[tor-talk] Silk Road taken down by FBI

Roger Dingledine arma at mit.edu
Thu Oct 3 22:24:01 UTC 2013


On Thu, Oct 03, 2013 at 03:25:23PM -0400, The Doctor wrote:
> On 10/03/2013 01:49 PM, Ahmed Hassan wrote:
> > One question is still remain unanswered. How did they locate
> > Silkroad server before locating him? They had full image of the
> > server before his arrest.
> 
> Not sure.  One hypothesis (and that's all it is - a hypothesis) is
> this: The Silk Road may have been running on the same machine as a Tor
> router and not a client.  Finding the set of all Tor routers is
> trivial.  So, hammer on the hidden service while watching for
> bandwidth utilization to go up on the Tor routers that you can surveil
> to see which ones seem to respond appropriately.  Pick away the
> rendezvous nodes because they don't originate tunnels (they're not
> clients).  If the Tor router is running on a server or in a VM hosted
> at a provider that could be subpoena'd or strongarmed, forensic images
> of same could be acquired.

This is a fine research paper attack:
http://freehaven.net/anonbib/#wpes09-bridge-attack
and a good reason not to run your hidden service on your Tor relay,
but I think it's highly unlikely to have been relevant in this case.

That said, yes, the original question is unanswered still.

--Roger



More information about the tor-talk mailing list