[HN Gopher] A dark web tycoon pleads guilty, but how was he caught? ___________________________________________________________________ A dark web tycoon pleads guilty, but how was he caught? Author : havella Score : 108 points Date : 2020-02-10 13:24 UTC (9 hours ago) (HTM) web link (www.technologyreview.com) (TXT) w3m dump (www.technologyreview.com) | sarakayakomzin wrote: | what's with the sensationalism? | https://en.wikipedia.org/wiki/Freedom_Hosting | | https://www.infoworld.com/article/2611636/tor-browser-bundle... | agoristen wrote: | This report came out only a few months before he was caught: | https://www.reddit.com/r/onions/comments/1guiav/we_have_anal... | | He was likely de-anonymized through this technique or similar. | The issue was that he trusted the Tor network to keep him | anonymous and paid for the servers with his real identity. | justaj wrote: | Just to be clear: The v3 onion services fix that weakness, | right? | emayljames wrote: | I am merely give my opinion, but a service created by the US | government/Military is going to have undocumented "issues". I | would not trust it one shred. | bufferoverflow wrote: | Tor is open source: | | https://www.torproject.org/download/tor/ | | So, no undocumented issues. | emayljames wrote: | Yes, it is Open Source of course, by undocumented I refer | to vulnerabilities that are not documented or found in | the open yet. The best yardstick out there is to say | 'would Edward Snowden use/recommend it?'. | | Edit: https://edwardsnowden.com/docs/doc/tor-stinks- | presentation.p... | ngcc_hk wrote: | Issues can be undocumented if it is found by the 3 letter | one, as pointed out in the article. | jokoon wrote: | I believe tor was researched designed and developed by | the government | robtaylor wrote: | "https://www.reddit.com/r/onions/comments/1guiav/we_have_anal.. | . | | We have _analyzed_ for those wondering! | [deleted] | Pigo wrote: | The military needs, or needed, Tor to be functioning and | anonymous for their own use, correct? | strictnein wrote: | Tor was created to help dissidents of other nations | communicate. The military does not run on Tor. | cronix wrote: | > Tor was created to help dissidents of other nations | communicate [1] | | Why would the US Navy develop something to help dissidents in | other nations? | | [1] https://en.wikipedia.org/wiki/Tor_(anonymity_network)#His | tor... | | > The core principle of Tor, "onion routing", was developed | in the mid-1990s by United States Naval Research Laboratory | employees, mathematician Paul Syverson, and computer | scientists Michael G. Reed and David Goldschlag, with the | purpose of protecting U.S. intelligence communications | online. Onion routing was further developed by DARPA in 1997 | dsl wrote: | > Why would the US Navy develop something to help | dissidents in other nations? | | From their website: "The [Naval Research Laboratory] works | closely with the National Security Agency (NSA), Space and | Naval Warfare Systems Command (SPAWAR), Defense Advanced | Research Projects Agency (DARPA), and Defense Information | Systems Agency (DISA)." | ohithereyou wrote: | It's also designed for dissidents in countries that are | either opponents or rivals of the US: Russia, China, Iran, | North Korea, Brazil, and Venezuela. It allowed for pro-US | dissidents and agents to stay unidentifiable to these | nations while distributing pro-US messages. | pbhjpbhj wrote: | >Why would the US Navy develop something to help dissidents | in other nations? | | Seriously? USA's notorious for not wanting to influence the | destiny or politics of other countries, eh. /s | Diederich wrote: | That was the purpose of the initial DARPA grants funding Tor. | searcher1 wrote: | The military and intelligence needs _use_ of Tor to be | functioning and anonymous more than they need hidden services | to be functioning and anonymous. The unknown "investigation" | technique in this article is about deanonymizing hidden | services, not individual Tor users (at least not directly, they | used the discovery of the hidden services to send an exploit | which _has_ been publicly identified to individual users). | jascii wrote: | That seems fairly trivial considering he was in the business | of renting out webspace. | marta_morena wrote: | This sounds fishy. He probably pleaded guilty as part of a plea | deal, so law enforcement has a scapegoat and some meaningless | "media success" in exchange for him getting a drastically reduced | sentencing. They always do that, threaten people with insane | penalties if they don't accept so shitty plea deal and if you are | not super certain that you can win, you will likely accept that | one, just because it seems "safer". | | There are a LOT of cases like this, just most of them don't gain | this publicity. Actually, 95% of court cases never reach court | because of this. Innocent people plead guilty because they don't | have the wealth and resources to win in court. USA