As for the backend servers - if all machines are connected through OpenVPN with TLS-Auth they can use private IP space and are not accessible from outside. The OpenVPN tunnels are configured outside of the onion VM and Tor VM and the backend machines are also in a VM that pipes all outgoing traffic (except OpenVPN traffic) to the internet through Tor.
This setup should at least omit the problem of leaking public IP addresses on compromise or did I overlook something? Let's ignore VM outbreak exploits (ksplice/unattenend-upgrades should help here if it's not the NSA).
With TLS-Auth and a default DROP firewall rule all machines should not even appear in scans on the internet. So any outside contact to any machines is only possible if you know the OpenVPN TLS-Key + Certificates. An intruder would only see local IP addresses even if he manages to compromise a backend server. All created outgoing traffic to find the machines would be routed through Tor.
As the Tor onion VM is separate from the webserver only a Tor remote exploit or a VM outbreak exploit would be critical. Maybe encryption can help here.
Another point is using dedicated hardware with Full Disk Encryption and just enter the passphrase via the provider console. There are cold boot attacks but VPS servers allow to dump a memory image while running - that's not so easy with dedicated hardware.
There are always going to be bugs, but this would very strongly isolate each of the risky components. Feeling even more paranoid? Put a strong network filter in place between each of the components to make sure that only the specific subset of TCP that's actually in use makes it through; that'll prevent network stack-level issues.
I may be overly pedantic here but it should be "public IP address" as there is no TCP/IP without an IP address. The address may be in the private ranges, though.
1) Full Disk Encryption
2) Two physical machines owned by you, perhaps stored in some basement
3) Be able to boot them back on without physical access (perhaps this is simply a Bad Idea?)
4) One machine with two NICs running Tor, exposing only Tor to one of the NICs
5) The other machine running a VM host with 1 VM for each of your services. The host is connected to the NIC of the first machine, thus only has access to the internet through Tor
> Be able to boot them back on without physical access (perhaps this is simply a Bad Idea?)
This is exactly the problem which our project solves:
The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key; each client has one unique to it. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system, whereupon the computers can continue booting normally.
You also need to adjust the “approval_delay” setting.
Frankly, the War on Drugs is immoral. The science doesn't back it up. It's done without caring about the consequences on peoples' lives, medical and otherwise.
> This is not the FBI enforcing the letter of some stupid law
Debatable! The drug laws are 'stupid', if you take into account science and economics.
> and was organizing assassinations.
This is unlikely to have happened under a system of legal drugs. I've never heard of Walmart -- where legal products are sold -- putting out hits on people.
The drugs laws are broken. They create perverse incentives.
 There are a number of drugs less harmful than alcohol & tobacco (I.e. less harmful than drugs already sanctioned): http://www.economist.com/blogs/dailychart/2010/11/drugs_caus...
 The Economics Behind the U.S. Government's Unwinnable War on Drugs http://www.econlib.org/library/Columns/y2013/Powelldrugs.htm...
Selling diamonds is not illegal but I've heard allegations of hits being put out there.
The drug laws are bad. But a la A Man for All Seasons, we should give the devil the benefit of law; what silk road does would cut a path through every law in the country.
Only sociopaths and libertarians are holding him up as some bastion of morality.
Identify theft and hacking tools are both pretty (a|im)moral, though.
People are becoming increasingly interested in the case because it's looking probable that enforcement/prosecution has done something untoward.
Everybody has an interest in law enforcement operating under the rules that supposed to constrain its behavior.
If the prosecution can straight up lie to the court about how evidence is gathered with impunity, then at the very least it may be an effective strategy to raise the cost of effective defense.
More scarily, it may be used to cover up useful lines of defense.
In every case, you should imagine an innocent man accused, and consider whether the tactics used against him are designed to demonstrate the truth, to cast artifacts in a false light, or to raise the odds of conviction regardless of the truth.
We should never convict on the strength of the information that someone has been charged.
I dont think anyone is. Rather, the moralists are making an example out of him to further their own cause.
Take a look into the dirty underside of the distribution (of legal goods) industry and you will find intimidation and violence used.
