October 2, 2014

New court documents released this week by the U.S. government in its case against the alleged ringleader of the Silk Road online black market and drug bazaar suggest that the feds may have some ‘splaining to do.

The login prompt and CAPTCHA from the Silk Road home page.

The login prompt and CAPTCHA from the Silk Road home page.

Prior to its disconnection last year, the Silk Road was reachable only via Tor, software that protects users’ anonymity by bouncing their traffic between different servers and encrypting the traffic at every step of the way. Tor also lets anyone run a Web server without revealing the server’s true Internet address to the site’s users, and this was the very technology that the Silk road used to obscure its location.

Last month, the U.S. government released court records claiming that FBI investigators were able to divine the location of the hidden Silk Road servers because the community’s login page employed an anti-abuse CAPTCHA service that pulled content from the open Internet — thus leaking the site’s true Internet address.

But lawyers for alleged Silk Road captain Ross W. Ulbricht (a.k.a. the “Dread Pirate Roberts”) asked the court to compel prosecutors to prove their version of events.  And indeed, discovery documents reluctantly released by the government this week appear to poke serious holes in the FBI’s story.

For starters, the defense asked the government for the name of the software that FBI agents used to record evidence of the CAPTCHA traffic that allegedly leaked from the Silk Road servers. The government essentially responded (PDF) that it could not comply with that request because the FBI maintained no records of its own access, meaning that the only record of their activity is in the logs of the seized Silk Road servers.

The response that holds perhaps the most potential to damage the government’s claim comes in the form of a configuration file (PDF) taken from the seized servers. Nicholas Weaver,a researcher at the International Computer Science Institute (ICSI) and at the University of California, Berkeley, explains the potential significance:

“The IP address listed in that file — 62.75.246.20 — was the front-end server for the Silk Road,” Weaver said. “Apparently, Ulbricht had this split architecture, where the initial communication through Tor went to the front-end server, which in turn just did a normal fetch to the back-end server. It’s not clear why he set it up this way, but the document the government released in 70-6.pdf shows the rules for serving the Silk Road Web pages, and those rules are that all content – including the login CAPTCHA – gets served to the front end server but to nobody else. This suggests that the Web service specifically refuses all connections except from the local host and the front-end Web server.”

Translation: Those rules mean that the Silk Road server would deny any request from the Internet that wasn’t coming from the front-end server, and that includes the CAPTCHA.

“This configuration file was last modified on June 6, so on June 11 — when the FBI said they [saw this leaky CAPTCHA] activity — the FBI could not have seen the CAPTCHA by connecting to the server while not using Tor,” Weaver said. “You simply would not have been able to get the CAPTCHA that way, because the server would refuse all requests.”

The FBI claims that it found the Silk Road server by examining plain text Internet traffic to and from the Silk Road CAPTCHA, and that it visited the address using a regular browser and received the CAPTCHA page. But Weaver says the traffic logs from the Silk Road server (PDF) that also were released by the government this week tell a different story.

“The server logs which the FBI provides as evidence show that, no, what happened is the FBI didn’t see a leakage coming from that IP,” he said. “What happened is they contacted that IP directly and got a PHPMyAdmin configuration page.” See this PDF file for a look at that PHPMyAdmin page. Here is the PHPMyAdmin server configuration.

But this is hardly a satisfying answer to how the FBI investigators located the Silk Road servers. After all, if the FBI investigators contacted the PHPMyAdmin page directly, how did they know to do that in the first place?

“That’s still the $64,000 question,” Weaver said. “So both the CAPTCHA couldn’t leak in that configuration, and the IP the government visited wasn’t providing the CAPTCHA, but instead a PHPMyAdmin interface. Thus, the leaky CAPTCHA story is full of holes.”

Many in the Internet community have officially called baloney [that’s a technical term] on the government’s claims, and these latest apparently contradictory revelations from the government are likely to fuel speculation that the government is trying to explain away some not-so-by-the-book investigative methods.

“I find it surprising that when given the chance to provide a cogent, on-the record explanation for how they discovered the server, they instead produced a statement that has been shown inconsistent with reality, and that they knew would be inconsistent with reality,” Weaver said. “”Let me tell you, those tin foil hats are looking more and more fashionable each day.”


131 thoughts on “Silk Road Lawyers Poke Holes in FBI’s Story

  1. JohnP

    So the FBI lied? Imagine that. I was brought up to believe that US federal agents played by the rules. Seems I need to relearn that. My father is rolling over in his grave.

    When America doesn’t play by the rules, it is sad for the entire world. THAT is what used to set us apart from everyone else.

    I still wonder how the FBI got to servers that are not located inside the USA (Antigua?), legally? Isnt the FBI legally limited to inside US states and territories?

    1. John Ceanko

      You’re stupid if you link the government does everything legitimately and “by the rules”

    2. Neej

      Sorry but IMO you are seriously misinformed if you’re looking back to a period where the USA fastidiously (spelling?) followed the rules and that we have suffered some significant “moral decline” since then.

