When it was revealed that an NIT (network investigative technique) had been used to track people across Tor, people were worried about just how they had got permission to deploy such a far sweeping piece of computer malware. It would now seem that the warrant issued didn’t give as much power as they wanted as a federal judge has now stated that the warrant should be invalidated because of its reach.
The federal judge in question sits in Massachusetts and stated that a magistrate issuing a warrant in Virginia cannot “authorize the search of a defendant’s computer located in Massachusetts”. This was noted in a 39-page opinion in which William Young stated that while it cannot be done, the Department of Justice and Congress could change the law in future. The end result of the opinion is the conclusion stating:
Based on the foregoing analysis, the Court concludes that the NIT Warrant was issued without jurisdiction and thus was void ab initio. It follows that the resulting search was conducted as though there were no warrant at all. Since warrantless searches are presumptively unreasonable, and the good-faith exception is inapplicable, the evidence must be excluded.
So ultimately the warrant for the NIT over stretched the bounds, something that has now led to a bunch of evidence being made null and void in a case where even Ahmed Ghappour, a law professor at the University of California, realized that the ” DOJ knew full well that the magistrate lacked authority to issue an out-of-district warrant”.
Content provider CloudFlare is no stranger to the spotlight, with being accused of protecting pro-ISIS by Anonymous causing it some issues. Now it would seem that they are instead on the throwing end of a claim, saying that requests they get from the Tor network (a network designed around allowing anonymous browsing on the web) are malicious 94 percent of the time. Tor accuses CloudFlare of mischaracterizing their users and blocking its network, with it going so far as to impact normal traffic.
Tor claims that its users are often getting stuck in CAPTCHA loops or outright failures, stopping them from accessing content in even the simplest of ways. In external research, Tor states that CloudFlare was found to block at least 80 percent of IP addresses from its service, with the number increasing over time. The CAPTCHA loop is caused by a measure CloudFlare has introduced that requires users of the Tor network to fill out CAPTCHA’s, but only users of the Tor network will see these.
Tor isn’t happy about this accusation and wants to see evidence regarding their 94 percent figure. Many are wondering how they reached this figure, or even how they deem if a connection is trustworthy. With so many people now using networks and systems like Tor, blocking or making the experience worse for users can’t be seen as a positive step when it comes to providing content.
The FBI are known for their digital prowess, although they may require some help when it comes to breaking into an iPhone. One of their most recent successes was the tracking of people using the Tor network, but after a judge ruled that the defendants representatives needed to know how he was identified the FBI has declined to say how they tracked people across the Tor network.
The ruling was provided by the Judge overlooking the case and was provided so that the defendants experts could check that the method used to identify the client was both within the FBI’s authority and also properly identified the client amongst the thousands of users of the Tor network.
The Tor network is a system (also known as the Onion Router) which people can use to hide their true identity by encrypting their traffic and bouncing it around the world in a series of steps. The network is also known for hiding a selection of “secret” websites that can only be accessed from within the network.
The FBI claim that they have already provided enough details for the defence to figure out if they went beyond their authority. FBI Agent Daniel Alfin, states in the court papers filed by the DOJ in the case, as saying “knowing how someone unlocked the front door provides no information about what that person did after entering the house”. While a valid argument, one would also argue that if someone breaks into your house, stealing something from your house and gaining access were both things you need to be made aware, not just one of the two.
A US Judge, during a case regarding the FBI’s use of Network Investigative Technique (NIT) – effectively a form of hacking – was found to have little knowledge or understanding of the concepts being discussed.
During a hearing in Seattle on Friday (15th March), Judge Robert J. Bryan presided over the case of Jay Michaud, a public school administrator in Vancouver, Washington, who was charged with possession of child pornography. Michaud was caught in a sting operation by the FBI, during with the law enforcement agency seized a hidden Tor service called Playpen, hosted it from its own server, and used NIT to bypass the Tor encryption to obtain his real IP address. The use of NIT in the case is being contested.
During the hearing, Judge Bryan appeared confused as to how NIT works: “I am trying to understand,” he told the court. Below is a transcript from the hearing (via Vice Motherboard), during which Judge Bryan fails grasp how NIT is implemented:
Judge Bryan: “Do the FBI experts have any way to look at the NIT information other than going to the server?”
Colin Fieman (Michaud’s public defender): “Your Honor, they don’t go to the server.”
JB: “Where do they go? How do they get the information?”
CF: “They get it from Mr. Michaud’s computer.”
JB: “They don’t have his computer.”
CF: “That’s what the NIT is for.”
