Silk Road forums
Discussion => Silk Road discussion => Topic started by: railroadbill on October 06, 2013, 02:59 pm
-
http://www.reddit.com/r/SilkRoad/comments/1nt4ji/does_anyone_else_find_it_really_weird_that_the_sr/
It's weird, yes, but if you read the seizure papers, they don't mention the forums, ever, and the reasons given for the seizures - illicit bitcoins, drug transactions, the server private key - don't actually apply to the SR forum server: no bitcoins were stored on it, it didn't actually do any transactions officially, and it didn't share the same private key as the real SR service. And as far as I know, discussing drug use or drug buys isn't really a crime.
So it seems possible that they just have no reason to take down the SR forum server. If this is correct, then we can expect the SR forum server to go down by 9 November.
Why 9 November? Here's why. I used nmap on the IPs mentioned in the seizure papers. Most of the IPs were inactive, but the nmap for 46.183.219.244 had some interesting results:
Starting Nmap 6.40 ( http://nmap.org ) at 2013-10-02 22:43 EDT
Nmap scan report for ip-219-244.dataclub.biz (46.183.219.244)
Host is up (0.66s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.9p1 Debian 5ubuntu1.1 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 1024 55:1c:59:91:61:d0:1b:a6:79:48:8a:b2:77:2d:e6:4a (DSA)
| 2048 f0:e3:3e:f7:05:08:87:99:5f:36:d3:2f:96:aa:7d:3e (RSA)
|_256 2c:54:7c:ef:ef:3b:43:fe:27:4c:02:40:cb:14:f1:ae (ECDSA)
25/tcp filtered smtp
80/tcp open http nginx
|_http-methods: No Allow or Public header in OPTIONS response (status code 403)
|_http-title: 403 Forbidden
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
So, here is an active server, running Linux, with SSH running, a HTTP port open - you get a "403 Forbidden nginx" message if you visit - and an SMTP port. Isn't that interesting? SR had no email-related options... but the SR forums did let you register an email address. So this IP looks exactly like you would expect a dedicated server running a forum to look like. So the SR forum has apparently been left alone to run until... until the hosting service shuts it down, apparently.
What hosting service? It's right there in the nmap output: Dataclub.biz. And guess what their terms of service say? A billing cycle lasts a month from the day the user registers a VPS, and then when the invoice is sent, they have 7 days' grace. So suppose DPR had registered the forum server on the second day of a month, and he paid right before he was arrested; then the server would be good until 2 November, then another 7 days to 9 November, then it'll be shut down for non-payment.
Of course, DPR could've registered it on another day. So the median day of shutdown is more like 19 October.
-
Interesting points, but I'm not sure how much I'd read into much of it.
The forums are mentioned in the indictments, as DPR quotes from SRF are in those documents.
You kinda have three options:
1. The FBI has control over SRF and is operating it for (insert reason here..there are many). If this is the case, then whatever court documents surround that activity would still be under seal.
2. The FBI hasn't managed to get control over SRF yet. It was in a faraway place, they don't have the keys, they're busy with other shit, whatever.
3. The FBI isn't interested in getting control of SRF. I find this theory to be fucking ridiculous. DPR's possible PMs alone make it worth the effort, and once they're throwing out the net of conspiracy investigation, anything that guy owned is fair game. "Your honor, for all we know, there were ten other hits ordered through the forums... they were used to further the criminal enterprise, provide customer support, and they had a book club, too."
Believing #3 seems completely insane to me. #2 is possible, I guess, but very unlikely (especially given that they arrested that guy with an open, unlocked laptop from reports I've read). Which leaves you with... #1.
It'll go down when they get sick of running it. If they never get access to it, it'll go down when the bill comes due. Which depends on how far ahead DPR prepaid for it.
-
what info do they need to harvest? what sites people are going to? that should be easy to observe almost anywhere. Its not like people are posting sensitive info on here at least not after the fact. oh wait i can be identified from my writing style and ex,act,ly,where,i,pl,ace,my,commas, hey FBI what color is my hair.
#2 seems right, the forums are independent of SR and any info they got on DPR and however they got the server IP didnt reveal where the forums are. theres nothing in the indictment about pwning the servers.