How did the FBI Locate Silk Road? "If you believe the server was discovered the way the FBI described, try it. No matter how I misconfigured the server, or included scripts from clearnet hosts, I never observed traffic from a non-Tor node or a "real" IP address."
[25 Points] CocaineNose:
[21 Points] None:
This article is total bullshit. I have to note that I never visited silk road, I found out about darknet markets after it was busted. But...
Apache is the web server that most of the internet uses. It's a very complicated piece of software with long confusing config files that don't tend to work the way you intended them to. It also has several third party modules such as PHP, which can be complicated in themselves. Its error pages will leak the servers clearnet IP if the server is not configured properly.
The server should be configured to ONLY listen on the localhost IP 127.0.0.1. Tor should be running on the same server, and Tor will direct the darknet traffic to 127.0.0.1. The only IP Apache should be able to leak is 127.0.0.1, which is useless to LE. An even more secure way would be to physically have two seperate servers, one running Tor, and the other connected to the Tor machine on a private LAN, with local IPs only. The tor machine can have the external address, Tor will send requests to the lan IP for the apache server, and apache can leak and be exploited to its hearts content and will never know a useful IP address.
You know what the problem with that is? How in the hell do you buy a bunch of server hardware for upgrades, and still practice good OPSEC? This idea has just doubled the amount of hardware you need for your darknet market. Every single bit of data will have to run through both of those servers, and apache is going to use CPU to send out pages, and Tor is going to use CPU to encrypt shit...
Also, Apache has had numerous exploits over the years. Any other software with that kind of popularity has, as well. Apache is a good webserver.
Here's a list of 184 of them: https://www.exploit-db.com/search/?action=search&description=apache&e_author= NOTE: Some of them are of course for third party modules like PHP, but whatever.
As far as I know, every one of the exploits on exploit-db have been fixed. I wouldn't be surprised if the FBI/NSA/CIA/DHS/DEA/ATF/FDA have apache exploits that havent been made public, however. Never trust any software to be safe. Ever. Especially one that you cant understand every single function of it, like....pretty much every operating system ever made....or apache...
[8 Points] stratusremix:
Same day I saw the post on reddit, I was on the SR login page and noticed someone threw "print_r($arr["_SERVER"]);" in some include file for ~15 minutes. Leaked the same clearnet IP that was posted to /r/silkroad.
[3 Points] ShulginsCat:
[1 Points] None:
It was proven that it was a false testimony. The FBI are known for doing that, but the contents on that computer were just simply...a "wtf was he thinking" type thing.
[1 Points] The_fire_bird:
However they found it we may never know. But a misconfiguration won't have helped.
Even if somebody did tip them off, or it was leaked here. Connecting to it successfully without using Tor is what gave the feds the grounds to demand physical access to the server. Without that connection (the proof they've got the right address) it was all just fud
There would've been millions of dox's floating around. Imagine demanding access to every last one of them - all turning out to be a complete waste of several hours. They wanted to rule out as many as they could from the comfort of their PC screen (remember, we're talking about donut dippers here)
[1 Points] Vendor_BBMC:
According to some woman claiming to be his former partner, "VarietyJones" was cooperating with LE.
He was behind some server-side security measures, so I assume he knew where the server was hosted. He managed to keep the clearnet site overgrow.com up and running.
The main problem with that theory was that he was still a vendor on SilkRoad between July 2013 when the server was cloned, and the day the police badges on my screen made me jump out of my skin. I'd just written a new product listing, pressed "send", nearly shit myself, and began panic dumping bitcoin.
If he had been granted immunity from prosecution he would have kept his SilkRoad vendor name, which had a great reputation. But I believe MrMerlin renamed to Hiniguel. Then Shadowman, and recently VendorZ. Each one worse than the last.
I
Think that's really outdated. Also pretty sure it was leaked right here. Yup reddit is the reason they located silk road server.