[HN Gopher] A dark web tycoon pleads guilty, but how was he caught?
___________________________________________________________________
A dark web tycoon pleads guilty, but how was he caught?
Author : havella
Score : 108 points
Date : 2020-02-10 13:24 UTC (9 hours ago)
(HTM) web link (www.technologyreview.com)
(TXT) w3m dump (www.technologyreview.com)
| sarakayakomzin wrote:
| what's with the sensationalism?
| https://en.wikipedia.org/wiki/Freedom_Hosting
|
| https://www.infoworld.com/article/2611636/tor-browser-bundle...
| agoristen wrote:
| This report came out only a few months before he was caught:
| https://www.reddit.com/r/onions/comments/1guiav/we_have_anal...
|
| He was likely de-anonymized through this technique or similar.
| The issue was that he trusted the Tor network to keep him
| anonymous and paid for the servers with his real identity.
| justaj wrote:
| Just to be clear: The v3 onion services fix that weakness,
| right?
| emayljames wrote:
| I am merely give my opinion, but a service created by the US
| government/Military is going to have undocumented "issues". I
| would not trust it one shred.
| bufferoverflow wrote:
| Tor is open source:
|
| https://www.torproject.org/download/tor/
|
| So, no undocumented issues.
| emayljames wrote:
| Yes, it is Open Source of course, by undocumented I refer
| to vulnerabilities that are not documented or found in
| the open yet. The best yardstick out there is to say
| 'would Edward Snowden use/recommend it?'.
|
| Edit: https://edwardsnowden.com/docs/doc/tor-stinks-
| presentation.p...
| ngcc_hk wrote:
| Issues can be undocumented if it is found by the 3 letter
| one, as pointed out in the article.
| jokoon wrote:
| I believe tor was researched designed and developed by
| the government
| robtaylor wrote:
| "https://www.reddit.com/r/onions/comments/1guiav/we_have_anal..
| .
|
| We have _analyzed_ for those wondering!
| [deleted]
| Pigo wrote:
| The military needs, or needed, Tor to be functioning and
| anonymous for their own use, correct?
| strictnein wrote:
| Tor was created to help dissidents of other nations
| communicate. The military does not run on Tor.
| cronix wrote:
| > Tor was created to help dissidents of other nations
| communicate [1]
|
| Why would the US Navy develop something to help dissidents in
| other nations?
|
| [1] https://en.wikipedia.org/wiki/Tor_(anonymity_network)#His
| tor...
|
| > The core principle of Tor, "onion routing", was developed
| in the mid-1990s by United States Naval Research Laboratory
| employees, mathematician Paul Syverson, and computer
| scientists Michael G. Reed and David Goldschlag, with the
| purpose of protecting U.S. intelligence communications
| online. Onion routing was further developed by DARPA in 1997
| dsl wrote:
| > Why would the US Navy develop something to help
| dissidents in other nations?
|
| From their website: "The [Naval Research Laboratory] works
| closely with the National Security Agency (NSA), Space and
| Naval Warfare Systems Command (SPAWAR), Defense Advanced
| Research Projects Agency (DARPA), and Defense Information
| Systems Agency (DISA)."
| ohithereyou wrote:
| It's also designed for dissidents in countries that are
| either opponents or rivals of the US: Russia, China, Iran,
| North Korea, Brazil, and Venezuela. It allowed for pro-US
| dissidents and agents to stay unidentifiable to these
| nations while distributing pro-US messages.
| pbhjpbhj wrote:
| >Why would the US Navy develop something to help dissidents
| in other nations?
|
| Seriously? USA's notorious for not wanting to influence the
| destiny or politics of other countries, eh. /s
| Diederich wrote:
| That was the purpose of the initial DARPA grants funding Tor.
| searcher1 wrote:
| The military and intelligence needs _use_ of Tor to be
| functioning and anonymous more than they need hidden services
| to be functioning and anonymous. The unknown "investigation"
| technique in this article is about deanonymizing hidden
| services, not individual Tor users (at least not directly, they
| used the discovery of the hidden services to send an exploit
| which _has_ been publicly identified to individual users).