      If anything it’s the other way around.

      1. snlacks

        You’re probably right, the internet and the skepticism of the people probably have increased transparency and reduced cowboy/maverick type behavior in the guise of protecting the public.

    3. nov

      Where the FBI jurisdiction ends, cooperation (with the FBI) by certain international entities can pickup and proceed–there’s law enforcement in other parts of the world besides soley the FBI’s jurisdiction.

    4. Warlock

      My uncle use to be a cop and he would brag about lying in court. He said it was necessary to lock up the bad guys.

      1. Alex

        I gather that is why you said “used to be” or did he simply make it to retirement?

  2. me

    I think you have a misspelling here:

    “…claiming that FBI investigators were able to divine the location of the hidden…”

    Do you mean define, instead of divine?

    1. J

      Use of the word divine here is correct, it is being used synonymously with the word discover.

      1. Guy Incognito

        It’s a much better than a synonym, actually. To divine is very evocative of the mystical and magical. In effect the prosecution is trying to use sleight of hand and misdirection to cover up use of some alternative technique they don’t want to reveal.

        1. Dizchord

          Your sad devotion to that ancient religion hasn’t given you the clairvoyance enough to conjure up the stolen data tapes or divine the location of the hidden rebel base. . . not only is there precedent, and not only is this a common idiom, if you have ever seen Star Wars, you should be familiar with the phrase.

    2. Inigo Montoya

      You keep using that word. I do not think it means what you think it means.

      1. Soy Tenley

        “When I use a word,” Humpty Dumpty said, in rather a scornful tone, “it means just what I choose it to mean—neither more nor less.”

        “The question is,” said Alice, “whether you can make words mean so many different things.”

        “The question is,” said Humpty Dumpty, “which is to be master—that’s all.”

        1. Mapleton Willingham III

          “Alice laughed: ‘There’s no use trying,’ she said; ‘one can’t believe impossible things.’ ‘I daresay you haven’t had much practice,’ said the Queen. ‘When I was younger, I always did it for half an hour a day. Why, sometimes I’ve believed as many as six impossible things before breakfast.”

      2. spacewalker

        To say that sentence, as Inigo, on a page about a guy whose handle was “the dread pirate roberts” is hilarious!

    3. Craig

      “Define” would make no sense in that context. Mr. or Ms. “me” needs to become more familiar with common English idioms.

    4. THD

      Lets focus on the story, rather than was something spelled wrong.

  3. Tommy

    So the feds try to blow smoke up everyone’s ass to keep their slight of hand dark op secrets secret, how did they do it! a good magician never tells.

    1. Bullwinkle J. Moose

      Bullwinkle J. Moose: Hey, Rocky; watch me pull a rabbit outta my hat!

      Rocket J. Squirrel: Again?

      Bullwinkle J. Moose: Nothin’ up my sleeve – Presto!

      [pulls Rocky out of the hat]

      Bullwinkle J. Moose: Well, I’m gettin’ close.

      1. JCitizen

        HA! I can see the comparison! Gotta love that Moose & Squirrel! 😀

      2. Eric

        Only in this case, they pulled Boris Badenov from the hat…

  4. TheOreganoRouter.onion.it

    Another example how the federal government either hides what they are doing by way of “cloak and dagger” tactics or claims it’s top secret and giving out any court discovery information will compromise any further investigation in the future .

    According to the government alphabet agencies if you use strong encryption and or TOR then you are immediately are considered involved in criminal activity.

  5. D

    Just the fact that the FBI is using Kali Linux in those screen shoots suggest they are doing a lot more then they are letting on. No one runs Kali Linux just to look at plain-text HTTP traffic

    1. The Phisher King

      It seems plausible that the FBI acquired and used software and methodologies from their dear friends the NSA.
      The NSA do not wish for their intellectual property to become public, so maybe the FBI did not ask the NSA before using their tools.
      From experience, what typically happens in a joint FBI-NSA operation is that once the NSA have access, they reverse engineer it using open source or COTS tools, so when the FBI go to court they can demonstrate how they got in, without exposing the NSA’s very expensive and hard to create tools. It is a form of parallel construction that actually works and is very hard to prove.

  6. Michael Koziarski

    The nginx configuration file being mentioned has a bug. In particular location blocks are exclusive, a request only matches one. See http://nginx.org/en/docs/http/request_processing.html#simple_php_site_configuration

    As a result while the configuration blocks almost all requests from IPs other than the one configured, it *allows* php requests from everywhere as that block doesn’t contain the deny command.

    So yeah, DPR fucked up and got owned, doesn’t seem like there’s a whole lot of mystery here. Especially when you combine it with the contemporaneous reddit posts where people noticed the IP in the html of the login page

    https://www.reddit.com/r/SilkRoad/comments/1dmznd/should_we_be_worried_showing_on_login_page/

    We all love to think this was some elaborate conspiracy involving NSA and the illuminati, but maybe it was just some arrogant kid who underestimated the patience and capabilities of law enforcement?