is a shithole | when it comes to law enforcement. Medieval and sad. Land of the | free (as long as you are rich, that is). | dotancohen wrote: | > Land of the free (as long as you are rich, that is). | | What did you think "capitalism" meant? Rule of those with | capital. | ChrisCinelli wrote: | As a side note: | | Promise (YC startup) was also saying that 70% of people in | jails are waiting for judgement or are in for a technical | violation (ex: did not show up to a hearing). And being in | jails they end up losing their job, eventually they lose their | house etc. | | This is a space with a lot of low hanging fruits. And minor | fixes may end up doing a lot of good. | throwawaybbb wrote: | These people are too poor to be a viable market. There is a | lot more money in getting more of them in prison than getting | them out. | heartbeats wrote: | It's not so simple. | | Why do we have education? | | Firstly, because there's needed some way to filter people. If | you get 100 applicants, you can't make a detailed | consideration. But if only 30 have degrees, it's much easier. | So there is a signalling effect. | | But secondly, and more importantly, because you need | somewhere to have these kids. If there's ten million jobs and | ten million two hundred thousand jobs, you'll get problems. | This is also why many countries had military service, to | further improve on the unemployment figures. | | "We didn't raise [the school leaving age] to enable them to | learn more! We raised it to keep teenagers off the job market | and hold down the unemployment figures." | | Prison is just a logical extension of this. If they weren't | in prison, they would be unemployed and causing all sorts of | trouble. | dmos62 wrote: | You might be responding to the wrong post. | [deleted] | deadEndDave wrote: | >> They always do that, threaten people with insane penalties | if they don't accept so shitty plea deal and if you are not | super certain that you can win, you will likely accept that | one, just because it seems "safer". | | Actually they don't. | | What they do is tell you the maximum amount of jail time you | can get for the crimes for which you are being charged with. If | you're good and cooperate with them, then the DA tells the | judge that and they work to get you a reduced sentence. Be a | prick or attempt to impeded their investigation or fall on the | sword for your "homies" and they have the authority to go after | the stiffest sentence possible. Even then its up to the | presiding judge to ultimately take into account what the DA has | told them and what the defense presents for its part and decide | sentencing along predefined guidelines. | | Your entire comment is completely false and shows a total lack | of knowledge of the US criminal justice system. | | >> Innocent people plead guilty because they don't have the | wealth and resources to win in court. USA is a shithole when it | comes to law enforcement. Medieval and sad. Land of the free | (as long as you are rich, that is). | | You have the opportunity to be represented by a court appointed | lawyer if you can't afford one. Depending on your case, if you | actually do your homework, its pretty easy to find an attorney | who will take your case for free. I've seen many, many low | income defendants retain a real defense lawyer to try their | case. | | Also, you do not "win" in a criminal case, you are either found | "guilty" or "not guilty". | casefields wrote: | Mirror: https://outline.com/L8ebnZ | [deleted] | jokoon wrote: | Isn't it rather trivial to find who is accessing a website if you | can manage to monitor tor nodes? Just do some heuristic, to see | when traffic happens, and over time, narrow down users. | | If you're the FBI and have the authority to monitor the whole | internet, isn't it trivial to catch any tor user? | | Tor is still secure, but of course if you are the government and | have skilled engineers, time and admin access to the internet | infrastructure (by legit or covert means, I'm pretty sure the US | can monitor traffic outside his jurisdiction), tor is not safe. | But tor is still safe from countries other than the US, unless | the US government have a problem with what you're doing. | | I would still be curious to see if tor does counter this problem | by passively sending traffic to avoid this. Anyway I stand that | there are 2 kinds of security: security against small bad actors, | and security against competent, resourceful, big actors. The | latter is usually impossible to get because it becomes extremely | fastidious and complicated. | safety-third wrote: | This would be more NSA jurisdiction and they do. The problem is | most people's assumption is that if one part of the government | has it, then everyone gets it. This is wildly false. Even | within the FBI itself, different departments and cases get | different tiers of access. | | Even when the case agents get access, policy dictates what | evidence