Captains log: 90210 - Feds in Boston
The Feds, being the Feds they are decided that I should not go eat pancakes yesterday. So I stayed the course and went to work without stopping for pancakes. This choice saved many uncounted lives but it couldn't save Silk Road.
The Feds have somehow broken into the encryption I have installed on my microwave and deciphered the code to TOR. They used this information, plus the information gleaned from the gum wrapper I carelessly discarded to open a back door into TOR! Fuck me for this weight I bear!
I was going to link to some of the many stories about this terrible tragedy, but the Feds have suggested that you use Google so they can keep track of your search history.
I've read a few pages about this.
As far as I can tell the guy who set up the anonymous online store that used an anonymous currency on an anonymous network was a bit too stupid to be anonymous from the day he started promoting the site.
Yeah, that's what the Feds want you to believe!
Ok, enough of that, sorry.
From what I've read you are absolutely correct. The guy was too dumb to run a thing as massive and dangerous as SR. And he invited/hired other people to help, which was his downfall. And I don't think he had a good grasp on security and admin to run it. I don't think I could do it myself. I'd worry myself to death every night when laying in my bed full of $80M dollars that soon someone would kick down my door.
My fear is the Feds have somehow figured out a way to decipher and follow users on TOR. That would be a very bad thing.
Quite a few bitcoins seized too.
Aye, I can't imagine how many. The numbers some of the articles throw around is mind boggling. Who the fuck wouldn't want to run a site that generates 80M in 30 months for the owner? Sign me up! I can't remember what the number was for total coins through the site, was it like 1.9B or more? Good lord!
And the think they've done a good thing! They=THE FEDS! They seized that site, but there are at least 3 more that I know of. And the owners have just learned a fucking crucial lesson! TNO!
And the good thing they've done is force people to find their fix elsewhere. Maybe now these people get to know the shady dude on the corner.
Yup, we won't really know for sure until the other sites like SR start to get taken over. I've read some of the articles that say he accessed the site over a VPN from a coffee shop. Not a very smart thing to do when running a site as illegal as SR.
Why don't you set one up through Tor then if you disappear and stop posting here we will know Tor isn't secure.
Don't think I haven't given it much thought.
Follow the money !
I haven't read into this as yet but my guess is they cross-referenced transactions between Bitcoin and the real world. It won't have been done through cracking encryption but by many, many months of watching activity on the site.
Tor encryption is secure, Bitcoin is secure, however you still have to convert the virtual cash into real world money. If you track a user or site for long enough you will be able to build a picture of when Bitcoins were 'cashed in' and a corresponding amount of real money paid into a bank account, say on the first of the month a user cashes in £1000 of bitcoin and shortly after deposits £1000 into their bank account, and then the same happens a week later, and then again a week after once more you can safely say that those transactions relate to that specific bitcoin account holder. But were not talking about the odd transaction here and there but hundreds over a long period of time, follow it up with warrants and equipment seizures and eventually you'll get your man.
All this relates to watching specific individuals though rather than all users of a site, the more you use it the more likely you are to be watched, if you're the owner of a site dealing in dodgy stuff then you can guarantee every post is being tracked, every tiny bit of information given will be logged to build up a profile of who the 'anonymous' user is. One day they may say which country they live in, months later they might say which town and then later still what sex and age they are - all the time this narrows down the search for that persons true identity. You might not remember what you said in a post 18 months ago but someone somewhere might have it logged on a database.
Like I said it has nothing to do with beating encryption but more a case of was the suspect using Tor at the time of a certain post/transaction, do they match personal details revealed on a site, do bank records corelate to virtual cash, and a whole heap of other stuff as well. Once enough info has been recorded the warrants and arrests follow.
It was due to very poor Administration and plain stupidity. The own employed someone who tried to extort him. The owner then hired a hit man (who was actually a federal agent). The owner also logged into the site from a coffee shop using only a VPN and not TOR. You really should read some of the articles. They set up a fake hit and everything, including pictures.
So I am optimistic that you're right.
It seemed to me to be a combination of stupidity and reasonably good online/offline detective work.
Very true, but if you don't make mistakes you can't get caught. Unless TOR is broken.
Well, except that assuming TOR isn't broken is a mistake?
Or even just assuming that your client is safe and wasn't tampered with in transit - did you download the source and check every line of code before compiling...?
The Tor
network was not broken, beyond the known statistical analysis flaw, at the time those documents were written, almost a year ago.
The default Tor client ships with a JavaScript-enabled Firefox that is constantly receiving security updates - visit the wrong website and splat.
I don't use Tor. Either the NSA is lying about not having broken it, or they've since broken it, or they still haven't broken it. Whatever.
I don't care what you do or don't use - I was simply clarifying the situation, since your post could give an incorrect impression.
EDITED: 5 Oct 2013 14:21 by BOUGHTONP