| jascii wrote:
| That seems fairly trivial considering he was in the business
| of renting out webspace.
| marta_morena wrote:
| This sounds fishy. He probably pleaded guilty as part of a plea
| deal, so law enforcement has a scapegoat and some meaningless
| "media success" in exchange for him getting a drastically reduced
| sentencing. They always do that, threaten people with insane
| penalties if they don't accept so shitty plea deal and if you are
| not super certain that you can win, you will likely accept that
| one, just because it seems "safer".
|
| There are a LOT of cases like this, just most of them don't gain
| this publicity. Actually, 95% of court cases never reach court
| because of this. Innocent people plead guilty because they don't
| have the wealth and resources to win in court. USA is a shithole
| when it comes to law enforcement. Medieval and sad. Land of the
| free (as long as you are rich, that is).
| dotancohen wrote:
| > Land of the free (as long as you are rich, that is).
|
| What did you think "capitalism" meant? Rule of those with
| capital.
| ChrisCinelli wrote:
| As a side note:
|
| Promise (YC startup) was also saying that 70% of people in
| jails are waiting for judgement or are in for a technical
| violation (ex: did not show up to a hearing). And being in
| jails they end up losing their job, eventually they lose their
| house etc.
|
| This is a space with a lot of low hanging fruits. And minor
| fixes may end up doing a lot of good.
| throwawaybbb wrote:
| These people are too poor to be a viable market. There is a
| lot more money in getting more of them in prison than getting
| them out.
| heartbeats wrote:
| It's not so simple.
|
| Why do we have education?
|
| Firstly, because there's needed some way to filter people. If
| you get 100 applicants, you can't make a detailed
| consideration. But if only 30 have degrees, it's much easier.
| So there is a signalling effect.
|
| But secondly, and more importantly, because you need
| somewhere to have these kids. If there's ten million jobs and
| ten million two hundred thousand jobs, you'll get problems.
| This is also why many countries had military service, to
| further improve on the unemployment figures.
|
| "We didn't raise [the school leaving age] to enable them to
| learn more! We raised it to keep teenagers off the job market
| and hold down the unemployment figures."
|
| Prison is just a logical extension of this. If they weren't
| in prison, they would be unemployed and causing all sorts of
| trouble.
| dmos62 wrote:
| You might be responding to the wrong post.
| [deleted]
| deadEndDave wrote:
| >> They always do that, threaten people with insane penalties
| if they don't accept so shitty plea deal and if you are not
| super certain that you can win, you will likely accept that
| one, just because it seems "safer".
|
| Actually they don't.
|
| What they do is tell you the maximum amount of jail time you
| can get for the crimes for which you are being charged with. If
| you're good and cooperate with them, then the DA tells the
| judge that and they work to get you a reduced sentence. Be a
| prick or attempt to impeded their investigation or fall on the
| sword for your "homies" and they have the authority to go after
| the stiffest sentence possible. Even then its up to the
| presiding judge to ultimately take into account what the DA has
| told them and what the defense presents for its part and decide
| sentencing along predefined guidelines.
|
| Your entire comment is completely false and shows a total lack
| of knowledge of the US criminal justice system.
|
| >> Innocent people plead guilty because they don't have the
| wealth and resources to win in court. USA is a shithole when it
| comes to law enforcement. Medieval and sad. Land of the free
| (as long as you are rich, that is).
|
| You have the opportunity to be represented by a court appointed
| lawyer if you can't afford one. Depending on your case, if you
| actually do your homework, its pretty easy to find an attorney
| who will take your case for free. I've seen many, many low
| income defendants retain a real defense lawyer to try their
| case.
|
| Also, you do not "win" in a criminal case, you are either found
| "guilty" or "not guilty".
