Delivery-Date: Thu, 11 Sep 2014 01:25:32 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 62FAE1E0F39;
	Thu, 11 Sep 2014 01:25:31 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id E07812D6EA;
	Thu, 11 Sep 2014 05:25:26 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id A89622D328
 for <tor-talk@lists.torproject.org>; Thu, 11 Sep 2014 05:25:22 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id g91Xr5f89Z8Z for <tor-talk@lists.torproject.org>;
 Thu, 11 Sep 2014 05:25:22 +0000 (UTC)
X-Greylist: delayed 141181 seconds by postgrey-1.34 at eugeni;
 Thu, 11 Sep 2014 05:25:22 UTC
Received: from imta-38.everyone.net (imta-38.everyone.net [216.200.145.38])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.everyone.net",
 Issuer "DigiCert High Assurance CA-3" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 7A9332C301
 for <tor-talk@lists.torproject.org>; Thu, 11 Sep 2014 05:25:22 +0000 (UTC)
Received: from pps.filterd (omta003.sj2.proofpoint.com [127.0.0.1])
 by imta-38.everyone.net (8.14.5/8.14.5) with SMTP id s8B5PJDl017458
 for <tor-talk@lists.torproject.org>; Wed, 10 Sep 2014 22:25:19 -0700
X-Eon-Dm: dm0224
Received: by dm0224.mta.everyone.net (EON-AUTHRELAY2 - 0c49a8fc) id
 dm0224.540925b0.564c7
 for <tor-talk@lists.torproject.org>; Wed, 10 Sep 2014 22:25:18 -0700
X-Eon-Sig: AQLefRFUETI+haYXHwIAAAAB,5e1b3cce609a28d8a916ffa0c9f93174
X-Originating-Ip: 12.73.168.252
Message-ID: <541131E1.9060409@copper.net>
Date: Wed, 10 Sep 2014 23:23:45 -0600
From: Jim <jimmymac@copper.net>
User-Agent: Thunderbird 2.0.0.23 (X11/20090812)
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.12.52, 1.0.28,
 0.0.0000
 definitions=2014-09-11_01:2014-09-09,2014-09-11,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=8 spamscore=8
 suspectscore=1 phishscore=0
 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=7.0.1-1402240000 definitions=main-1409110051
Subject: [tor-talk] How FBI Pinpointed Silk Road's Server
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Wired has recently published an article about how the FBI claims to have
found Silk Road's server:

http://www.wired.com/2014/09/the-fbi-finally-says-how-it-legally-pinpointed-silk-roads-server/

The FBI claims:

"As they typed 'miscellaneous' strings of characters into the login
page's entry fields, Tarbell writes that they noticed an IP address
associated with some data returned by the site didn't match any known
Tor 'nodes,' the computers that bounce information through Tor's
anonymity network to obscure its true source."

I don't see how that is possible, regardless how badly misconfigured the
server is.  When the server is accessed as a Tor hidden service it
doesn't know the client's IP address.  So the only way it can respond is
back through Tor.  Unless by "typing miscellaneous strings" they managed
to infect the server with something that contacted an FBI machine via
clearnet, similar to Magneto.  Am I missing something?  Or are they
stretching the meaning of "typing miscellaneous strings"?  Or outright
lying?

Jim



-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