Struggling to wrap his head around NIT, Judge Bryan later said, “I suppose there is somebody sitting in a cubicle somewhere with a keyboard doing this stuff. I don’t know that. It may be they seed the clouds, and the clouds rain information. I don’t know.”
While, on the face of it, Judge Bryan’s comments are amusing – though, to be fair, the ideas being conveyed during the case can be impenetrable to people without an inclination toward technology and computing – it is worrying that someone without a grasp of the subject being discussed is then expected to make a ruling on the matter, and that Judge Bryan’s ignorance, though not necessarily his fault, does not automatically recuse him from presiding over the case.
Or, as Vice Motherboard puts it:
““If a smart federal judge still has trouble understanding after hours of expert testimony what is actually going on,” then the average judge signing warrant applications has little hope of truly understanding what the FBI is proposing, Nate Wessler, staff attorney at the American Civil Liberties Union (ACLU), told Motherboard in a phone interview.”
Tor is an open network that looks to fight against tracking analysis, just one way of monitoring and identifying people online. Using systems like Tor you are able to hide your identity online, a feature that some governments seem less than keen on letting happen due to the risks that people may use it for less than noble intentions. CMU previously responded saying, well not much at all to be honest, regarding the rumours it would now appear a judge has revealed it all; sorry FBI, looks like it wasn’t you.
It has now been revealed that it was in fact the Department of Defence (DOD) that funded the project. The information comes out as part of a court case against Brian Farrell, one of Silk Road 2.0’s administrators. Once again online privacy is being raised, with the argument that if you are looking to hide your activity you are attempting to create a sense of privacy, something which online tracking would then breach.
With technology and the law going head to head in the court on a daily basis, will the laws and governments of the world ever be in step with the ways that we work every day or will we always be hearing about the constant game of catch up that the law seems to follow currently?
FBI this, FBI that. It would seem that the FBI just can’t help but keep out of the news these days with Apple Vs the FBI seeming to turn companies against the government, but this is not the only case where the FBI is having trouble. The other case is when they were able to hack over 1,000 computers on the infamous Tor network, leading to a series of convictions. The Judge presiding over the case has now stated that the defence lawyer should be provided with the code used to hack their computers.
Colin Fieman is the federal public defender working on the case and has requested that they are given access to a copy of the code used to identify his client. In a response to Motherboard, Fieman stated that the code would include “everything”, including the methods used to bypass security features of the Tor Browser.
Vlad Tsyrklevith is the defence’s consulted expert on code and he has since received the “code” used, but it seems that the FBI were holding out with several key elements missing from the code. This included the exploit used to break into the defendant’s computer, a key feature that should be provided in the case with the agreement that “subject to the terms of the protective order currently in place” they would have access to the code used to identify and potentially, charge, the defendant.
It would seem the FBI can’t stop getting caught short, with this case drawing criticism because of the use of a single warrant to hack an unknown number of computers located around the world. This wouldn’t have been so bad if the FBI hadn’t kept the site which contained illegal materials online, effectively meaning that the FBI were distributing the same thing they are now prosecuting people for.
In 2013, the dark web email service Tormail was seized by the FBI and the contents of their servers taken with them. It was also suspected that the FBI had made use of a network investigative technique (NIT), an FBI term for a hacking tool to compromise some users of the service. A report by the Washington Post on the FBI’s use of NITs confirmed these suspicions but also opened many more questions, such as the scope of the hacking.
Prior to its takedown by the FBI, the Tormail service ran on the dark web, only accessible through the Tor network. Such hidden email services are typically used by those in need to privacy, whether for legitimate reasons, such as journalism, or less than legal activities such as drug dealing, trading on Silk Road and other activities that could draw the attention of the FBI. The agency had supposedly obtained a warrant to hack the accounts of certain people thought to be associated with the distribution of child pornography.Despite this, at the time Freedom Hosting, a web host providing dark web services including Tormail, was seized by the FBI anyone accessing a page hosted by Freedom Hosting was served an error page. This error page was designed to serve malicious code that took advantage of a security flaw in the Firefox browser to transmit the user’s real IP address to a Virginia server.
An ex-user of TorMail told Motherboard that the error page and malicious code “appeared before you even logged in.” This brings into question whether the FBI was acting within its claims of targeting specific users if the real IP address of every single person to access TorMail was reported to them. And while there were certainly criminals making use of the service, many users were not engaging in criminal activity, regardless of their reason for wanting privacy.Christopher Soghoian,
Christopher Soghoian, a technologist for the American Civil Liberties Union, told Motherboard “If the government, in fact, delivered an NIT to every single person who logged into TorMail, then the government went too far.” Not to mention, if the FBI were hacking everyone accessing the service with the only justification being their usage of a privacy service, it could be considered unreasonable and may not respect boundaries for international users. And with NIT orders not being publicly released, even years after the fact, there is no concrete information as to what the judge actually authorized the FBI to do.
