[tor-talk] Tor Speculated Broken by FBI Etc - Freedom Hosting, MITTechReview - Magneto
FYI, we now deploy Tor Vanguards in Whonix GW as of the latest release. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Speculated Broken by FBI Etc - Freedom Hosting, MITTechReview - Magneto
On 02/09/2020 12:19 PM, Felix wrote: > Hi everybody > > Am 2020-02-09 um 12:40 PM schrieb grarpamp: >> Given the variety of known weaknesses, exploits, categories >> of papers, and increasing research efforts against tor and >> overlay networks in general, and the large number of these >> "mystery gaps" type of articles (some court cases leaving hardly >> any other conclusion with fishy case secrecy, dismissals, etc)... >> the area of speculative brokeness and parallel construction >> seems to deserve serious investigative fact finding project of >> global case collation, interview, analysis to better characterize. > ... >> Early on August 2 or 3, 2013, some of the users noticed “unknown >> Javascript” hidden in websites running on Freedom Hosting. Hours >> later, as panicked chatter about the new code began to spread, the >> sites all went down simultaneously. The code had attacked a Firefox >> vulnerability that could target and unmask Tor users—even those using >> it for legal purposes such as visiting Tor Mail—if they failed to >> update their software fast enough. >> >> While in control of Freedom Hosting, the agency then used malware that >> probably touched thousands of computers. The ACLU criticized the FBI >> for indiscriminately using the code like a “grenade.” >> >> The FBI had found a way to break Tor’s anonymity protections, but the >> technical details of how it happened remain a mystery. > > https://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/ > > A malicious route around Tor was/is solvable by keeping the system > updated or by the use of techniques like Whonix or Tails. > > -- > Cheers, Felix That depends. Whonix would protect users against malware that bypasses Tor browser. Perhaps Tails would as well, given its iptables rules, but arguably not as well as Whonix does. Because in Whonix, Tor client and apps are in separate VMs, and there's no forwarding from the workstation VM, just SocksPorts exposed to it on the gateway VM. And onion services could also use Whonix, or at least the basic concept of Whonix, implemented in KVM or VBox VMs on the server. Onion services on Tails would be harder, but probably doable. However, neither Whonix or Tails would protect users or onion services against attacks that manipulate Tor clients into using malicious guards. And once an adversary controls the guard, it knows the IP address of the user or server. Tails might even be more vulnerable, because it picks new guards at each boot. As far as I know, there just two ways to defend against attacks via malicious guards. One is using vanguards.[0,1] The other is simply hiding the user's or server's IP address from the guard, using a VPN service, or a nested VPN chain. 0) https://github.com/mikeperry-tor/vanguards/ 1) https://lists.torproject.org/pipermail/tor-dev/2020-February/014156.html -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Speculated Broken by FBI Etc - Freedom Hosting, MITTechReview - Magneto
Hi everybody Am 2020-02-09 um 12:40 PM schrieb grarpamp: Given the variety of known weaknesses, exploits, categories of papers, and increasing research efforts against tor and overlay networks in general, and the large number of these "mystery gaps" type of articles (some court cases leaving hardly any other conclusion with fishy case secrecy, dismissals, etc)... the area of speculative brokeness and parallel construction seems to deserve serious investigative fact finding project of global case collation, interview, analysis to better characterize. ... Early on August 2 or 3, 2013, some of the users noticed “unknown Javascript” hidden in websites running on Freedom Hosting. Hours later, as panicked chatter about the new code began to spread, the sites all went down simultaneously. The code had attacked a Firefox vulnerability that could target and unmask Tor users—even those using it for legal purposes such as visiting Tor Mail—if they failed to update their software fast enough. While in control of Freedom Hosting, the agency then used malware that probably touched thousands of computers. The ACLU criticized the FBI for indiscriminately using the code like a “grenade.” The FBI had found a way to break Tor’s anonymity protections, but the technical details of how it happened remain a mystery. https://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/ A malicious route around Tor was/is solvable by keeping the system updated or by the use of techniques like Whonix or Tails. -- Cheers, Felix -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Tor Speculated Broken by FBI Etc - Freedom Hosting, MITTechReview
https://www.technologyreview.com/s/615163/a-dark-web-tycoon-pleads-guilty-but-how-was-he-caught https://twitter.com/techreview/status/1226212530856611840 https://www.courtlistener.com/recap/gov.uscourts.mdd.451238/gov.uscourts.mdd.451238.57.0.pdf https://www.courtlistener.com/recap/gov.uscourts.mdd.247657/gov.uscourts.mdd.247657.13.1.pdf https://arstechnica.com/tech-policy/2017/03/doj-drops-case-against-child-porn-suspect-rather-than-disclose-fbi-hack/ http://darknetq7skv7hgo.onion/ Given the variety of known weaknesses, exploits, categories of papers, and increasing research efforts against tor and overlay networks in general, and the large number of these "mystery gaps" type of articles (some court cases leaving hardly any other conclusion with fishy case secrecy, dismissals, etc)... the area of speculative brokeness and parallel construction seems to deserve serious investigative fact finding project of global case collation, interview, analysis to better characterize. Feb 8, 2020 A dark web tycoon pleads guilty. But how was he caught? The FBI found Eric Marques by breaking the famed anonymity service Tor, and officials won’t reveal if a vulnerability was used. That has activists and lawyers concerned. When the enterprising cybercriminal Eric Eoin Marques pleaded guilty in an American court this week, it was meant to bring closure to a seven-year-long international legal struggle centered on his dark web empire. In the end, it did anything but. Marques faces up to 30 years in jail for running Freedom Hosting, which temporarily existed beyond reach of the law and ended up being used to host drug markets, money-laundering operations, hacking groups, and millions of images of child abuse. But there is still one question that police have yet to answer: How exactly were they able to catch him? Investigators were somehow able to break the layers of anonymity that Marques had constructed, leading them to locate a crucial server in France. This discovery eventually led them to Marques himself, who was arrested in Ireland in 2013. Marques was the first in a line of famous cybercriminals to be caught despite believing that using the privacy-shielding anonymity network Tor would make them safe behind their keyboards. The case demonstrates that government agencies can trace suspects through networks that were designed to be impenetrable. Marques has blamed the American NSA’s world-class hackers, but the FBI has also been building up its efforts since 2002. And, some observers say, they often withhold key details of their investigations from defendants and judges alike—secrecy that could have wide-ranging cybersecurity implications across the internet. “The overarching question is when are criminal defendants entitled to information about how law enforcement located them?” asks Mark Rumold, a staff attorney at the Electronic Frontier Foundation, an organization that promotes online civil liberties. “It does a disservice to our criminal justice system when the government hides techniques of investigation from public and criminal defendants. Oftentimes the reason they do this kind of obscuring is because the technique they use is questionable legally or might raise questions in the public’s mind about why they were doing it. While it’s common for them to do this, I don’t think it benefits anyone.” Freedom Hosting was an anonymous and illicit cloud computing company running what some estimated to be up to half of all dark web sites in 2013. The operation existed entirely on the anonymity network Tor and was used for a wide range of illegal activity, including the hacking and fraud forum HackBB and money-laundering operations including the Onion Bank. It also maintained servers for the legal email service Tor Mail and the singularly strange encyclopedia Hidden Wiki. But it was the hosting of sites used for photos and videos of child exploitation that attracted the most hostile government attention. When Marques was arrested in 2013, the FBI called him the “largest facilitator” of such images “on the planet.” Early on August 2 or 3, 2013, some of the users noticed “unknown Javascript” hidden in websites running on Freedom Hosting. Hours later, as panicked chatter about the new code began to spread, the sites all went down simultaneously. The code had attacked a Firefox vulnerability that could target and unmask Tor users—even those using it for legal purposes such as visiting Tor Mail—if they failed to update their software fast enough. While in control of Freedom Hosting, the agency then used malware that probably touched thousands of computers. The ACLU criticized the FBI for indiscriminately using the code like a “grenade.” The FBI had found a way to break Tor’s anonymity protections, but the technical details of how it happened remain a mystery. “Perhaps the greatest overarching question related to the investigation of this case is how the government was able to pierce Tor’s veil of anonymity and