On Thu, Oct 03, 2013 at 03:25:23PM -0400, The Doctor wrote: > On 10/03/2013 01:49 PM, Ahmed Hassan wrote: > > One question is still remain unanswered. How did they locate > > Silkroad server before locating him? They had full image of the > > server before his arrest. > > Not sure. One hypothesis (and that's all it is - a hypothesis) is > this: The Silk Road may have been running on the same machine as a Tor > router and not a client. Finding the set of all Tor routers is > trivial. So, hammer on the hidden service while watching for > bandwidth utilization to go up on the Tor routers that you can surveil > to see which ones seem to respond appropriately. Pick away the > rendezvous nodes because they don't originate tunnels (they're not > clients). If the Tor router is running on a server or in a VM hosted > at a provider that could be subpoena'd or strongarmed, forensic images > of same could be acquired.
This is a fine research paper attack: http://freehaven.net/anonbib/#wpes09-bridge-attack and a good reason not to run your hidden service on your Tor relay, but I think it's highly unlikely to have been relevant in this case. That said, yes, the original question is unanswered still. --Roger -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
