The Federal Bureau of Investigation (FBI) appears to have used a leak in Captcha to figure out where Silk Road drugstores are located, according to documents and witness testimonies filed with the court late last week.
The former FBI agent, Christopher Tarbell claimed that his service managed to locate the anonymous Silk Road servers using an IP leak found on the site's login page, containing Captcha.
Let's remind that the anonymous online drug market was offline last October, and its manager, Dread Pirate Roberts, also known as Ross William Ulbricht, was arrested at San Francisco Airport.
The Silk Road used the anonymous network Tor network to maintain the true IP address of the web server secret, but according to Tarbell's statement (PDF) the FBI spotted the Silk Road server by using the page's leak website which contained Captcha.
"The leak of the IP address came from Silk Road user login interface, ”said Tarbell. "After examining the individual data packets sent behind the website, we noticed that the headers from some packets reflected a specific IP address that was not associated with any of the known IPs of the Tor nodes and appeared to be the source of the packets. ”
“When we typed the IP address into a regular (non-Tor) web browser, a part of his login page appeared Silk Road (the Captcha prompt). Based on our training and experience, we understood that the IP was pointing to the SR Server's IP address, and that the "leak" from the SR Server was because the codeof the login page was not properly configured to work through Tor.”
Former Washington Post columnist and security researcher Brian Krebs posted excerpts from Tarbell's statement on the Krebs on Security website over the weekend, saying the mistake could be described as a "noob mistake."