is allowed to be taken to a public trial. Otherwise | you get repeats of the FBI/4chan/8chan debacle. This is | especially true for legal "grey areas" like mass surveillance. | This means that agents will often get evidence they won't use | in order to guide active surveillance using more legal means in | order to collect evidence they feel comfortable admitting in | public court. | pier25 wrote: | OTOH if these techniques and vulnerabilities were made public it | would benefit cybercriminals as they could defend themselves | better. | DINKDINK wrote: | >if these techniques and vulnerabilities were made public[...] | | Should the government prove that it followed the law when | investigating a criminal? Did they obtain the proper warrants | that people recognize preserve stable law and order? | | It's unreasonable to assume that the vulnerability, that | brought this case to justice, is the last one that could ever | be used. More so, if you assume that most people are good and a | healthy society needs privacy, we now know that there is a | vulnerability that will affect more good people than bad and we | are duty bound to protect good people's privacy. | | Checks on the government's power aren't there to let 'bad | people' go free, there there because we know if we let the | government's power reign free, more good people will be hurt | than the few 'bad people' we punish. | pier25 wrote: | I'm not saying the authorities would not have to describe its | investigative methods to a judge. What I'm saying is making | them available to the general public. | MaupitiBlue wrote: | > Should the government prove that it followed the law when | investigating a criminal? | | They do, but only if the defendant requires them to do so. | | What's happening here is that the prosecutors told the | defendant "look, we all know you did it, so plead guilty and | we'll recommend a light sentence. You have a right to make us | reveal our tor backdoor, but if you do the plea offer is off | and we will have the trial, and win, and ask the judge to | send you to prison until you die." | | I'm sure the defendant is very interested in learning about | the tor backdoor, but the idea of getting out of prison one | day seems a little more compelling. | onetimemanytime wrote: | >> _Should the government prove that it followed the law when | investigating a criminal? Did they obtain the proper warrants | that people recognize preserve stable law and order?_ | | That is the concern. A lot of people say "you either did it | or not" but the Fourth Amendment disagrees...any evidence | must be obtained by following the law. | A4ET8a8uTh0 wrote: | In theory, maybe. As in, I agree with you on principle, but | if you do even a cursory read about recent abuses that | include parallel construction, PATRIOT act and BSA, you may | find that it is no longer the case. | | Hell, during my last attended CAMS conference, FBI guy | outright said said that if the new lawyer doesn't know how | to play ball with those ( informatikn gathered by SARs ), | he gets pulled to the side and told whats what. | | Chilling. And no one questioned it. Including me. | ChrisCinelli wrote: | I was going to write that the world is moving toward hiding | some technologies from the public domain and facts are also | hidden. And that requires a very high trust in those that | manage these secrets. | | In reality I realized that this has always been the case in the | last 100 years. | ChrisCinelli wrote: | This realization come to new questions. | | In some regards, we are beyond democracy since the voters do | not know what is going on and to be fair even if they knew | it, most of them will be unable to know what it means. | | If the system is hidden who is making sure that who control | remain in the good side? | | Is something changing inside the system? | | Who is going to make sure the system stay on the good side? | | Now Star Wars plot comes to mind... | philpem wrote: | It would also benefit whistleblowers, investigative journalists | and other groups who routinely use Tor... | ChrisCinelli wrote: | Unfortunately most of the things can be used for good and for | bad. | | Secret communication is definitely one of them. And since the | negative potential is huge, there is always going to be a | incredible incentive of those looking for the criminals to | inspect any form of communication. I think the potential of | misuse by the "bad guys" is a lot higher at the moment | compare to "good guys" to be caught. | | So for the general public, if you are not doing anything bad | you should not worry... Right? | | I am a little paranoid. For example that things may shift in | a way that today the "good guys" do not expect or undervalue. | | What if in the future the good guys become the bad guys? Or | what if the bad guys get in control of the systems the "good | guys" have? | | And of course in some countries the majority may be the "bad | guys"... And in