Silk Road forums

Discussion => Silk Road discussion => Topic started by: munkies on October 06, 2013, 11:04 pm

Title: Questions about the SR bust? Is it possible that TOR is compormised?
Post by: munkies on October 06, 2013, 11:04 pm
Ok so the feds shut down the road and they arrest this Ulbricht guy and start bragging about it. But there are some serious questions if this whole bust thing is indeed legit.
Some questions arise:

1. How come the SR was closed on the same day DPR supposedly got caught?
For the FBI to place that shitty photoshopped picture on the SR main page means they have the private key to the SR address. Obviously they didn't brute force it (that would take a couple of billion years at least) so either DPR actually gave it to them, which makes no sense, or they have had physical access to the SR servers, which brings us to question #2
2. How did they find the SR servers? If TOR is so secure, how the hell did the feds locate and seize it's fucking servers?
If they actually did that, it means SR has been compromised for a long time, and LE would have been able to basically impersonate everyone on the road, including DPR himself. But why did they wait until now to shut it down?
3. They claim one of the most important pieces of evidence was that question DPR supposedly posted on StackOverflow. They also claim that the identical block of code was found in the SR code. I'm no programmer, however, someone please enlighten me, why would the road have a script that connects to tormail via curl? SR was a really simple ecommerce site with bitcoin support, I simply don't understand the role of that script.
4. Why would DPR try to broker a drug deal and then hire a hitman? Makes 0 fucking sense, by their own claims he was making more money from commissions than that kid could launder in a fucking lifetime. Sounds like a CEO getting a second job as a housekeeper...
Title: Re: Questions about the SR bust? Is it possible that TOR is compormised?
Post by: HassleHoff on October 07, 2013, 12:28 am

1. How come the SR was closed on the same day DPR supposedly got caught?
For the FBI to place that shitty photoshopped picture on the SR main page means they have the private key to the SR address. Obviously they didn't brute force it (that would take a couple of billion years at least) so either DPR actually gave it to them, which makes no sense, or they have had physical access to the SR servers, which brings us to question

Ive read that ... When Ulbrict was arrested the FBI supposedly waited for him to log on to his computer then grabbed him before he could shut down. Perhaps there was some sort of encrypted info on his laptop that they wanted. As for the SR server , the FBI admits that they located it by July of 2013 and that the country where it was located was cooperating with them. So they could have shut SR down any time they wanted to after July of 2013.

Quote
2. How did they find the SR servers? If TOR is so secure, how the hell did the feds locate and seize it's fucking servers?
If they actually did that, it means SR has been compromised for a long time, and LE would have been able to basically impersonate everyone on the road, including DPR himself. But why did they wait until now to shut it down?

Its not clear how they found the server. Or why it took so long. The messages that initially were posted in 2011 to publicize SR and then to ask for programming help led them to this Ross Ulbrict person very early on. Since he was a US citizen , it would be easy for them to spy on all his communications , e-mail , finances , phone-calls , postal mail and movements. So why then did it take them more than two years to arrest him ?

Quote
4. Why would DPR try to broker a drug deal and then hire a hitman? Makes 0 fucking sense, by their own claims he was making more money from commissions than that kid could launder in a fucking lifetime. Sounds like a CEO getting a second job as a housekeeper...

The murder for hires are the most bizarre part of the story. The FBI claims to have transcripts of DPR discussing having 'FreindlyChemist' murdered from April and May of 2013. Does this mean that DPR discussed a *murder* using the Silk Road PM system and did not use encryption, and did not even bother to delete the messages between then and the time the FBI says it had a complete image of the server in July ?
Title: Re: Questions about the SR bust? Is it possible that TOR is compormised?
Post by: saro on October 07, 2013, 12:35 am
Silk Road was not the Tor network. Tor is not compromised - the network itself runs fine and it is near impossible for any LE or person to decrypt and identify users simply using the Tor protocol. The government has been trying to do this but has only been able to with an extremely small amount of success. I would not be worried about the Tor network alone. To answer your questions:


1. DPR was arrested the day before the site was shut down. The criminal complaint was published/found the next day and the site itself was shut down the next day as well. That is when everyone began talking about it as well.

2. This isn't fully answered yet, and I'm sure we'll find out in the coming months, but from limited research and information there was an apparent code leak in the SR code which allowed a user/users to identify an IP address(s) for a SR node. That was traced to a provider (based in the UK, I believe) who wasn't aware that SR was hosted with them, and the provider took appropriate action. Now there's no saying that was the main SR server or the only SR server, but it was enough to get full images of the site since July.


3. Can't answer this question. I'm not a developer myself however there are various potential reasons why that may have been there. It may also just be there to further justify the warrant. We'll get the details in the coming months.

4. This was likely a set up, although (again) we'll probably find out the real details in the coming months. He was set up by FBI agents earlier in the year (not mentioned in the final warrant that most people read online) in Maryland and ordered a hitman for 80K. The one mentioned in the main complaint (for 150K) was likely something similar, but details remain about this. Likely all of this was used to tie DPR to SR as the main man. By having a) that many bitcoins, b) utilizing the DPR handle which was confirmed as the main administrator account on SR to send PM's and otherwise, and c) ordering fake identification documents from the same person who he ordered a hitman from (for 150K, which was likely an FBI agent), which was intercepted because the LE knew it was coming since it was their agent all along.

By ordering those fake IDs, they had his picture and address. They questioned him about it and he said "someone could have theoretically purchased them from a site called Silk Road" and no further action was taken against him at that time. But now LE had his photo/address and could further verify that the DPR handle on SR was used to order these documents. Why the hitman scenario was hired was likely to make him look bad to a jury and also to get his attention and build trust in the user (who was, again, almost certainly an FBI agent all along). Also, many members who were respected here (vendors and otherwise) who spoke to DPR mentioned that he would casually send messages (sometimes of pretty sensitive information) unencrypted until they would request PGP. Many said that they have no trouble believing he would send PM's without PGP.

In the end, it was just cockiness and simple mistakes that led to his arrest and seizure of Silk Road. Thinking you are invincible can lead to your demise.
Title: Re: Questions about the SR bust? Is it possible that TOR is compormised?
Post by: slyguy498 on October 07, 2013, 12:38 am
and i heard he didnt even log into the SR server using TOR. like wtf was he thinkin?!? its hardly believable the mastermind behind all this made such stupid and simple mistakes.
How was he not using the very security he tried to drill into our fuckin heads?!?!
Title: Re: Questions about the SR bust? Is it possible that TOR is compormised?
Post by: munkies on October 07, 2013, 12:58 am
I see, I'm curious about how that code leak might have occurred, it's important that successors to the road don't make the same mistakes. Also, the fake ID story also raises some question marks, they say he needed the fake ID's to rent servers, that makes sense, but why would he use his real picture on them.
Also, I think a man with his that much money and so much heat should have considered leaving the US long before this happened. I honestly doubt this Ulbricht guy is really the mastermind of all this.
Title: Re: Questions about the SR bust? Is it possible that TOR is compormised?
Post by: saro on October 07, 2013, 02:03 am
I see, I'm curious about how that code leak might have occurred, it's important that successors to the road don't make the same mistakes. Also, the fake ID story also raises some question marks, they say he needed the fake ID's to rent servers, that makes sense, but why would he use his real picture on them.
Also, I think a man with his that much money and so much heat should have considered leaving the US long before this happened. I honestly doubt this Ulbricht guy is really the mastermind of all this.


I believe he also wanted to use the IDs for leasing an apartment. He did use fake ID to lease an apartment and even went by a fake name to many of his friends. Obviously a fake picture wouldn't work well if you were using the ID in person to person matters as well.

Agreed - not sure why he was in the US. Was surprised when I found that out.

More information on the code leak - *CLEARNET* - http://security.stackexchange.com/questions/43266/in-the-silkroad-takedown-what-does-it-mean-an-ip-address-was-leaking-in-tor



Title: Re: Questions about the SR bust? Is it possible that TOR is compormised?
Post by: modziw on October 07, 2013, 03:36 am
I had a private communication from DPR shortly before his demise and he used PGP. It was so sensitive and related to LE that I can not say more, however if someone who is trying to unravel this mystery wants to discuss a little, I think I have clues that I do not fully comprehend.

