Silk Road forums

Discussion => Security => Topic started by: kmfkewm on February 17, 2012, 10:38 pm

Title: [intel analysis] SR Security Key Assumptions Check
Post by: kmfkewm on February 17, 2012, 10:38 pm
edit: got bored, will add more later, plus go into deeper analysis with potential solutions to some of the identified problems, and citations to documents supporting the probabilities I gave.

I will write one then others can do their own or comment if they disagree. Key assumptions check is technique I just learned from this pdf: https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/books-and-monographs/Tradecraft%20Primer-apr09.pdf

Essentially, you state your assumption, and then you assess it. I will write based on the assumptions of the average SR user. I will try to use Kents Words of Estimative Probability:

Quote
Certain    100%    Give or take 0%
The General Area of Possibility       
Almost Certain    93%    Give or take about 6%
Probable    75%    Give or take about 12%
Chances About Even    50%    Give or take about 10%
Probably Not    30%    Give or take about 10%
Almost Certainly Not    7%    Give or take about 5%
Impossible    0    Give or take 0%

The format will be:

Assumption
       |
     \   /
Assessment

with the probabilty of the assumption being true being represented by the first words of the assessment.
________

Law enforcement will not directly target buyers. (Law enforcement are interested in targeting dealers only. Customers are not big enough targets for them to waste time on, they really are not that interested in personal use amounts, the only reason they target users usually is so they can work their way up to vendors and with SR this isn't really feasible.)

       |
     \   /

Probably not true.

(Due to the inherent weaknesses involved with receiving product, and the relatively strong security techniques being used by vendors, it will be much harder for law enforcement to successfully compromise a vendor. Due to the media attention SR has attracted, as well as calls from high ranking politicial officials to shut it down, it is probable that law enforcement agencies are feeling pressure to make SR related arrests. The easiest way for them to reach this goal will be the targeting of customers. Furthermore, if these arrests are highly public they will serve as a deterrence and will likely cause a chilling effect, reducing the activity levels on SR as well as making many others afraid to participate in the first place.)

________________________

Law enforcement will not use highly technically sophisticated attacks for busting customers. (Technically sophisticated attacks are not what the majority of agencies targeting SR are used to using, they will not spend the relatively high amount of resources and expertise required to use these attacks against personal use drug customers)

       |
     \   /

Probably true. Law enforcement, and particular drug enforcement agencies, traditionally use human intelligence based attacks. They have skill in this area. Additionally, there are software systems that make human intelligence attacks in online anonymous environments particularly potent (persona management software allows a small team of agents to operate a great deal of distinct pseudonyms simultaneously and with little effort). Address harvesting attacks via human intelligence undercover operations will be an effective enough technique for the gathering of significant amounts of customer information, there is no requirement for law enforcement to engage in more sophisticated technical attacks. Human intelligence is almost certainly going to be the weakest link.

________________________

Law enforcement will not use highly technically sophisticated attacks for busting vendors.

       |
     \   /

Almost certainly not true. Pretty much the only way they have to bust vendors is to use some attack that will generally be perceived as an advanced technical attack by the average SR user anyway. (It is also a safe assumption that the feds will try to bust vendors with targeted technical attacks)

___________________________________________________________________


Federal police level attackers will not focus much resources on customers. (They will focus on vendors)

       |
     \   /

Chances about even. From their perspective, they certainly have bigger fish to fry. On the other hand, getting drugs in the mail and money laundering are federal crimes. It is probably most likely that if federal agencies get involved in attacks against personal use customers, that they will refer the cases to local police departments. The feds must be feeling pressure to bust SR users, and they will probably have a much easier time to bust customers than vendors. On the other hand, local law enforcement agencies can focus on customers with federal agencies focusing their resources on vendors, with feds handing off customer cases to the appropriate local law enforcement branches. This is roughly equal to how multi-jurisdictional multi-target-level cyber operations are handeled in the realm of child pornography trading...we may see the same model develop against online drug trafficking.
__________________

