
The Silk Road statement: Where are the packetlogs? - aburan28
https://weev.livejournal.com/407404.html
======
ynniv
A footnote in the Agent's declaration even suggests Parallel Construction:

 _After Ulbricht’s arrest, evidence was discovered on his computer reflecting
that IP address leaks were a recurring problem for him._

It continues on to specify specific instances of leaked IP information, which
_is completely irrelevant hearsay_ if the stated means of discovery were
supported by properly documented evidence. Instead it provides circumstance in
which it seems likely that the server could have been discovered through such
a leak. If the server were discovered through illegal means, this information
would have been useful in the construction of a technically plausible sounding
alternative means.

I'm not claiming that the discovery was illegal, but weev is spot on in his
demand for evidence.

~~~
Rapzid
It's not really the Agent's job to make such legal determinations? If I was
doing forensic analysis on a server under such circumstances I would have made
note and reference to that as well. Again, the IP address leak isn't the real
evidence anyway and I don't see how the FBI is on the hook to prove beyond a
shadow of a doubt that they got the IP address the way they said they did. His
attorneys are spinning a yarn and poking the FBI's story because it's their
job, but I think we should not be suggesting the FBI is guilty of something
and must be required to prove their innocence. If the FBI have the logs they
should answer in kind, however I don't believe the absence of such logs is
going to or should help his case any.

~~~
ynniv
That's a lot of different things. Perhaps you could focus on one and try
again.

 _If I was doing forensic analysis on a server under such circumstances I
would have made note and reference to that as well._

The footnote is not forensic, and not evidence, and there's no good reason for
it to be there. I doubt you are a forensic investigator so it isn't relevant
what you think you would have done, but if you were a good one I suspect you
would have kept packet logs of everything you saw.

~~~
Rapzid
That's really just two things. I apologize if you had trouble discerning that,
but I'm not inclined to try again. But thanks for asking and making it clear
my opinion doesn't matter ;)

~~~
ynniv
I count eight different statements. No ones unsubstantiated opinion matters,
but all are welcome to argue a position.

------
yohanatan
> It is several orders of magnitude more difficult to fake packetlogs of
> network traffic which include a protocol as complex as Tor.

I would be careful with that. It's not as difficult to fake as you might
think. And a statement like this puts you entirely at the mercy of someone who
is capable of faking it.

~~~
rabite
honestly, there would be so many gaping flaws in a faked pcap. there are a
thousand ways to go wrong. it is much harder than forging a document, but will
still trust documented evidence in a court.

here though, the FBI is basically saying "the document said this, but we don't
have it anymore for some reason."

------
datr
Couldn't the agent be referring to a http header, in which case it doesn't
seem that improbable.

I've worked on sites before where if you logged in as the admin it started
attaching a header with the ip of the application server responsible for
generating that page to help with debugging. It's not outside the realms of
possibility that something like that could break and start leaking ips.

~~~
rabite
The HTTP header is not in the packet header. It is in the data section of the
TCP packet. If so, this calls the federal agent's capacity to serve as an
expert witness in question.

~~~
hahainternet
The TCP packet is not in the 'packet header'. Both the Ethernet and IP frames
precede it. How can you possibly suggest that a HTTP header doesn't count, but
a TCP packet does?

Weev you are disqualified due to your incorrect assertions from being an
expert commentator :D

~~~
rabite
TCP is a packet-switched protocol. HTTP is a socket-based protocol. HTTP as a
protocol is a stream of bits that is carried within the data segments of a
packet-based transit protocol. HTTP itself does not have a "packet header".
TCP has a packet header, as one can simply verify by googling "TCP packet
header". Go do some learnin', bro.

~~~
hahainternet
Weev you know me, you also know I'm right. TCP as a protocol is a stream of
bits carried within the data segments of a frame based transit protocol. Both
TCP and HTTP have headers.

~~~
rabite
HTTP does have a header, but what is carried within the data sections of
TCP/IP packets created by the establishment of an HTTP socket are not packets.
HTTP is not in itself a packet switched protocol. It forms a circuit.
Seriously, your CCNA does not make you a networking expert.