    1. Daniel

      Thats actually true – I also got bitten once by the fact the only the first matching location rule for nginx is respected. And rules with regexs are evaluated first.

      If you check the linked conf file, you’ll see that the PHP section matches on a regex and does not include the allow/deny filter.

      Ouch.

      The right way would have been to include the allow/deny in both sections – or to include the PHP filter in the first location (you can cascade location filters in the conf file)

      1. majkel

        The right way to do it is to use iptables – firewall rulez.

    2. nginx

      DreadPirateSR’s l33t ninja skills aren’t so l33t.

      That webserver config is not even a bug. It’s just obvious incompetence—the likeliest explanation for discovery.

      All the Feds had to do, and could reasonably be expected to be doing, is issue regular GETs to https:///index.php or /pgpadmin.php or /~DreadPirateSR or …, all of which are handled by the second nginx “location ~* \.php$ {” block in the config in 70-6.pdf. As noted, this location doesn’t have any ACL directives whatsoever and this server would be wide open. Add a snafu like the one reported on reddit or some specific search of open websites and it’s game over.

      Without knowing more details about the CAPTCHA handling, it’s not possible to know if that explanation makes sense.

      But whatever—these documents show that Silk Road was badly misconfigured and could have been discovered in multiple ways.

  7. MHK

    Do you really think the FBI discovered the server? Perhaps they are covering for the real sleuth…some DARPA contractor or a disgruntled Silk Road ‘customer.’

    1. Sasparilla

      No, its seems quite probable the NSA tipped off / guided the FBI here and now the FBI is getting caught doing a “parallel construction” of how they got the evidence (so it doesn’t all get thrown out of court).

  8. Mike

    Actually the $64,000 question is why in the world is a server like this running phpmyadmin forward facing the web to begin with. I think it clearly proves his innocence. There’s no way someone as smart as him could make such a trivial mistake.

  9. Someone

    One other question is if they are pulling up the phpMyAdmin page from the outside internet, why is the IP:
    192.168.1.24

    That is a private subnet, and is not routed externally. If the FBI contacted 192.168.1.24 from the outside internet, they were not talking to silk road, but to some other FBI server on their private network.

    This statement, “What happened is they contacted that IP directly and got a PHPMyAdmin configuration page.” does not make any sense with the IP address shown in that PDF.

  10. JimmyJohns

    Why should investigators have to play by rules that criminals and hackers flaunt? That’s total BS. Cops, FBI, Feds… should be able to use ANY and ALL methods, techniques and tools that they are capable of finding. How is the FBI bad for tracking down a murderer, drug dealing, international law breaking has-been? Close the books on the Silk Road P.O.S.. I hope he’ll be wearing Silk Jammies in his prison cell soon.

    1. Lime

      This man is by no means a murderer or drug dealer. He simply hosted an online marketplace that had no restrictions.

      1. The Fat Man

        Uh,…no, DPR actually was a drug dealer. And you didn’t know that, did you??? ;^D

    2. Chriz

      You just opened the door for the FBI and any other law enforcement agency to provide fake proofs to the court in order to ensure a guilty verdict… No fair trial then.

      FBI: “Well, we’re not 100% to get a conviction with what we have on hands, so let’s just create some fake documents (logs) provided by an unknown source and take it to the court.”

      If you don’t understand this concept, I hope someday, you’ll face a false conviction with fake documents you can’t challenge because you don’t know their source…

    3. Alex

      Because they are Americans and sworn to uphold the Constitution.

      You are not an American. You and your police state cronies are the problem with America, and worse than the criminals of greed, for you are criminals against what once made this country exceptional.

      To Neej:
      Our goose was cooked when the unmitigated rape of this continent was fueled by unlimited immigration. The corporate aristocracy, the empire, and eventually the corporate fascist state rose on the backs of waves of greedy immigrants raping a continent.

      Yet there were battles against this, and they continue to this day. I fear that by the time we have a second revolution there will be little left to the “victors.”

      Death is the wage of greed. Other’s at first, then our own…

      1. Alex

        The above is to Jimmy Johns, and all other cheerleaders of the police state.

    4. Guy Gordon

      Dear JimmyJohns:
      You’ve just been accused (anonymously) of being a Child-Molesting Terrorist(tm). The FBI is authorized to use “ANY and ALL methods” to stop you, including falsifying evidence and beating a confession out of you.

      Due to the *Serious* nature of the charges against you, it is obvious to all Right Thinking Americans that you have no rights.

      Good Luck, and enjoy your Silk Jammies.

      1. Jon Marcus

        Don’t be obtuse! Of course JimmyJohns would never be targeted by the FBI. He’s a good guy. The FBI only goes after bad guys. Duh! All right-thinking folk can tell good guys from bad guys. If you can’t, then you must be a bad guy too!