Law enforcement will not be able to use dragnet screening and interception technology to intercept a significant amount of packages sent by SR vendors. (As this method of smuggling becomes more and more mainstream, law enforcement will focus more resources on screening mail and this will lead to significantly higher interception rates)

       |
     \   /

Almost Certainly true. There is simply too much mail going through the system for passive dragnet screening measures to inspect more than a small percentage of it. Proper packaging techniques can further reduce the risk of mail being screened, and of screened mail having contraband detected. Unless there is a break through in drug mail detection scanning technology, physical analysis of mail payload data (drug dogs, electronic sniffers, X-rays, infrared, etc) and manned meta-analysis (manne package profiling) are not likely to result in significant rates of interception.
___________

Law Enforcement will not be able to automatically perform traffic analysis on the mail flow and use the raw intelligence from this to identify addresses involved with drug trafficking, ie: Law enforcement will not be able to use *targeted* screening and interception technology to intercept a significant amount of packages sent by SR vendors.

       |
     \   /

Almost Certainly Not True. Mail sorters have the capability to create computer readable databases of shipping routing information (return address, shipping address, date) and these databases can be queried with algorithms capable of identifying suspicious boxes (and if enough data points are available, specific pseudonyms addresses ). There is nothing advanced about this sort of intelligence gathering and analysis, and on a country by country basis it may or may not be illegal for law enforcement to engage in this sort of intelligence analysis to better target their interception detection technology / human screening-profiling systems.

__________

Law Enforcement will not be able to directly break the encryption algorithms used by Silk Road vendors / customers for communications security and anonymity and financial transfer.

       |
     \   /

Almost certainly / certainly. Although it is technically possible for strong asymmetric encryption algorithms to be directly broken, it is unlikely that any attackers are capable of this. If any attackers are capable of this, they are almost certainly cryptographic intelligence agencies. Unless there is a mathematic break through or an attacker manages to stabilize enough qubits, it will be impossible for anyone to directly break the encryption algorithms Silk Road users are using. If such an attacker exists or comes to be, they will almost certainly not be a police agency.

______________

Law Enforcement will not be able to trace the Silk Road server.

       |
     \   /

Almost certainly not true. There are many purely traffic analysis based attacks for deanonymizing hidden services. These attacks have been carried out against the Tor network in practice. The countermeasures taken by the Tor devs buy time but they are not enough to prevent a trace, particularly by a law enforcement level adversary. It is very probable that law enforcement will be able to trace the Silk Road server within a few weeks of trying, with minimal resources.

_____________
Law Enforcement will not be able to directly break the anonymity solutions being used by a significant percentage of SR users (~10%-20%+)

       |
     \   /

Probably not true. Law enforcement will likely engage in active attacks against the Tor network, where they add nodes and analyze the signals intelligence gathered from them. Even if they do not do this to specifically target Silk Road users, they will to target pedophiles and the intelligence gathered will have an effect on SIlk Road users as well. If LE manage to watch traffic enter the Tor network and reach its destination, they can use timing correlations to link the sender and receiver even if they can not view middle nodes. Since it is very probable that law enforcement can trace and then passively observe the Silk Road server, it is likely they will be able to trace anyone who uses one of their entry guards to connect to Silk Road. Depending on the number of nodes law enforcement agencies interested in SR (or interested in sharing intelligence) have managed to get 'entry guard flags, it is not at all unrealistic for them to be able to deanonymize a significant number of Tor users connecting to SR. As entry guards change on a monthly basis, over time LE will be able to deanonmize SR users who they previously could not. 

Additionally, many Silk Road vendors are not using bridges. Law enforcement can very probably enumerate very large numbers of Tor client IP addresses by passively monitoring a few key directory authority IP addresses. By intersecting the population in a rough radius around where vendors ship from, with the list of all enumerated Tor client IP addresses, law enforcement will likely be able to entirely deanonymize some vendors, and narrow in significantly on other vendors.
_____________________________

Law Enforcement will not be able to directly break the anonymity solutions being used by a large percentage of SR users (50-75%+), in a relatively short period of time

       |
     \   /

Almost certainly true. It does not appear that law enforcement have begun to significantly perform sybil (node flooding) attacks against the Tor network. Had they, some pedophiles who use Tor would probably have been busted by now , in such a way that their arrest is leaked to the news or underground community. Law enforcement generally appear to lack sophisticated traffic analysis knowledge, although this should not be relied upon as the required information can be learned with a few years of study, less if a basic knowledge is already established. Most law enforcement traffic analysis operations are very simplistic and target CP traders. Tor does a good job at preventing LE level attackers from deanonymizing large percentages of users via profiling attacks, but it doesn't prevent LE from deanonymizing some X% of users (with X depending on how long LE run their profiling attacks for and how many entry guard flagged nodes they have). Tor bridges probably do a decent job of preventing LE from doing observability based attacks against some percentage of nodes.