------
Patrick_Devine
This really reminds me of when Hans Reiser was on trial. I remember a lot of
people in the tech community tried explaining away things like him removing
the (presumably bloody) seat from his car, washing out the carpet of his car
with a hose, buying books on how to commit a murder, and finding Nina's cel
phone with the battery popped out in her abandoned car.

Each of those things was explained away by the tech community. The seat was
taken out and the floor was cleaned with a hose because Hans was broke and
wanted to live in the car. He bought the books because he knew he was being
followed and was curious about the process. The cel phone battery was popped
out because of the real perp had done it, or maybe it was something Nina had
done.

The point is none of that shit matters. The finer points of TCP are going to
be lost on a jury and debating the academic points of packetlogs is fruitless.
I've served on a jury before where not even a single other member could parse
the most basic of logical statements. Our judicial system is based on story
telling; each side tells their story and the person with the best story wins.
The feds do this shit all the time, so they're probably going to have a pretty
damn good story.

~~~
tedivm
There's a major difference between this and the Reiser case. As you mentioned,
with Reiser people were really practicing wishful thinking in order to save a
hero of theirs. In this case people are trying to follow the case because
there's a huge and reasonable chance that the FBI did not act above board in
following US law.

I don't think anyone things DPR is innocent, or that he's going to some how
get away with this. However, people are concerned that the methods used to
find him were not constitutional. This has more to do with keeping the
government in check than it does with anything else.

~~~
mpyne
> However, people are concerned that the methods used to find him were not
> constitutional.

However, people are expressing this concern independent of evidence to support
this concern. Even if you're of the school of thought that the FBI has _no_
extra "public authority" power to do their statutory job whatsoever, it's not
illegal for anyone to go to the SR website on Tor, and to see what IP
addresses the website instructs your web browser to hit in the process.

So there's a perfectly reasonable (and likely, IMHO) explanation on the record
that supports the FBI position, and against the FBI position, there's only a
lot of rather painful wishful thinking (as you say). So I'm not sure how the
situation is that different, at least until more substantive evidence against
the FBI's claims are presented.

------
Bob1
Old joke in defense work:

Q: What does the government call an illegal wiretap? A: "The anonymous
informant".

Whoever below pointed out that a jury of 12 morons will NOT be persuaded by
some turgid debate over the minutiae of packets is 100% correct. You can
always spot someone naive about how the legal system actually works based on
just how loftily ideological their narratives and 'theories' are.

Nevertheless, this is relevant from a procedure standpoint as if the defense
can demonstrate malfeasance on the part of the FBI using computer forensics,
they can have certain evidence dismissed.

------
aburan28
There was a VPN IP leaked in April-May 2013 for maybe a hour or two but then
quickly corrected. That ip belonged to the VPN provider not the server host
provider

------
Nanzikambe
What I'd like to know is if anyone in the public domain has any packet logs
from SR?

I find it than incredible that, given SR's notoriety, nobody had ever used
tcpdump, an interception proxy or a browser's inspector and noticed this IP
before.

~~~
mpyne
Then again, I found it incredible that HeartBleed hung out in OpenSSL for as
long as it did, when you'd think there'd be at least a couple of people in
every security group out there reviewing each patch for new vulns.

------
pandatigox
Off topic, but I thought OP was still in prison? I can't seem to find any
notes of his release on his blog, so could someone please elaborate?

~~~
spindritf
He's out on a technicality but unlikely to go back.
[https://en.wikipedia.org/wiki/Weev#Conviction_vacated](https://en.wikipedia.org/wiki/Weev#Conviction_vacated)

~~~
meowface
It's a bit unfair to say he was out on a technicality. The appeals judge ruled
that the venue was improper, and venue can be extremely important. Not to
mention the judge also saw several issues with the original charges.

------
ageisp0lis
weev is right! [https://blog.ageispolis.net/speculating-fbi-silk-road-
unmask...](https://blog.ageispolis.net/speculating-fbi-silk-road-unmasking-
technique/)

------
lolwutf
More importantly... weev still uses LiveJournal?!

------
Rapzid
I'm not sure they(FBI) are under any obligation to even make packet logs? Are
there laws dictating this? I would think they would have just made note of the
IP and the circumstances of uncovering it on paper with pen and then called it
a day. Maybe save out a few raw packets. The IP address isn't the evidence
against him, it was just their initial lead on the physical server...