Are you in agreement that it's ok for people to commit drug-related murders just because the War on Drugs is "bad m'kay?" Or should people be held accountable for their actions? Just because there are incentives to become a drug lord due to immoral laws doesn't mean that it's all of the sudden moral to become a drug lord. You seem to want to use your "War on Drugs is bad" opinion as an excuse for the choices that people make.
The comment pointed out that crime in general around drugs - up to and including murder - is much more prevalent because of the War On Drugs.
There is no moral absolutism in this world, and the government can absolutely enact laws and policies that lead to increased crime rates. Of course the perpetrator of a murder should be held to full account. But the circumstances that create the motive for murder in drug cases are at least partially due to government policies that have been proven to be a failure over and over again.
Responding to that with some canned rhetoric around how drug-related murders would be fewer in a post War on Drugs world it's really a response to that post.
I have no righteous indignation. I'm frustrated that the conversation is going like this:
Person 1: Ordering an assassination is bad, and saying that
the War on Drugs is bad isn't an excuse for it.
Person 2: But if the War On Drugs didn't exist, then
drug-related murder wouldn't exist! Perverse
This is the point that I see some of these "War no Drugs == Bad" posts dancing around. They ignore this in favour of using this story as a platform to preach their views.
So when someone asks for an acknowledgment that murder is bad from another person, it's almost ad hominem, or so it seems to me.
So the debate is whether or not government policies create incentives or motive for crime. There are several documented reasons  that good people do bad things, and creating an environment for that isn't helping anyone.
It's not to say that the murderer is less to blame, but culpability isn't something that reduces criminal responsibility.
I do believe that there are steps policy makers could take to remove the amount of people who find themselves incentivized to commit violent crimes.
I agree that the war on drugs, though misguided, should not shoulder the blame for the actions of violent offenders, but two wrongs don't make a right.
Is calling for changes to draconian and detrimental policies and condemning those individuals who commit violent crimes mutually exclusive?
Imagine if the government started paying people to break into houses. You would obviously be mad at your neighbor if they took advantage of the new policy, and rightfully so, but you would be a lot more upset at the government for even allowing the situation to happen.
But I would have to assume that the majority of people wishing to partake in such drugs would prefer the legal route if it is available to them. Unless you're talking an obscene amount of difference in pricing. But then the free market should kick in because if the government wants the tax revenue the pricing will have to be adjusted.
Of course, I'm never shocked to see governments plan to spend all that nice new tax revenue that never appears due to their own policies.
> The drugs laws are broken. They create perverse incentives.
So... when the laws are wrong, it's ok to murder people. It's the government's fault that you murdered people because they created perverse incentives, therefore you shouldn't go to jail for attempting to murder people?
[Edit] parent post responded to "tried to have people assassinated" with some rhetoric about perverse incentives. Sure with better incentives, it might not have happened, but the parent post comes across as giving DPR a free pass because the incentives were perverse.
What's next, the suggestion that MongoDB has certain use-cases that make it preferable over normal SQL databases while at the same time lacking some of their guarantees?
Please, sir or madam, do not tax the hivemind.
I don't support the Silk Road - never used it - I don't even use Tor a lot by myself. But if someone is coming at me and tells me that this information is forbidden I'll get angry.
It's not like there is a drug problem besides Silk Road already. It's likely safe to assume that illegal drugs are consumed in near distance to your and my place right now. I don't think the Silk Road is a good place but it's likely better than your shady dealer on the schoolyard. If you ask why people use drugs than take a look at society at large.
What exactly is illegal here? I'm also not located in the US.
I think this is a precursor to a lot of drug use in the U.S. We see, we panic, we cope. (Ok, I am painting with a rather broad brush this morning...)
The list goes on and on and on. All those things help criminals evade capture, or to commit some sort of crime. You've just drawn some arbitrary line (drivers education ok, tor setup advice bad) because you have absolutely no idea what makes one worse and the other not.
Yes - he broke the law, but that does not mean that the FBI should get a pass for doing something shady. If we start to accept that kind of behaviour from them, I can only imagine how it will be 20-30 years from now.