| casefields wrote:
| Mirror: https://outline.com/L8ebnZ
| [deleted]
| jokoon wrote:
| Isn't it rather trivial to find who is accessing a website if you
| can manage to monitor tor nodes? Just do some heuristic, to see
| when traffic happens, and over time, narrow down users.
|
| If you're the FBI and have the authority to monitor the whole
| internet, isn't it trivial to catch any tor user?
|
| Tor is still secure, but of course if you are the government and
| have skilled engineers, time and admin access to the internet
| infrastructure (by legit or covert means, I'm pretty sure the US
| can monitor traffic outside his jurisdiction), tor is not safe.
| But tor is still safe from countries other than the US, unless
| the US government have a problem with what you're doing.
|
| I would still be curious to see if tor does counter this problem
| by passively sending traffic to avoid this. Anyway I stand that
| there are 2 kinds of security: security against small bad actors,
| and security against competent, resourceful, big actors. The
| latter is usually impossible to get because it becomes extremely
| fastidious and complicated.
| safety-third wrote:
| This would be more NSA jurisdiction and they do. The problem is
| most people's assumption is that if one part of the government
| has it, then everyone gets it. This is wildly false. Even
| within the FBI itself, different departments and cases get
| different tiers of access.
|
| Even when the case agents get access, policy dictates what
| evidence is allowed to be taken to a public trial. Otherwise
| you get repeats of the FBI/4chan/8chan debacle. This is
| especially true for legal "grey areas" like mass surveillance.
| This means that agents will often get evidence they won't use
| in order to guide active surveillance using more legal means in
| order to collect evidence they feel comfortable admitting in
| public court.
| pier25 wrote:
| OTOH if these techniques and vulnerabilities were made public it
| would benefit cybercriminals as they could defend themselves
| better.
| DINKDINK wrote:
| >if these techniques and vulnerabilities were made public[...]
|
| Should the government prove that it followed the law when
| investigating a criminal? Did they obtain the proper warrants
| that people recognize preserve stable law and order?
|
| It's unreasonable to assume that the vulnerability, that
| brought this case to justice, is the last one that could ever
| be used. More so, if you assume that most people are good and a
| healthy society needs privacy, we now know that there is a
| vulnerability that will affect more good people than bad and we
| are duty bound to protect good people's privacy.
|
| Checks on the government's power aren't there to let 'bad
| people' go free, there there because we know if we let the
| government's power reign free, more good people will be hurt
| than the few 'bad people' we punish.
| pier25 wrote:
| I'm not saying the authorities would not have to describe its
| investigative methods to a judge. What I'm saying is making
| them available to the general public.
| MaupitiBlue wrote:
| > Should the government prove that it followed the law when
| investigating a criminal?
|
| They do, but only if the defendant requires them to do so.
|
| What's happening here is that the prosecutors told the
| defendant "look, we all know you did it, so plead guilty and
| we'll recommend a light sentence. You have a right to make us
| reveal our tor backdoor, but if you do the plea offer is off
| and we will have the trial, and win, and ask the judge to
| send you to prison until you die."
|
| I'm sure the defendant is very interested in learning about
| the tor backdoor, but the idea of getting out of prison one
| day seems a little more compelling.
| onetimemanytime wrote:
| >> _Should the government prove that it followed the law when
| investigating a criminal? Did they obtain the proper warrants
| that people recognize preserve stable law and order?_
|
| That is the concern. A lot of people say "you either did it
| or not" but the Fourth Amendment disagrees...any evidence
| must be obtained by following the law.
| A4ET8a8uTh0 wrote:
| In theory, maybe. As in, I agree with you on principle, but
| if you do even a cursory read about recent abuses that
| include parallel construction, PATRIOT act and BSA, you may
| find that it is no longer the case.
|
| Hell, during my last attended CAMS conference, FBI guy
| outright said said that if the new lawyer doesn't know how
| to play ball with those ( informatikn gathered by SARs ),
| he gets pulled to the side and told whats what.