      1. Detective Thorn

        This is what you sound like:

        Det. Thorn: Ocean’s dying, plankton’s dying… it’s people. *Soylent Green is made out of people.* They’re making our food out of people. Next thing they’ll be breeding us like cattle for food. You’ve gotta tell them. You’ve gotta tell them!

        Hatcher: I promise, Tiger. I promise. I’ll tell the Exchange.

        Det. Thorn: You tell everybody. Listen to me, Hatcher. You’ve gotta tell them! Soylent Green is people! We’ve gotta stop them somehow!

    5. The Fat Man

      You have a good point. The laws are overly protective of criminals, out to protect that one innocent accused while giving a lot of criminals a pass. This may not be appropriate for today’s internet crime epidemic.

      There is a simple solution, though. If you use illegal means of getting evidence, make it admissable in court, but if it turns out that the accused is innocent, procecute the law enforcement officers that were responsible for making the decision to cross the line. That’ll make them think twice! ;^)

    6. epistemology

      Any and all means, like kicking down doors without a warrant and torture?

    7. Bufford

      The should play by the rules because they are the good guys. To take “the low road” makes them into the same criminals they are supposedly better than.

  11. nov

    Broadly speaking, couldn’t the CAPTCHA have been viewed by law enforcement from INSIDE the front-end Web server? If traffic was blocked to the back-end server from anywhere but the front-end server and LE is in the front-end server it’s a pathway into the backend-server (corporate firewalls are getting breached all the time and breached deeper into networks–intended blocks aren’t always imprenatable).

  12. Reghatt

    This isn’t new. They’re lying under oath about the source of the evidence.

    They’ve fabricated a false source in order to better hide the actual method, source, or technology used to find the defendant. Why this practice is legal is anyone’s guess.

    When average Americans do it, it’s called perjury.

    When the feds do it, it’s called Parallel Construction.

    https://en.wikipedia.org/wiki/Parallel_construction

  13. Jon Baker

    This is pretty much saying “too bad, so sad” and f-you on how we found it and got into it……

    (1) Ulbricht has not claimed any possessory or property inte
    rest in the SR Server as
    required
    to establish standing for any motion to suppress; (2) the SR Server
    was
    searched by
    foreign law enforcement authorities to whom the Fourth Amendment
    does
    not apply in the first
    instance; (3) even if the Fourth Amendment
    we
    re
    applicable, its warrant requirement would not
    apply given that the SR Server was
    located overseas
    ; and (4) the search was reasonable, given
    that the FBI had reason to believe that the
    SR Server
    hosted the Silk Road website and,
    moreover, Ulbricht lacked
    any expectation of privacy in the SR Server under the terms of service
    pursuant to which he leased the server.

  14. Jon C

    I hope this whole case falls apart, but I have to say the guys was a super armature developer and security person.

    Even having phpmyadmin installed is a sign of a relative computer rookie. He also asked dumb questions on stack overflow (how they claimed to have found “him”). He really should have had himself an experienced trchnical co-founder like any good startup.

    1. /dev/null

      Seriously, this, the level of brutal incompetency needed to leave something like PHPMyAdmin exposed shows that it was just a matter of time.

  15. looool

    The government lied? I’m shocked, just shocked.

    “It’s not clear why he set it up this way”

    Standard architecture seen in http based c&c’s as a ‘gate’. Just a reverse proxy really.

  16. Rebecca

    Wh0 cares if didn’t go “by the book” and don’t want to reveal their sources to the whole world. They got the bad guys, shouldn’t that be what really counts??

    1. Kelly

      Ah, so the old “the ends justifies the means” argument.

      As someone noted above, when you are the one on the “business” end of the warrant and the Feds are coming after you, how does it sound??

      EVERYONE, no matter what they did or are supposed to have done, deserves the right to confront their accuser and to be able to refute the evidence presented.

      The FBI agents swore an oath to protect and defend the Constitution of the United States, which holds all of these rights as sacred.

    2. Sasparilla

      Because once we start using those methods on the bad guys, its only a matter of time (till you get the right person in place – Hoover, Nixon etc.) till it becomes politically expedient to use those methods on good guys (by saying their bad guys for political or other reasons) and that road leads to the end of democracy (which is barely holding up at this point in the U.S.).

  17. Stu

    According to the FBI and other agencies, the 4th Amendment protects U.S. citizens from the U.S. gov’t regardless of where on the planet they are located. It also protects anyone who physically resides in territory controlled by the U.S. gov’t.

  18. Scott Wallace

    Invoking Ricky Ricardo in your lead is precious. It makes the government’s dance like the skit of Lucy in the candy factory.

  19. James Collins

    The FBI had already had direct access to servers at Freedom Hosting, the provider that was hosting the server for Silk Road. The way that they were able to discover the Silk Road server was probably through passive traffic analysis once they were on the local network at Freedom Hosting…. This is probably illegal, and they do not want to divulge this information because they might lose all the evidence they collected after that.

