Topic: EUROPOL THREATENS TO COME AFTER PEOPLE USING BITCOIN ON DARK NET

[devnullius]

(It's a bitcoin article but I posted it in Around the Web for it stands for something bigger... Not even the darknet is independent and can be controlled)

FROM: https://www.cryptocoinsnews.com/europol-threatens-come-people-using-bitcoin-dark-net-marketplaces-like-silk-road-3-0/

By Caleb Chen

Dark net marketplaces are facing increased action from governments around the world, as anticipated In a release today, the United Kingdom National Crime Agency revealed their part in the ongoing Operation Onymous that has brought several country’s best online crime agencies together to bring down over 400 dark net websites, not all of them marketplaces. The UK NCA worked with the European Cybercrime Center to take down the infrastructure supporting these sites.

The news of coordinated government action against Dark net marketplaces came to light with the closing of Silk Road 2.0 yesterday morning and the arrest of Blake “Defcon” Benthall, who has admitted to being the administrator of Silk Road 2.0. In total, over a dozen people have been arrested around the world in Ireland, Germany, and the United States.

UK NCA’s Deputy Director Roy McComb commented:

“Over the months since the original Silk Road was taken down, we have been working with partners in the US and Europe to locate technical infrastructure, key to the dark web and to investigate individuals suspected of significant involvement in illegal online market places. Those arrested by the NCA in this phase of the operation are suspected of setting up Silk Road 2.0, or of being significant vendors of illegal drugs.

CCN: World's Largest & Leading Independent Bitcoin News Source

“The operation is ongoing and more arrests can be expected as we continue to investigate those involved in setting up and profiting from these illegal market places. Criminals like to think that the dark web provides a safe, anonymous haven but in reality this is just like any other organised crime network. It may take time and effort to investigate and build a criminal case, but we are determined to identify and prosecute people caught dealing drugs and committing serious crime using the dark web.”

Also read: Operation Onymous Also Shut Down Dark Net Marketplaces Cloud 9, Hydra, and More

Europol Attempts to Scare Users Away from the Dark Net

Also publicized today, Europol has participated in 17 different arrests around the world (TechCrunch tries to ID some of the unannounced ones here). Europol’s head, Oerting, puffed his chest like the FBI:

“In the next wave we’re going to come after people using these sites,” he said. “They might hear a knock at the door.”

However, Oerting declined to comment on whether or not any of Europol’s 17 arrests picked up any child pornography or weapons. Oerting claims that the “libertarian arguments that online markets reduce violent drug-related crime are wrong, as the violence merely goes unseen.” It’s always nice to see heads of agencies make unfounded claims in the hope of increased publicity. Oerting even went so far as to say specifically:

“I think there will be more than 55 different markets shut down. We didn’t get (major sites) Agora or Evolution, because there’s only so much we can do on one day.”

The vast majority of dark net marketplaces have security measures in place to protect their users identities and funds. Are users of Dark net marketplaces really in trouble? Comment below!

[Samker]

Everyday is getting worse...

[devnullius]

SOURCE

This is how they did it last time... Thought it was a new article, but it's from Sept. 11th, a date I know very well 

BY TAYLOR TYLER

The FBI released much awaited information Friday detailing how exactly they identified the location of the Silk Road servers, which were hosted through Tor as a hidden service. If done correctly, hosting a website through Tor effectively hides the real address and location of the site, so naturally many theories arose as to how the FBI actually located the Silk Road servers. The main question being, had the NSA secretly cracked Tor’s anonymity features and provided the information to the FBI?

The FBI said in an affidavit filed in the New York court where the alleged Silk Road operator is set to appear that they identified the location of the servers by exploiting a faulty configuration of the Silk Road login and CAPTCHA page. If true, this would indicate that the FBI was able to find the servers without having the ability to crack Tor.

By typing miscellaneous entries into the Silk Road login and CAPTCHA boxes, the FBI claimed that the “anti-abuse” CAPTCHA service “pulled content from the open internet, thus leaking the site’s true location,” which was in Iceland. This eventually led to the arrest of Ross Ulricht, who the FBI alleges was the operator of Silk Road.

But did the FBI really find the true server location by exploiting a faulty CAPTCHA service? That’s the question security researcher Nik Cubrilovic is asking. In a blog post published Sunday, Cubrilovic examined the affidavit released by the FBI and said it’s unlikely that the FBI obtained the information using the methods they described.

“Anybody with knowledge of Tor and hidden services would not be able to read that description and have a complete understanding of the process that the agents followed to do what they claim to have done. Were the Silk Road site still live today, and in the same state it was as in back in June 2013 when the agents probed the server, you wouldn’t be able to reproduce or recreate what the agents describe in the affidavit.”

Cubrilovic goes on to claim that the CAPTCHA was not in fact a third-party hosted CAPTCHA as some are claiming, but it was hosted on the same server and endpoint. Cubrilovic says he spent “a lot of time investigating and testing” the Silk Road site while it was still operational, looking for security holes for “sport.”

“The idea that the CAPTCHA was being served from a live IP is unreasonable,” continued Cubrilovic. “Were this the case, it would have been noticed not only by me – but the many other people who were also scrutinizing the Silk Road website. Silk Road was one of the most scrutinized sites on the web, for white hats because it was an interesting challenge and for black hats since it hosted so many bitcoin (with little legal implication if you managed to steal them).”

Cubrilovic claims he even attempted to recreate and document the same exploit but couldn’t do so.

“No matter how much I intentionally misconfigured the server, or included scripts from clearnet hosts, I never observed traffic from a non-Tor node or a ‘real’ IP address.”

While it’s widely known that the Silk Road servers had their fair share of security issues – and Ulbricht was far from a programmer – Cubrilovic says it’s likely that the FBI is still hiding their true methods used to crack the servers.

“A much more plausible explanation is that the FBI discovered a security exploit or information leak in the login page, in the same way a number of other people discovered similar security holes or information leaks in both the login page and the Silk Road application itself.”

There were at least two incidents where a particularly imminent security vulnerability was discovered and made public on Reddit, back in March 2013 and May 2013.

Cubrilovic notes that the FBI was conducting their investigation into Silk Road during this exact time and could have easily exploited these security holes to find an IP address.

“A more likely scenario for how the FBI uncovered the real IP address would thus be that they either saw the debug information, or – more likely – took advantage of a security vulnerability in the login page and forced the server to output its $_SERVER variable,” which would explain the FBI statements about “typing in miscellaneous entries” into various fields in order to produce the IP.

So why wouldn’t the FBI just detail the exact methods they used to find the IP?

“The FBI have good reason to not mention any bugs or forcing the server to do anything, and to pretend that they simply picked up the IP address from the wire, since such actions would raise concerns about how lawful their actions in uncovering the IP address were. What we do know is that their description of “packet sniffing” for the IP through a “leak” is impossible,” said Cubrilovic.