_____________________________

Law enforcement will not be able to by pass the anonymity and encryption solutions of a significant  (5%+) number of SR users via by pass attacks (ie: hacking / social engineering followed by technical exploit).
 
       |
     \   /

Probably not true. Many users are probably not using Tor Button or hardened browsers. Law enforcement will be able to deanonymize them. If LE posts a link to a PDF that connects to a server that they control and encourage SR users to view it, they can probably deanonymize a significant number of the people who download it. If they make a rooted live USB , they can probably get a significant number of people to use it. This sort of social engineering + technical attack alone could probably deanonymize a significant number of SR users (in the case of the live USB it could even deanonymize the people who place orders with them).

Technical attacks without social engineering components can also likely compromise a significant percentage of SR users, although it may be harder to do many of these attacks without being noticed. If LE takes control of the SR server, which they almost certainly can do, they could embed java and flash. This would deanonymize everyone with improperly hardened/configured browsers, but it would likely be noticed fairly quickly.

LE could also engage in more sophisticated technical attacks without drawing attention to themselves. However, it seems improbable to me that many law enforcement agencies are technically capable of pulling off such attacks. Some probably are though. They will not likely be able to compromise many people who practice serious computer security with this sort of attack .

_______________________

Intelligence agencies will not be able to by pass the anonymity and encryption solutions of a very large  (99%+) number of SR users via by pass attacks (ie: hacking / social engineering followed by technical exploit).

       |
     \   /

Almost certainly not true. If NSA wanted to map out the entire SR network by real IP address, they would almost certainly have no trouble doing so with zero day vulnerability combinations. They also would be almost certainly not detected in doing this. They would also be able to spy on all communications between all SR users in the same way.

exception: Users who properly implement physical airgaps could avoid having their  plaintext communications contents intercepted by the NSA in this way, however since they could certainly be traced in this way NSA could get their plaintexts in other covert ways (targeted transient electromagnetic signals analysis etc).

________________________________

Intelligence agencies will not be able to deanonymize large percentages (99%+) of SR users via direct attacks on their anonymity systems.

    |
   \   /

Almost certainly not true. NSA samples traffic at IX's. Sampled Traffic Analysis by Internet-Exchange-Level Adversaries : http://freehaven.net/anonbib/cache/murdoch-pet2007.pdf

_______________

Intelligence agencies will not involve themselves with attacking SR

     |
   \   /

Almost certainly true. Unless SR becomes a serious threat to the political establishmen I don't think any intelligence agencies will think twice about it. This is not likely to happen unless SR starts organizing/funding violent attacks against government, imo (making it a national security risk).

_________________________

Law enforcement will not compromise the SR server and harvest all unencrypted addresses from the server. 
   
     |
   \   /

Almost certainly not true. There are too many attack vectors through which they could do this and SR server is protected from almost none of them. Hardest case they will trace the server, dump keys from RAM into a forensics laptop, root it from there and gather all the unencrypted addresses sent through the server. Simplest case they remotely hack the server through some security bug in the code and get to the E-mails from there. I find it extremely unlikely that LE will not do this and I find it just as unlikely that SR will be able to prevent it unless they majorly rehaul their security. Then again, I don't exactly know the security techniques they are implementing to prevent such a thing. I am almost certain they are not protected from this though.

_________________________

Law enforcement can not deanonymize significant percentages of SR users based off of financial network analysis

     |
   \   /

Probably not true. Most users are not properly unlinking their coins from their identities.

Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: zomgwtfbbq on February 18, 2012, 02:19 am
Quote
Law enforcement will not directly target buyers. (Law enforcement are interested in targeting dealers only. Customers are not big enough targets for them to waste time on, they really are not that interested in personal use amounts, the only reason they target users usually is so they can work their way up to vendors and with SR this isn't really feasible.)

Probably not true.

