[tor-talk] Silk Road taken down by FBI
arma at mit.edu
Thu Oct 3 22:24:01 UTC 2013
On Thu, Oct 03, 2013 at 03:25:23PM -0400, The Doctor wrote:
> On 10/03/2013 01:49 PM, Ahmed Hassan wrote:
> > One question is still remain unanswered. How did they locate
> > Silkroad server before locating him? They had full image of the
> > server before his arrest.
> Not sure. One hypothesis (and that's all it is - a hypothesis) is
> this: The Silk Road may have been running on the same machine as a Tor
> router and not a client. Finding the set of all Tor routers is
> trivial. So, hammer on the hidden service while watching for
> bandwidth utilization to go up on the Tor routers that you can surveil
> to see which ones seem to respond appropriately. Pick away the
> rendezvous nodes because they don't originate tunnels (they're not
> clients). If the Tor router is running on a server or in a VM hosted
> at a provider that could be subpoena'd or strongarmed, forensic images
> of same could be acquired.
This is a fine research paper attack:
and a good reason not to run your hidden service on your Tor relay,
but I think it's highly unlikely to have been relevant in this case.
That said, yes, the original question is unanswered still.
More information about the tor-talk