This article originally appeared at The WHIR
A cybersecurity expert has accused the FBI of lying about how it found the Icelandic server hosting Silk Road. Nik Cubrilovic, an information security consultant and former TechCrunch writer, says in a lengthy blog post that the FBI explanation of how it beat the Tor network and found the server, and ultimately the site’s operator, is “impossible,” and at best incomplete.
Silk Road (in its first iteration) was shut down by the FBI in 2013 and Ross Ulbricht was charged with being the sites operator The Dread Pirate Roberts. Ulbricht’s trial defense sought to have evidence thrown out on grounds that the server was identified through illegal means, and the FBI defeated the motion by explaining its methods.
That method, according to court documents, allowed the FBI investigators to identify a “non-Tor source IP address reflected” in CAPTCHA-related packet headers.
Cubrilovic says that the IP could not be obtained from “leaky CAPTCHA” because CAPTCHA was not being served from a live IP.
“The idea that the CAPTCHA was being served from a live IP is unreasonable,” Cubrilovic writes. “Were this the case, it would have been noticed not only by me – but the many other people who were also scrutinizing the Silk Road website.”
He goes on to detail several other flaws in the official FBI explanation, including a failed test to replicate the results, and suggests several alternative methods the agency might have used, and reasons for not disclosing them.
Ulbricht has been charged with narcotics trafficking and money laundering conspiracy.
One of the four Pirate Bay co-founders was arrested in June after four years on the lam. His eight month prison sentence and $6.9 million fine could be dwarfed by Ulbricht’s sentence if he is convicted.
This article originally appeared at: http://www.thewhir.com/web-hosting-news/fbi-use-illegal-techniques-find-silk-road-server
