Expert Witness For Silk Road Suggests FBI Lied About How They Accessed Back-End Servers
Jared Sperli stashed this in security
The crux of the argument is here:
￼7. Without identification by the Government, it was impossible to pinpoint the 19 lines in the access logs showing the date and time of law enforcement access to the .49 server.23. The “live-ssl” configuration controls access to the market data contained on the .49 server. This is evident from the configuration line: 10root /var/www/market/publicwhich tells the Nginx web server that the folder “public” contains the website content to load when visitors access the site.24. The critical configuration lines from the live-ssl file are:allow 127.0.0.1; allow 126.96.36.199; deny all;These lines tell the web server to allow access from IP addresses 127.0.0.1 and 188.8.131.52, and to deny all other IP addresses from connecting to the web server. IP address 127.0.0.1 is commonly referred to in computer networking as “localhost” i.e., the machine itself, which would allow the server to connect to itself. 184.108.40.206, as discussed ante, is the IP address for the front-end server, which must be permitted to access the back-end server. The “deny all” line tells the web server to deny connections from any IP address for which there is no specific exception provided.25. Based on this configuration, it would have been impossible for Special Agent Tarbell to access the portion of the .49 server containing the Silk Road market data, including a portion of the login page, simply by entering the IP address of the server in his browser. As discussed in ¶ 24, the server was configured to refuse connections from all outside IP addresses with only one exception, the front-end server IP. Certainly, the IP address of the machine that Tarbell attempted to connect with did not have this IP address, and the server would therefore have refused his connection attempt.
There was, Horowitz says, a wall between the front end and the back end.
Is Horowitz correct? His assertions, while nuanced, are still going up against the scrutiny of an Internet full of sysadmins. “At this point aren’t we lead to believe that [Ulbricht] showed multiple cases of mismanagement. From this can we not call bullshit on the very definitive declaration by the defense that the webserver was explicitly configured to deny external connections?” wrote one Hacker News commenter. In any case, the jury is still out.
Is the FBI allowed to lie in the interest of national security?
That's getting down to a pretty fine point. How can you guarantee that there wasn't a temporary misconfiguration on the part of the admin? Also, there are lies of omission. Take the following sequence of events [redacted: the agent runs some sort of IP spoofer or zero day exploit], the agent enters the IP into the browser, [redacted: the agent uses the IP spoofer or exploit to gain entry], the agent archives the materials. Going the opposite way, there are plenty of known ways to get around such modest security measures. Likewise there are plenty of countermeasures to protect against them. Why would the actual steps be material to the case? Are they trying to make the case that they aren't guilty because the proof was illegally seized?
yep. If the evidence is illegal...