Silk Road forums

Discussion => Security => Topic started by: Xe on October 03, 2013, 10:15 am

Title: How did they get the access keys to the Zion's mainframe?
Post by: Xe on October 03, 2013, 10:15 am
Hasn't strong full disk crypto been used at all?
Not mentioning plausible deniability, vms and such.
All these security layers which are supposed to protect us.

It seems the tor netw itself hasn't been compromised..

At the same time i do not consider mass media
as a reliable source of information. That criminal state
won't reveal any meaningful details to the pub
during the investigation anyway, ever..

This is still quite a mess beyond comprehension..
Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: This_is_not_SOCA on October 03, 2013, 10:32 am
Supposedly by imaging the SR server disk. It does raise some issues though:

1) We assume the disk was encrypted which would suggest that the image was taken off the unencrypted disk (easy enough if it was a VPS,  more complicated if it was a physical server - it would require extracting the disk crypto key from memory) OR there was no disk encryption (or the disk key was stored in plain text in the boot partition) which would be border-line madness.
2) There ARE multiple SR servers, my assumption was that no one server held all of the information and at the very least the database was separated from the web server front end. Either each SR server has all components installed (the HS key, the web server, SR app and the database) or they have compromised multiple servers.

As other have pointed out, hidden service server location can be identified through traffic correlation - especially a site as busy as SR and indeed this forum .

A physical server with an out of band dedicated network KVM (for entering the disk crypto password at boot time) and good physical protection such as chassis intrusion would be the bare minimum for such a gig although bypassing those controls is certainly within the reach of a half competent attacker.

I would expect that it is difficult to hide the HS entry points for long but it would be possible to keep them moving around and keep them logically separate from the SR application and database.

Lessons for the future.
Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: Xe on October 03, 2013, 11:05 am
Supposedly by imaging the SR server disk.
By imaging the storages? Certainly that's not impossible
but still very hard to believe. How can we be sure of that?
Are there any case studies for the possible attack vector?

Does this imply the tor has been compromised in the first place?
Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: This_is_not_SOCA on October 03, 2013, 11:22 am
If it was a VPS then it is easy to dump memory (to get the disk keys) and then take a copy of the encrypted disk which can be unencrypted offline using the captured keys from memory. VMWare, ESX, HyperV, Citrix XEN - all make this relatively straightforwards. Such is the downside of a VPS.

If it was a physical box then potentially a DMA attack (perhaps firewire although I'd expect that a server would not have a firewire port and if it did I would expect it to be disabled) or maybe something more extreme and much more complex like cold boot RAM acquisition as mentioned recently on this forum by kmf - basically freezing the RAM modules so they retain memory after power down for a short period. That is not trivial though - you've really got to want it and it will result in the server going offline for a while - a red flag or it should be anyway.

i don't see that TOR comes into it too much except for the known ability for an adversary to use traffic analysis to track down the location of a hidden server. I don't see that this means TOR is any more broken (or not ) than it was 3 months ago.
Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: oldcactushand on October 03, 2013, 11:26 am
Much of this security stuff goes way over my head, but the fact they got an image of the server... Is this a serious concern for, say, other black markets on TOR? Or, is it a result of security fuckups akin to the type detailed in the criminal complaint?

Everyone seems to be suggesting that if DPR had been smart (e.g. not posting his personal email address while trying to hire SR staff) this could never have happened, but if they can get the server then isn't that a huge concern all of its own, even if he had not done such stupid things?

Apologies for my ignorance, and I don't need a detailed reply, I'd just like to hear what someone who understands this shit has to say. A lot of people are spewing a bunch of crap because they either haven't read the criminal complaint or haven't read it properly, and it's hard to know what the case is without security knowledge.
Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: ECC_ROT13 on October 03, 2013, 11:52 am
The criminal indictment says they obtained an image of the SR server.  I don't recall the date off the top of my head, but I believe it was in July, which would be around the time of the FH bust.  For all I know, maybe one of SR's servers was at Freedom Hosting, or that seizure was somehow related.

