Delivery-Date: Fri, 23 Jan 2015 19:41:23 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,
	URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 53D261E0B0F
	for <archiver@seul.org>; Fri, 23 Jan 2015 19:41:14 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 0F5DF33324;
	Sat, 24 Jan 2015 00:41:09 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 8FC9D3329E
 for <tor-talk@lists.torproject.org>; Sat, 24 Jan 2015 00:41:04 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 33I1RZ1ZZPBw for <tor-talk@lists.torproject.org>;
 Sat, 24 Jan 2015 00:41:04 +0000 (UTC)
Received: from mail-we0-x229.google.com (mail-we0-x229.google.com
 [IPv6:2a00:1450:400c:c03::229])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 3BE393329B
 for <tor-talk@lists.torproject.org>; Sat, 24 Jan 2015 00:41:01 +0000 (UTC)
Received: by mail-we0-f169.google.com with SMTP id u56so392248wes.0
 for <tor-talk@lists.torproject.org>; Fri, 23 Jan 2015 16:40:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=7+qxlBJHawlVVp+Y03bgMdmtBOH+DKSaIN/21GHVmfY=;
 b=ODOj4l1YDrX78hDupqwdcAMe4jDri/6yKQMmNDhHWO3jJ2RAlaBpvp2Z+h/OAPMchx
 jnKue2fC3D3hKm+cWr+2pT2e86PqZ+vDC9V3lJ2Q5SL9STsqdR2clWDHla/fmSnmHmT7
 dW4VptmitX/4CquCWSobnca5jDaguoteR29vwxxRGCkJ+VHAkT5aWTj/eiZn4GFKEQzS
 sPZsafaJWhzqAYokxTz0fmbHskGpZHjU3x5oMHnBWZ/t3WHgH09rJAKZWYW/5ExFLQEX
 G43/dIunEan2KD9YMZp6FI785tgzxUPnYSDre8fNiHD0RBs40gTptAC+GgJIgihUIy8N
 Xnfw==
MIME-Version: 1.0
X-Received: by 10.194.239.134 with SMTP id vs6mr18556243wjc.19.1422060058389; 
 Fri, 23 Jan 2015 16:40:58 -0800 (PST)
Received: by 10.194.86.136 with HTTP; Fri, 23 Jan 2015 16:40:58 -0800 (PST)
In-Reply-To: <54C2B931.4000005@umail.iu.edu>
References: <54C02F35.8030101@riseup.net>
	<54C2B931.4000005@umail.iu.edu>
Date: Fri, 23 Jan 2015 19:40:58 -0500
Message-ID: <CAD8GWssh4qRc07rntnxbGkKgqkxeOYOMGn3-2S=n0XqvuTy5sg@mail.gmail.com>
From: Lee <ler762@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Did the CMU team out Silk Road 2 to the FBI?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 1/23/15, Greg Norcie <gnorcie@umail.iu.edu> wrote:
> Correct me if I'm wrong, but doesn't CERT contract out to federal
> agencies sometimes?

Maybe CERT isn't technically a federal agency, but it seems pretty darn close.

http://cert.org/about/
The CERT Division works closely with the Department of Homeland
Security (DHS) to meet mutually set goals in areas such as data
collection and mining, statistics and trend analysis, computer and
network security, incident management, insider threat, software
assurance, and more.

http://www.dhs.gov/how-do-i/report-cyber-incidents
Report Malware and vulnerabilities to DHS by e-mail at cert@cert.org
and soc@us-cert.gov.

Lee


> --
> Greg Norcie (gnorcie@indiana.edu)
> PhD Student, Security Informatics
> Indiana University
>
> On 1/21/15 5:59 PM, Mirimir wrote:
>> OK, so this is very interesting:
>>
>> | The court documents refer to a source that provided "reliable
>> | IP addresses" for Tor hidden services between January and July
>> | of 2014, leading them back to both the servers and 78 different
>> | people doing business on the site.
>> |
>> | According to a Tor blog post, someone during that period was
>> | infiltrating the network by offering new relays, then altering
>> | the traffic subtly so as to weaken Tor's anonymity protections.
>> | By attacking the system from within, they were able to trace
>> | traffic across the network, effectively following the server
>> | traffic back to their home IP. In July, Tor noticed the bug and
>> | published an update to fix it -- but for six months, certain
>> | hidden services were badly exposed, and the Silk Road 2 appears
>> | to have been one of them.
>> |
>> || OK, almost certain: CERT Tor deanon attack was FBI source:
>> || https://t.co/JKwWD2E3VK SR2 server, 78 vendor IPs, Jan-July 2014
>> || -- Nicholas Weaver (@ncweaver) January 21, 2015
>> |
>> | So who carried out the attack? Already, researchers are pointing
>> | to a Black Hat presentation this summer that promised to outline
>> | a similar attack, but was controversially cancelled at the last
>> | minute. The researchers, working for CMU's CERT Center described
>> | similar capabilities and performed their research over a nearly
>> | identical span of time: January to July of 2014. If the
>> | researchers were also helping the FBI investigate criminal
>> | activity on Tor, it would explain why law enforcement might
>> | not want their methods getting out to the community at large.
>>
>> https://www.theverge.com/2015/1/21/7867471/fbi-found-silk-road-2-tor-anonymity-hack
>>
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