    1. Mapleton Willingham III

      Ding ding ding, you have just cracked 1/4 of the ‘puzzle’. Someone else got another 1/4 and I saw hints at a 3rd… Wonder if anyone will really get the 4th.

  20. James Collins

    The FBI had already had direct access to servers at Freedom Hosting, the provider that was hosting the server for Silk Road. The way that they were able to discover the Silk Road server was probably through passive traffic analysis once they were on the local network at Freedom Hosting…. This is probably illegal, and they do not want to divulge this information because they might lose all the evidence they collected after that.

  21. The Fat Man

    I find it interesting how many here are rabidly against the FBI and defensive of the criminal.

    Do any of you actually doubt that DPR is guilty? Then, perhaps, you are either incredibly naive, or, perhaps, missing your next fix??? ;^)

    If the authorities had crossed the line a bit when they convicted Charles Manson, or John Gacy, or Osama Bin Laden, would you be just as reactionary? If so, you do have a problem.

    Several years ago the superintendent of schools from an adjacent county was speaking on TV, live, when a man approached him and shot him in the head, killing him, in full view of the entire TV audience, just like Jack Ruby when he shot Oswald.

    I don’t even see a need to waste the taxpayers’ money on a trial in those cases. Does anyone here think that DPR is NOT guilty? Guilt or innocence is the question for me.

    1. Sasparilla

      While you may feel that way, its not the way the constitution was written, thank goodness – and its written that way to protect the general citizenry when the wrong guys get in power (who say good guys are bad guys for political or other advantages) and try to do bad things.

      Currently the technology tools exist and are in use by the NSA etc. to support a total police state (to make the East German Stasi envious) – and appear to have been used in this case – its just waiting for a President who knows exactly what not to do with those handles of power (that’s only a matter of time…Hoover, McCarthy, Nixon are some recent examples of folks that would). We have to fix this before that occurs.

      So its important to that we root out and eliminate the good guys using illegal methods to catch people (cause in the end, those methods will be used on us) – they can do their job quite easily within the law…its just a little more difficult & time consuming for them (but that’s the cost of the right to privacy, liberty and the pursuit of happiness). JMHO…

    2. The Thin Man Returns

      Guilt or innocence is what matters, eh?

      “Several years ago the superintendent of schools from an adjacent county was speaking on TV, live, when a man approached him and shot him in the head, killing him, in full view of the entire TV audience, just like Jack Ruby when he shot Oswald.”

      Did you ever think that maybe the man “knew” that the superintendent of schools was a child molester and in so knowing decided to save the courts some trouble?

      As far as DPR goes, maybe he is guilty, maybe not. However, using shortcuts to get evidence in such a way so as to violate laws that would put you or I in jail for 5 years should allow DPR to walk.

      Wouldn’t allowing this also validate the “drop gun”, the planting of drugs, the “finding” of child porn etc. You know that they are bad guys after all, right? I mean that they are guilty, at least now.

    3. Chris Mitchell

      @The Fat Man

      If guilt or innocence is really what you’re after then you’ve got to defend the the agreed upon, constitutionally defensible process that we make that determination with, plain and simple. That’s what must be championed. The process is where justice lives or dies.

      Jumping to a conclusion (either way) then seeking to defend that conclusion based on your gut, or hearsay, or a few news articles is the antithesis of justice. Whether or not these sources of info happened to land on the side of reality or not is inconsequential.

      That you’re willing to dismiss due process for what you arbitrarily deem as DPR’s self-evident guilt is sickening and indicative of a cultural mindset that serves to erode our liberties, not protect them. Like others have noted here, if you were at the receiving end of this brand of “justice” I doubt you’d be interested in defending it. Something tells me you’d want a chance to defend yourself as the “good guy” your gut tells you you are.

      1. The Fat Man

        Well, I’m not a big fan of loop-hole justice. As far as the constitution goes, it’s not a religious document for me as it seems to be for many others. It was made to be changed, so that it could change with the times when it became outdated, though, obviously, it seldom is.

        I’m not for law enforcement abusing its power, but having worked at a prison, and being aware that loop-hole justice is not justice, it’s not something that I personally support.

        All I’m saying is that all evidence that determines guilt or innocence should be allowed, and if it was obtained illegally, procecute those responsible for illegally obtaining it, but do not give the criminal a pass because law enforcement didn’t tiptoe through the maze of requirements carefully enough.

        Isn’t that a little more reasonable – those who break the law get procecuted whether they are law enforcement or criminals? If you can’t see this simple point, you probably have a bad case of constitutionalitis, and there is not much chance of getting you to see reason.

        1. stine

          The government should not have to break its own laws. If they do, then what good are they (either the laws or the government)? Once they can break a single law, how do we prevent them from breaking the rest?

  22. asdfsquared

    They are lying. I’d love to tell you how they found it, I suspect that they took things I’ve said openly about exposures in tor while under investigation myself/subject to intercepts, because I sincerely dislike the fabrication of evidence, however, I suspect that it would potentially disrupt or otherwise impair other investigations, where what is being peddled is stuff like child porn.