Let me put it this way, doesn't the DPR we all know and love seem different that the one described in the police reports?

He used great caution in talking to me, used PGP and insisted that I not talk to anyone about the contents of his communiques.

I would love to reveal more to a trusted Admin or Mod. and see what they make of it...

Modzi


-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFGzbhMBEADUvU/3f+0Y5cwsX158+4ugid6L/CoVSLoHEwzGdygg86YAr9RB
aR8CMghxkBMoeuSUM6B/Bu1koCp6R0g4vksZ2zDV+GbegiKOOY6AttkIoI17LX50
eChYGuhWbbgSl8EYUGi2RQM6T3oenwDp/6AaeLeB9AQKqzCoqXiL1tQTDNiCphX+
UQxiFw/JctyaMZiE8VcXTS9feG8DeOaBb5+/pGPigRs5bhdzorsGJKOiJVOvZdQN
4WafPSOC3cwuewHrFyksF0DUiUf8bAu7iRorKDEqoArgkUGbhQz6q6iZkeRaayc2
DBe9uKF+R8IP/k4WbdmH6zM21NU5ymiZ+blIy3V3hrkJP3ytwRcKVCGWgf9Z+lvZ
Mn4E/eAcMI0IwLL8VKWgL0+ELZj2cHoZ2DARlPuNlvsIP3SQrDJQBv6IlBDTim9t
ZxRQPLOLiP6rerh1RF87EKoHSOsADGnOzAW7i4/GZynCSKmGdZ7r0BciZ33tInct
0a/wyKcoA/3Gr3LHUGI6K1+Qr2vOZPabhEeL+8t/Gmf21v4y3gFBZ9/ajqZUuVoj
qETbCMU/MOTbAM129EYy3RcS3ZjRNeML93Cp8D1GrBw50d0AGaZLfCqXTHzOou9R
JoVPmyBos8+nEN8K/tGL0nOp3Fsl7ag4XMf+0mdDHHTnI9AgXFfp9dKlowARAQAB
tEtNb2R6aVdpemRvbSAoVGhpcyBpcyB0aGUgbmV3IDQwOTYga2V5IGZvciBNb2R6
aVdpemRvbSkgPHdpemRvbUB0b3JtYWlsLm5ldD6JAjkEEwECACMFAlGzbhMCGy8H
CwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRBuFkkWmKAA+frFEACo42OflgcW
UIVLQdgaArcZ+nYkbhgVArnbdXTClpKcKRfNeGYfcWFYfKoKu4nQadxHBQL6KPgu
eikNZm5eLUryrgPAdH47bmJL1NdHA2V+2Fxjw9n+JiieAJ6wuUOLcRg6MMZmp77k
LyuAkHvS1LGZx/9MfZOyfkhkI9elF1xbWNFLj9DtyWAOnGA50PZN87IFcanlba3D
1v/8TwHHTYNIfrQ3oWtvHB37ov9JSSa0NTAjp+dW9jS2pSPVNA3N/0lS7IMWVpJi
TfDGfFB/omUckGy/2bFpDTYWnk6itjAQu/8yJOu3KJpWVxBuUNRwZxldc4YCt8lY
jNqauF8ry/7mOA3QEWYf62HjMRGSiGMDsl5jbaZ73EEhNXN2Vrwi5wwUGmNKtBPO
x7SLpRIFSaMWnKg5qnoR3hf8sz4cWHXK5qsKob8eVzO5n7A971pKWYt7On56gOS4
vH1T6+od9G+Qx5jnhMPT7zkysCJam81adgGTvTycy7G08jHfVGmEHIVHMqtSH+FU
RcNDnjeTNsGnf2hoPKc5Z/OSHEBVinL/t4nNfq0wVcbXCwU7dvOi6r2y85i01AK1
A+X6kNNSaCk2Gterq2vOAVnwZNlEV2jCMF4Pqkc0MrLSlAZyq1zD/3m6KBWL/JCt
rjcpUvsLrWicXkmsRkGmb6fXaxxCDL+QQrkCDQRRs24TARAAx9ESF+2g5mpHbeoj
ornA63wtWM/nzMBXmNkaDgcT0BDEZ8KJ9NdoiKwfxdC74DOVpye4uU5bjDkdczw2
QUtHIyJV69h8bXrtoCf38tXOdv6fOLNJtp8HNHcil3AuKBtc+cspu8R4kTu/hNVA
2T4at23GxgyBNtG2b6mKcNuDzax92rVXMR/4M3dUUTq8tkuYj7BsW69gC9B7XL8E
M/i9UJJZTFPFsHSBMAe3b2Ee2CJmmmyEQ848o7tmVVUfio+zr9yMo3OCADs9ihmr
Tcd1jMTqnjQ2NADvk/LLWa/sEzMk38KgYF+mhiJKAL7EUOAmYKbyT0BcEBkXzBHz
8FZmo72hbvHgenCZw5kYvGdGagSzO4VaJSYFnmRjbtfSOCch3LH/buJvBb55FnmT
