06 Sep 14
Ever since October 2013, when the FBI took down the online black market and drug bazaar known as the Silk Road, privacy activists and security experts have traded conspiracy theories about how the U.S. government managed to discover the geographic location of the Silk Road Web servers. Those systems were supposed to be obscured behind the anonymity service Tor, but as court documents released Friday explain, that wasn’t entirely true: Turns out, the login page for the Silk Road employed an anti-abuse CAPTCHA service that pulled content from the open Internet, thus leaking the site’s true location.
http://krebsonsecurity.com/wp-content/uploads/2014/09/leakyship-285x111.png
Tor helps users disguise their identity by bouncing their traffic between different Tor servers, and by encrypting that traffic at every hop along the way. The Silk Road, like many sites that host illicit activity, relied on a feature of Tor known as “hidden services.” This feature allows anyone to offer a Web server without revealing the true Internet address to the site’s users.
Full Article
Dread Pirate Sunk By Leaky CAPTCHA
Userlevel 7
+54
Userlevel 7
The following article is a update on Leaky CAPTCA
By Eduard Kovacs on September 08, 2014
Ulbricht's lawyers have questioned the methods used by the FBI to track down the Silk Road servers and their client so a former agent who was actively involved in the investigation provided a fairly detailed description of the agency's actions.
The defense and many others believe that the NSA might have been somehow involved in the law enforcement operation against Silk Road. However, former FBI agent Christopher Tarbell, who currently conducts cybersecurity investigations at New York-based FTI Consulting, claims that a leaky CAPTCHA helped them track down the Silk Road server's real IP address.
SecurityWeek/ full article here/ http://www.securityweek.com/fbi-says-leaky-captcha-was-used-locate-silk-road-server-experts-doubtful
(FBI Says Leaky CAPTCHA Was Used to Locate Silk Road Server, Experts Doubtful)
By Eduard Kovacs on September 08, 2014
- S. law enforcement authorities claim to have leveraged a leaky CAPTCHA on the login page of Silk Road to identify the real IP address of the server hosting the website, according to court documents filed on Friday by the prosecution.
Ulbricht's lawyers have questioned the methods used by the FBI to track down the Silk Road servers and their client so a former agent who was actively involved in the investigation provided a fairly detailed description of the agency's actions.
The defense and many others believe that the NSA might have been somehow involved in the law enforcement operation against Silk Road. However, former FBI agent Christopher Tarbell, who currently conducts cybersecurity investigations at New York-based FTI Consulting, claims that a leaky CAPTCHA helped them track down the Silk Road server's real IP address.
SecurityWeek/ full article here/ http://www.securityweek.com/fbi-says-leaky-captcha-was-used-locate-silk-road-server-experts-doubtful
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.