FBI claims no illegal techniques used in Silk Road case, security experts disagree

Home » FBI claims no illegal techniques used in Silk Road case, security experts disagree
Image source: https://www.flickr.com/photos/100239928@N08/

Image source: https://www.flickr.com/photos/100239928@N08/

On Friday, the FBI released a 58-page filing outlining the various investigation techniques used to unearth the details that ultimately resulted in the closure of online black marketplace Silk Road and the capture of its alleged mastermind, Ross “Dread Pirate Roberts” Ulbricht. The filing, written by FBI agent Christopher Tarbell, was a response to a motion filed by Ulbricht’s defense team last month that claimed the FBI used unlawful methods for gathering the data. If true, this would mean that all seized data and any evidence resulting from it would be inadmissible in court.

Not surprisingly, the FBI’s filing doesn’t see it that way. Tarbell wrote that Ulbricht’s “various claims are bereft of any support in the law,” and referred to the technical criticisms as a “pointless fishing expedition” and “misguided conjecture.” The FBI claims that the data was gathered lawfully, and that the Silk Road’s Tor-obscured server data was “leaking” an IP address due to an “apparent misconfiguration” in the CAPTCHA server on the login interface. That one mistake was all it took, the FBI claims, to begin piecing together the needed details, collect routing data, bring in “foreign authorities” for warrantless searches of the Silk Road’s Iceland-based servers (outside of U.S. jurisdiction) and otherwise slowly tighten the noose around the Silk Road operation.

According to former Tor project contributor and security investigator Runa Sandvik, however, the FBI’s version of events doesn’t add up. Speaking to Wired, Sandvik said that the CAPTCHA server wasn’t incorrectly configured, as it was hosted on the same server as the rest of the site. If the CAPTCHA was leaking data, the entire site would also be leaking data, indicating that Tor itself had become compromised.

“The way [the FBI] describe how they found the real IP address doesn’t make sense to anyone who knows a lot about Tor and how web application security works,” Sandvik told Wired. “There’s definitely something missing here.”

Another dissenting voice comes from Australian security consultant Nik Cubrilovic, who claims that users — and hackers — would have noticed a leaking IP data long before the FBI. Cubrilovic calls the FBI’s version of events “unreasonable,” and says that the filing’s description “raises more questions than it answers.”

“Anybody with knowledge of Tor and hidden services would not be able to read that description and have a complete understanding of the process that the agents followed to do what they claim to have done,” Cubrilovic said in a blog post. “Were the Silk Road site still live today, and in the same state it was as in back in June 2013 when the agents probed the server, you wouldn’t be able to reproduce or recreate what the agents describe in the affidavit.”

The implications of illegally gathered data by the FBI — what Wired‘s Andy Greenberg describes as sounding “a lot like hacking” — loom large in the case. It remains unclear what an “illegal” search means in this context, as multiple jurisdictions are involved. Even if the FBI used the blackest of black-hat techniques in their investigation, there is little clarity about what is and isn’t allowed under the Constitution.

“If the government did some intrusive injection of code, the issue will be whether Ulbricht can complain about it,” Hanni Fakhoury, an attorney with the Electronic Frontier Foundation, told Wired. “There are some very interesting Fourth Amendment questions, but it will depend on what exactly he did and the terms of his agreement with the web hosting company.”

New Casinos

Reel Fortune has the coolest free spin wheel I have ever seen. 

Get 180 free spins and up to 5 BTC in bonuses

CasinoMax: 325% match bonus up to $9750 + 25 bonus spins for 7 consecutive days

400% welcome bonus up to $8000. 40x wagering requirement is required prior to your first withdrawl

Great Welcome Slot Bonus!

Claim a HUGE 500% deposit bonus with no maximum with Crypto

© Copyright 2024 The Best Crypto and Bitcoin Casinos and Sports Betting Sites | Bitcoinx
Powered by WordPress | Mercury Theme