~~~
f3llowtraveler
I don't see how they could admit it into evidence without the packet logs. The
defense would have no opportunity to examine the same evidence.

------
xorcist
The underlying argument here seems to be that if the evindence was procured
via unlawful means, then Ulbricht should go free even he is guilty of the
crime.

It seems to me as a quaint way to practice justice. What is the rationale
behind this? Isn't it the court's job to establish guilt?

This specific case might not be a great example to reason about, but if this
was a rapist or killer that should be set free despite being screamingly
obvious guilty, just because the cop was a crook too, how could that possibly
be morally justified? Two wrongs does not make one right, if you ask me.

Edit: An explanation would be nice, instead of the downvotes. Is it that
questions about the justice system is off topic here?

~~~
timdev2
> What is the rationale behind this?

The general idea is that the integrity of the criminal justice system is at
least an order of magnitude more important than the outcome of any particular
case.

> Isn't it the court's job to establish guilt?

No, that's the prosecutors' job.

The Court's job is ensure that the defendant receives due process.

It's arguably impossible to have a perfect justice system. So, you have to try
to construct the best one you can.

While the exclusionary rule does allow guilty people to go free, that negative
is arguably overwhelmingly outweighed by keeping innocent people out of
prison, providing equal protection to all, and maintaining public faith in the
criminal justice system.

One can argue that the system as implemented doesn't do such a good job of
providing those three outcomes, but if we assume it does, wouldn't you agree
maintaining such a system is more important than ensuring every last (actual)
criminal who makes it to trial is convicted?

~~~
a3n
> The general idea is that the integrity of the criminal justice system is at
> least an order of magnitude more important than the outcome of any
> particular case.

If for some reason only one lesson on civics were taught in 12 years of
schooling, this would be a top candidate for that lesson.

~~~
waps
Not really this is one of those rules that makes people think they can win
court cases that they can't really win. The idea that if you catch the police
in a small error you can get off in a criminal case. You have to catch the
police in a big error that they based the case off, or a serious breach of
your rights. This will hardly ever work.

There are others :

1) If I follow the law I won't lose a case. Cute. Try being unreasonable to a
judge and see how that works (A popular one : tell the judge that because a
car accident happened on your own property, you got to set traffic law
governing that accident. Technically correct. Try it)

2) If they don't have proof I can't be convicted. (and sometimes : video is
not proof). False (well the video thing is true). The big mistake here is
civil versus criminal cases. If it's not the government suing you, or
"technically" not the government, e.g. mall security, then proof is not
required, and video is perfectly admissible. Even if you are not recognizable
on the video, but there's good reason to think it's you (e.g. a credit card
record). Second, witness statements from people watching video can be accepted
sometimes.

3) If the opposing party makes one tiny mistake I can get off scott-free.
False. The justice system's job is to make the smallest possible change to the
arrangement that makes it legal. If you sign a contract "I will kill my
firstborn and pay $200" (extreme, ridiculous example), obviously you do not
have to kill anyone, you will however, be on the hook for the payment.
Interesting cases result from the use of "or" instead of "and".

This goes for government integrity too. Suppose Ulbright's lawyers get this
one. The next thing that happens is the judge telling the prosecutor to go
home, have a good night sleep, start the case from scratch and try again (in
the same court case). If he succeeds, that's fine (of course he might not be
able to).

4) With a lawyer I can tie up any case for any amount of time. No you can't.
Ridiculously complex contract law cases, yeah sure (even then best take a good
lawyer). Not paying your car repair bill, no.

5) They can't get to me if I move/hide/other state/other country/... Might be
true. Not true for any place worth living. So good luck with that.

These things should be taught, with a few example cases illustrating what can
happen. It would lessen the load on the justice system by 50%.

~~~
a3n
This did not deserve down-votes. All he did was disagree with me, and bonus,
he spelled out his disagreement.