    They’re lying though, and Ross’ lawyer is asking the wrong questions– who else is the right question…of course they’re lying, so…

  23. ModernDemagogue

    Your article seems to have failed to understand the documents released almost entirely.

    The Feds actually state very clearly they have no explaining to do. They do not and in fact they very clearly assert why they feel they have no explaining to do. The argument is contained in the document you link to but it relies upon a) the materiality of any such disclosures, b) a clearly articulated argument that “there is no basis to suppress the contents of the SR Server: (1) Ulbricht has not claimed any possessory or property interest in the SR Server as required to establish standing for any motion to suppress; (2) the SR Server was searched by foreign law enforcement authorities to whom the Fourth Amendment does not apply in the first instance; (3) even if the Fourth Amendment were applicable, its warrant requirement would not apply given that the SR Server was located overseas; and (4) the search was reasonable, given that the FBI had reason to believe that the SR Server hosted the Silk Road website and, moreover, Ulbricht lacked any expectation of privacy in the SR Server under the terms of service pursuant to which he leased the server.”

    I bring this up because you are starting a firestorm on sites like Reddit and Slashdot about the NSA, parallel construction, the “legality” of what’s going on here, where Ulbricht’s lawyers are basically going on unlawful fishing expeditions and trying to get the DOJ to turn over all sorts of random things which have nothing to do with the DOJ’s case.

    At one point, the DOJ points out that it has no intention of using a certain Server in the case and therefore need not even provide it to the defense.

    Similarly, you conflate things about what the DOJ said, the FBI said, or even a specific agent said, and now others have interpreted you as claiming the FBI is lying.

    All that is clear, is that the FBI is not telling the whole story; but its not being coy about this. Its straight out saying it doesn’t have to tell the whole story, and its not going to.

    Your lack of understanding of the legal issues at play here is causing confusion, and unless you choose to educate yourself I’d suggest you stick to your expertise.

  24. Alex

    Hey Modern Demagogue, you are funny.

    The FBI is insisting the server’s are DPR’s, so thus the accused has the right to question both the claim he owned them as well as how the FBI breached them.

    I’m sure DPR is getting as far away from them as possible…haha…

    The move which you speak has been know since at least the 1970s, that being one of the other “Five Eyes” breaks the law for the US, then gives them the info.

    That is illegal… by treaty and law, for whatever those mean.

    We have a thing called “Discovery,” and yes my dear, the FBI does have to do it.

    Pretty funny though.

    The unfunny thing is the war on drugs, and other “wars” on our individual rights. And yes, DPR is guilty of disobeying our patently-unconstitutional morals laws.

    So yeah, I’d say DPR is likely less dipped in criminality than either the NSA or the FBI, the Dems & Repubs, and especially our wonderfall masters of the universe.

    So let’s be serious and keep the focus on what’s important here…

  25. MT

    To me the following is very striking:

    the TOR hidden service has the IP 62.75.246.20 which belongs to the larger IP block 62.75.130.195 – 62.75.255.255 and is allocated by INTERGENIA AG whose datacenter is located in Hurth (borough of Cologne, Germany).

    There was a recent story by The Intercept about the German satellite provider STELLAR PCS GmbH which is also located in Hurth!

    https://firstlook.org/theintercept/2014/09/14/nsa-stellar/

    The NSA successfully penetrated and mapped their internal network structure. Their IP block is however different from that of INTERGENIA. But still, the NSA seems to be very active in Cologne. From the same The Intercept article there is also evidence that the DEUTSCHE TELEKOM and NETCOLOGNE are both intercepted in Cologne.

    Therefore, I would reasonably assume that datacenters in Cologne, Germany are very well understood by the NSA and seem to play a critical role in their global strategies. Now, imagine that they poke around with their filters on metadata that they collect in Cologne. To me it won’t be a surprise that they will recognize the traffic of this 62.75.246.20 server, because its only kind of traffic are HTTPS lookalike outbound connections to other TOR nodes, directories, and bridges whose IPs are mostly openly available. And secondly it would be very suspicious that this very same server has an inbound line to that single server in Iceland which hosts the real website. It is highly possible that such suspicious traffic is also captured at the GCHQ/NSA transit point in the UK. And since the Silk Road generated some reasonable amount of traffic this kind of behavior would not stay unnoticed forever, I’d guess. Probably this traffic pattern – a server located in a datacenter with a similar amount of outbound and inbound traffic – is interesting to the NSA analysts for several other reasons: E.g. it might be part of some (anonymous and most likely illegal) peer-to-peer file sharing architecture (probably being part of The Pirate Bay Torrent network – and that’s what they were after in the first place).

