Five mistakes of anonymity that cost the head of Silk Road freedom
The Ross Ulbricht case clearly shows how disregard for several banal measures to protect one’s own anonymity can result in a huge prison sentence. The owner of a clandestine drug market, Silk Road, was found guilty on all counts. It seems that behind bars he will spend from 30 years to the rest of his life. And this could have been avoided.
The marketplace, built by Horrible Pirate Roberts, was based on good anonymity technologies: the servers were securely hidden by means of the onion routing of the Tor network, and payment transactions between buyers and sellers were carried out using Bitcoin cryptocurrency. Externally, it is impossible to track anything. But Ulbricht made some ridiculous mistakes that resulted in a huge list of digital evidence at the trial.
A total of five major mistakes were made . The stupidity of some of them is amazing, but they are easy to understand - most likely, overconfidence accumulated over the years.
')
Bitcoin Bitcoin anonymity is often compared to the anonymity of transferring cash. But this is not an entirely correct comparison: absolutely all transactions are publicly available. Some websites (for example, Blockchain.info ) make it easy to track transactions on any wallet.
The Silk Road case showed that it is enough for law enforcement agencies to know the addresses of the wallets of both parties in order to track the movement of money. The prosecution did not cause any particular difficulties in tracing the proceeds of the drug-trafficking market on their way from the site’s wallets to Ulbricht’s wallets. There was a service called a tumbler on Silk Road; he passed coins through several wallets in order to confuse their flows. Perhaps Ulbricht forgot to use it, or the function simply does not work.
Chat logs. Thousands of chat log pages have helped the prosecution track the growth of Silk Road. Most of the communication was done via TorChat, a decentralized service that runs through Tor. It is almost impossible to establish who communicates with whom; thanks to encryption, messages cannot be intercepted either.
But Ulbricht made a mistake: he kept on his computer the chat logs in plain text, plain unencrypted text. The stupidity of the Terrible Pirate Roberts knows no limit: in TorChat, logging is disabled by default. Why Ulbricht turned on logging remains a mystery. Most likely, he considered that no one would see the logs, since they were stored on an encrypted disk.
Encryption. It is good as long as you do not have to gain access to protected data. And it will be necessary to do it sooner or later. That is why Ulbricht was caught at the very moment when he entered the Silk Road admin area.
Sometimes Ulbricht took his laptop with him to work away from home - a somewhat strange decision for the head of a criminal group with a turnover of millions of dollars. The owner of Silk Road was being tracked while he wandered around San Francisco. At some point, he went to the local library, opened a laptop and logged in. On that day, Ulbricht was sitting with his back to the rest of the people, which other administrators did not advise Silk Road to do.
The arrest was carried out in such a way that Ulbricht did not have time to close the lid, it would block the computer. This was the way to access the hard drive of the Terrible Pirate Roberts computer, which, among other files, contained correspondence logs, a personal diary (why bother keeping a diary with descriptions of illegal activities?), Spreadsheets and, most importantly, private encryption keys.
Asymmetric encryption involves the presence of two keys: private and public. With their help, you can sign the message so that the recipients can verify that the message was created by who the sender claims. Law enforcement agencies needed only to compare the keys from the
Facebook and other open web sites. The Silk Road also started from scratch, and in the early periods of the exchange's development - in January 2011 - Ulbricht tried to interest potential visitors. On the Bitcointalk.org forum from under the Altoid account, a topic was published asking if anyone used this new exchange.
It is possible that to cover his tracks, Altoid deleted the message, maybe someone else deleted it, but the original post was quoted by one of the participants in the discussion. So in Google, through the usual search, it was possible to establish the history of the formation of a drug exchange. Later in the same 2011, Altoid again had the imprudence to appear on the forum with a request for help on the operation of the service. The message was left contact e-mail address -
The prosecution was also helped by comparing Ulbricht's activity on the social networking site Facebook with the work of the Terrible Pirate Roberts. Everything was quite simple here: in February 2012, the head of Silk Road boasted in correspondence with one of the exchange administrators with a vacation in Thailand. Approximately at the same time photos from this country appeared on Facebook Ulbricht. It remains unclear why the head of the drug exchange in general could have a personal Facebook account.
Automatic login to the server. Silk Road servers were managed using SSH. This is a widely used protocol for remote access to a computer, while all data is encrypted during data transfer. Managed machines can be configured in such a way that the authentication will be performed not by the password entered from the keyboard, but by the key - the file on the computer's drive.
Only two accounts on the Silk Road server had full privileges, and one of them was called frosty, it was connected from the computer under the name frosty. As you can already guess, the laptop, which was withdrawn from Ulbricht, was called frosty, and from it the SSH account was actually logged in to frosty. Of course, any system can be called this word, but the very fact of entering SSH was part of the picture of events that convinced the court of Ross Ulbricht’s fault.
All these five mistakes once again demonstrate that the main threat to security and anonymity lies between the keyboard and the chair, and not somewhere deep in the algorithms or implementations of the ideas of cryptoanarchism.