other things may not be so black or white. | loufe wrote: | Not to mention the American Military which commisioned the | technology/service for their own use in the first place. | pier25 wrote: | Good point | ohithereyou wrote: | Okay, and? | | By that logic, the government shouldn't ever have to describe | its investigative methods and prove they both comport with the | law and accepted science because if their investigative methods | are known then criminals benefit. | whatshisface wrote: | Law enforcement watches criminals, the judicial system watches | law enforcement, the public watches the judicial system. Break | one link in the chain and criminals will run free everywhere. | searcher1 wrote: | If you're wondering why a web host, who could potentially be | immune to prosecution under CDA 230, was charged with the | distribution of child pornography, according to the warrant [1] | an admin of one of the pedo sites claimed that Freedom Hosting | had "full control" over the websites (well, he had root access to | the servers, but so did OVH), was patching the websites, that the | pedo site hosting was free, and that he assumed that Marques | covered the hosting costs as a service to the "pedo community". | Technically the prosecutors might have had to prove that he knew | what the sites were hosting, but he did plead guilty. Hopefully | the actual operators of the pedo sites are found and prosecuted, | and not just this sysadmin. | | [1] | https://www.courtlistener.com/recap/gov.uscourts.mdd.247657/... | vilhelm_s wrote: | CDA 230 immunity doesn't apply to federal crimes, only to civil | lawsuits and state crimes. This was prosecuted under federal | laws against child pornography, so it would not help them | anyway. | freedrock87 wrote: | "According to the warrant". Take that with a grain of salt. | SadWebDeveloper wrote: | afaicr the bug used was the one reported as MFSA 2013-53 aka | CVE-2013-1690[1] but someone correct me if m wrong. | | [1] https://www.mozilla.org/en- | US/security/advisories/mfsa2013-5... | Causality1 wrote: | It's strange to me that people who make a habit of doing | fantastically illegal things on the internet are always so sloppy | about it. Even if they don't have the technical ability to break | into their neighbor's wifi or set up a long range antenna to | connect to an open access point they can still get a burner | smartphone and drive to a Starbucks. Back when I used to torrent | my TV shows I didn't even let my piracy laptop touch my home | network and I never used that machine for anything other than | downloading. | jascii wrote: | I suspect that if you have a useful understanding of | information security there are better/easier/less risky ways to | make money then crime.. | gwbas1c wrote: | Where there's a will, there's a way. | | The internet is designed to send data from point A to point B. | Keeping point A and point B truly anonymous means that the | internet won't work. | | Tools like Tor don't really protect you, it's more like they | make it hard enough to figure out who you are that only people | with strong incentives will track you down. | pinkfoot wrote: | > Keeping point A and point B truly anonymous | | Read and write encrypted packets to alt.anon ? | thinkloop wrote: | Upvoted. Another perspective is that if you are smart enough to | know, then you're smart enough to know it's an impossible | mission against state actors given enough time and would never | try it. Downloading a movie at a Starbucks is one thing, | running a 24/7 hosting operation without every accidentally | leaking a single piece of data is nigh impossible. | tonyedgecombe wrote: | I expect they thought they were doing the right thing by using | Tor. | Analemma_ wrote: | > It's strange to me that people who make a habit of doing | fantastically illegal things on the internet are always so | sloppy about it. | | This is completely the wrong way to think about it. Remember | the Defender's Dilemma: to run an illegal business like this, | your opsec needs to be _perfect_ : every single possible | channel of information leakage (including the "unknown | unknowns"), every minute, every hour, every day, forever. You | need to be lucky every time, the feds only need to be lucky | once. | | When you focus on the specific mistakes that people made and | thus call them "sloppy", you're missing all the things they did | right; you might not have made those mistakes if you were in | their position, but you would've made different mistakes. | zelly wrote: | > drive to a Starbucks | | Didn't help Ross. It's a bad idea to do illegal stuff in | public. | ChrisCinelli wrote: | It is a bad idea to do illegal stuff. | homonculus1 wrote: | Depends on your value system. Another perspective is that | some laws ought to be broken, in spite of the potential | consequences. | ChrisCinelli wrote: | If the values of a person are "achieving personal power" | in first position and "respect others" in