Cases like this are worrying to anyone who is concerned about online privacy. With Tor recently suspected to be compromised by the FBI and their director decrying the use of encryption without backdoors, it is unclear where the power of the FBI truly reaches. This lack of public accountability could be a threat to those who desire privacy for innocent reasons and may harm unbiased journalism should the tools it uses put it under threat.
For those who are privacy conscious or live in countries where the Facebook service is censored, the social media giant’s Android application has long been unusable. This has changed with the latest version of the Facebook app, which includes the option for the app to route its traffic through the Tor network.
The experimental new feature can be enabled through the app’s settings, depending on a separate app called Orbot to function as a proxy for routing the traffic through the Tor network. Due to the nature of the Tor network, enabling this feature does have the side effect of disabling the use of push notifications. As long as a user makes sure to manually check for updates frequently, this is hardly a big loss for the privacy aware.
Tor’s service works by routing traffic through a series of random nodes or relays in its network. This ensures that no one system in the chain can know the true origin and source of the packets sent and received. Only the initial node will know the packet’s source and the final node sending the packet onto the public internet, or exit point, knows the destination. The packets are also encrypted in such a way that the nodes are unable to snoop on the data sent. The value of this approach is that it masks the sites and services that you are accessing from your ISP and any nodes en-route as well as hiding your IP from the destination.
Facebook’s site has been available via Tor since 2014 via facebookcorewwwi.onion, a version of the site only accessible through the Tor service. Traffic to this address never passes back to the public internet to reach the regular Facebook site, so no Tor exit points or public internet relays are traversed. Sadly the app currently relies on Facebook’s public servers even when Tor is enabled, but it is to be expected that support for their .onion Tor service is in the app’s future.
The FBI are reported to have hacked over a thousand computers as part of their action to help track down and identify individuals who were viewing or responsible for indecent child images on the Dark Web, a variation of the internet that is designed to be accessed through in secret using encrypted and rerouted traffic.
A bulletin board was created on the dark web in August 2014 allowing users to sign up and upload a variety of images, the site was later confirmed to be known as “Playpen”. After gaining nearly 60,000 in the first month, within a year of this, the site had exploded to include almost 215,000 posting over 117,000 posts. There was just one problem for people that wanted to use this site at this point, a month before this explosion of users, the server was obtained by law enforcement in North Carolina. This didn’t stop the service, the site was continued from a server in Virginia, one of the FBI’s servers none the less.
While the site was being run on the FBI’s servers, they used the opportunity to deploy a network investigative technique (NIT) also known as a hacking tool to the public. This tool was said to have been used in the identification of approximately 1300 IP addresses.
This is not the first time that actions of this kind have been used by law enforcement or even the FBI in particular, but it is the first time that such a large-scale has been made public. With all these actions covered under a single warrant, with no specific targets, some are even stating that this way of tracking, hacking and identifying is illegal no matter the warrant it uses.
Find below a section of the affidavit that was used in support of the search warrant application, showing just how much information going on a website could have revealed.
The basic idea behind their warrant was that if you visited the site and started to log in or even sign up it authorised the deployment of the NIT. The question is then raised that did the Judge who authorised the action knew what they were authorising, or if they were even informed about the scope and the methods that were going to be used as part of the action.
More and more the use of technology and government use of it within the real world is being questioned as practises and methods used for years are brought to light and identified as legally questionable.
There are lots of ways people try to protect their privacy in the modern world, where techniques like encryption are under fire. While hiding message content can be effective, the ability to collect a mass of metadata can be just as invasive to your privacy if a company, government body or nefarious element were able to gain access to when, where and to whom you communicated with. A team of researchers from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) have come up with a system named “Vuvuzela”, after the popular (and annoying) plastic horn, that adds noise to any messages sent, rendering them untraceable.