If they obtained a full image of the server:
1. It was very likely on a Xen/KVM/OpenVZ server and they dumped a copy when it was live.
2. Or, if it was on a physical server, it wasn't using disk encryption,
3. Or, it was using disk encryption, and they somehow captured the keys to unlock it.
4. Or, it was using amazing disk encryption that they obtained the keys from memory while it was running or shortly after bringing it down.

Encrypting storage on remote servers is nearly impossible to do well.  This is something everybody needs to remember.  It's easy on a local machine, because you have a keyboard, but how do you securely type the passphrase in a remote server?  You don't.  You can kludge together some SSH method where you bootstrap the box then unlock the volumes, but if somebody trojans the SSH daemon or environment you SSH to to unlock them, they get the passphrase.

I'd bet strongly it was on a KVM/Xen-based host, and they took and image while it was running.   I also find the timing of the imaging of the server in light of the FH arrests interesting.  Maybe just a coincidence.. but they've had the SR image since almost exactly the same time.

The indictment mentions this forum, and even quotes from some of DPR's posts here.

If some amazing Tor vulnerability is to blame, it's to blame for them finding the SR server and FH back in July.. not now.   They have months of SR private messages (I don't remember the number but it's in the millions).   That should keep them busy for a long, long time.

Plus, if they have the SR wallets, and have all the code that was used to mix the bitcoins, if they're smart, they'll be focused on trying to reverse the money back in/out of SR as well.  I don't use bitcoin, so I really don't have any feel for how easy/hard that would be.

These forums are still up because either they're letting them stay up to watch, or because they're on servers that were somehow unrelated to everything else in the SR bust (and remember, they identified a number of other Internet servers holding SR bitcoin wallets) that they didn't find.   So either this forum will come down when the FBI shuts it down, or when the bill for wherever it's hosted comes due and nobody pays it.

Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: Xe on October 03, 2013, 12:43 pm
Having a remote hosting for such server is unimaginable to me.
Still the major question is how did they get  the ip address?
The tor isn't secure anymore or was it social engineering?
edit: yeah the fh downfall could be related, who knows.

Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: Bazille on October 03, 2013, 01:02 pm
So one attack vector against encrypted servers is to read the encryption keys from memory.

TRESOR  (Linux kernel patch Made in Germany) could be a solution. It stores the encryption keys in CPU registers, which are probably a lot harder to read out physically.

https://en.wikipedia.org/wiki/TRESOR
Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: Bazille on October 03, 2013, 01:07 pm
Still the major question is how did they get  the ip address?

Hidden services are not as secure as Tor users. That  may change in the future, but for now one should assume that the server IP can be found sooner or later, and have a backup plan. Silk Road had a backup plan, but that could only be executed if they didn't find Dread Pirate Roberts...
Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: Xe on October 03, 2013, 01:17 pm
TRESOR  (Linux kernel patch Made in Germany) could be a solution.
A cold boot attack essentially. Thanx for the link, interesting..

Hidden services are not as secure as Tor users. That  may change in the future,
but for now one should assume that the server IP can be found sooner or later
I'd like to hear what folks from the tor dev would have to say about that.
Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: ECC_ROT13 on October 04, 2013, 01:17 am
TRESOR is a nifty way to defeat cold boot attacks, but it doesn't really address the problem with encrypting remote servers.

Any anonymous website that doesn't have the administrator *physically standing* in front of the physical server simply *cannot* do full disk encryption properly.  End of story.   And a thousand years from now, that will still be true.   

When the box goes down (for a reboot, etc) it can't come back up without the keys being entered.  And if they're not physically entered to the server via a keyboard, they have to come over the network. 

About ten or fifteen years ago, a Microsoft white paper of all things had the clever line, "If you don't have physical control over your computer, it's not your computer anymore."

That's probably a good lesson for everybody to take away.  Whenever you see a site bragging about how they encrypt everything so you don't have to worry about it, they're full of shit.  100% of the time. 

That's why PGP and OTR actually work.  Because *you're* doing the encryption and not having to trust anyone else except whoever you're talking to.
Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: This_is_not_SOCA on October 04, 2013, 02:00 am
Any anonymous website that doesn't have the administrator *physically standing* in front of the physical server simply *cannot* do full disk encryption properly.  End of story.   And a thousand years from now, that will still be true.   

That is absolutely spot on - it is a fact of life rather than a problem to be solved.

Of course though there are things we can do to help.

I was thinking of a 4U armoured rack case with two independent servers inside (i.e. two motherboards with their own CPUs, RAM, storage and IO.)

One server is FreeBSD or something, minimized and hardened - read only file system is mandatory. it has a simple remit; power up establish TOR network connection and sit their offering SSH over a hidden service or similar. It will basically act as a KVM to the second server.

The second server is also hardened BSD and does not expose any external ports other than power and ethernet. Disk storage would be full disk crypto SSD (hardware) which would require a password to be typed in at power up. On top of that we would have LUKS or whatever for software disk encryption (because samsung and intel etc backdoor their SSD crypto) - that requires a password at boot time too. So basically it won't do shit until somebody has typed in two passwords at which point it will boot up, establish its own tor connection and advertise a hidden service - it may or may not host the content too - it may just redirect to another server.

If the case is secured as best as possible with good chassis intrusion detection, no entry points, liberally doused internally with epoxy as much as possible whilst not compromising heat dissipation then getting to the motherboard and in particlar the memory would be difficult. Intrusion detection would immediately power down the second server. If you so much a farted in the datacentre it would cause the second server to power down (vibration sensors... :) Utilizing some of the same security controls you would see in a highgrade hardware crypto unit. Maybe even a wee bit of thermite packed around the second server inside the case to ensure destruction of memory chips and possibly the SSD - just don't tell the hosting company...

You would have to connect over tor to the 1st server, authenticate and then you would be able to power up the second server and enter the two separate passwords required for it to boot.

Obviously it's not a silver bullet but could be pretty damn resilient as a hardware platform and really makes a local attacker work very hard. If it could be powered down then it could be subverted with a couple of hours of work but - good opsec would dictate that if the machine went down for more than a few minutes unexpectedly you burn it - possibly literally.



Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: Juno on October 04, 2013, 02:05 am
One of the better articles i've seen...

clearnet link:

http://arstechnica.com/tech-policy/2013/10/how-the-feds-took-down-the-dread-pirate-roberts/

Somehow in july they found out where the main server was...in some foreign country, and got them to image the server for them.   
Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: ECC_ROT13 on October 04, 2013, 03:04 am
Great link, Juno.  Particularly the part about him booting his laptop, unlocking his full disk encryption (I'm guessing), then getting TACKLED BY THE FBI.    Everybody falls in love with mathematics, but you should never underestimate the power of a half dozen angry motherfuckers within ten feet of you.

As to physically hardening servers, sure, it's doable.   But you gonna mail that bad boy to Armpitistan or wherever you're "anonymously" hosting it?  Or take it there yourself? Oh, look! Another trail to the server owner.. how'd that server get here?

Hosting hidden services that first-world governments hate is dangerous as fuck. I personally can't imagine that anybody that does it actually understands all the exposure they really have from a technical perspective.   I can see why people stick them on VPS boxes in faraway places.  Easier to tell yourself that its safer because it's across the world, and out of the reach.

SR apparently had servers they found in Iceland, Romania, Iceland, Latvia, and New York, based on the IPs in the indictments.  Guessing NY was where the wallets were, but who knows?  Or cares, honestly.

And remember, before everybody spends years dissecting indictments to figure out what "they can do" and what "they can't do", an indictment is just a listing of a sufficient number of facts to make the case that a crime has been committed.   It's not a timeline, it's not the narrative of how the case unfolded, and it's being written specifically to leave out any key facts that may tip off other parties.   They could have used help from the NSA, the ghost of Kermit Roosevelt, thrown darts at a map, or physically inspected every single server on Earth using UFO's from Roswell.  And they could still explain exactly as they did in the indictments.  They're just putting enough facts on the table to allege a crime has been committed.

I personally don't believe it's a coincidence that the end of July was a bad week for hidden services that piss the US Government off (FH CP, Tormail, SR).  Either somebody found a way to deanonymize the top offenders and threw those real IP's to the FBI, or they found one of them, and the trail led to the others. 
Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: Juno on October 04, 2013, 03:25 am
I've also heard rumor that somewhere along with the tormail fiasco, they were able to turn a high level employee for SR...then get access to the servers.   makes sense.   
Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: ECC_ROT13 on October 04, 2013, 04:00 am
Oh, and not to state the blindingly obvious or anything, here's a fun challenge:

When the FBI seized his unlocked, running, open laptop *two days ago*, somebody make me up a story where they don't end up with the SSH keys and IPs used to remotely administer SRF and anything else they missed.
Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: bitfool on October 04, 2013, 05:30 am
Quote
I personally don't believe it's a coincidence that the end of July was a bad week for hidden services that piss the US Government off (FH CP, Tormail, SR).  Either somebody found a way to deanonymize the top offenders and threw those real IP's to the FBI, or they found one of them, and the trail led to the others. 


Even the tor programmers who are just a bunch of bureaucrats working for the US government admitted that their system is pretty crappy against anyone who "can observe traffic going into Tor and out of it".

Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: Bazille on October 04, 2013, 10:16 am
When the box goes down (for a reboot, etc) it can't come back up without the keys being entered.  And if they're not physically entered to the server via a keyboard, they have to come over the network. 

Right. I didn't think about that. What if the site gets switched to another server once the server went down for a reboot? Assuming there is a frequent incremental backup on another server.
Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: Xe on October 04, 2013, 11:38 am
Of course the hardware must be psychically present.
It's insane to have such database some place else.

blog.torproject.org/blog/tor-and-silk-road-takedown

Basically they do not confirm any network vulnerability..
Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: ECC_ROT13 on October 04, 2013, 11:48 am
Right. I didn't think about that. What if the site gets switched to another server once the server went down for a reboot? Assuming there is a frequent incremental backup on another server.
Doesn't matter from an encryption perspective.   If you're using FDE, you have to encrypt it with keys.   Most likely stored on the boot volume, and protected by a passphrase.  And you have to enter the passphrase to unlock the volume.

That's the underside of any server-side encryption, and it's as true at Dropbox or Amazon as it is at a hidden service.  You can encrypt all kinds of shit on the server side, but if the application (the HTTP server and associated PHP/Perl/Python/whatever code) is going to see the data as non-encrypted, it has to be able to decrypt the data itself.  Otherwise, it would just be seeing encrypted gibberish.  Which means the application has to have access to the keys or the decrypted data.   If you compromise the server, you compromise the keys to decrypt the data.  Since the app can see the unencrypted data, so can the attacker. 

You can build all sorts of elaborate mechanisms to *obscure* that key management, but the keys to unlock encrypted data have to be available to the processes that are using that data.  There's no way around that.   Things like smartcards (OpenPGP cards, for instance) can make it harder for the attacker to recover the keys, but they have to be accessible to the server at some level.

That's why the only data you can trust on any server is data that *you* have encrypted.  Then the server is blind to that data, because it's just raw data from its perspective.  Of course, at that point, the server really can't do a damned thing with it except either give the encrypted data back to you, or to someone else.  A great example is a PGP encrypted email.  The server can't see the PGP-encrypted payload, so all it can do is deliver the payload while blind to its contents.  It can obviously see who to deliver it to (from/to/subject/etc) and metadata about it, but not the content itself.  So you can't have GMail-style indexed mail searches on a mail server that's full of PGP messages, because the server can't see the message bodies.  It just sees headers and gibberish.

Here's a rule of thumb:  If an server is *doing* something with your data, at a data-level (searching through it, or otherwise performing an operation on the data itself), it can't be encrypting that data effectively.  You can safely use remote servers for storage/transfer of data that you're encrypting on the client side, but that's it.  And you always have to keep an eye on the metadata that surrounds your encrypted payload. 