In the near term [next 6-12 months], anyway, this is "probably true" as opposed to "probably not".  LEOs have limited resources, finite budgets, and like all government agencies, have to play the standard game of cost-benefit analysis in determining what avenues to pursue and what avenues to back-burner.  Barring an unfortunate chain of events in which some LEOs just get lucky and stumble upon a buyer, busting a buyer is still almost certain to require significant inter-agency cooperation, not the least of which is going to be involvement from US postal inspectors.  Given the increasing financial difficulties faced by the postal service, it is probable that there will be budget cuts to this arm of the postal service along with the rest of the organization, further reducing the resources available for investigating SR activity.  Unless there is a "think of the children" sort of event, a la the death of Ryan Haight and the subsequent crusade embarked upon by his mother, pressure from high-ranking political officials probably will not be any more sustained and/or vociferous so as to motivate LEOs to do much more than they are currently doing (as it relates to specifically targeting buyers).  This is a presidential election year.  The politicos have more important things to worry about for now.  As to how this all plays for SR buyers outside the US, I don't know enough to intelligently speculate; it will almost certainly vary on a country-by-country basis, though.

Quote
Law Enforcement will not be able to trace the Silk Road server.

Almost certainly not true. There are many purely traffic analysis based attacks for deanonymizing hidden services. These attacks have been carried out against the Tor network in practice. The countermeasures taken by the Tor devs buy time but they are not enough to prevent a trace, particularly by a law enforcement level adversary. It is very probable that law enforcement will be able to trace the Silk Road server within a few weeks of trying, with minimal resources.

You might be right, but if it's so easy for LEOs to trace the SR server, and it could be done within a few weeks of trying with minimal resources, how is it that we are all still here?  They've certainly had more than a few weeks to try it.  It seems logical to me that if they could do it so easily, then they have already done it, and thus they would know where the SR server is and the proverbial shit would be hitting the proverbial fan.  If that's the case, why allow it to continue running?  SR isn't going to lead the DEA to the cocaine kingpins of Mexico - shutting it down would be a much bigger win for them than, say, busting Pharmville.

Quote
Law enforcement will not compromise the SR server and harvest all unencrypted addresses from the server.
   
Almost certainly not true. There are too many attack vectors through which they could do this and SR server is protected from almost none of them. Hardest case they will trace the server, dump keys from RAM into a forensics laptop, root it from there and gather all the unencrypted addresses sent through the server. Simplest case they remotely hack the server through some security bug in the code and get to the E-mails from there. I find it extremely unlikely that LE will not do this and I find it just as unlikely that SR will be able to prevent it unless they majorly rehaul their security. Then again, I don't exactly know the security techniques they are implementing to prevent such a thing. I am almost certain they are not protected from this though.

If you don't actually know anything about what SR is or is not doing with respect to server security, there's way too much assuming going on here to view an assessment with this level of proclaimed certainty as anything more than a warning to keep our tinfoil hats on and use PGP on fucking everything.  (Maybe you know more than you let on - who really knows who knows what about how this whole place operates?)  There are few things more frustrating than sending someone a PGP message and getting plaintext in return because the person on the other end couldn't be assed to deal with it.  But that's an aside.  I have no doubt that LE would like to compromise the SR server and harvest anything they can, but whether or not they have the capability to do so is a completely separate matter.
Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: kmfkewm on February 19, 2012, 01:39 am
Quote
You might be right, but if it's so easy for LEOs to trace the SR server, and it could be done within a few weeks of trying with minimal resources, how is it that we are all still here?  They've certainly had more than a few weeks to try it.  It seems logical to me that if they could do it so easily, then they have already done it, and thus they would know where the SR server is and the proverbial shit would be hitting the proverbial fan.  If that's the case, why allow it to continue running?  SR isn't going to lead the DEA to the cocaine kingpins of Mexico - shutting it down would be a much bigger win for them than, say, busting Pharmville.

Why would they take the server down when it would just be put up again in a new location and then they would need to trace it again? They would rather passively observe traffic to the server so they would be able to deanonymize clients with correlation attacks.

Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: novocaine on February 19, 2012, 02:01 am
This is a really good assessment imo and I feel we will start to get an accurate picture of it within the next 12 months
Thank you
Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: johnwholesome on February 19, 2012, 03:40 am
Excellent thoughtful post!

Really made me rethink my security model....
Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: zomgwtfbbq on February 19, 2012, 05:42 pm
Why would they take the server down when it would just be put up again in a new location and then they would need to trace it again? They would rather passively observe traffic to the server so they would be able to deanonymize clients with correlation attacks.