|
| Chilling. And no one questioned it. Including me.
| ChrisCinelli wrote:
| I was going to write that the world is moving toward hiding
| some technologies from the public domain and facts are also
| hidden. And that requires a very high trust in those that
| manage these secrets.
|
| In reality I realized that this has always been the case in the
| last 100 years.
| ChrisCinelli wrote:
| This realization come to new questions.
|
| In some regards, we are beyond democracy since the voters do
| not know what is going on and to be fair even if they knew
| it, most of them will be unable to know what it means.
|
| If the system is hidden who is making sure that who control
| remain in the good side?
|
| Is something changing inside the system?
|
| Who is going to make sure the system stay on the good side?
|
| Now Star Wars plot comes to mind...
| philpem wrote:
| It would also benefit whistleblowers, investigative journalists
| and other groups who routinely use Tor...
| ChrisCinelli wrote:
| Unfortunately most of the things can be used for good and for
| bad.
|
| Secret communication is definitely one of them. And since the
| negative potential is huge, there is always going to be a
| incredible incentive of those looking for the criminals to
| inspect any form of communication. I think the potential of
| misuse by the "bad guys" is a lot higher at the moment
| compare to "good guys" to be caught.
|
| So for the general public, if you are not doing anything bad
| you should not worry... Right?
|
| I am a little paranoid. For example that things may shift in
| a way that today the "good guys" do not expect or undervalue.
|
| What if in the future the good guys become the bad guys? Or
| what if the bad guys get in control of the systems the "good
| guys" have?
|
| And of course in some countries the majority may be the "bad
| guys"... And in other things may not be so black or white.
| loufe wrote:
| Not to mention the American Military which commisioned the
| technology/service for their own use in the first place.
| pier25 wrote:
| Good point
| ohithereyou wrote:
| Okay, and?
|
| By that logic, the government shouldn't ever have to describe
| its investigative methods and prove they both comport with the
| law and accepted science because if their investigative methods
| are known then criminals benefit.
| whatshisface wrote:
| Law enforcement watches criminals, the judicial system watches
| law enforcement, the public watches the judicial system. Break
| one link in the chain and criminals will run free everywhere.
| searcher1 wrote:
| If you're wondering why a web host, who could potentially be
| immune to prosecution under CDA 230, was charged with the
| distribution of child pornography, according to the warrant [1]
| an admin of one of the pedo sites claimed that Freedom Hosting
| had "full control" over the websites (well, he had root access to
| the servers, but so did OVH), was patching the websites, that the
| pedo site hosting was free, and that he assumed that Marques
| covered the hosting costs as a service to the "pedo community".
| Technically the prosecutors might have had to prove that he knew
| what the sites were hosting, but he did plead guilty. Hopefully
| the actual operators of the pedo sites are found and prosecuted,
| and not just this sysadmin.
|
| [1]
| https://www.courtlistener.com/recap/gov.uscourts.mdd.247657/...
| vilhelm_s wrote:
| CDA 230 immunity doesn't apply to federal crimes, only to civil
| lawsuits and state crimes. This was prosecuted under federal
| laws against child pornography, so it would not help them
| anyway.
| freedrock87 wrote:
| "According to the warrant". Take that with a grain of salt.
| SadWebDeveloper wrote:
| afaicr the bug used was the one reported as MFSA 2013-53 aka
| CVE-2013-1690[1] but someone correct me if m wrong.
|
| [1] https://www.mozilla.org/en-
| US/security/advisories/mfsa2013-5...
| Causality1 wrote:
| It's strange to me that people who make a habit of doing
| fantastically illegal things on the internet are always so sloppy
| about it. Even if they don't have the technical ability to break
| into their neighbor's wifi or set up a long range antenna to
| connect to an open access point they can still get a burner
| smartphone and drive to a Starbucks. Back when I used to torrent
| my TV shows I didn't even let my piracy laptop touch my home
| network and I never used that machine for anything other than
| downloading.