Plus, you're usually also helping the security community. If they know the criminals can do attack X, they can protect against X (no security from obscurity).
 Although you don't have to know their identity.
Please see: 1st Amendment to the US Constitution.
Not that we honor our constitution anymore.
If the nginx configuration for port 443 did indeed not restrict access to [star].php, then that means that index.php would have been accessible to the Internet at large (although HTML elements with other suffixes - e.g. .jpg, .css, .js - would not have been served).
If the CAPTCHA element's URL also ended in .php, then it's not beyond the realms of possibility that Tarbell could type the IP address, followed by /index.php and end up seeing a screwed-up version of the SR home page, with the CAPTCHA as he describes in his testimony.
The log file entries cited are for port 80, whereas the SR webserver ran on port 443.
If the defence already have all the log files, they should grep for 18.104.22.168 in the 443 logs and/or search for a group of log file entries with simultaneous successful serves of anything ending in .php, with "permission denied" failures for things not ending in .php
Incidentally, the May 3, 2013 webserver IP leak referred to in footnote 5 to Tarbell's testimony syncs up nicely with the date of this thread on Reddit: https://www.reddit.com/r/SilkRoad/comments/1dmznd/should_we_...
Credit to Michael Koziarski for the Reddit link: http://krebsonsecurity.com/2014/10/silk-road-lawyers-poke-ho...
The evidence submitted by the FBI  shows the phpmyadmin page running on address 192.168.1.24. Are they claiming to have connected over the internet to a public facing RFC1918 address and it was routable?
(Saying that, I'm now realising that I could knock up a similar screenshot showing me connecting to any "real-world" IP address anyway; it seems to prove nothing.
If he's right that the quoted configuration file doesn't do what the defense said it did as part of their accusations of lying, they've seriously messed up, no matter what the truth is.
If the frontend server in Germany is reverse proxying through to the backend server in Iceland, then sure, a user is not going to see the Icelandic server's IP in the source IP field of the packets. But I don't see this as definitive proof of the FBI's assertion being a flat out lie. The IP could easily have been exposed in the packet body.
What happens if you visited the captcha URL with a HTTP/1.0 request without Host header? If the resulting URL generated any self-referential links, what did they use as the hostname? If the Host header is available the norm is to use this, but if not then the script may use the server's FQDN or IP address. If it sent a 301/302 redirect in the HTTP response headers, then that _must_ contain a hostname according to the RFC (it shouldn't be relative), so what was used there? There's nothing in the nginx config that rewrote such response headers.
What happens if you make malformed requests to the captcha URL? Do you get an error page with the IP address embedded, or something that references an object hosted on the IP?
These are just two possibilities, and yes, neither would lead to the IP being exposed in the 'packet headers'. But it's very feasible for it to be exposed in the packet body, so it seems silly to hang the entire argument on the basis that one word is correct, without considering the alternatives.
But you're right, I'd expect that whatever tactic they used, the prosecution should be able to demonstrate in far more depth how the IP leaked.
Which would make the FBI's assertion that they found the IP address in the packet headers a flat out lie...
There was also other MySQL Injection bugs. You could even look through the SR forum archive and find people talking about how the search field at one point was exploitable by the standard "' or 'a'='a" and was disclosing customer's names and addresses.
Given this, the odds of DPR ever seeing the light of day, even if they win this suppression motion, are quite small. He is looking at multiple life sentences even without Silk Road specific charges. But his lawyers are going through piece by piece, hoping to convince prosecutors that it will be difficult enough to get convictions that they offer him a substantial, but less than life, prison sentence in exchange for a plea. Even then we're talking about decades in prison.
Nope, most were dropped before the indictment. Only one (in Maryland) remains: http://freeross.org/correction-of-our-report-on-the-indictme...
lololol. They'll just smooth the practice over with some new laws which, like every other blatantly unconstitutional law currently in effect, won't be overturned by the courts because doing so would upset the status quo.
The only way it'll ever stop is when the fuckers are finally bankrupt, both economically and socially.