last, that | person may be ok to steal. | | I hear some people arguing that in business "not breaking | the laws" is not the problem unless they get caught and | even in that case, it is a problem only if the | consequences end up costing more than the gain they | receive in doing it. | | So a person with those value may end up breaking the law. | Are you saying it is ok? | homonculus1 wrote: | There are numerous unjust laws that infringe on the | rights of the individual. Not only is it morally | defensible to break such laws, but it is a good for | respectable people to do so in order to reclaim | behavioral territory and psychological freedom from the | police state. This demonstrates to others that being a | "criminal" is not a moral status but a legal one. | | It may even be a social duty. | HideousKojima wrote: | Ross was dumb enough to get fake passports/ids shipped | directly to his home address | not2b wrote: | He made lots of stupid mistakes. | | https://www.theguardian.com/technology/2013/oct/03/five- | stup... | edm0nd wrote: | While Ross did do some bad things, I do not think it is | enough to warrant a double life sentence plus forty years | without the possibility of parole. | | El Chapo, an actual drug cartel member who is directly | responsible for thousands of deaths, only got a single life | sentence. | | Ross got screwed on his sentencing and it is totally | unjustified. | | Free Ross! | alasdair_ wrote: | >or set up a long range antenna to connect to an open access | point | | Sure, this works for torrenting TV shows. If you are the number | one peddler of child porn on the planet however, this won't | help you for very long. The FBI (or whatever national police | force is trying to find you) will just go to the access point, | realize you're connected remotely and triangulate your position | with (essentially) some signal-strength meters in much the same | way the FCC tracks down particularly disruptive unlicensed | broadcasters. | agoristen wrote: | We don't actually know for sure that he was doing "illegal | things". He was running a hosting company ("Ultra Host") on the | public facing web and later launched Freedom Host as a side | business, or perhaps better described as a charitable hosting | service to contribute to the Tor network. Freedom Host offered | FREE hosting to people on the Tor network. What liability does | he have if other people use his host for illegal things? From | what I understand he was never personally involved in any of | these activities. | | One can argue that he had to know about it, perhaps so, but the | way he's being portrayed by LE and media is as if he was the | kingpin of child porn. That's far from the truth. Freedom host | served half of the Tor network, including perfectly legitimate | services like Tormail, wikis etc. | | I think his mistake in not cloaking the identity used to | purchase servers can be explained this way: He was never | planning to host CP starting out (or do anything else illegal | for that matter). He probably thought universally recognized | no-liability laws would apply to Freedom Host just as any other | hosting business. Perhaps he later went down a darker path, but | at that point it was too late. | | The fact that he now pleads guilty means absolutely nothing | however. Remember, he was extradited from his country to USA, | and while he should never have been sent there, he now have to | adapt to the way the "justice system" works over there and it | works kind of like this: 5000 years in jail or take a plea deal | and get away with 15-30 years. Even if he is innocent, you need | to realize that when you're facing a kangaroo court and | subsequent rotting away in jail for life it might be better to | pick the lesser evil. | [deleted] | jandrese wrote: | Or the only people who get caught doing illegal stuff on the | internet are the ones who are sloppy and give themselves away. | dmschulman wrote: | Confirmation bias. | | Imagine all of the criminals out there who are running | operations so well oiled that they leave little exposure for | being caught. | ohmygodel wrote: | Running a hosting server for onion services, as was done in this | case, is a terrible idea. It greatly increases the risk of | deanonymization. The question is less how this hosting service | was discovered and more how it ever stayed up long enough to | become so notorious. Here's why: | | 1. Each hidden service chooses a "guard" relay to serve as the | first hop for all connections. | | 2. A server running multiple hidden services has a guard for each | of them. Each new guard is another chance to choose a guard run | by the adversary. | | 3. An adversary running a fraction p of the guards (by bandwidth) | has a probability p of being chosen by a given hidden service. A | hosting service with k hidden services is exposed to k guards and | thus has ~kp probability of chosen an adversary's guard. With, | say, 50 hidden services, an