Nearly a year after Silk Road was brought down by the FBI, police are finally shedding light on how they found the location of Silk Road’s server in Reykjavik, Iceland.
Ross Ulbricht, the man they claim was the mastermind behind the Deep Web black market, made a mistake configuring the site that leaked out Silk Road’s IP address and physical location, Wired reports.
The question of just how the FBI located and penetrated Silk Road’s servers has long been left unanswered, leaving many, including Ulbricht’s defense team, to wonder if the government used illegal methods to gain access.
At the FBI’s New York field office in June 2013, agents on the Silk Road website noticed data being returned from an IP address outside of the Tor network. When they directed their browser to that IP, the Silk Road login page appeared.
“This indicated that the Subject IP Address was the IP address of the SR Server,” FBI special agent Christopher Tarbell wrote, “and that it was ‘leaking’ from the SR Server because the computer code underlying the login interface was not properly configured at the time to work on Tor.”
That’s when they knew Silk Road’s servers, which the FBI said hosted by far the largest website on Tor at the time, were rented from a third party in Iceland. They were able to contact Reykjavik police to silently access and make a copy of the server.
If this account is true, it’s the result of extraordinarily poor decisions from Ulbricht. Instead of allowing only traffic from Tor exit nodes—and thus preventing this leak—Ulbricht’s oversight gave away the goldmine.
Many observers will remain unconvinced. Accusations of parallel construction have plagued not only the FBI but all federal law enforcement agencies. Last year, Snowden leaks revealed that the NSA shared secret intelligence with the Drug Enforcement Agency, who then disseminated them further to help investigations as deemed necessary. The NSA’s assistance could allow investigators to circumvent civil rights laws in an effort to make an arrest.
Ever since the October 2013 fall of Silk Road, questions have arisen about whether the FBI’s investigative techniques were entirely legal. In fact, Tarbell’s new explanation comes in response to allegations of illegal spying and demands from Ulbricht’s team to unveil the methods behind the investigation.
“Ulbricht offers no evidence of any governmental misconduct to support this sweeping claim,” prosecutors wrote. “Instead, Ulbricht conjures up a bogeyman—the National Security Agency (“NSA”)—which Ulbricht suspects, without any proof whatsoever, was responsible for locating the Silk Road server, in a manner that he simply assumes somehow violated the Fourth Amendment.”
It remains to be seen whether or not the judge will accept Tarbell’s explanation. Information security experts looking at the case are still deciding on plausibility but are in agreement that, if true, it’s a hell of a disappointment.
After all this time, learning the FBI essentially used “view-source” to decloak Silk Road is like learning the The Force is midi-chlorians
— Kevin Poulsen (@kpoulsen) September 5, 2014
running the silk road’s http daemon in a VM and giving it an RFC1918 address was apparently too hard for the DPR guy. Very awkwardsies…
— __builtinonuy_ (@0x0acebabe) September 6, 2014
With how SilkRoad’s hidden service was configured, anyone scanning the internet with zmap could have found it. *Anyone at all*
— Griffin Boyce (@abditum) September 6, 2014
What’s amazing about this is that the FBI didn’t actually need to hack SilkRoad to determine location. It could have just scanned netblocks.
— Griffin Boyce (@abditum) September 6, 2014
re-published on my blog. Some tips for making #Tor hidden services slightly more secure, in the wake of Silk Road https://t.co/nW6nHpcEwW
— K.M. Gallagher (@ageis) September 6, 2014
H/T Wired | Photo via Jeffrey Beall/Flickr (CC BY-SA 2.0) | Remixed by Fran Berkman