| jascii wrote:
| I suspect that if you have a useful understanding of
| information security there are better/easier/less risky ways to
| make money then crime..
| gwbas1c wrote:
| Where there's a will, there's a way.
|
| The internet is designed to send data from point A to point B.
| Keeping point A and point B truly anonymous means that the
| internet won't work.
|
| Tools like Tor don't really protect you, it's more like they
| make it hard enough to figure out who you are that only people
| with strong incentives will track you down.
| pinkfoot wrote:
| > Keeping point A and point B truly anonymous
|
| Read and write encrypted packets to alt.anon ?
| thinkloop wrote:
| Upvoted. Another perspective is that if you are smart enough to
| know, then you're smart enough to know it's an impossible
| mission against state actors given enough time and would never
| try it. Downloading a movie at a Starbucks is one thing,
| running a 24/7 hosting operation without every accidentally
| leaking a single piece of data is nigh impossible.
| tonyedgecombe wrote:
| I expect they thought they were doing the right thing by using
| Tor.
| Analemma_ wrote:
| > It's strange to me that people who make a habit of doing
| fantastically illegal things on the internet are always so
| sloppy about it.
|
| This is completely the wrong way to think about it. Remember
| the Defender's Dilemma: to run an illegal business like this,
| your opsec needs to be _perfect_ : every single possible
| channel of information leakage (including the "unknown
| unknowns"), every minute, every hour, every day, forever. You
| need to be lucky every time, the feds only need to be lucky
| once.
|
| When you focus on the specific mistakes that people made and
| thus call them "sloppy", you're missing all the things they did
| right; you might not have made those mistakes if you were in
| their position, but you would've made different mistakes.
| zelly wrote:
| > drive to a Starbucks
|
| Didn't help Ross. It's a bad idea to do illegal stuff in
| public.
| ChrisCinelli wrote:
| It is a bad idea to do illegal stuff.
| homonculus1 wrote:
| Depends on your value system. Another perspective is that
| some laws ought to be broken, in spite of the potential
| consequences.
| ChrisCinelli wrote:
| If the values of a person are "achieving personal power"
| in first position and "respect others" in last, that
| person may be ok to steal.
|
| I hear some people arguing that in business "not breaking
| the laws" is not the problem unless they get caught and
| even in that case, it is a problem only if the
| consequences end up costing more than the gain they
| receive in doing it.
|
| So a person with those value may end up breaking the law.
| Are you saying it is ok?
| homonculus1 wrote:
| There are numerous unjust laws that infringe on the
| rights of the individual. Not only is it morally
| defensible to break such laws, but it is a good for
| respectable people to do so in order to reclaim
| behavioral territory and psychological freedom from the
| police state. This demonstrates to others that being a
| "criminal" is not a moral status but a legal one.
|
| It may even be a social duty.
| HideousKojima wrote:
| Ross was dumb enough to get fake passports/ids shipped
| directly to his home address
| not2b wrote:
| He made lots of stupid mistakes.
|
| https://www.theguardian.com/technology/2013/oct/03/five-
| stup...
| edm0nd wrote:
| While Ross did do some bad things, I do not think it is
| enough to warrant a double life sentence plus forty years
| without the possibility of parole.
|
| El Chapo, an actual drug cartel member who is directly
| responsible for thousands of deaths, only got a single life
| sentence.
|
| Ross got screwed on his sentencing and it is totally
| unjustified.
|
| Free Ross!
| alasdair_ wrote:
| >or set up a long range antenna to connect to an open access
| point
|
| Sure, this works for torrenting TV shows. If you are the number
| one peddler of child porn on the planet however, this won't
| help you for very long. The FBI (or whatever national police
| force is trying to find you) will just go to the access point,
| realize you're connected remotely and triangulate your position
| with (essentially) some signal-strength meters in much the same
| way the FCC tracks down particularly disruptive unlicensed
| broadcasters.