adversary with only 2% of guards has | nearly 100% chance of being chosen by one of those 50 hidden | services. | | 4. The adversary can tell when it is chosen as a guard by | connecting to the hidden service as a client and looking for a | circuit with the same pattern of communication as observed at the | client. Bauer at el. [0] showed a long time ago this worked even | using only the circuit construction times. | | 5. The adversary's guard can observe the hidden service's IP | directly. | | The risk of deanonymization with onion services in general (i.e. | even not using an onion hosting service) is significant against | an adversary with some resources and time. Getting 1% of guard | bandwidth probably costs <$500/month using IP transit providers | (e.g. relay 8ac97a37 currently has 0.3% guard probability with | only ~750Mbps [1]). And every month or so a new guard is chosen, | yielding another chance to choose an adversarial guard. Not to | mention the risk of choosing a guard that isn't inherently | malicious but is subject to legal compulsion in a given | jurisdiction (discovering the guard of a hidden service has | always been and remains quite feasible with little time or money, | as demonstrated by Overlier and Syverson [2]). | | [0] "Low-Resource Routing Attacks Against Tor" by Kevin Bauer, | Damon McCoy, Dirk Grunwald, Tadayoshi Kohno, and Douglas Sicker. | In the Proceedings of the Workshop on Privacy in the Electronic | Society (WPES 2007), Washington, DC, USA, October 2007. | | [1] | <https://metrics.torproject.org/rs.html#details/014E24C0CD21D... | | [2] "Locating Hidden Servers" by Lasse Overlier and Paul | Syverson. In the Proceedings of the 2006 IEEE Symposium on | Security and Privacy, May 2006. | bufferoverflow wrote: | That only leads you to the server though, not to the person | managing it. | edm0nd wrote: | But that's all they need though. | | A simple national security letter (NSL) without even needing | to get a warrant and BOOM you can tap the server and get all | info about the person running it. | ohmygodel wrote: | In this case, the main question is how the server was | discovered, not how the operator was then deanonymized. As | the article describes, after the server was discovered to be | in France and run by OVH, authorities used legal treaties | ("MLATs") to obtain the subscriber information, leading them | to the person that recently plead guilty in court. | mirimir wrote: | That's a very good explanation! | stock_toaster wrote: | Interesting. Looking for more info on what you were talking | about (with regard to "guards"), I dug up this post[1] which | has some info too. | | [1]: https://blog.torproject.org/announcing-vanguards-add- | onion-s... | ohmygodel wrote: | The page you link describes "vanguards" which apply the guard | logic to positions beyond the first hop. They are only | available as a plug-in that you must separately download and | configure. My understanding is that no plans currently exist | to integrate vanguards into Tor due to cost of engineering | challenges that appear if everybody were to use them | (including especially how they would affect load balancing). | ohmygodel wrote: | This is probably the best description of how Tor uses guards: | https://gitweb.torproject.org/torspec.git/tree/guard- | spec.tx.... | rolltiide wrote: | Wasn't this 2013?? | | Its 2020 now so much has to have changed. Tor sucked 7 years | ago. | turc1656 wrote: | This is some great info for the less technically knowledgeable | about Tor (like me!). However, I think your math in #3 is | wrong. | | Assuming random assignment/selection of the guards, each time | one is chosen it has a 98% chance of not being "caught" by | choosing an adversary's guard. Going with 50 services as you | said would be .98^50=.364, meaning the chance of getting caught | is 1-.364=.635 - 63.5%. This is vastly different than being | nearly 100%. | ohmygodel wrote: | Fair enough! I was using as a heuristic the expected number | of compromised guards, which would be 0.02*50 = 1. Moreover, | things degrade exponentially over time. If half the guards | rotate every month, the chance of choosing a bad guard is | after 2 months is >86%, after 4 months is >95%, after 6 | months is >98%. | tempsalt wrote: | These are well known attacks. In case of Freedom Hosting this | maybe was the cause for finding the server. Mitigation exists. | Today big illegal darknet websites run lots of Tor servers on | their own. You can also manually set trusted guards or other | nodes in the chain so no malicious node will ever be part of | your path through the network. | jascii wrote: | The central premise of the article is that there is no disclosure | regarding the vulnerability used, suggesting the existence of | some unknown zero-day exploit.. | | Various well documented analysis have linked this incident to | "EgotisticalGiraffe", a well known -- and since fixed | vulnerability. | | FUD or lazy journalism? I