kEYe4Ea0tpKfe94QCaG2PdF4Sy4tpWmLRgHm7apNTgsduA+//uQ4rbGlzq0m9qTg
8Bdhy00qK/Pv271gktS2dqj0oOmtIJyQ9XoggYRwSFG1/j2NLc8ZODnA/L16PXdL
rrFUyr76dJS2FJJXon7AQVavY7GwvEGixo7k/zsqywdwZbW4c2L9fVyuXhCpaR9R
W763qFhjt02zN1iXO9LI/iUYnnBTu/GoDUVEZ7f9kCQdsrgcATHyNiv0eX+DAmS2
4nsAVnGDbkMgjU7V2shUx5IGYpsAEQEAAYkEPgQYAQIACQUCUbNuEwIbLgIpCRBu
FkkWmKAA+cFdIAQZAQIABgUCUbNuEwAKCRCSW3oiCi65PFKxD/47G5wPkjTQRgMw
TSV5Bp6VR/I+QSCQwn2lDRrZ/MR5aDKeC5TnBx8dKqPpGxdbfwkmwIw1hwwSN6e6
HOGYG24IjMBQlKPyKbrdCQwOXTTDcM8T7hTDPMbPrkK6KgYDthAhnNq8ddM8dj+y
6E5Yg1n17qw7/O89YElxyI2uhrk1qkkYusfjl7wOGq5mHhRgMSyqe5pT/a7vdvV3
Tujlz87n7fa3fugSi3nzbbZH7wlno03Ac4RxQa5anaG7zSTkNIIOMDRKqQ9ivr7+
geP0nfcZyVwPv3riDVW1hx0JHqj1c/+LGjHTcpp/qOrb/JqDr1fbEVGdgDcZH6dN
2/nK+35V0jNNAmZeZ0GDf92Ci+YnxJLbYMOU3FeVNvcL5IsesHMnndr8/xZ5FxL3
jIi+M9Iyd+wLFwbv7IwmScsYtN7GRtcxS8ydBBIPmgbx18HlpOfpXFlSKTwfHfWv
oPc1XkJwvETl4NNHLdljuo4KRmltzB/TYAlh8CxIBhYk8DjcjfyFDIjpQ0shq/OH
2FmuJIMhvKROe6jMa1oh1qhW+BvfaebqX5bWFt6QqzmJ9StV7608G32yGUd6Wq6/
6qvr5+BdL+xpLQjbNK6bSF5ChRTdmdpQf4pJfTrGlftZMtzwKWBG0cbxcRddPE/4
07Dz4nO7vFZnMCNk7hDkXtfoZNq61IYVD/0X8i47/GLJyb/4qTnWGaL8njdllWd/
t9HiYi8zpsfNnYPxfK5NnSbinCMCvuTZItpPOro4atKYtyZEd0IgrJab99BBxuWc
bWN+BfmNZ8bqYC4CNoIJ/jkNZHhEK2eKw3EJp06wQ27M5TE/loU/lZ2IaL/jFI1h
vIJtWvAN4p6dZs254nFncJKhNXNSELqEv2Th75OnRCQk85raQSSW4YAaVuXgjDie
RfE22KHRVb/uoLVLQQUAqkQVVce+ACegD2aT5r0X+EfNlcQxN+lC1zg+Sk1WZjrL
Zefi/gb3h2QPgoQr83uQ/rmkMh/ZvS1LGy4yZ4T5VLQM7z8t9kjEB0TqwsZT++aX
6IF/S8zTGuUKyh3oE9KaoZ7puqXYDvvlXBvaV+4foa3Pvm9dsp3gZTVFhikiJRiU
u3tzNQgtjb18fcjyXU33hdRrlBL1BxLigCYjzKWOZ+qLV9GWF5Yd5kk5jOkmZxc6
9wLe+dq216P1sM6VXmsDenHFnW3zRldVpJAZrDu+0m2t7ijgi9snrR2kBZsa2+py
qERxGMaNkWUOS2yBtBXjyQkPxgiroZ8BMDKYLgDyQd/nprEIbdF9242mp8OZUg3Q
c3VcN+I6uQdTYyp+Y7sgcfUcni4MJArozxbRTYR6l+6McBrDE0kfTqR27D4ImYjt
WjySlUHlLOBZ4g==
=O7m4
-----END PGP PUBLIC KEY BLOCK-----
Title: Re: Questions about the SR bust? Is it possible that TOR is compormised?
Post by: Cornelius23 on October 07, 2013, 03:45 am
Its not clear how they found the server. Or why it took so long. The messages that initially were posted in 2011 to publicize SR and then to ask for programming help led them to this Ross Ulbrict person very early on. Since he was a US citizen , it would be easy for them to spy on all his communications , e-mail , finances , phone-calls , postal mail and movements. So why then did it take them more than two years to arrest him ?