| agoristen wrote:
| We don't actually know for sure that he was doing "illegal
| things". He was running a hosting company ("Ultra Host") on the
| public facing web and later launched Freedom Host as a side
| business, or perhaps better described as a charitable hosting
| service to contribute to the Tor network. Freedom Host offered
| FREE hosting to people on the Tor network. What liability does
| he have if other people use his host for illegal things? From
| what I understand he was never personally involved in any of
| these activities.
|
| One can argue that he had to know about it, perhaps so, but the
| way he's being portrayed by LE and media is as if he was the
| kingpin of child porn. That's far from the truth. Freedom host
| served half of the Tor network, including perfectly legitimate
| services like Tormail, wikis etc.
|
| I think his mistake in not cloaking the identity used to
| purchase servers can be explained this way: He was never
| planning to host CP starting out (or do anything else illegal
| for that matter). He probably thought universally recognized
| no-liability laws would apply to Freedom Host just as any other
| hosting business. Perhaps he later went down a darker path, but
| at that point it was too late.
|
| The fact that he now pleads guilty means absolutely nothing
| however. Remember, he was extradited from his country to USA,
| and while he should never have been sent there, he now have to
| adapt to the way the "justice system" works over there and it
| works kind of like this: 5000 years in jail or take a plea deal
| and get away with 15-30 years. Even if he is innocent, you need
| to realize that when you're facing a kangaroo court and
| subsequent rotting away in jail for life it might be better to
| pick the lesser evil.
| [deleted]
| jandrese wrote:
| Or the only people who get caught doing illegal stuff on the
| internet are the ones who are sloppy and give themselves away.
| dmschulman wrote:
| Confirmation bias.
|
| Imagine all of the criminals out there who are running
| operations so well oiled that they leave little exposure for
| being caught.
| ohmygodel wrote:
| Running a hosting server for onion services, as was done in this
| case, is a terrible idea. It greatly increases the risk of
| deanonymization. The question is less how this hosting service
| was discovered and more how it ever stayed up long enough to
| become so notorious. Here's why:
|
| 1. Each hidden service chooses a "guard" relay to serve as the
| first hop for all connections.
|
| 2. A server running multiple hidden services has a guard for each
| of them. Each new guard is another chance to choose a guard run
| by the adversary.
|
| 3. An adversary running a fraction p of the guards (by bandwidth)
| has a probability p of being chosen by a given hidden service. A
| hosting service with k hidden services is exposed to k guards and
| thus has ~kp probability of chosen an adversary's guard. With,
| say, 50 hidden services, an adversary with only 2% of guards has
| nearly 100% chance of being chosen by one of those 50 hidden
| services.
|
| 4. The adversary can tell when it is chosen as a guard by
| connecting to the hidden service as a client and looking for a
| circuit with the same pattern of communication as observed at the
| client. Bauer at el. [0] showed a long time ago this worked even
| using only the circuit construction times.
|
| 5. The adversary's guard can observe the hidden service's IP
| directly.
|
| The risk of deanonymization with onion services in general (i.e.
| even not using an onion hosting service) is significant against
| an adversary with some resources and time. Getting 1% of guard
| bandwidth probably costs <$500/month using IP transit providers
| (e.g. relay 8ac97a37 currently has 0.3% guard probability with
| only ~750Mbps [1]). And every month or so a new guard is chosen,
| yielding another chance to choose an adversarial guard. Not to
| mention the risk of choosing a guard that isn't inherently
| malicious but is subject to legal compulsion in a given
| jurisdiction (discovering the guard of a hidden service has
| always been and remains quite feasible with little time or money,
| as demonstrated by Overlier and Syverson [2]).
|
| [0] "Low-Resource Routing Attacks Against Tor" by Kevin Bauer,
| Damon McCoy, Dirk Grunwald, Tadayoshi Kohno, and Douglas Sicker.