Vuvuzela relies on a number of nodes to function, similar to Tor router for internet traffic, it relies on fewer nodes and more traffic. A sender deposits an encrypted message in a secure “dead drop” server, which can then be retrieved by its receiver. On top of that, traffic is not controlled by the user sending a message, instead message circulation takes place over 10-20 seconds, so as not to allow attackers to detect and track messages being sent. A user stopping sending or joining a chat may also cause hackers to be able to trace activity based on the number of messages sent. This is where the spam comes into effect. All of the server nodes that are part of Vuvuzela send junk messages to random inboxes at the same time that messages are propagated normally, hiding the activity of normal users. It is even resilient against a server being compromised or knocked offline, as the noise can be enough to obfuscate messages even with only a few nodes remaining. As a result, the only data that Vuvuzela exposes is the amount of nodes engaged in a chat.
It may seem like the holy grail of privacy at this point, but the assurance of data being hidden comes at a price, namely speed. Vuvuzela, while still in early development, is incredibly slow due to the timed sending of messages. In a test run by the researchers at MIT, they simulated 1 million users generating 15,000 messages per second. With this volume of data, the average time for a message to be delivered was 44 seconds, a time that many would consider unacceptable for every day or commercial use. For those in high-risk situations where their communication privacy is paramount, a small delay is not a massive trade-off.
Tor has been around for about ten years now, and while the project was received with warmth by numerous users who wanted to maintain their anonymity online, several courts and governments have been trying to dismantle it for quite some time now. In order to evolve and make its goals known to a wider audience, Tor had to make some changes, and after a long five-month search, the people in charge have decided to hire a new executive director named Shari Steele. One of the reasons why Tor is not incredibly successful right now is that the project has nobody to educate people about the importance of privacy and anonymity online. Steel could be an ideal candidate for this, as she served as the executive director of the Electronic Frontier Foundation for 15 years.
During that time, the EFF has grown from a small lawyer team to a widely appreciated team of attorneys that were a part of numerous high-profile lawsuits in the digital world. The director and co-founder of Tor, Roger Dingledine, said that Tor could also become a vocal advocate of privacy in the future, which could definitely help with its popularity.
“Tor is part of a larger family of civil liberties organizations, and this move makes it clear that Tor is a main figure in that family.At our core we’re a technology organization, and the best thing we do for the world is we write tools like the Tor Browser and make sure they can keep people safe. But we’re also really interested in the impact of our tools…. One of the things that I’m really looking forward to over the next couple of months is working together among all the Tor people to get a consensus on what we want to be and what our priorities should be. But I’m expecting the core of that to [still] be technology.”
However, Steel seems to believe that Tor should focus mostly on creating encryption tools.
“My inclination is that Tor is going to remain strictly tools, but that we are going to be the experts on encryption and that may very well mean we’ll get called into talk about encryption, in whatever [role] that might mean.I don’t see Tor as becoming like EFF, but it’s a recognition that Tor is an essential part of that infrastructure. Internet freedom can’t happen without it or without EFF.”
On Friday, a number of Twitter users received a notification from the social networking platform, explaining that their accounts had been the target of state-sponsored actors. Unsurprisingly, the supposed targets of these attacks were mass surveillance researchers and security professionals.
The incident was surprising for users of Twitter, as until the notifications went out at 17:30 EST, Twitters notification service regarding state-sponsored attacks had never before been seen, let alone mentioned by Twitter. Fortunately for those affected, Twitter assures in the notification email that they believe that only email addresses, IP addresses, and phone numbers could have been taken by a breach, and even then, could not confirm that any data had been taken. The compromising of a single social media account can be a big deal though, with some users holding multiple Twitter accounts for different purposes, and using personal details and account credentials could yield access to other sites too.
Twitter is yet to release any further information beyond the notification letter, however people have begun theorizing what could be taking place, with Jacob Appelbaum, a key member of the Tor Project taking the effort to keep up a list of sorts of the individuals receiving the notifications. He questioned in a tweet whether Twitter had been “owned” or hacked. More information and theorycrafting on the topic has come under the hashtag #StateSponsoredActors which also discusses Twitter’s blocking of a number of accounts used through the Tor service.
Twitter is not the only online service with warnings against incidents with state attackers, with Google having one in place and Facebook having launched theirs back in October, which immediately identified attacks on US Government employees.
Earlier this week, leaked documents revealed that French police were pressuring President Francois Hollande (pictured above) to ban the Tor browser and to block public Wi-Fi in a state of emergency. Hollande’s Prime Minister, however, has denied that any such demand was made, and added that the French government would not entertain such a notion in the name of “freedom”.
“A ban of Wi-Fi is not a course of action envisaged,” Prime Minister Manuel Valis said, as reported by English language French Newspaper The Connexion, which adds that France has plans to outlaw Tor, either.
“Internet is a freedom,”Valis added. “[It] is an extraordinary means of communication between people, [and] it is a benefit to the economy.”
