Tuesday, June 09, 2015

Thoughts on Silk Road trials

Great writeup on the Silk Road investigation by Wired magazine.  Silk Road was the most high-profile deep-web ebay clone for illicit drugs and paraphernalia, before it was seized by the FBI late last year.

The TLDR summary: real-life cybercrime investigations is nothing like you see on CSI:Cyber.  It's long tireless hours of surveillance, interrogations, complicated dealings between jurisdictions, and generally good old-fashioned police work.

The reason is because in real life, lengthy passwords, VPN, RSA cryptography, and all these technologies are actually pretty damn secure, which gives law enforcement quite a hard time.   It's humans that are fallible: we put untested code on live servers; we connect to our super-secure websites from Starbucks; we put incriminating notes and photos on Facebook; we even write detailed ledgers on paper.

So that scene where a Agent Bow Wow types really fast over 10-minutes plus commercial break, complains about doubly-encrypted firewall layers, then guesses a 12-character password on the first try based on Arabic nursery rhymes? That's not real life.