| In the Proceedings of the Workshop on Privacy in the Electronic
| Society (WPES 2007), Washington, DC, USA, October 2007.
|
| [1]
| <https://metrics.torproject.org/rs.html#details/014E24C0CD21D...
|
| [2] "Locating Hidden Servers" by Lasse Overlier and Paul
| Syverson. In the Proceedings of the 2006 IEEE Symposium on
| Security and Privacy, May 2006.
| bufferoverflow wrote:
| That only leads you to the server though, not to the person
| managing it.
| edm0nd wrote:
| But that's all they need though.
|
| A simple national security letter (NSL) without even needing
| to get a warrant and BOOM you can tap the server and get all
| info about the person running it.
| ohmygodel wrote:
| In this case, the main question is how the server was
| discovered, not how the operator was then deanonymized. As
| the article describes, after the server was discovered to be
| in France and run by OVH, authorities used legal treaties
| ("MLATs") to obtain the subscriber information, leading them
| to the person that recently plead guilty in court.
| mirimir wrote:
| That's a very good explanation!
| stock_toaster wrote:
| Interesting. Looking for more info on what you were talking
| about (with regard to "guards"), I dug up this post[1] which
| has some info too.
|
| [1]: https://blog.torproject.org/announcing-vanguards-add-
| onion-s...
| ohmygodel wrote:
| The page you link describes "vanguards" which apply the guard
| logic to positions beyond the first hop. They are only
| available as a plug-in that you must separately download and
| configure. My understanding is that no plans currently exist
| to integrate vanguards into Tor due to cost of engineering
| challenges that appear if everybody were to use them
| (including especially how they would affect load balancing).
| ohmygodel wrote:
| This is probably the best description of how Tor uses guards:
| https://gitweb.torproject.org/torspec.git/tree/guard-
| spec.tx....
| rolltiide wrote:
| Wasn't this 2013??
|
| Its 2020 now so much has to have changed. Tor sucked 7 years
| ago.
| turc1656 wrote:
| This is some great info for the less technically knowledgeable
| about Tor (like me!). However, I think your math in #3 is
| wrong.
|
| Assuming random assignment/selection of the guards, each time
| one is chosen it has a 98% chance of not being "caught" by
| choosing an adversary's guard. Going with 50 services as you
| said would be .98^50=.364, meaning the chance of getting caught
| is 1-.364=.635 - 63.5%. This is vastly different than being
| nearly 100%.
| ohmygodel wrote:
| Fair enough! I was using as a heuristic the expected number
| of compromised guards, which would be 0.02*50 = 1. Moreover,
| things degrade exponentially over time. If half the guards
| rotate every month, the chance of choosing a bad guard is
| after 2 months is >86%, after 4 months is >95%, after 6
| months is >98%.
| tempsalt wrote:
| These are well known attacks. In case of Freedom Hosting this
| maybe was the cause for finding the server. Mitigation exists.
| Today big illegal darknet websites run lots of Tor servers on
| their own. You can also manually set trusted guards or other
| nodes in the chain so no malicious node will ever be part of
| your path through the network.
| jascii wrote:
| The central premise of the article is that there is no disclosure
| regarding the vulnerability used, suggesting the existence of
| some unknown zero-day exploit..
|
| Various well documented analysis have linked this incident to
| "EgotisticalGiraffe", a well known -- and since fixed
| vulnerability.
|
| FUD or lazy journalism? I mean, at least read the subjects
| Wikipedia page before publishing something..
| Miner49er wrote:
| EgotisticalGiraffe was the JS embedded in Freedom Hosting's web
| pages, which is mentioned by the article. Are you saying they
| hacked the site and inserted the JS? I assumed that was
| inserted after de-anonymizing the server and seizing it.
|
| A Wired article on it:
|
| https://www.wired.com/2013/09/freedom-hosting-fbi/
|
| Slides:
|
| https://web.archive.org/web/20140413004837/http://cryptome.o...