Although it seemed that he was promoting SR, they don't appear to have linked him to site administration until last June.

The murder for hires are the most bizarre part of the story. The FBI claims to have transcripts of DPR discussing having 'FreindlyChemist' murdered from April and May of 2013. Does this mean that DPR discussed a *murder* using the Silk Road PM system and did not use encryption, and did not even bother to delete the messages between then and the time the FBI says it had a complete image of the server in July ?

Bizarre indeed. As Mr Ulbricht is not being charged for this and it seems doubtful that any evidence will be provided that any physical events took place, the 'FriendlyChemist' tale is starting to look like pure fabrication. The Baltimore charges concern me far more but that story too, as presented, has some peculiar oddities.

I had a private communication from DPR shortly before his demise and he used PGP. It was so sensitive and related to LE that I can not say more, however if someone who is trying to unravel this mystery wants to discuss a little, I think I have clues that I do not fully comprehend.

Let me put it this way, doesn't the DPR we all know and love seem different that the one described in the police reports?

He used great caution in talking to me, used PGP and insisted that I not talk to anyone about the contents of his communiques.

Oh, how I ache to know what you know, as probably does everyone else here.

He told you not to tell, however, and I respect his wishes. Once all this is done, perhaps.
Title: Re: Questions about the SR bust? Is it possible that TOR is compormised?
Post by: munkies on October 07, 2013, 11:14 am
I'm still curious about that code snippet from stackoverflow, from the limited programming knowledge I have from high school I can't see any relevance it had for the SR website. SR and Tormail were completely separated services, just why did they need a php script to connect to it?
Title: Re: Questions about the SR bust? Is it possible that TOR is compormised?
Post by: modziw on October 07, 2013, 01:06 pm

I had a private communication from DPR shortly before his demise and he used PGP. It was so sensitive and related to LE that I can not say more, however if someone who is trying to unravel this mystery wants to discuss a little, I think I have clues that I do not fully comprehend.

Let me put it this way, doesn't the DPR we all know and love seem different that the one described in the police reports?

He used great caution in talking to me, used PGP and insisted that I not talk to anyone about the contents of his communiques.

Oh, how I ache to know what you know, as probably does everyone else here.

He told you not to tell, however, and I respect his wishes. Once all this is done, perhaps.

I have related the information to an admin/mod and maybe there will be some insight derived from it. If it is anything that can be publicly disseminated, I will post it here.

If nothing else, let us hold onto the thought that perhaps, just perhaps, our dear leader was not the fool portrayed in the indictments. There is often more to life than that which meets the eye.

Modzi