What we're seeing here is called "parallel construction". The FBI was given this illegally obtained surveillance data, made the arrest, and then needed to make up a lie as to how they really found him.
¹) Not an exact quote, I know, I glued two sentences together and cut some parts.
I wonder if they just said here you go? It sure seems like it.
To date, engineers have not been given similar consideration, probably because they're not independent and their employers would force them to abuse the privilege. E.g. automotive engineers would say "oh, it's totally acceptable to have that exploding gas tank" and software engineers would say "oh, it's totally okay for that to lose all your data."
Barring special consideration like that, it comes down to the expert witnesses. The jury will decide based on which expert they find more credible / whose lawyers do the best job of presenting their expert.
> BTW: one plausible way of having discovered the server is to scan the entire Internet for SSL certificates, then correlate information in those certificates with the information found going across the Tor onion connection.
Would this be considered parallel construction, or would this be a legitimate way to attempt to figure out who was involved in the Silk Road, and is it plausibly the way the FBI might have zeroed in on the server?
You don't have to be the NSA to make a database like that, but it helps. I could build a database broadly like that for certificates/ciphersuites/other metadata myself with active scanning and zmap (and it might make a good weekend project, to examine and contrast RC4 proliferation amongst TLS-encrypted web and mail servers) - but they have a near-realtime-updating passively-constructed one. If the FBI asked them for help, they'd definitely use that.
But he managed to map a lot of secret Trojan servers used by govs.
(Would be nice if there was a gallery, as infinite scrolling uses a ton of browser memory, but I'm not aware of one...)
before the mods changed the link. Here's a vote for changing the HN code so it says "link changed from $X to $Y" at the top of the page when they do that.
We found them by simple looking at the IP that the packets of the captcha were served from. The captcha was served over tor, based on the evidence that's impossible. Either you lied or you need to add further evidence. If you can't/won't add further evidence then as the court sees it you lied and are in contempt and will be punished in line with minimum sentencing??
This is of the order of a "he robbed me at home at exactly 2pm", "your submitted cell-phone evidence says you were at work from 1pm until 4pm".
If the defendant is convicted on some other counts can they, or anyone else, do anything or is the allowance of officers of the FBI to lie in open court somehow embedded in the USA constitution.
As a foreigner to the USA this sort of thing just undermines the entire foreign policy rhetoric of bringing democracy to the world. Bring some damned democracy to the USA first: government by the people for the people, my arse.
If you can't tell the truth in court then keep your mouth shut or you'll be punished accordingly seems like the exact message a country intending to operate under the rule-of-law should be promoting.
This case is being heard by a federal court, the United States District Court for the Southern District of New York. Federal judges are appointed by the president with the consent of the Senate.
Most voters don't have information about such incidents or enough time to crawl through court records looking for that information. Actually, in judicial elections, most voters don't even have anyone else to vote for.
IMO electing judges and sheriffs makes negative sense, but that's what we have going on here.
I don't do forensics. But I am a reverse-engineer and I am familiar with the techniques: more familiar than Tarbell, it seems. (That's really his name? Tarballs from Tarbell? My goodness.) Tarbell's declaration reads to me more like a textbook demonstration of (bad) parallel construction in action.
They could have done it legitimately, without compromising the server and potentially tainting the evidence any way they wanted: DPR indeed made a few rookie mistakes that would potentially provide for that. But the logs don't seem to actually have evidence supporting that, which is very unusual and at this time not explained? The declarations filed so far do not really seem to support that either, which is very odd and strongly suggests that we don't have the whole picture here: and we really should.
(Of course, we don't have the whole image, so we don't have the whole picture here. BTW: They used tar, not dd or ddfldd? Boo.)
...I've got to be honest, a few of those are better than the FBI story!
HackerNews, you frustrate me.
Which has since been changed to
These are all questions of basic fact and they are all easily testable.
What do courts do when this situation comes up? Do they play warring experts, when (at least) one side definitely wants to perform a test, because they are confident that their interpretation is correct?
(ed: 'questions of basic fact' like, whether a server with this configuration is hittable from non-allowed IPs)