Maybe you and I are using the phrase "they know where it is" to mean something different - but I would think that if the LEOs knew that the SR server was in cabinet 24, row 6, in Joe's Datacenter in Bumfuck, Iowa, that they wouldn't hesitate to seize it (or at least clone it) and send it off to their forensic analysis teams.  They'd have a complete copy of the code and the data, they could subpoena any and all records related to the server from Joe's Datacenter Company, and it would be game over.  Maybe they leave it running and set up port mirroring to capture / analyze all inbound/outbound traffic, I don't know.  But it seems to me that *if* the LEOs know where the server is and have been able to get physical access to it at some point, then the jig is up.

It's a rather unsettling thought.
Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: BuddyRoyale on February 19, 2012, 05:53 pm
Almost everything you post is worth saving.
Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: mju7 on February 19, 2012, 06:28 pm
Do you take amphetamines or does your brain just naturally come up with really long posts :)

A reason why buyers will be targeted is also because customs officers are cunts and can force a prosecution even though local police want to drop the case entirely and even though it is a completely pointless waste of money.
Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: imirage on February 19, 2012, 10:36 pm
Considering the US Intelligence Agencies have a combined secret "Black Budget" of over $50 Billion annually (on top of their regular budget) I just assume they are capable of "anything" they so choose.

But then again I'm certified paranoid, but compare that to the annual budget of SR ya know?

Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: SierraRS on February 20, 2012, 02:41 am
Large and very interesting post. I more or less agree with most of the parts, except the LEO being able to locate SR server. Yes, they can locate it using traffic analysis if it is located in USA. Whole different story if it is located in some 3-rd world country overseas. We argued about it some time ago and I got pissed off by kmfkewm.

And I'm not comfortable to open PDF files from cia.gov :D
Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: kmfkewm on February 20, 2012, 02:47 am
Why would they take the server down when it would just be put up again in a new location and then they would need to trace it again? They would rather passively observe traffic to the server so they would be able to deanonymize clients with correlation attacks.

Maybe you and I are using the phrase "they know where it is" to mean something different - but I would think that if the LEOs knew that the SR server was in cabinet 24, row 6, in Joe's Datacenter in Bumfuck, Iowa, that they wouldn't hesitate to seize it (or at least clone it) and send it off to their forensic analysis teams.  They'd have a complete copy of the code and the data, they could subpoena any and all records related to the server from Joe's Datacenter Company, and it would be game over.  Maybe they leave it running and set up port mirroring to capture / analyze all inbound/outbound traffic, I don't know.  But it seems to me that *if* the LEOs know where the server is and have been able to get physical access to it at some point, then the jig is up.

It's a rather unsettling thought.

They would quite possibly try to clone it but they would leave it running for sure and try to make it look like normal down time. I imagine SR registered the server anonymously so the registration records shouldn't be very helpful. If they get physical access to the server and take it down they just show their cards, and there is probably a complete off site backup and it would be put up on a new server in no time. A technique some people use is to change the physical location of their server on a frequent basis . Might be a worth while technique for SR. If it takes the feds three weeks to trace a Tor hidden service, it would be nice if the hidden services physical location changes every three weeks. Will get expensive to do this with dedicated servers though. Another thing they could consider is hosting with the russian mafia. Then even if the server is traced cooperation isn't likely, they host CP on clearnet and flip interpol off.

http://freehaven.net/anonbib/cache/hs-attack06.pdf


Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: kmfkewm on February 20, 2012, 02:57 am
Large and very interesting post. I more or less agree with most of the parts, except the LEO being able to locate SR server. Yes, they can locate it using traffic analysis if it is located in USA. Whole different story if it is located in some 3-rd world country overseas. We argued about it some time ago and I got pissed off by kmfkewm.

