FBI reveals how location of Silk Road servers was tracked

11 Sep 2014

The FBI on Friday released the much awaited details of how they went about identifying the location of the Silk Road servers, hosted by the hidden service Tor, www.coinbuzz.com reported. Correct hosting on Tor effectively hides the real address and location of the site, so naturally many theories had floated around as to how FBI actually located the Silk Road servers. The million dollar question, however, was whether the NSA had been able to secretly crack Tor's anonymity features and provide the information to the FBI?

According to the FBI, which filed an affidavit in a New York court, where the alleged Silk Road operator would appear, the identification of the location of the servers happened due to the faulty configuration of the Silk Road login and CAPTCHA page. According to commentators, if this were indeed so, FBI was able to find the servers without having the ability to crack Tor.

The FBI said they entered miscellaneous characters into the Silk Road login and CAPTCHA boxes, which caused the anti-abuse service to ''pull content from the open internet, thus leaking the site's true location,'' which was in Iceland. This led to the arrest of Ross Ulricht, who, according to the FBI, was the operator of Silk Road.

But some people are still not convinced, as to whether the FBI really found the true server location by exploiting a faulty CAPTCHA service? According to security researcher Nik Cubrilovic who examined the FBI's affidavit, it was unlikely that the FBI obtained the information using the methods they described.

Meanwhile, Ulbricht had claimed earlier that FBI's methods were unlawful, potentially aided by ''non-national security criminal activity'' collected by the NSA - which allegedly could use ''illegal Tor-cracking techniques,'' and needed to be ''inadmissible in court under the 'fruit of the poisonous tree' doctrine.'' In other words, Ulbricht said the feds had violated his Fourth Amendment rights, Computer World reported.

Though the entire case could provide much fodder for conspiracy theorists, according to former FBI agent Christopher Tarbell, Ulbricht's various claims were bereft of any support in the law, were intended to vindicate his misguided conjecture about the NSA being ''the shadowy hand behind the government's investigation,'' say commentators.

Tarbell explained for the DOJ how the FBI discovered the location of Silk Road's server through a leaky and misconfigured login page, which did not involve accessing any administrative area or ''back door'' of the site.

He said the FBI simply interacted with the website's user login interface, which was fully accessible to the public, by typing in miscellaneous entries into the username, password, and CAPTCHA fields contained in the interface.