The Fbi Finally Says How It Legally Pinpointed Silk Road S Server

The FBI claims to have found the server’s location without the NSA’s help, simply by fiddling with the Silk Road’s login page until it leaked its true location. In the latest filing, however, former FBI agent Christopher Tarbell counters Ulbricht’s defense by describing just how he and another FBI agent located the Silk Road server in June of last year without any sophisticated intrusion: Instead, he says, they found a misconfiguration in an element of the Silk Road login page, which revealed its internet protocol (IP) address and thus its physical location. As they typed “miscellaneous” strings of characters into the login page’s entry fields, Tarbell writes that they noticed an IP address associated with some data returned by the site didn’t match any known Tor “nodes,” the computers that bounce information through Tor’s anonymity network to obscure its true source. And when they entered that IP address directly into a browser, the Silk Road’s CAPTCHA prompt appeared, the garbled-letter image designed to prevent spam bots from entering the site. “This indicated that the Subject IP Address was the IP address of the SR Server,” writes Tarbell in his letter, “and that it was ‘leaking’ from the SR Server because the computer code underlying the login interface was not properly configured at the time to work on Tor.” The actual message reads, For many Tor fans and advocates, The Dread Pirate Roberts’ goof will no doubt be labeled a noob mistake, which perhaps it was. But as we have said time and again, staying anonymous online is hard work, even for those of us who are relatively experienced at it. It’s so difficult, in fact, that even hardened cybercrooks eventually slip up in important and often fateful ways (that is, if someone or something was around at the time to keep a record of it). “The Subject IP Address caught our attention because, if a hidden service is properly configured to work on Tor, the source IP address of traffic sent from the hidden service should appear as the IP address of a Tor node, as opposed to the true IP address of the hidden service, which Tor is designed to conceal. When I typed the Subject IP Address into an ordinary (non-Tor) web browser, a part of the Silk Road login screen (the CAPTCHA prompt) appeared. Based on my training and experience, this indicated that the Subject IP Address was the IP address of the SR Server, and that it was ‘leaking’ from the SR Server because the computer code underlying the login interface was not properly configured at the time to work on Tor.” A copy of the government’s declaration on how it located the Silk Road servers is here (PDF).