The only technologies that isn't true with are homomorphic encryption and PIR and the like (which is why kmf was so interested in them).  I don't believe there is a single usable implementation of either anywhere in the world that I've ever seen.  So those are theoretical exceptions at this point.
Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: StExo on October 04, 2013, 12:18 pm
To clarify a few things, the server wasn't exploited in any way to find the location of it, once DPR had been identified they were looking for how he connected to SilkRoad. DPR had setup a VPN which connected to the SilkRoad server to form an exclusive connection, so that the server could not be accessed by any third party unless they went through the VPN. Once LE found DPR had connected to the VPN, they realised it had exclusive access rights and if you knew how to connect to the VPN it asked for no further passwords and just let you connect to the server. From what information I know, instead of just access it right away, they requested the foreign country to find the IP address and pretty much just do a memory dump which means they will then capture the encryption keys used on the disk and therefore make the entire server encryption useless. From then, it isn't exactly hard to clone the drives SilkRoad runs on and used the dumped memory to decrypt it. As the encryption never changed, to get a new image of SilkRoad was a trivial task and could be done in a few minutes with 1 cable.

The flaw in DPR is using the same pseudonym in the SSH key pairs he used to connect to SR and the VPN as his pseudonym he used in the past, that is how they connected the dots, tor itself was never exploited.
Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: kittenfluff on October 04, 2013, 12:39 pm
The criminal indictment says they obtained an image of the SR server.  I don't recall the date off the top of my head, but I believe it was in July, which would be around the time of the FH bust.  For all I know, maybe one of SR's servers was at Freedom Hosting, or that seizure was somehow related.

....

If some amazing Tor vulnerability is to blame, it's to blame for them finding the SR server and FH back in July.. not now.   They have months of SR private messages (I don't remember the number but it's in the millions).   That should keep them busy for a long, long time.

Plus, if they have the SR wallets, and have all the code that was used to mix the bitcoins, if they're smart, they'll be focused on trying to reverse the money back in/out of SR as well.  I don't use bitcoin, so I really don't have any feel for how easy/hard that would be.

These forums are still up because either they're letting them stay up to watch, or because they're on servers that were somehow unrelated to everything else in the SR bust (and remember, they identified a number of other Internet servers holding SR bitcoin wallets) that they didn't find.   So either this forum will come down when the FBI shuts it down, or when the bill for wherever it's hosted comes due and nobody pays it.

+1, the FH bust link had crossed my mind too. Seems too much of a coincidence that the largest darkweb server gets busted, tormail spreads a hack inserted by the FBI deanonymizing tor users, and the SR server is imaged, all around the same time. We know two were linked, I think it at least plausible that the third is too. My only issue with this? Why didn't SR go dead with the rest of FH and tormail? My only thoughts are either a) FH and SR were physically local to each other, but remained separate servers so that SR could be left running in the absence of hard evidence (at the time) it was involved in anything illegal b) it was the same server but they deliberately left SR running to not scare DPR while they analyzed the data or c) the SR server at FH was only one of several mirrors or some such, they don't have all of them, and right now they still don't and all they've done is to subvert anyone who tried to browse to the SR URL to their takedown notice.

Dunno about the bitcoin, but I suspect the forums are hosted on a different server. Plus, I dunno if they'd really have water-tight authority to shut them down (even if they wanted to) since nothing illegal actually happens there. I mean, forums like the shroomery or DMTnexus or Erowid are left alone...
Title: Re: How did they get the access keys to the Zion's mainframe?
Post by: Xe on October 04, 2013, 12:51 pm
they requested the foreign country to find the IP address and pretty much just do a memory dump which means they will then capture the encryption keys used on the disk and therefore make the entire server encryption useless.
As if running such project doesn't imply having a friendly hosting provider at the very least.
Or doing system administration itself locally without any third parties involved. What the hell..

Thanks for a piece of information.