Silk Road forums

Discussion => Newbie discussion => Topic started by: yellowstar14 on October 03, 2013, 11:56 am

Title: DPR running a VPS was fatel mistake.
Post by: yellowstar14 on October 03, 2013, 11:56 am
DPR using the cloud allowed FBI to get a copy on jun 23 2013 Without notice.
if you want to backup a running bare metal you will always notice.

Title: Re: DPR running a VPS was fatel mistake.
Post by: video_aux on October 03, 2013, 12:04 pm
Source?
Title: Re: DPR running a VPS was fatel mistake.
Post by: jpinkman on October 03, 2013, 12:07 pm
I think hard coding the IP of a VPN he was using into SR code is pretty fatal and careless shit if reports are to be believed.
Title: Re: DPR running a VPS was fatel mistake.
Post by: yellowstar14 on October 03, 2013, 01:02 pm
source?

Logic thinking , only a VPS allows backuping while running without notice of the operating system  running on the  VPS
Snowden used this trick too I guess because on a fully encrypted system all data passing the processor is always in the clear.
just monitor this data and you have all the keys and bypass all protection.
you can even inject CPU instructions to switch off protection!
The same trick is used by smart cards putting tiny wires on the processor just search for Infenion rfid card hack.
That Snowden used a hack on the NSA VPS can be deducted from the news articles.
He was capable to circumvent all clearing levels , and using all accounts , this is simple if you have access to the bare system used by the VPS.
You can simply backup a VPS and take it home.
you can inject programs in a VPS , you can kill processes in the VPS , etc....
If bare metal was used this was much  harder to do whitout a crash or  system notice.
The weakness of VPS that it can not see what happen  outside  its bubble. (monitoring the VPS)
and for a .onion site this can be a danger.

   
Title: Re: DPR running a VPS was fatel mistake.
Post by: anonniemousse on October 03, 2013, 02:27 pm
Source?

Common sense. I agree 100% with OP, this was a huge mistake. I will have to reread the report, but I missed how they found out where the site was hosted, does anyone know? Without knowing the details of how this was set up I can only speculate - but it sounds like it wasn't a very good design.

If you are running a .onion site on a VPS it isn't a good idea (this is assuming that you purchase the VPS from a hosting company). Data can be copied off without you knowing. Your file system has to be stored somewhere, that file system has to be accessed by the server running the virtualisation software. If you have an encrypted file system that is mounted it isn't safe either (or if you store the password for the file system on the server too!).

Even with a physical server, physical security is important. You don't need to cut the power to a device to relocate it.