And I'm not comfortable to open PDF files from cia.gov :D

Well regardless of where it is they can trace it up to its entry guards, even if the entry guards are in China or Russia. (citation: http://freehaven.net/anonbib/cache/hs-attack06.pdf)  If they can trace it directly to its IP address depends on if they can compromise one of the entry guards or not. If the entry guards are in the USA they can do this with a trap and trace / pen register order as authorized by CALEA. This part of the process could probably be done in under 24 hours if the entry guards are in USA

(citations:
https://en.wikipedia.or/wiki/Communications_Assistance_for_Law_Enforcement_Act , https://en.wikipedia.org/wiki/Trap_and_trace_device
https://en.wikipedia.org/wiki/Pen_register)

If the entry guards are not in USA they will probably use a mutual legal assistance request (citation: https://en.wikipedia.org/wiki/Mutual_legal_assistance_treaty) through one of their political channels to request the cooperation of the overseas ISP. How long it takes the foreign nation to comply with the MLA depends largely on the particular nation. Some cooperate slowly, some cooperate very quickly. At this point they will be able to get the hidden services IP address from passive monitoring of the entry guard.

There are other things they could try as well, but they are more grey area / illegal, so I think they will just go with a MLAT if the entry guards are overseas. The entire process will likely take no more than a month even if the entry guards are all overseas. Chances are they are either in USA or a European country with fast MLAT compliance though, unless SR specifically set the entry guards himself instead of letting Tor pick them for him (Tor is blind to the legal system of a country, and also blind to how much that country cooperates with USA, and the majority of Tor nodes are in USA and USA friendly European countries).

After tracing the server they will almost certainly leave it up since they can then observe traffic arriving to it. That means that every person who connects to SR with a fed owned entry guard will be deanonymized (citation: http://freehaven.net/anonbib/cache/dsn-09-jing.pdf) . How much damage they will be able to do immediately, and over time, will depend on how many Tor nodes with entry guard flag they have. There are ~900 entry guards (citation: https://metrics.torproject.org/network.html) total and you select three at a time, the three you select change about once a month. Someone else can do the math ;).

If you don't frequently change the physical location of your hidden service it is only a matter of time until a moderate level attacker (able to afford flooding two dozen or so nodes into the Tor network....assuming VPS cost <$100 a month this shouldn't cost more than about $4,800, giving the attacker two months to slowly add the nodes to the network so they don't get removed after triggering the 'node flooding attack' detection algorithms that the Tor directory authority servers use to prevent people with botnets from adding a thousand nodes to Tor all at once....) finds its entry guards. If the attacker can get past the entry guards or not is a different story, but a federal law enforcement agency is pretty much certainly able to do so in the vast majority of cases (I think that 187 different countries have mutual legal assistance agreements with the USA, and the ones that do not probably don't have much internet infrastructure lol).
Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: a_blackbird on February 20, 2012, 06:53 am
nodes with entry guard flag they have. There are ~900 entry guards (citation: https://metrics.torproject.org/network.html) total and you select three at a time, the three you select change about once a month. Someone else can do the math ;).

I like math.  ;)  There are approximately 121 million ways of choosing 3 entry guard nodes from a pool of 900.
Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: kmfkewm on February 20, 2012, 06:55 am
nodes with entry guard flag they have. There are ~900 entry guards (citation: https://metrics.torproject.org/network.html) total and you select three at a time, the three you select change about once a month. Someone else can do the math ;).

I like math.  ;)  There are approximately 121 million ways of choosing 3 entry guard nodes from a pool of 900.

Well if you choose one of their entry guards you are fucked, and you pick three, and there is a total pool of 900, and the three you pick change every month. If the attacker owns X entry guards and can monitor all traffic to SR, what is the probability that they can deanonymize you in Y months. This assumes all entry guards have equal usage and equal chance of being selected.
Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: a_blackbird on February 20, 2012, 07:56 am
Sure, this is fairly straightforward.  For the purposes of this illustration, C(X,Y) means X choose Y - the combinatorial operator defined by C(X,Y) = x! / y! (x-y)!

There are a total of C(900,3) combinations of entry guard.  If there are X "you are fucked" entry guards, and selecting just one of them means pwn3d, then we can figure this out by computing the number of entry guard combinations that contain all good entry guards.  That number is C(900-X, 3).

So... the probability of *staying anonymous* in any given month is

P = C(900-X,3) / C(900,3)

We can simplify this a little bit: 

P = (900-X)! / (3! * (900 - X - 3)!)  * ( 3! * 897!)  / 900!

Which, after some algebra and cancellation, and a little thanks to Wolfram Alpha because I'm lazy:

P = (-x^3 + 2697x^2 - 2424602x +726571800) / 726571800

The probability of remaining anonymous after N months is P^n - so the probability that they de-anonymize you after N months is 1 - P^n.

