Silk Road Fans Give the FBI a Tip, and an Earful

J.D. Tuccille | 10.7.2013 4:51 PM

(FBI)

As Jerry Brito mentions in his column about the closure of the Tor-based black-market site, Silk Road, supporters of the underground economic operation have identified the address where the FBI is storing the 26,000 Bitcoins seized from Ross Ulbricht, the site's alleged proprietor. Now they're sending tiny, tiny Bitcoin tips to that address so they can include nastygrams and peanut gallery taunts in the "public note" portion of their payments that are then visible on Blockchain.

At the FBI Bitcoin address on Blockchain, you can read gems including:

Yo F.B.I im hapy for you and all buuut
God damn it Mulder.
All your Bitcoins are belong to us. http://www.fbi.gov/ …good thing too cuz we is short on funds.
"One star is born as another fades away. Which one will come next? is my favorite riddle." Said a girl puffing rings in a dot, dot, dash haze. "No worry, No hurry. They can't stop the signal."
Take the drugs, take the domain, but don't take the people's bitcoins. This seizure was only legal because bitcoin is not recognized as a currency.
You see, I think drugs have done some good things for us. I really do. And if you don't believe drugs have done good things for us, do me a favor. Go home tonight. Take all your albums, all your tapes and all your CDs and burn them.
'Cause you know what, the musicians that made all that great music that's enhanced your lives throughout the years were rrreal fucking high on drugs. The Beatles were so fucking high they let Ringo sing a few tunes.
I think it's interesting the two drugs that are legal, alcohol and cigarettes, two drugs that do absolutely nothing for you at all; and the drugs that might open your mind up to realize how badly you're being fucked every day of your life?
I loved when Bush came out and said, "We are losing the war against drugs." You know what that implies? There's a war being fought, and the people on drugs are winning it.
The tyrant dies and his rule is over, the martyr dies and his rule begins.
The fight against drug trafficking is a wildfire that threatens to consume those fundamental rights of the individual deliberately enshrined in our Constitution.
DOWN WITH THE FEDERAL RESERVE! "…The issuing power should be taken from the banks and restored to the people, to whom it properly belongs." -Thomas Jefferson

As Brito points out, Bitcoins aren't as untraceable as some people think, at least not without special care. But Ulbricht, who is said to be the Dread Pirate Roberts who managed Silk Road, was apparently more than a bit sloppy in covering his tracks—specifically, he was connected to Silk Road because he once used his Gmail address to promote it.

Tor, it turns out, isn't necessarily as completely anonymous as people think, either, though it's pretty damned close. The NSA actively works to crack the network and identify its users, even using advertising networks to plant and trace cookies. So far, though, the spooks have has limited success. In one document supplied to The Guardian by Edward Snowden, NSA officials complain, "We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users."*

Ulbricht's fatal sloppiness (assuming the feds have the right guy) and the NSA's frustration may well serve to encourage black marketeers and privacy aficionados to keep trying. They now also know to tighten their personal security and to close some technical loopholes.

And they know how to find the feds and aren't shy about taunting them.

* Targeting individuals to track Tor use doesn't yet seem to be easily possible. The same NSA document complained of "no success de-anonymizing a user in response" to specific requests.

(H/T SweatingGin, among others)

The Rattler is a weekly newsletter from J.D. Tuccille. If you care about government overreach and tangible threats to everyday liberty, this is for you.

NEXT: Cuba Looking To Get the UN To Condemn US Embargo

Economics Ross Ulbricht Science & Technology War on Drugs Black Markets Bitcoin Internet Drugs

Hide Comments (27)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Fist of Etiquette 11 years ago

The fight against drug trafficking is a wildfire that threatens to consume those fundamental rights of the individual deliberately enshrined in our Constitution.

That guy was obviously so blazed when he wrote that.
PD Scott 11 years ago

Aren't most of those from Bill Hicks?
1. Brett L 11 years ago
  
  Yes.
Paul. 11 years ago

Take the drugs, take the domain, but don't take the people's bitcoins. This seizure was only legal because bitcoin is not recognized as a currency.

Well, yeah.
Paul. 11 years ago

"We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users."

So the question is, what does that mean in practical terms. If they want to have a clear, unfettered ongoing view of users regardless of their activity, then "we" are safe?

But if they go after your specific use of TOR, they can get you?
1. PapayaSF 11 years ago
  
  That was my question. Does this mean that the limitation is manual analysis, that with more people/time they'd be able to de-anonymize everyone? Or that even manual analysis only works some of the time?
2. HazelMeade 11 years ago
  
  It just means they haven't automated the process of identifying users yet. They need a human being to do the analysis on a case-by-case basis.
  But eventually, someone will write software that will do automatically what the human analyst is now doing.
  1. HazelMeade 11 years ago
    
    Course it could be that some things are beyond the capacity of even the best AI, and only a human being can do them.
    
    But they could also automate everything before and after the human brain comes into the loop, so the human analyst can work more efficiently.
  2. Paul. 11 years ago
    
    What bugs me about that is that would be like saying PGP or Truecrypt can be broken if the government focuses on your encrypted stream. The point is that the encryption you use is so they can't crack it unless they're prepared to spend 100,000 hours of super-computer time.
    
    I really want to use something that reasonably guarantees my anonymity regardless of whether or not I'm being specifically targeted.
    1. Thane of the Candy Kingdom 11 years ago
      
      If they were able to de-anonymize you on Tor, it would almost certainly not be by cracking the encryption.
      1. Paul. 11 years ago
        
        Understood. I was just using encryption as an example.
        
        What I'm really getting at is the idea of security through obscurity or real actual security.
        