|
| A breakdown of the malware:
|
| https://web.archive.org/web/20140417081750/http://ghowen.me/...
| searcher1 wrote:
| The article explicitly does mention "EgotisticalGiraffe" (the
| Firefox TBB exploit). But the point is that the exploit was
| dropped on all websites that Freedom Hosting was running, which
| raises the question that the article is really about, "how did
| they know where the hidden services were?"
| [deleted]
| jascii wrote:
| I have searched and reread the article to find this "explicit
| mention" and have come up empty. Can you be more specific?
| iffyspectrum wrote:
| Ctrl+F Firefox in the article, there are a few paragraphs
| on that vulnerability and its role in the article. But that
| exploit, as I understand it, is not responsible for the
| first unmasking of Freedom Hosting which is the central
| question here.
| jascii wrote:
| Found it, thanks!
| hooch wrote:
| Could they not purchase some "Freedom hosting" and upload a
| website with backdoor?
| noident wrote:
| This seems like the easiest way to do it, so I would
| speculate that this is how it was done. All you have to do
| is put a website up and make the server phone home,
| revealing the hidden IP address. Some more speculation: the
| government is hiding this fact in order to deter criminal
| use of Tor.
|
| Of course, I would still assume that other ways of
| discovering the location of hidden services have been
| found. I'm not convinced that onions can be hidden from an
| adversary with the resources of a US government agency,
| particularly in light of some of the posts that appeared on
| Hacker Factor recently.
| freedrock87 wrote:
| How would they FBI know to purchase "Freedom hosting"?
| seanthegeek wrote:
| The concern seems to be more of a legal one than a technical
| one. Law enforcement in theory should always disclose how they
| collect evidence.
| jascii wrote:
| Should they? I know of no such law or theory. They have a
| burden of proof regarding the correctness of evidence and the
| defence _can_ question the legality of collection methods
| _if_ the evidence gets used in court. As far as I know, that
| 's about it.
| bredren wrote:
| Does chain of custody have anything to do with this?
|
| I know in some computer forensics work it is important to
| be able to prove evidence has not been tampered with.
|
| So for example, cracking hashes instead of working with
| encrypted data can create safe space for non-leo to work
| without undermining an investigation.
|
| For example, a case of illegal doping, the accused
| Pearson's samples must be able to be shown to not have been
| tampered with.
|
| It seems being able to prove the source of evidence would
| be the first step of this process.
| jascii wrote:
| Chain of custody is one tool used to satisfy part of the
| burden of proof regarding correctness of the evidence.
| There are others like sworn testimony or corroborating
| evidence.
|
| This only is meaningful in a courtroom situation, a lot
| of "evidence" never sees the courtroom and is merely used
| as information to help the investigation.
| rahuldottech wrote:
| Hacker Factor has a series of articles about various attacks on
| Tor:
| https://www.hackerfactor.com/blog/index.php?/archives/868-De...
|
| The tor daemon really needs to be re-written and audited.
| Apparently the codebase right now is a huge mess.
| zelly wrote:
| You can make a mistake in your code and end up causing someone
| to go to prison. What a time to be alive.
| rendx wrote:
| Can you point to any attack that can be attributed to errors in
| the Tor code, anything where a rewrite or audit would have
| helped? Most "attacks" seem to be based on well-known drawbacks
| of the design which are usually discussed prior to
| specification or implementation (but unavoidable).
| newnewpdro wrote:
| Running a hosting service is sure to include far more
| exploitable surface area than the tor network itself.
|
| Just assume any one of their servers were vulnerable to RCE
| attacks, they hosted dynamic web sites on conventional web
| hosting stacks! These things leak deanonymizing information
| like a sieve.
| kodablah wrote:
| There is an ongoing "rust"-ification of the codebase. I agree
| it is easier to audit when the code is clearer, but the
| majority of deanon attacks seem to concern network or browser
| techniques.
___________________________________________________________________
(page generated 2020-02-10 23:00 UTC)