Police liaison DLPAJ revealed that law enforcement bodies were also seeking the powers to “require [service] providers to give security forces access codes” for communications applications, such as Skype, Viber, and WhatsApp.
France has been in a state of emergency since the Paris terror attacks that took the lives of 130 people on 13th November, and will run until 26th February, 2016. Valis warned, though, that the period could well be extended on that date, saying, We can’t rule out that possibility, depending on the level of danger, and we have to act with a great deal of responsibility.”
In the wake of the Paris terror attacks, French police has submitted proposals to ban anonymous web browser Tor and block Wi-Fi networks in public places to President Francois Hollande (pictured), according to French newspaper Le Monde (via Business Insider). La Monde has acquired documents that show the French government is taking the proposal very seriously and it could be included in France’s new anti-terrorism bill, which could come into effect as early as January.
According to Vice Motherboard, French authorities want “to block or forbid communications of the Tor network” and “Forbid free and shared wi-fi connections” when a state of emergency is declared, similar to mobile phone networks being taken down during such a time.
If France does introduce a ban on the Tor browser, it has two options with which to enforce it: a legal ban, which would outlaw its use at risk of prosecution, and a technological ban, which would require the installation of a China-esque national firewall that blocks Tor entry nodes. The latter is sure to worry free speech and civil liberties activists.
While Carnegie Mellon dismisses any notion that it has taken money from any agency, it does not deny that it works with law enforcement organisations, nor does it specifically address its dealings FBI or its involvement in compromising Tor.
“There have been a number of inaccurate media reports in recent days regarding Carnegie Mellon University’s Software Engineering Institute work in cybersecurity.
Carnegie Mellon University includes the Software Engineering Institute, which is a federally funded research and development center (FFRDC) established specifically to focus on software-related security and engineering issues. One of the missions of the SEI’s CERT division is to research and identify vulnerabilities in software and computing networks so that they may be corrected.
In the course of its work, the university from time to time is served with subpoenas requesting information about research it has performed. The university abides by the rule of law, complies with lawfully issued subpoenas and receives no funding for its compliance.”
While it doesn’t say outright that the University gave the FBI information regarding Tor due to a subpoena it received, it is heavily implied. In denying taking money and affirming that any dealings were law enforcement were legally obliged, Carnegie Mellon appears to be indirectly absolving itself of blame by assigning all responsibility to the FBI.
Several operators have reported that their Tor exit nodes have been hit by large-scale DDoS attacks originating in the UK. While some abnormalities have been written off by users as “graph glitches”, the attacks have coincided with the disappearance of the Abraxas Marketplace, which has made some users quite edgy.
“Hi, I am the operator of several exit nodes and would like to stay anonymous due to the nature of the given attacks. Since Thursday (05.11.2015 1800 UTC) I have seen large DDoS attacks on each of my exit nodes from a common /16 source. The attacks originate from UK.”
The same operator, under the username dipsh1t, later posted more details to the /r/DarkNetMarket subreddit, writing, “[Attacks are occurring at an] Interval of about 30min. A whole bunch of IPs at 20mbit/s hitting hard for 5min. And then a small amount of nodes hitting hard at around 100mbit/s per IP. They’re both TCP and UDP, primarily UDP. All nodes look identical (nmap).”
If these attacks are both legitimate and being launched by the UK, it comes a week after the launch of a new task force by UK intelligence service GCHQ to police the ‘dark web’. “An NCA and GCHQ co-located Joint Operations Cell (JOC) opens officially today,” a National Crime Agency press release from 6th November reads. “The unit brings together officers from the two agencies to focus initially on tackling online child sexual exploitation.”
Tor was seriously compromised during the Summer of 2014 by unknown assailants, but now the Tor Project has revealed that it thinks it has determined the culprit: the FBI. According to the Tor Project, the FBI paid researchers from Carnegie Mellon University $1 million to crack Tor’s encryption.
“On July 4 2014 we found a group of relays that we assume were trying to deanonymize users,” the Tor Project wrote on its blog at the time. “They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks.”
In a follow-up post yesterday (11th November), the team writes, “The Tor Project has learned more about last year’s attack by Carnegie Mellon researchers on the hidden service subsystem. Apparently these researchers were paid by the FBI to attack hidden services users in a broad sweep, and then sift through their data to find people whom they could accuse of crimes.”
“There is no indication yet that they had a warrant or any institutional oversight by Carnegie Mellon’s Institutional Review Board,” the post adds. “We think it’s unlikely they could have gotten a valid warrant for CMU’s attack as conducted, since it was not narrowly tailored to target criminals or criminal activity, but instead appears to have indiscriminately targeted many users at once.”