Let's throw in some sample numbers just to see how it shakes out.  Suppose the feds only control 1 guard node.  Then you have a 99.67% chance of staying anonymous after 1 month, and a 96% chance of remaining so after a year.

Suppose they control 10 guard nodes.  Then you have a 96.7% chance of remaining anonymous after 1 month, but only a 66.8% chance of remaining so after a year.

If they control 50 guard nodes... your chances of remaining anonymous after one month are about 84% - and that drops to 12.7 percent after a year.

Edit... because it wouldn't be mathematics if we didn't consider the more general case where there are a total of k guard nodes.  Assuming that we are still picking 3 from the set, our formula generalizes to:

P(anonymous) = (k-x)(k-x-1)(k-x-2) / (k*(k-1)*(k-2))  -- which is....

Code: [Select]
k^3 - 3x(k^2) - 3k^2 + 3k(x^2) + 6kx + 2k - x^3 - 3x^2 - 2x
------------------------------------------------------------------------
                         k^3 - 3k^2 + 2k
Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: kmfkewm on February 20, 2012, 08:20 am
Thanks. I knew the basic math that had to be done, but unlike you I am a lazy fuck :).
Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: kmfkewm on February 20, 2012, 08:36 am
Anyway there you have it...takes probably a few weeks for the feds to locate the hidden service and passively analyze connections to it....and after doing that for a year you will have about 12% chance of not being deanonymized if they have 50 entry guards.

Best way around this attack is frequently changing the physical location of the server, on a monthly basis or faster would be the best option. For clients the best way to deal with this is the use of persistent entry guards, or using WiFi from random locations in addition to Tor.

BTW the hidden service itself changes entry guards just as quickly, so just from that alone the hidden service could be traced with about 88% probability after one year, if the attacker has 50 entry guards. It is certainly going to be faster for them to brute force circuits up to the entry guards and then use legal power to get entry guards monitored though, rather than playing the "wait and listen" game.
Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: friendlyoutlaw on February 20, 2012, 05:39 pm
edit: got bored, will add more later, plus go into deeper analysis with potential solutions to some of the identified problems, and citations to documents supporting the probabilities I gave.

I ride you a lot, because I don't like the way you present yourself sometimes, but this is a good discussion to have, so thanks for starting us off with a nice big list of assumptions.

The only problem I have is that you started with one very large assumption and didn't really do anything to justify it.

Quote
Due to the inherent weaknesses involved with receiving product, and the relatively strong security techniques being used by vendors, it will be much harder for law enforcement to successfully compromise a vendor.

I don't agree with this assumption (upon which a few of your arguments are built on, that buyers are lower hanging fruit).

I don't want to rat out any vendors, but there are a few that I've ordered from that, were I law enforcement, I'm almost positive I could locate with a single man-week of effort. And that's with zero human intelligence, strictly from evidence that arrived in my mailbox.
Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: kmfkewm on February 20, 2012, 06:01 pm
edit: got bored, will add more later, plus go into deeper analysis with potential solutions to some of the identified problems, and citations to documents supporting the probabilities I gave.

I ride you a lot, because I don't like the way you present yourself sometimes, but this is a good discussion to have, so thanks for starting us off with a nice big list of assumptions.

The only problem I have is that you started with one very large assumption and didn't really do anything to justify it.

Quote
Due to the inherent weaknesses involved with receiving product, and the relatively strong security techniques being used by vendors, it will be much harder for law enforcement to successfully compromise a vendor.

I don't agree with this assumption (upon which a few of your arguments are built on, that buyers are lower hanging fruit).

I don't want to rat out any vendors, but there are a few that I've ordered from that, were I law enforcement, I'm almost positive I could locate with a single man-week of effort. And that's with zero human intelligence, strictly from evidence that arrived in my mailbox.

You are right about this actually. I shouldn't assume that vendors are using proper security. I can say that they are all using Tor though, and that they are not inherently exposing their addresses. Of course they are almost all getting product from someone else. I wonder if the average SR customer exposes their address/activity/nym to more people than the average SR vendor. That is another assumption that needs further analysis (yes, customers inherently give their addresses to get product, but vendors are also inherently giving their information to someone that they get product from, unless they are the chemist/grower). In a discretely measured deal, the customer leaks their address and the vendor does not, however the continuous product flow cycle consists of several discrete deals and all the way to the top this address leaking property is true. What really needs to be considered is how many nodes an address leaks to.

