it isn't that hard to get a list of all I2P nodes, a fairly weak attacker can do it. If you ship drugs and use I2P you are quite probably fucked via this attack, even if you live in a dense urban area.
Let's say there are 100 I2P users in New York. I know this vendor ships from New York because I placed an order with them. I now know this vendor is one of 100 people. If I merely talked with the vendor, instead of getting their rough geolocation data via the mail, I would only know that they are one out of the 5000 people who use I2P. See how much damage leaking geolocation did to their anonymity? It isn't quite as bad with Tor though, because if there are 100 I2P users in new york there are probably 5,000 Tor users there (both numbers pulled out of my asshole, but to demonstrate that Tor is much more widely used than I2P).
Then again you are still narrowed in as one of the 5k people using Tor in New York, much worse of an anonymity set size than the 100,000+ Tor users in the world that Tor thinks you are blending in with (since it doesn't know you leaked your rough geolocation).
And if you live in Nowheresville and ship drugs from a few blocks away, you are going to stick out like a sore thumb as the only Tor user in Nowheresville. The police will probably assume you are the same Tor user sending them drug packages from Nowheresville, even if they can't trace you through the network. They can still observe you are using the network, and they know roughly where the person sending these packs lives.
-
I suggest reading through the papers at freehaven
http://freehaven.net/anonbib/date.html
??? It'd take me weeks to get through that lot, and I'm pretty sure that although I'd wind up knowing a lot about anonymity theoretically, I'm really after practical general ways to perverse anonymity.