The Tor Project brands the alleged actions of the FBI as an attack on “civil liberties” and “a violation of our trust and basic guidelines for ethical research.”
Ransomware is a particularly nasty piece of malware that has become even more popular in recent years. Initially, malware was designed to just disrupt or damage a person’s computers or files. Then came ransomware, designed to benefit the creator by either disturbing or denying access to their files the ransomware then offers to decrypt any nastily encrypted files using the only available key online by a set date if you pay them. It would seem that Linux users are the latest target with Linux.Encoder.1 targeting the operating system.
Targeted at a vulnerability in the Magneto CMS system, popular amongst e-commerce sites, and then once run with administrator-level privileges, will encrypt the user’s home directories and any files that could be associated with websites and hosting websites on the system. This is particularly lethal to stores which make their living through online selling, potentially knocking the site offline and costing them hundreds in one fell swoop.
After encrypting a directory, the system leaves a readme file, stating the terms for payment and offering a link to the Tor-protected gateway to make the payment of one bitcoin (a digital currency that comes in at around £250).
Once it has received the payment the malware will then decrypt the files, deleting both the readme file and the encrypted files during the process.
We would like to remind people to be careful when running any software or opening files sent or downloaded from the internet. Ransomware use is on the rise and we wish that our readers (and everyone else) never has to deal with being one of its victims.
Browsing online became a service that people watched more carefully after Edward Snowden revealed the extent at which our online activity was being monitored, from every web address to the very content of our private and confidential emails, we were being watched. A library in Lebanon, New Hampshire, decided that in order to support the public and their online activity it would allow its users to use the Tor Service. Tor operates by bouncing your internet traffic around the world, sending it from one place to another essentially masking their online activity and making it very difficult to track down the source of online activity. After they received an email, though, the library have since decided to take another look at this policy.
The email in question comes from the DHS, the department of Homeland Security, who got in contact with the local police who then contacted the library. The initial worries that were raised and have caused the service to be halted was in the end its ability to be used for illegal means.
While the first library for the scheme, many others have apparently expressed interest in supporting the freedom that anonymous browsing would provide its patrons. Would you as a library goer like knowing that your being tracked? What about when you’re at home? Do the risks outweigh the benefits or is there a bigger problem we need to address before we block public use of systems like Tor?
The Tor network is commonly referred to as ‘The Dark Web’ and perceived as an encrypted space to exchange illegal goods or engage in unscrupulous activities. While this is generally true, it only accounts for a specific portion of TOR users and there are legitimate case scenarios. This viewpoint is shared by the Internet Assigned Numbers Authority (IANA), Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Engineering Task Force (IETF).
These are three major internet regulators publicly advocating the use of Tor in certain circumstances and designated the .onion domain, for sites hosted on the Tor network. Additionally the .onion domain was described as a “Special use Domain” which enhances its legitimacy. Richard Barnes, Mozilla’s security head for Firefox told Motherboard:
“This enables the Tor .onion ecosystem to benefit from the same level of security you can get in the rest of the web,”
“It adds a layer of security on top.”
This also means that sites can be verified to see who the real owner is through SSL and TLS security certificates. Using Tor is a contentious issue as many users feel it’s a mysterious and unknown portion of the internet. Governments have overstepped the mark and intruded on people’s privacy in the last couple of years. Therefore, Tor could bring about improved privacy and protect individual’s data. Although, there are concerns about the type of individuals using ‘The Dark Web” including drug smugglers and other criminals.
Thank you Motherboard for providing us with this information.
Tor claims to allow people to connect to the internet and through their network become invisible and untrackable, this has made it very popular in recent years in which privacy online has become a big issue for both companies and home users alike. Scientists from Massachusetts Institute of Technology and Qatar’s Computing Research institute have released a research paper which may change that.
By gathering the network information from a pre-determined list of hidden services in advance, they are able to analyse patterns between the hidden service and the entry guard which helps protect users and make the service “anonymous”. This means that they were able to create a unique fingerprint for each service they came across, and later able to use this to identify the service. It should be noted though that while this means you can be identified on the network, they could not decrypt the network data, that would be a task for a different service.
Quoting an “88 percent accuracy” in determining the services identity. The attacks however must come from an entry guard, which are randomly assigned amongst the many users that use the tor network and therefore reduces the chance that you would have access to the entry guard required to find a particular person. The algorithm used to identify services did so by matching the number of packets (bundles of information sent) in patterns, a technique which Tor’s project leader has openly said could be fooled by simply adding padding to the network communications.
With secrecy and online monitoring becoming publicly known, even when it’s done illegally, tools like Tor are becoming more popular amongst users who feel they might be targeted online (for good or bad reasons). In the modern world, nothing is 100% secret.
Have you heard of the Silk Road? It’s been pretty big news recently. The website was the core of “the dark web” – a side of the internet that was only accessible to the uppermost of criminals.
The main person behind the Silk Road (Ross Ulbricht) was convicted for Life this week, after being prison since the 1st of October 2013. Ars Technica have published an article telling us what happened on that day:
On October 1, 2013, the last day that Ross Ulbricht would be free, he didn’t leave his San Francisco home until nearly 3:00pm. When he did finally step outside, he walked ten minutes to the Bello Cafe on Monterey Avenue but found it full, so he went next door to the Glen Park branch of the San Francisco Public Library. There, he sat down at a table by a well-lit window in the library’s small science fiction section and opened his laptop.
From his spot in the library, Ulbricht, a 29-year-old who lived modestly in a rented room, settled into his work. Though outwardly indistinguishable from the many other techies and coders working in San Francisco, Ulbricht actually worked the most unusual tech job in the city—he ran the Silk Road, the Internet’s largest drug-dealing website.
Shortly after connecting to the library WiFi network, Ulbricht was contacted on a secure, Silk Road staff-only chat channel.
“Are you there?” wrote Cirrus, a lieutenant who managed the site’s extensive message forums.
“Hey,” responded Ulbricht, appearing on Cirrus’ screen as the “Dread Pirate Roberts,” the pseudonym he had taken on in early 2012.
“Can you check out one of the flagged messages for me?” Cirrus wrote.
“Sure,” Ulbricht wrote back. He would first need to connect to the Silk Road’s hidden server. “Let me log in… OK, which post?”
Behind Ulbricht in the library, a man and woman started a loud argument. Ulbricht turned to look at this couple having a domestic dispute in awkward proximity to him, but when he did so, the man reached over and pushed Ulbricht’s open laptop across the table. The woman grabbed it and handed it off to FBI Special Agent Thomas Kiernan, who was standing nearby.
Ulbricht was arrested, placed in handcuffs, and taken downstairs. Kiernan took photos of the open laptop, occasionally pressing a button to keep it active. Later, he would testify that if the computer had gone to sleep, or if Ulbricht had time to close the lid, the encryption would have been unbreakable. “It would have turned into a brick, basically,” he said.
Then Cirrus himself arrived at the library to join Kiernan. Jared Der-Yeghiayan, an agent with Homeland Security Investigations, had been probing Silk Road undercover for two years, eventually taking over the Cirrus account and even drawing a salary from Ulbricht. He had come to California for the arrest, initiating the chat with Ulbricht—who had been under surveillance all day—from a nearby cafe.
Looking at Ulbricht’s computer, Der-Yeghiayan suddenly saw Silk Road through the boss’ eyes. In addition to the flagged message noted by Cirrus, the laptop’s Web browser was open to a page with an address ending in “mastermind.” It showed the volume of business moving through the Silk Road site at any given time. Silk Road vendors concealed their product in packages shipped by regular mail, and the “mastermind” page showed the commissions Silk Road stood to earn off those packages (the site took a bit more than 10 percent of a typical sale). It also showed the amount of time that had been logged recently by three top staffers: Inigo, Libertas, and Cirrus himself.
Ulbricht was soon transferred to a New York federal prison; bail was denied. In addition to charges of drug dealing and money-laundering, prosecutors claimed that Ulbricht had tried to arrange “hits” on a former Silk Road administrator and on several vendors. Though Ulbricht had in fact paid the money, the hits themselves were all faked—in one case, because a federal agent was behind the scheme, in another because Ulbricht appears to have been scammed using the same anonymity tools he championed.
Despite having been caught literally managing a drug empire at the moment of his arrest, Ulbricht pled not guilty. His family, together with a somewhat conspiracy-minded group of Bitcoin enthusiasts, raised a large pool of money for his defense. With it, Ulbricht hired Joshua Dratel, a defense lawyer who has handled high-profile terrorism trials.
Dratel did not reach any sort of plea deal with the government, as is common in such cases. Beyond a general insistence that his client was not, in fact, the Dread Pirate Roberts, Dratel offered no public explanation of what had happened in the Glen Park library—until January 2015, when the case went to trial at the federal courthouse on Pearl Street in lower Manhattan.