    Naturally, one would be interested in the server from where all the inbound traffic originates. So, in the next step they would analyze the metadata that they have on the server in Iceland with IP 193.107.86.49 that hosts all the web pages of Silk Road and serves lots of data to the TOR server in Cologne. Besides HTTPS/SSH traffic to the server in Cologne the only other kind of traffic might be some secured SSH connections (via some other VPN) by Ross Ulbricht. I assume he would access the phpmyadmin page via 127.0.0.1 through his SSH tunnel (that’s why he allows access from localhost to his webserver and that’s why the Iceland server only serves unencrpyted HTTP; the traffic between Icleand and Cologne is most likely SSH tunneled HTTP – not HTTPS as I have written before).

    Now, the question is: why does the NSA know that there is phpmyadmin available on the server when all the traffic was tunneled through SSH? I assume that Ulbricht never did a mistake and connected directly to his server in Iceland via unencrypted HTTP (which would have been possible, because in the configuration file he did not deny connections from any other IP – which I do not understand why: a “deny all except 127.0.0.1” could be very possible while using the SSH tunneling approach).

    I have to say, that I think that the blog post gets this wrong:

    It’s not clear why he set it up this way, but the document the government released in 70-6.pdf shows the rules for serving the Silk Road Web pages, and those rules are that all content – including the login CAPTCHA – gets served to the front end server but to nobody else. This suggests that the Web service specifically refuses all connections except from the local host and the front-end Web server.

    I think this quotation states a wrong fact. The document 70-6.pdf shows the configuration file of the front-end web server (which also is the TOR hidden server). In fact this web server is _not_ publicly accessable but only through TOR via the local machine. Therefore, the configuration file has lines

    allow 127.0.0.1;
    allow 62.75.246.20;
    deny all;

    Please note that this must be the configuration file of 62.75.246.20 itself! And it just states that the webserver on the TOR machine (in Cologne) is only accessable locally via TOR but not through the public internet. Also note that the server only allows encrypted HTTPS traffic (altough it is encrypted via TOR again; the TOR hidden service architecture does not encrypt at rendevouz points and therefore traffic must be encrypted by itself if private data should not be exposed at rendevouz points).

    The file 70-71.pdf shows the configuration of the webserver in Iceland which hosts the real Silk Road website. I think, that the original blog post gets this wrong. Note, that this webserver only is configured for unencrpyted HTTP _and_ that it _does__not_ disallow connections from any other IP! And therefore Ulbricht could have been lazy and once connected directly to his real webserver, unencrypted! And this could have been captured by the NSA’s metadata (probably the NSA has actively prevented successful SSH connections to the server under suspicion and they wanted to see what will happen after the adminstrator Ulbricht could not connect to his server as usual and in this way they probably bribed him so that he intentionally got “lazy” and made a (direct) unencrypted connection to phpmyadmin). Since this back-end webserver does not support HTTPS, I assume that HTTP requests from Cologne were tunneled through SSH and also that Ulbricht usually tunneled his phpmyadmin logins through SSH.

    In another scenario, if the server with IP 193.107.86.49 is a virtual server and the NSA knew about the Heartbleed bug, they could have tried to successfully register an account with exactly this virtual server (as a new customer to the hosting provider). Then they could just login with their spoofed SSH client (which was Heartbleed-enabled) and copy the secure SSH key from the virtual server’s memory. Then Ulbricht’s SSH traffic could have been decrypted. Or they somehow messed around with the SSH tunnel between the servers in Iceland and Cologne (in order to obtain SSH keys)?

    Probably the reason why Ulbricht decided to install a front-end server in Germany is that there are a lot of TOR users in Germany that generate TOR traffic in this country. On the other hand in the public opinion Iceland may be regarded as a safe harbor for “problematic” data.

  26. AlphaCentauri

    @The Fat Man: You may feel the laws are “overly protective of criminals,” but very few accused have legal representation like DPR. Most of the people in prison were never found guilty at trial. Unless someone has the money for a vigorous defense, even innocent people are likely to accept a plea deal for a one or two year sentence rather than risk being convicted and sentenced to 30 years because they ran out of money to pay a lawyer to show up for yet another continuance. If you don’t want to be “overly protective of criminals,” people consider the fact that every time an innocent person accepts a plea deal to avoid the risk of a long prison sentence, a guilty one is safe from being arrested for the criminal incident in question.

    1. The Fat Man

      You’re a bit off-topic. As I said I worked at a prison and I’m familiar with the preferential trtmt most wealthy, as well as celebrities, sports figures, politicians, and other high profile individuals get, and that the poor are not likely to get the same.

      Yes, it’s unfair, but does that justify not procecuting criminals who are guilty? Not really.

      As far as most in prison not even getting convicted, that wasn’t true at the prison I worked at. Generally, if they did accept a plea bargain, it was likely because they were guilty. No one is forced to accept a plea bargain, and it’s often offered when the procecution has a weak case.

      Cons are not stupid & they know how to game the system. “If you’re guilty, ask for a jury trial, & if you’re not, get a trial with a judge only” If they accepted a pleas bargain, there was likely a reason.

