[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Did the CMU team out Silk Road 2 to the FBI?



On 01/24/2015 04:03 PM, Greg Norcie wrote:
> 
> It's uncommon, but not unheard of, for someone to think just because a
> paper contains no classified information, they can publish it without
> running it past the agency they work for. Often after being informed
> they can be sanctioned, there is not enough time to get approval before
> the conference, so the paper is withdrawn.
> -- 
> Greg Norcie (gnorcie@indiana.edu)
> PhD Student, Security Informatics
> Indiana University

Yes, I suppose that's true.

However, I can't imagine that a team charged with finding SR2 could have
thought that they could present the work at Black Hat.

I am not, by the way, flogging this speculation out of any ill will
toward CMU. If SR2 was deanonymized through police work, only the
vulnerabilities exploited, and how to mitigate them, are relevant to the
Tor community. However, if SR2 was deanonymized in the course of
research, different standards of conduct would arguably have applied.

What are they? And what are the consequences of violating them?
Regardless of the present circumstances, those questions warrant public
discussion.

> On 1/23/15 5:10 PM, Mirimir wrote:
>> On 01/23/2015 02:12 PM, Greg Norcie wrote:
>>> Correct me if I'm wrong, but doesn't CERT contract out to federal
>>> agencies sometimes?
>>> -- 
>>> Greg Norcie (gnorcie@indiana.edu)
>>> PhD Student, Security Informatics
>>> Indiana University
>>
>> I've read that, but haven't researched the question.
>>
>> But if the CMU team had been funded to deanonymize SR2, or even
>> "illicit" hidden service sites generally, why would they have scheduled
>> a presentation at Black Hat?
> 
> 
>> But of course, this is entirely speculative.
>>
>>> On 1/21/15 5:59 PM, Mirimir wrote:
>>>> OK, so this is very interesting:
>>>>
>>>> | The court documents refer to a source that provided "reliable
>>>> | IP addresses" for Tor hidden services between January and July
>>>> | of 2014, leading them back to both the servers and 78 different
>>>> | people doing business on the site.
>>>> |
>>>> | According to a Tor blog post, someone during that period was
>>>> | infiltrating the network by offering new relays, then altering
>>>> | the traffic subtly so as to weaken Tor's anonymity protections.
>>>> | By attacking the system from within, they were able to trace
>>>> | traffic across the network, effectively following the server
>>>> | traffic back to their home IP. In July, Tor noticed the bug and
>>>> | published an update to fix it — but for six months, certain
>>>> | hidden services were badly exposed, and the Silk Road 2 appears
>>>> | to have been one of them.
>>>> |
>>>> || OK, almost certain: CERT Tor deanon attack was FBI source:
>>>> || https://t.co/JKwWD2E3VK SR2 server, 78 vendor IPs, Jan-July 2014
>>>> || — Nicholas Weaver (@ncweaver) January 21, 2015
>>>> |
>>>> | So who carried out the attack? Already, researchers are pointing
>>>> | to a Black Hat presentation this summer that promised to outline
>>>> | a similar attack, but was controversially cancelled at the last
>>>> | minute. The researchers, working for CMU's CERT Center described
>>>> | similar capabilities and performed their research over a nearly
>>>> | identical span of time: January to July of 2014. If the
>>>> | researchers were also helping the FBI investigate criminal
>>>> | activity on Tor, it would explain why law enforcement might
>>>> | not want their methods getting out to the community at large.
>>>>
>>>> https://www.theverge.com/2015/1/21/7867471/fbi-found-silk-road-2-tor-anonymity-hack
>>>>
>>>>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk