"Still very incriminating".
Good thing that doesn't mean a damn thing. They still have to prove a crime took place.
Topic: Silk Road was not seized by the FBI, the site was manually shut down - page 2. (Read 3437 times)
September 11, 2014, 09:10:21 PM
September 11, 2014, 08:31:56 PM
Load up tails
Connect to private bitbucket clone you made and download new OpenSSH over Tor
Run it
Reboot all evidence is gone.
If you're busted they find a generic tails disc. Obviously what you download from the private bitbucket server will be encrypted, preferably with AES-GCM or anything that isn't block encryption/XTS for reasons Niels Ferguson laid out in his objections about XTS to NIST. (read his paper, mind blown).
I still disagree with you. The knowledge and access to "the private bitbucket server" is still very incriminating.Connect to private bitbucket clone you made and download new OpenSSH over Tor
Run it
Reboot all evidence is gone.
If you're busted they find a generic tails disc. Obviously what you download from the private bitbucket server will be encrypted, preferably with AES-GCM or anything that isn't block encryption/XTS for reasons Niels Ferguson laid out in his objections about XTS to NIST. (read his paper, mind blown).
And this:
Port knocking makes the operator feel secure, it doesn't actually do anything except security through obscurity.
is just a trope. Security through obscurity is an excellent defense when the defending group is small (like one person). Intelligent port knocking will look quite innocuous and will enable a range (or ranges) of possible sources, not a single address. And instead of SSH (Swiss Army Crutch of bad sysadmins) use good old telnet reinforced with IPsec or Kerberos.
September 11, 2014, 08:02:05 PM
In the future, should anybody be foolish enough to run a similar service and risk life in prison, this is not how it's done. If you're going to go for security through secret kind of a deal to protect your open SSH port then manually add +x amount of AES or ChaCha20 rounds to OpenSSH on both the server and your client. Now only that specific SSH install can even negotiate a session. ie: add 3 rounds to AES, every attacker must have exactly same setup. This is much better than port knocking security theater or pasting in your VPN IP so the FBI can use it to find you.
Your advice is questionable legally and operationally.1) From the legal point of view, finding such a modified software would be a definite proof that the law enforcement located a true culprit
2) From the operational point of view the need to compile/carry your own modified software makes it difficult to be truly mobile and evasive
While "port knocking" could be construed a "security theater" it has offsetting advantages.
1) From the operational point of view intelligent port knocking can be done without specific tools. You can do it yourselves from any computer or you can describe it to somebody over the phone and have unrelated people knock on your ports to disperse the attention and the resources of the adversary
2) From the legal point of view it would be easier to "reasonably deny" the actions made using a shared/unmodified computer. Like one of the PirateBay guys who's now imprisoned and all the evidence prosecution has was from a machine anyone in his office could access.
Load up tails
Connect to private bitbucket clone you made and download new OpenSSH over Tor
Run it
Reboot all evidence is gone.
If you're busted they find a generic tails disc. Obviously what you download from the private bitbucket server will be encrypted, preferably with AES-GCM or anything that isn't block encryption/XTS for reasons Niels Ferguson laid out in his objections about XTS to NIST. (read his paper, mind blown).
Port knocking makes the operator feel secure, it doesn't actually do anything except security through obscurity.
September 11, 2014, 07:53:14 PM
In the future, should anybody be foolish enough to run a similar service and risk life in prison, this is not how it's done. If you're going to go for security through secret kind of a deal to protect your open SSH port then manually add +x amount of AES or ChaCha20 rounds to OpenSSH on both the server and your client. Now only that specific SSH install can even negotiate a session. ie: add 3 rounds to AES, every attacker must have exactly same setup. This is much better than port knocking security theater or pasting in your VPN IP so the FBI can use it to find you.
Your advice is questionable legally and operationally.1) From the legal point of view, finding such a modified software would be a definite proof that the law enforcement located a true culprit
2) From the operational point of view the need to compile/carry your own modified software makes it difficult to be truly mobile and evasive
While "port knocking" could be construed a "security theater" it has offsetting advantages.
1) From the operational point of view intelligent port knocking can be done without specific tools. You can do it yourselves from any computer or you can describe it to somebody over the phone and have unrelated people knock on your ports to disperse the attention and the resources of the adversary
2) From the legal point of view it would be easier to "reasonably deny" the actions made using a shared/unmodified computer. Like one of the PirateBay guys who's now imprisoned and all the evidence prosecution has was from a machine anyone in his office could access.
September 11, 2014, 07:11:55 PM
Semantics - in fact taking over a TOR hidden service is closer to the definition of "seize" than just taking over the DNS of a regular internet domain.
September 11, 2014, 06:40:01 PM
The US government worked with the Iceland government to have the site be shut down at a specified time, a time after which they had planned to have arrested Ross (so as to not tip him off). The data was then provided to the US government.
They had the data first, which revealed his feeble authentication of using his VPN IP in the SSH config. They (supposedly) then could trace the VPN to that library and other locations figuring out it was him. FBI asked Iceland to copy the entire state of his server(s) then shut it down later.
In the future, should anybody be foolish enough to run a similar service and risk life in prison, this is not how it's done. If you're going to go for security through secret kind of a deal to protect your open SSH port then manually add +x amount of AES or ChaCha20 rounds to OpenSSH on both the server and your client. Now only that specific SSH install can even negotiate a session. ie: add 3 rounds to AES, every attacker must have exactly same setup. This is much better than port knocking security theater or pasting in your VPN IP so the FBI can use it to find you.
September 11, 2014, 06:17:01 PM
The US government worked with the Iceland government to have the site be shut down at a specified time, a time after which they had planned to have arrested Ross (so as to not tip him off). The data was then provided to the US government.
September 11, 2014, 11:03:15 AM
The Silk Road was an Amazon-style online marketplace that was hosted on the Deep Web launched by “Dread Pirate Roberts”, accessible only through the anonymity network TOR. The site used Bitcoins as a viable payment option due to its peer-to-peer yet anonymous nature. The TOR network was originally designed by the US Navy. Military personnel initially designed the software in the mid 90s to carry out covert government spying operations on United States citizens, as well as any potential activists on watchlists. The browser allows users to anonymously surf the internet, concealing their activities, as well as their location from government agencies as well the ISPs, or anyone general.
More at http://cryptoconspiracy.com/silk-road-was-not-seized-by-the-fbi-the-site-was-manually-shut-down/
More at http://cryptoconspiracy.com/silk-road-was-not-seized-by-the-fbi-the-site-was-manually-shut-down/
Jump to: