Rogue nodes. Tor has been fucked for many years.
Tor pedos torpedoed again, this time Feds torpedo four Tor pedos – and keep how they unmasked dark-web scumbags under wraps
The FBI is keeping quiet how exactly it brought down a Tor-hidden pedophile haven, having secured decades-long prison sentences for four of the website's administrators. Three men from the US and one from Canada were sent down for 20 to 35 years each for running a .onion site called The Giftbox Exchange, used by warped …
COMMENTS
-
-
Tuesday 13th August 2019 03:48 GMT bombastic bob
as I understand it, many Tor nodes are OWNED (not just pwned) by the Feds, for various reasons that include helping people behind national firewalls to get information, communicate, etc..
And... I'm sure they monitor exit points too, when necessary. Which ones? That's probably why it's SEALED.
-
-
Wednesday 14th August 2019 13:44 GMT Paul Crawford
Not just censorship - if you want to communicate with your spies you need to make them less obvious than being the only one in a city using an encrypted protocol. Hence making the project public so you can hide your wood in a forest.
If you pardon that unpardonable pun considering the story topic...
-
-
-
-
-
Tuesday 13th August 2019 07:27 GMT Anonymous Coward
I once attended a lecture by the Met on how they use facial recognition to match victims and perpetrators because apparently there is often an active parental involvement in kids being pushed into this sick game.
I must admit I'm full of admiration for the people who can do this sort of work and still have a normal family life because as a father I'd probably be ready to butcher every one of those people by hand with a serrated knife after a day.
The only red flag in this is the lack of proper due process and reasonable doubt consideration in CP images (possession is criminal, no investigation or consideration of how they landed on a machine to identify active intent) because that screams entrapment potential to me - send a possible witness a couple of badly protected USB sticks and then tip off the police, and voila, problem solved.
-
Tuesday 13th August 2019 07:48 GMT Pascal Monett
Re: lack of proper due process
Um, what makes you say that due process was lacking ? I don't remember reading that the FBI jumped to conclusions or arrested the wrong people.
The fact that the FBI is not making its tracking procedure public does not mean that the judge isn't aware of how it was done, I'm sure the FBI explained everything to the judge behind sealed doors.
-
-
Tuesday 13th August 2019 09:55 GMT BebopWeBop
I was asked to act as an independent expert to look at phone and IP data in such a case. Just to confirm that the data presented was reasonable and very probably generated by the individual charged and the device under their control (it was pretty damning and the volume of data would have been difficult for someone to forge consistently).
My conversations with one of the CEOPS officers involved included a brief discussion of how they go about examining the sites addressed. 2 officers at a time, frequent counselling, and frequent shifts to other work, I believe the strain on all officers viewing this type of material are extreme.
-
Wednesday 14th August 2019 19:21 GMT Anonymous Coward
I have seen a case where they found one or two images after a tipoff on a backup of a phone that was not even in the alleged perp's possession, and whose owner could have been identified with ONE (1) communication with the specialists that Apple has on hand explicitly to assist with law enforcement.
I had a look at the "evidence" which made it very clear to me that the "senior officer" who wrote this up stuffed every certification short of a primary school spelling award in there to hide the fact that he was only capable of operating the discovery software because someone had shown it to him, but that didn't matter.
With CP, intent, mens rea and reasonable doubt do not apply. You have it, you hang, also because the police is far more interested in adding you to their success statistics than to find reasons why you could possibly not be guilty. There was simply nothing that could be done, and it meant that what I would call the victim here (because this was done as retaliation) basically lost his business and his family - in case you don't know, with a CP conviction you're not even allowed to see your own children unaccompanied. It also meant that the person who did this and sourced those pictures is still walking around with them - blissfully free of any further risk.
That was the day I started advising ANYONE who uses a computer for their office to make sure they're properly protected and ensure everyone has their own accounts and (decent) passwords. Especially with high end work you cannot afford to take *any* risk.
-
-
-
-
-
-
-
-
Tuesday 13th August 2019 10:51 GMT phuzz
They'd have to be monitoring either an entry node or the hidden server itself. Capturing packets in between is of no use because they're encrypted, so you don't know what's in them, and the routing is obfuscated so nodes in the middle don't know where they originated, or where they will finally end up.
The whole design of TOR is to prevent exactly that sort of interception.
If I had to guess, I'd put my money on them finding one of the people involved first, flipping them with a promise of potentially reduced sentence, and then using that person to get more information, and more access. Once they've got access to someone with admin access on the site, they can roll up everyone.
-
-
Tuesday 13th August 2019 08:29 GMT Anonymous Coward
Is it really an issue ?
With the obvious declaration I am pleased such sick fucks have been caught, does it really matter exactly how TOR was compromised to do it ?
I say that from a point of view that I always assumed TOR was compromised, so it's no surprise the Bad Guys got caught.
Generally, I assume *everything* is compromised, and act accordingly ... if I wanted to send a secure message then I would start by not using email, Skype, Facebook, etc etc as a matter of course.
I'd wager that (sadly) a lot more dodgy material is available publicly than via shadowy darkweb sites. Binary newsgroups for a start ... who knows *what* is being cached there ????? Certainly without an appropriate index *and* key - no one. It may as well be random data (and a lot is, just to up the S/N ratio).
-
Tuesday 13th August 2019 14:36 GMT RedCardinal
Re: Is it really an issue ?
Was TOR compromised? 10 to 1 says that Tor itself wasn't compromised in any way but that the perps were caught either due to not configuring the Tor Browser properly or by allowing themselves to be id'd outside of Tor. As far as I'm aware, every person arrested to date for committing crimes on the darkweb has been caught due to one of these two methods.
-
-
-
Wednesday 14th August 2019 09:24 GMT Anonymous Coward
Re: Is it really an issue ?
If Tor was created as a honey trap then why aren't there hundreds of prosecutions per week for all the drug dealers using it?
Who says there are hundreds of drug dealers a week using TOR ? Or is this were you make a rare exception and actually believe something the government tells you ?
-
-
-
-
-
Tuesday 13th August 2019 09:59 GMT BebopWeBop
Re: What about the good users of TOR? Are there any?
Not unless you use a great deal of other obfuscation. I would assume that anyone in that position would have some monitoring on their activity anyway. Certainly, people with SC+ clearances in the UK do (as was demonstrated to me on one of my reviews when I was in a similar position - that is that level clearance and access to documents, not being accused of shifting any on).
Some interesting work, but the reviews are pretty thorough and hard work for all involved.
-
-
Tuesday 13th August 2019 09:07 GMT pavel.petrman
The group used encryption and cryptography
A job well done, let the perpetrators serve the whole time please.
But I can't not notice the wording of group used "other advanced technological means to thwart law enforcement efforts, including file encryption and cryptography" constructed to mean "encryption is a technological means for thwarting law enforcement". They are selling the backdoor business hard, aren't they. Apart from Tor & al hardly ever becoming subject to what is poised to amount to legal prohibition of encrypted communication, these days pushed for all around the western cultural hemisphere ever so actively and forcefully. This one cloud has a pitch black lining indeed.
-
Tuesday 13th August 2019 13:59 GMT Anonymous Coward
Re: The group used encryption and cryptography
Anyone who uses encryption should be on a watchlist.
Encryption in consumer apps should be removed or replaced with something breakable like enigma. It will stop casual readers but not the ones who should be keeping tabs.
My post for example is protected by an envelope of paper. Why should digital comms be protected by something that exceeds the protection paper would give?
Data mine everyting! Scan and store every text, every paper letter, everything. Grep it to find the crims and remove them from society forever.
-
-
Tuesday 13th August 2019 18:37 GMT DCFusor
Re: Keeping mum
Perhaps to avoid admitting they broke laws themselves, as with the whole Stingray business? Searches without warrants, illegal hacking, all that? They've been caught a few times already..
In this case, it's in a good cause. But we all know the line about power and corruption. and they've demonstrated the truth of that one plenty as well.
-
Tuesday 13th August 2019 13:53 GMT Anonymous Coward
Ban Tor
Ban it, problem solved.
What there are people supposedly using it in oppressive countries? So what, the kids are more important than the law breakers and rebels / dissidents in other countries.
Law breakers / dissidents are basically the terrorists of countries just trying to get their people to follow the law. If they have a problem with that they can solve their issues by other means. We cant keep this network up just because someone wants to have a go at their leader.
-
Tuesday 13th August 2019 14:38 GMT RedCardinal
Re: Ban Tor
>>Law breakers / dissidents are basically the terrorists of countries just trying to get their people to follow the law. If they have a problem with that they can solve their issues by other means.
I'm unsure whether you are deliberately trolling here or not? The alternative is that you actually are as stupid as your comment would appear to indicate you are...
-
Wednesday 14th August 2019 08:47 GMT prh99
Re: Ban Tor
That doesn't fix anything, mean while pedos find other places to share. We've seen plenty of times that banning a service doesn't fix problems that manifest there. For example, the attorneys general in the U.S bullied Craigs List to shutdown it's personals and actually shutdown Backpage (without the help of FOSTA btw). While the grand standing AGs (including presidential candidate Kamila Harris) declared it a victory over sex trafficking ,local police complained they'd lost valuable tools to tracking down sex traffickers. As bad as TOR is at least authorities know where to look and when they bust a site like Child's Play, running it themselves for several months can net hundreds of arrests including people who actual make child porn.
-
-
-
Tuesday 13th August 2019 15:38 GMT Anonymous Coward
for now they caught 4, but I'm sure that the ripples will travel around the world. Some people will chose suicide, when confronted, etc. It has happened at least once before, around 2000 - 2005, if I remember vaguely.
...
actually, I would like to know if such information (that the FBI now have, on users around the world) is considered valuable, i.e. they, kind of, "trade it" (we've got something that might be of interest to you, do you have something of interest to us?). You might find it ridiculous, but in this day and age, everything seems to be a commodity, perhaps even information on criminals...
-
Tuesday 13th August 2019 23:10 GMT Diogenes
we've got something that might be of interest to you, do you have something of interest to us?
According to a program here on TV , anything found is shared all the time so they can try to identify the victims. The head of that particular CP unit was quoted as saying that this is their first priority, to hopefully save & help them, and this helps with the second, ie finding the vermin (paraphrasing) .
He gave the example that if something in the background of a photo found in Australia can be identified eg there s a TV with channel branding on, and they match to a US TV station , and the child can be matched to other photos, they are all automatically sent on to the FBI's CP unit for further analysis, as it is likely they will also have other pieces of the puzzle (eg sadly other photos of that child) that may help with identification.
-
-
Tuesday 13th August 2019 16:24 GMT Long John Silver
Using limited resources to maximum effect
Images already in circulation are a lesser matter than criminal activity in making them, encouraging their creation, and facilitating their distribution. I rate the FBI operation a considerable success by virtue of cutting off a Gorgon's head. Following where the snakes lead is far less productive in use of resources than hunting down more Gorgons.
-
Tuesday 13th August 2019 17:08 GMT Dvon of Edzore
Re: Using limited resources to maximum effect
So you missed this part in the third paragraph: "As administrator, Falte required users to upload images or footage of children being sexually abused to the site before getting access to the forum." For the reading impaired, that means each user had to also contribute something to the collection. Chances are copies of the same old nudegirl.gif wouldn't be good enough.
-
-
Tuesday 13th August 2019 21:26 GMT Anonymous Coward
"4 people. what about all the rest?"
Possibly all 4 of the people who actually donated Bitcoin to the site after buying it or mining it from home. I've been in (legal) groups that ran on donations. Getting money out of people is like pulling hens' teeth.
If the 4 people caught were the admins, it sounds like either they managed to unmask the IP of the server and went after the person hosting it or they followed the Bitcoin money trail when they tried to get the money out to pay for real world stuff.
-
-
Tuesday 13th August 2019 16:04 GMT Long John Silver
Don't underestimate capabilities of tradtional police investigative techniques
Investigation of crime conducted under cover of obfuscation and encryption obviously must draw upon high level IT forensic skills. Yet the role of these ought be kept in proper perspective. They are akin to forensic scientists called in to examine physical evidence (e.g. tissue samples); they help build a case and may assist in suggesting further avenues of investigation. Police, and concerned citizens, of lesser IT skills (enough to find their way around Tor and its like) may identify sites to target. Perhaps surveillance experts are called in at an early stage to set traps but their success depends upon serendipity: the nature of many actual traps (e.g. flash vulnerabilities mentioned in the article) is widely known and general principles upon which more covert traps might operate have given rise to informed speculation which careful criminals engaged in activities with a long term Internet footprint (e.g. traditional web site and Tor site) would be aware of.
From that viewpoint it becomes plausible to consider human error by criminals as the major factor leading to arrest. We know human error by legitimate operators of web sites is often behind breaches of security so it takes little leap of imagination to believe criminal operators in the same boat.
Some illicit activities on, say, Tor have obvious weaknesses arising from need to interact with the physical world e.g. illegal drugs require paying for and delivering. Even use of Bitcoin leaves more of a trail than when cash is handed over in person to a drug dealer. Tor 'drug busts' appear to arise from careful consideration of delivery mechanisms after police officers set up 'deals'.
Similarly display/trade of illicit images has many points of potential human error leading to successful investigations. The case discussed here involved several individuals engaged in maintaining/running the site on presumably a long term basis. Those are the ones the FBI knows about. There may also have been a number of persistent visitors and/or contributors to site content at risk of identification through human error but not necessarily jeopardising the entire site.
Every criminal activity has vulnerability in some manner dependent upon the the number of regular key players. Vulnerability may increase more than linearly as numbers rise: potential connections between pairs of players from N such, and thus opportunities for error, are determined by the familiar expression ( N! divided by 2!(N-2)! ) where '!' denotes factorial.
Without labouring the point, interactions among people running and/or using a site may have connection to their activities, perhaps ones more open, on conventional web sites (as appears the case for one of the convicted). Gathering evidence of this nature to make links to real identities entails patience and traditional police investigative craft rather than IT derring-do.
Arising from this is a more general matter. The push for massive online surveillance may not be cost-effective because it plays down the role of traditional police/security methods and diverts resources better used elsewhere. Doubtless, empire builders within the FBI, NSA, GCHQ, and Mrs May's plaything the NCA, manage to pull wool over the eyes of political masters. More trust and credit ought be placed in people trained in painstaking search for human error by criminals. IT ought be handmaiden rather than master in this enterprise and its capabilities not exaggerated.
-
Tuesday 13th August 2019 17:31 GMT Anonymous Coward
72000 users? And each one is only registered AFTER submitting material? And only 4 convictions?
This sucks so bad. You want people living in police states to have a safe way to communicate but the other side of the coin is something possibly even worse. Hopefully I can forget I read this article.
-
Tuesday 13th August 2019 18:35 GMT Anonymous Coward
That Byline: Feds torpedo four Tor pedos
No love lost here for any of those....*through clenched teeth* people.
But I think I found my new game, try saying 'Feds torpedo four Tor pedos' 10 times fast.
- Off to get drunk because this article reminded me of my own run in with one of them years ago, my boss denied the one way ticket I asked for since I knew I wouldn't be back if I went there.
-
Thursday 15th August 2019 08:48 GMT MachDiamond
Silk Road bust
I am willing to believe that The Man operates some of the TOR exit points, but that's likely not enough for pinpoint accuracy. If you look up some of the talks on how Silk Road was busted, you will see that his opsec is what really got him busted. I expect it's the same with this bust and the reason to seal the evidence is to make it look like The Feds have rooted TOR to scare people away from it. Staying anonymous when the Gov is gunning for you with lots of resources means you have to walk the rice paper without leaving a single trace. That's pretty tough.