        It sounds like TOR relies more on obscurity than real security if a targeted session can be traced a real source.
        
        This Silk Road case has interested me because from my perspective, it seems that it's a good lesson on how we think we may be able to protect ourselves, but a few basic mistakes can reveal our identity pretty quickly-- especially if the government has identified a target.
        
        Encryption, anonymizers, Cloud storage in foreign countries out of the 'reach' of the U.S. Government.
        
        This story has all of it, and yet there's a very good chance Mr. Ulbricht will spend the rest of his life in jail.
        
        HazelMeade 11 years ago
        
        If he does, I hope he writes about political philosophy from prison.
        
        FreeToFear 11 years ago
        
        Tor works by anonymizing the stuff in the middle. The FBI and friends can see that you initiated a request to a Tor server, and through watching timings and some creative guesswork, match it up to the request that comes out the other end (especially if they own the exit node, which I have no doubt they operate many tor servers), and the response coming back. It's security is in the aggregation - the more people use it, the more difficult it becomes to match traffic patterns to individual users. Whether that's enough security to run an illicit business or not depends on your appetite for risk
3. Thane of the Candy Kingdom 11 years ago
  
  But if they go after your specific use of TOR, they can get you?
  
  If you're talking about someone saying "I want Paul.'s Tor traffic identified and decrypted" then the answer is basically "no", as far as anybody outside the spy agencies is aware. If you're going through exit nodes (rather than using a hidden service, like Silk Road), there are theoretical traffic analysis attacks but unless you have very distinctive traffic patterns they probably will not be successful.
  
  However, a LEA might be able to get a court order to bug your computer, which would render the point moot.
  1. Paul. 11 years ago
    
    Somehow I missed the asterisked point on the post.
    
    So the NSA says they can de-anonymize people with manual analysis, but then claims they've never successfully done it? I'm not sure what the 'specific event' means. To me, that means, "Hey, Bob, de-anonymize this stream, we think he might be the guy running Silk Road".
    1. Thane of Steelport 11 years ago
      
      Assuming you meant to type "specific request", I presume that they mean a request to a specific resource.
      
      For instance, if the are looking at a log of IP addresses that have downloaded (say) a bomb-making manual, it is highly unlikely they can trace any ones originating from a Tor exit node to a specific user. Unless, of course, they were actually the ones that posted the manual, and the PDF has an exploit in it.
      
      As an aside, I'm sure a lot of the "hacking toolkits" on Silk Road were sold by government agencies and phoned home.
      1. Paul. 11 years ago
        
        Yes, I meant specific request... that was just a typo.
4. np 11 years ago
  
  But if they go after your specific use of TOR, they can get you?
  
  It's not use of Tor exactly. It's use of things outside of Tor. That's why the NSA had a presentation called "Tor Stinks" because they can't crack it directly. They have to use side-channel attacks, browser vulnerabilities, man-in-the-middle attacks on websites or web services people use to track people within TOR.
  
  See: http://www.theguardian.com/wor.....CMP=twt_gu
  
  http://www.theguardian.com/wor.....-anonymity
  - for very specific details i.e. FoxAcid and Quantum server
  1. np 11 years ago
    
    Summary, with feedback from Schneier, who analyzed the Snowden NSA-Tor docs:
    http://www.theregister.co.uk/2.....tor_users/
    
    An NSA presentation released by Edward Snowden contains mixed news for Tor users. The anonymizing service itself appears to have foxed US and UK government snoops, but instead they are using a zero-day flaw in the Firefox browser bundled with Tor to track users.
    
    "These documents give Tor a huge pat on the back," security guru Bruce Schneier told The Register. "If I was a Tor developer, I'd be really smiling after reading this stuff."
    1. Paul. 11 years ago
      
      but instead they are using a zero-day flaw in the Firefox browser bundled with Tor to track users.
      
      Hooooooooooo boy.
  2. Thane of Steelport 11 years ago
    
    I'm reading the slides now; I have to admit I think QUANTUMCOOKIE is pretty cool.
    
    One thing that surprised me somewhat is that they have "access to very few nodes" (emphasis theirs, from the Tor Stinks slideshow).
  3. np 11 years ago
    
    More:
    http://www.schneier.com/blog/a.....a_att.html
    
    Also citing how Quantum was used to spy on Belgacom by Spiegel:
    
    According to the slides in the GCHQ presentation, the attack was directed at several Belgacom employees and involved the planting of a highly developed attack technology referred to as a "Quantum Insert" ("QI"). It appears to be a method with which the person being targeted, without their knowledge, is redirected to websites that then plant malware on their computers that can then manipulate them. Some of the employees whose computers were infiltrated had "good access" to important parts of Belgacom's infrastructure, and this seemed to please the British spies, according to the slides.
5. Brett L 11 years ago
  
  Eh. I think this is more smoke and mirrors. TOR is insecure now.
  1. Tally-Ho! 11 years ago
    
    How so? Based on what?
Neoliberal Kochtopus 11 years ago

(H/T SweatingGin, among others)

What is this, the early years of Gilligan's Island?
1. SweatingGin 11 years ago
  
  It's a triumph, is what it is!
Paul. 11 years ago

Anonbot is like Lucy with the football. I ain't fallin' for it.

Please log in to post comments

Silk Road Fans Give the FBI a Tip, and an Earful

Latest

Brickbat: Uncollegial Behavior

Will Jay Bhattacharya Get Gain-of-Function Research Under Control?

Why I'm Not Deleting My 23andMe Genetic Data

Georgia Backs Bill To Reaffirm Independent Kids, Protect Free-Range Parents

Arizona Legislators Are Immune From Traffic Tickets During Session. A New Proposal Wants To Change That.

Recommended

Login Form