mean, at least read the subjects | Wikipedia page before publishing something.. | Miner49er wrote: | EgotisticalGiraffe was the JS embedded in Freedom Hosting's web | pages, which is mentioned by the article. Are you saying they | hacked the site and inserted the JS? I assumed that was | inserted after de-anonymizing the server and seizing it. | | A Wired article on it: | | https://www.wired.com/2013/09/freedom-hosting-fbi/ | | Slides: | | https://web.archive.org/web/20140413004837/http://cryptome.o... | | A breakdown of the malware: | | https://web.archive.org/web/20140417081750/http://ghowen.me/... | searcher1 wrote: | The article explicitly does mention "EgotisticalGiraffe" (the | Firefox TBB exploit). But the point is that the exploit was | dropped on all websites that Freedom Hosting was running, which | raises the question that the article is really about, "how did | they know where the hidden services were?" | [deleted] | jascii wrote: | I have searched and reread the article to find this "explicit | mention" and have come up empty. Can you be more specific? | iffyspectrum wrote: | Ctrl+F Firefox in the article, there are a few paragraphs | on that vulnerability and its role in the article. But that | exploit, as I understand it, is not responsible for the | first unmasking of Freedom Hosting which is the central | question here. | jascii wrote: | Found it, thanks! | hooch wrote: | Could they not purchase some "Freedom hosting" and upload a | website with backdoor? | noident wrote: | This seems like the easiest way to do it, so I would | speculate that this is how it was done. All you have to do | is put a website up and make the server phone home, | revealing the hidden IP address. Some more speculation: the | government is hiding this fact in order to deter criminal | use of Tor. | | Of course, I would still assume that other ways of | discovering the location of hidden services have been | found. I'm not convinced that onions can be hidden from an | adversary with the resources of a US government agency, | particularly in light of some of the posts that appeared on | Hacker Factor recently. | freedrock87 wrote: | How would they FBI know to purchase "Freedom hosting"? | seanthegeek wrote: | The concern seems to be more of a legal one than a technical | one. Law enforcement in theory should always disclose how they | collect evidence. | jascii wrote: | Should they? I know of no such law or theory. They have a | burden of proof regarding the correctness of evidence and the | defence _can_ question the legality of collection methods | _if_ the evidence gets used in court. As far as I know, that | 's about it. | bredren wrote: | Does chain of custody have anything to do with this? | | I know in some computer forensics work it is important to | be able to prove evidence has not been tampered with. | | So for example, cracking hashes instead of working with | encrypted data can create safe space for non-leo to work | without undermining an investigation. | | For example, a case of illegal doping, the accused | Pearson's samples must be able to be shown to not have been | tampered with. | | It seems being able to prove the source of evidence would | be the first step of this process. | jascii wrote: | Chain of custody is one tool used to satisfy part of the | burden of proof regarding correctness of the evidence. | There are others like sworn testimony or corroborating | evidence. | | This only is meaningful in a courtroom situation, a lot | of "evidence" never sees the courtroom and is merely used | as information to help the investigation. | rahuldottech wrote: | Hacker Factor has a series of articles about various attacks on | Tor: | https://www.hackerfactor.com/blog/index.php?/archives/868-De... | | The tor daemon really needs to be re-written and audited. | Apparently the codebase right now is a huge mess. | zelly wrote: | You can make a mistake in your code and end up causing someone | to go to prison. What a time to be alive. | rendx wrote: | Can you point to any attack that can be attributed to errors in | the Tor code, anything where a rewrite or audit would have | helped? Most "attacks" seem to be based on well-known drawbacks | of the design which are usually discussed prior to | specification or implementation (but unavoidable). | newnewpdro wrote: | Running a hosting service is sure to include far more | exploitable surface area than the tor network itself. | | Just assume any one of their servers were vulnerable to RCE | attacks, they hosted dynamic web sites on conventional web | hosting stacks! These things leak deanonymizing information | like a sieve. | kodablah wrote: | There is an ongoing "rust"-ification of the codebase. I agree | it is easier to audit when the code is clearer, but the | majority of deanon attacks seem to concern network or browser | techniques. ___________________________________________________________________ (page generated 2020-02-10 23:00 UTC)