Skip to main content
06 Sep 14

 

 

Ever since October 2013, when the FBI took down the online black market and drug bazaar known as the Silk Road, privacy activists and security experts have traded conspiracy theories about how the U.S. government managed to discover the geographic location of the Silk Road Web servers. Those systems were supposed to be obscured behind the anonymity service Tor, but as court documents released Friday explain, that wasn’t entirely true: Turns out, the login page for the Silk Road employed an anti-abuse CAPTCHA service that pulled content from the open Internet, thus leaking the site’s true location.

 

http://krebsonsecurity.com/wp-content/uploads/2014/09/leakyship-285x111.png

Tor helps users disguise their identity by bouncing their traffic between different Tor servers, and by encrypting that traffic at every hop along the way. The Silk Road, like many sites that host illicit activity, relied on a feature of Tor known as “hidden services.” This feature allows anyone to offer a Web server without revealing the true Internet address to the site’s users.

 

Full Article

 
The following article is a update on Leaky CAPTCA

 

(FBI Says Leaky CAPTCHA Was Used to Locate Silk Road Server, Experts Doubtful)

 

By Eduard Kovacs on September 08, 2014

 


  1. S. law enforcement authorities claim to have leveraged a leaky CAPTCHA on the login page of Silk Road to identify the real IP address of the server hosting the website, according to court documents filed on Friday by the prosecution.
Silk Road was a notorious online criminal marketplace that leveraged the Tor anonymity network to protect itself and its customers. The website was taken down in October 2013, when 30-year-old Ross W. Ulbricht, believed to be “Dread Pirate Roberts,” the mastermind behind Silk Road, was arrested.

Ulbricht's lawyers have questioned the methods used by the FBI to track down the Silk Road servers and their client so a former agent who was actively involved in the investigation provided a fairly detailed description of the agency's actions.

The defense and many others believe that the NSA might have been somehow involved in the law enforcement operation against Silk Road. However, former FBI agent Christopher Tarbell, who currently conducts cybersecurity investigations at New York-based FTI Consulting, claims that a leaky CAPTCHA helped them track down the Silk Road server's real IP address.

 

SecurityWeek/ full article here/ http://www.securityweek.com/fbi-says-leaky-captcha-was-used-locate-silk-road-server-experts-doubtful

 

Reply