Based on ITworld .
The marketplace, built by Horrible Pirate Roberts, was based on good anonymity technologies: the servers were securely hidden by means of the onion routing of the Tor network, and payment transactions between buyers and sellers were carried out using Bitcoin cryptocurrency. Externally, it is impossible to track anything. But Ulbricht made some ridiculous mistakes that resulted in a huge list of digital evidence at the trial.
A total of five major mistakes were made . The stupidity of some of them is amazing, but they are easy to understand - most likely, overconfidence accumulated over the years.
')
Bitcoin Bitcoin anonymity is often compared to the anonymity of transferring cash. But this is not an entirely correct comparison: absolutely all transactions are publicly available. Some websites (for example, Blockchain.info ) make it easy to track transactions on any wallet.
The Silk Road case showed that it is enough for law enforcement agencies to know the addresses of the wallets of both parties in order to track the movement of money. The prosecution did not cause any particular difficulties in tracing the proceeds of the drug-trafficking market on their way from the site’s wallets to Ulbricht’s wallets. There was a service called a tumbler on Silk Road; he passed coins through several wallets in order to confuse their flows. Perhaps Ulbricht forgot to use it, or the function simply does not work.
Chat logs. Thousands of chat log pages have helped the prosecution track the growth of Silk Road. Most of the communication was done via TorChat, a decentralized service that runs through Tor. It is almost impossible to establish who communicates with whom; thanks to encryption, messages cannot be intercepted either.
But Ulbricht made a mistake: he kept on his computer the chat logs in plain text, plain unencrypted text. The stupidity of the Terrible Pirate Roberts knows no limit: in TorChat, logging is disabled by default. Why Ulbricht turned on logging remains a mystery. Most likely, he considered that no one would see the logs, since they were stored on an encrypted disk.
Encryption. It is good as long as you do not have to gain access to protected data. And it will be necessary to do it sooner or later. That is why Ulbricht was caught at the very moment when he entered the Silk Road admin area.
Sometimes Ulbricht took his laptop with him to work away from home - a somewhat strange decision for the head of a criminal group with a turnover of millions of dollars. The owner of Silk Road was being tracked while he wandered around San Francisco. At some point, he went to the local library, opened a laptop and logged in. On that day, Ulbricht was sitting with his back to the rest of the people, which other administrators did not advise Silk Road to do.
The arrest was carried out in such a way that Ulbricht did not have time to close the lid, it would block the computer. This was the way to access the hard drive of the Terrible Pirate Roberts computer, which, among other files, contained correspondence logs, a personal diary (why bother keeping a diary with descriptions of illegal activities?), Spreadsheets and, most importantly, private encryption keys.
Asymmetric encryption involves the presence of two keys: private and public. With their help, you can sign the message so that the recipients can verify that the message was created by who the sender claims. Law enforcement agencies needed only to compare the keys from the
keys folder and the keys that signed the Terrible Pirate Roberts.Facebook and other open web sites. The Silk Road also started from scratch, and in the early periods of the exchange's development - in January 2011 - Ulbricht tried to interest potential visitors. On the Bitcointalk.org forum from under the Altoid account, a topic was published asking if anyone used this new exchange.
It is possible that to cover his tracks, Altoid deleted the message, maybe someone else deleted it, but the original post was quoted by one of the participants in the discussion. So in Google, through the usual search, it was possible to establish the history of the formation of a drug exchange. Later in the same 2011, Altoid again had the imprudence to appear on the forum with a request for help on the operation of the service. The message was left contact e-mail address -
rossulbricht@gmail.com , which allowed to connect the two network identity.The prosecution was also helped by comparing Ulbricht's activity on the social networking site Facebook with the work of the Terrible Pirate Roberts. Everything was quite simple here: in February 2012, the head of Silk Road boasted in correspondence with one of the exchange administrators with a vacation in Thailand. Approximately at the same time photos from this country appeared on Facebook Ulbricht. It remains unclear why the head of the drug exchange in general could have a personal Facebook account.
Automatic login to the server. Silk Road servers were managed using SSH. This is a widely used protocol for remote access to a computer, while all data is encrypted during data transfer. Managed machines can be configured in such a way that the authentication will be performed not by the password entered from the keyboard, but by the key - the file on the computer's drive.
Only two accounts on the Silk Road server had full privileges, and one of them was called frosty, it was connected from the computer under the name frosty. As you can already guess, the laptop, which was withdrawn from Ulbricht, was called frosty, and from it the SSH account was actually logged in to frosty. Of course, any system can be called this word, but the very fact of entering SSH was part of the picture of events that convinced the court of Ross Ulbricht’s fault.
All these five mistakes once again demonstrate that the main threat to security and anonymity lies between the keyboard and the chair, and not somewhere deep in the algorithms or implementations of the ideas of cryptoanarchism.
Based on ITworld .
Source: https://habr.com/ru/post/376717/
All Articles