However if we look at the network overlay of SR transactions, and not the wider distribution network(s), it will be easier to get a large number of customer addresses than to get a large number of vendor addresses (since most vendors are not ordering what they sell off of SR but are getting it from private distribution networks). One thing that immediately becomes obvious is that vendors should not be placing orders on SR using the same names that they vend with, or else they will lose this advantage. But really it might not be proper to look at things in such an SR centric way. On the other hand, private distribution networks are more resistant to massive LE infiltrations. If a vendor is buying bulk on screened private forums, it is probably less likely that they are as potentially exposed to LE as compared to someone buying bulk on a public forum.

Also, even with human intelligence ignored, vendors and customers both are much weaker to traffic analysis attacks than I would like. HUMINT is certainly a huge weakspot, especially for customers on non-screened public distribution channels, but SIGINT and FININT are perhaps not significantly protected from for vendors and customers too.

Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: Spedly on February 20, 2012, 07:20 pm
One thing that people seem to forget about when they get caught up in paranoia about Silk Road is that there are bigger fish to fry. There are zillions of CP hidden services. If it's so easy to track down the hosts, why aren't they already shut down? Why did ntisec have to resort to social engineering/phishing in order to get at Freedom Hosting?

I am not a fan of the terrorist United States government on a good day. But if they prioritize SR before CP sites then I really, really fucking hate them.


Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: kmfkewm on February 21, 2012, 07:42 am
Quote
One thing that immediately becomes obvious is that vendors should not be placing orders on SR using the same names that they vend with, or else they will lose this advantage.

They may not have this advantage actually. If LE have intelligence that ten people in X city have placed orders on SR, and they have intelligence that some vendor ships out of X city, they might focus their resources on the ten customers in X city on the assumption that one of them is more likely to be the vendor.
Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: novocaine on February 21, 2012, 08:47 am

I ride you a lot, because I don't like the way you present yourself sometimes, but this is a good discussion to have, so thanks for starting us off with a nice big list of assumptions.


I don't want to rat out any vendors, but there are a few that I've ordered from that, were I law enforcement, I'm almost positive I could locate with a single man-week of effort. And that's with zero human intelligence, strictly from evidence that arrived in my mailbox.

He grows on you...give it some time ;)


Re vendors - So I am not the only one that gets my order wrapped in the local newspaper with inky fingerprints all over the package??
Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: kmfkewm on February 21, 2012, 11:05 am
One thing that people seem to forget about when they get caught up in paranoia about Silk Road is that there are bigger fish to fry. There are zillions of CP hidden services. If it's so easy to track down the hosts, why aren't they already shut down? Why did ntisec have to resort to social engineering/phishing in order to get at Freedom Hosting?

I am not a fan of the terrorist United States government on a good day. But if they prioritize SR before CP sites then I really, really fucking hate them.

It isn't like the government can only focus on one issue at a time. DEA doesn't focus on the CP sites at all.

FBI probably monitors all traffic into and out of Freedom Hosting server. If they have not managed to trace it then the average american citizen should feel absolutely ashamed of the fact that they are funding complete retards. Why would they take it down they would rather bust x% of the people who go to them. Then again I have not heard of anyone who used Tor getting busted for CP. They really have their hands full with non-anonymized CP traders though, every year they are only capable of following up on *1%* of *non anonymous* IP addresses that they detect trading CP from  their dragnet traffic analysis of public P2P networks alone.

Half the time they can't even tie the IP address detected trading CP to a customer address, because by the time they focus human resources to any given IP address usually enough time has passed that the ISP doesn't even have a record of who it was assigned to anymore.
Title: Re: [intel analysis] SR Security Key Assumptions Check
Post by: friendlyoutlaw on February 21, 2012, 11:45 am
So, with all the idiots getting busted shipping drugs that DON'T use SR (like the ones we read about yesterday who got busted in Sacremento, shipping 8-12 pounds of weed at a time), wouldn't a similar argument apply?

Surely there is a lot of clearnet drug trading going on, even if it's not out in the open, similar to CP.

One would think those people would be a higher priority, easier to compromise target...people shipping tens of pounds through the mail, perhaps arranging details over telephones or emails.