      I worked in a medium security facility. Most of the inmates were career criminals from well known, high crime neighborhood in a major city. The recitivism rate was over 85%, and those paroled or released were usually back in a very short time, usually from committing another crime.

      I’m sure that my opinions are colored by my personal experiences. We lived in OKC when the steakhouse murders occurred, in Gainesville when Danny Rolling murdered his five victims, & in Naples when the Cracker Barrel murders occurred.

      Should any of these murderers walk because of a loop-hole? Not in my opinion.

      Gainesville was a particularly crime-ridden city. Rape, assault and murder were common place. Unreported in the public media, there had already been 10 unrelated murders there during the months prior to Danny Rolling’s rampage, and most went unsolved.

      The procecution rate for even major crimes was pathetic due to a lack of funds. Most never went to trial. (In Florida funds for procecution are related to the tax base and Alachua was a very poor county.)

      Our home was burgularized, my son was attacked, more than once, & is lucky to be alive, IMO, so you might expect that I’m not terrible sympathetic toward career criminals.

  27. srhardy

    Have you ever watch a spaghetti western? John Wayne, ALWAYS GET THE BAD GUY IN THE END. being clever isn’t an excuse to think you can do evil things without consequence, the RULES are to protect the good guys and not the BAD GUYS.

  28. Alex

    Hey SRHardy,

    The “rules” ARE what separate and determine who the “good guys” are from the “bad guys.” When the good guy breaks the “rules” he is a “bad guy.”

    Are you keeping up? That appears to be a complicated concept for a lot of my fellow “Americans…???” Really?

    I’m not sure if it is our ethical or educational systems that failed, or both… OK, let’s do a little “reality check.”

    The “rules” protect nobody from crime. Folks’ decisions not to screw each other does that. It is not uncommon for the greatest criminals to hide behind the “rules,” or take command of the “rule making,” as we see today.

    These are the “tone setters,” our “ethical” leaders.

    The complete failure of ethics at the “top” leads to a general degradation in the rule of law and the public respect for its enforcers.

    I’m still waiting for torture, drug, and war crimes charges against Kissenger et al, for Vietnam and Chile, let alone Bush II and that evil troll Cheney for running up fake justifications for a criminal war, and committing kidnapping and torture… don’t hold your breath.
    And those are HUGE WAR CRIMES.

    Lying openly to Congress is just the price of admission into the last few presidential administrations, after getting elected by sucking up a billion dollars in bribes from the biggest corporate interests in the country…

    Or maybe you should. Hold your breath. For a long time. While watching John Wayne kill viets, in, oh what was that classic of imperialism:

    The Green Berets!

    Those were the days!

    Gulf of Tonkin incident! The Church Committee!

    Deja-Vu, Suckers! These are the same days.

    “We will save you from yourself, even if we have to kill you!” is the new golden rule.

    Gotta love the logic of an empire that JW fronted for!

    Back to the basics…

    A “rule-breaker” with a badge becomes the bigger criminal when breaking the “rules,” for they break the rules and their oath to support and uphold the “rules” simultaneously.

    Two birds with one stone… two crimes by one act. Who says our government is not efficient? Haha… at least they are good at something!!

    SRHardy, two wrongs are just two wrongs.

    If we want anyone to act within the “rules” we MUST first bring our most powerful corporate and political criminals to justice, and curb their criminal behavior back to within our Constitutional limits.

    Let’s put John Wayne on them! Wow, that thought will get you put on a watch list… hahaha… if JW did not work for them!

    You know how to keep bears out of a cabin? Shoot one in front of all the others. Problem solved. I.E., enforce the laws on the law-givers first.

    Time to “shoot a few bears,” so to speak. Haha.

    To Krebs:
    Great freeking work dude, and well balanced for such a complex techno-legal issue. Thanks.

    And, I gotta say I love the hell out of your commenters, even the ones who think we should all be naked and searched all the time…haha… They sure get the rest of us riled up!

    Is there hope for our liberties, after all? The Krebites give me hope.

    1. The Fat Man

      [The “rules” ARE what separate and determine who the “good guys” are from the “bad guys.” When the good guy breaks the “rules” he is a “bad guy.”]

      Uh, not really. How well you treat others is what separates the “good guys” from the “bad guys”. A very wise Jewish Mystic made the point that it’s not about following rules.

      Love God with all your heart. Love others as your self.

      Kind of simple, really. But not easy. ;^)

  29. Alex

    Oh yeah, and Wayne did a GREAT movie about him being an agent for McCarthy’s House Committee on UnAmerican Activities.

    His role was beating up “commies” who were subverting our “way of life.”

    His killing of indians who objected to us stealing their land still clouds genocide in mythology.

    Man, we need better cultural “mirrors” than Wayne.

    Cheney’s the man!

    Him and his shotgun will clean this mess right up…

  30. Alex

    Wayne was big buck Hollywood productions.

    Eastwood the spaghetti eater came later…

Comments are closed.