“Ross is a 30-year-old, with a lot at stake in this trial—as you could imagine,” Dratel said in his opening statement, addressing the jury in a low-key voice. “This case is about the Internet and the digital world, where not everything is as it seems. Behind a screen, it’s not always so easy to tell… you don’t know who’s on the other side.”
Ulbricht, he said, was only a fall guy, the stooge left holding the bag when the feds closed in; the “real” Dread Pirate Roberts was still at large. But would the jury buy this unlikely story?
The Silk road was a massive network of servers that provided a website to be able to buy almost every drug and illegal substance known to man. Upon login, users could see pictures of the substances and be able to access other tools such as hacking tools, fake ID’s and an illegal coupon scheme. All of which were held against Ulbricht in his trial. The site operated with a simple interface and had extensive user forums, providing a similar experience to Ebay and Craigslist. The website itself had no contact with drugs; it linked buyers and sellers together then taking a percentage of each transaction.
To access the website you had to use two technologies. Tor and Bitcoin. Tor was developed by the US navy originally and now managed by a nonprofit organization. It helped anonymize traffic by routing between several servers and encrypting the traffic on its way through.Bitcoin is known as a cryptocurrency; also an anonymous method for paying money to other anonymous people.
In July 2013, Der-Yeghiayan scored a bigger prize, taking over the account of a Silk Road staffer named “Cirrus.”
“Cirrus has always been dedicated to our community at large,” Dread Pirate Roberts explained in a private message introducing Cirrus to his small group of administrators shortly before Der-Yeghiayan took over the account.
Adopting Cirrus’ identity, Der-Yeghiayan earned 8 bitcoins a week—about $1,000 at the time—for moderating forum posts. After several weeks, he got a raise to 9 bitcoins a week. He was paid right up until the Silk Road site was shut down in October 2013.
For two years, Der-Yeghiayan worked the case without ever knowing DPR’s real name; he learned about “Ross Ulbricht” from another office just days before the arrest.
Homeland Security Investigations began making purchases from Silk Road, many of them under an account taken over from an existing site user called “dripsofacid.” (Various law enforcement agencies created their own accounts on Silk Road during its existence, but they also took over others after arresting their owners.)
When HSI made their controlled buys, they had the shipments sent to a name and address they used specifically for undercover purchases. Investigators compared the product received to the listing on Silk Road to confirm its origin. One purchase shown to the jury was 0.2 grams of brown heroin, bought from a seller in the Netherlands. The packaging was professional—the heroin tucked inside several plastic bags, which were themselves contained in a vacuum-sealed pouch, which was invisible behind a bluish sheet of paper.
Ultimately, HSI made 52 undercover buys from more than 40 distinct Silk Road dealers in 10 different countries. The drugs were all tested, and all but one purchase resulted in genuine goods. Silk Road, whatever one thought of it, worked as a market.
On the darknet, drugs are still available. But nowhere near the Silk Road has been seen, before or since. “Silk Road 2.0,” launched within a few months of Ulbricht’s arrest, lasted less than a year until its alleged creator, 25-year-old Blake Benthall, was arrested in San Francisco.
The most popular Silk Road successor, a darknet site called Evolution, shut down without warning in March—when its founders apparently emptied out the $12 million in its escrow system and ran. This sort of “exit scam” was the type of large-scale theft that users of such markets always knew was possible.
Any sense that the darknet could be a safe haven has now been shattered but Silk Road began years earlier, when the dream of creating a cryptographically protected libertarian utopia right in the midst of conventional society still seemed a reasonable proposition. But it was never likely to succeed for long—a fact that Ulbricht has now learned the hard way.
Thank you to ArsTechnica for providing us with this information
International intelligence agencies, such as the US National Security Agency (NSA), may have developed the ability to peel back the layers of The Onion Router network some time ago, but hackers and activists are determined to preserve their anonymity, developing a new Tor client that even the NSA can’t crack. The Astoria client should pose government spies their biggest challenge yet.
Astoria allows users to mask their identities by passing traffic between an encrypted middle relay and exit relay circuit, routed through 6,000 network nodes. With other Tor clients, anonymity can be compromised though “timing attacks”; gaining control over the entry and exit relays, with 58% of Tor circuits vulnerable to such attacks. Astoria reduces that number of vulnerabilities from 58% to 5.8%.
Included within the Astoria client is an algorithm designed to predict and counter relay attacks, patching vulnerabilities before they can be exploited. The client is thus able to always create the most secure circuit while balancing performance. Though “timing attacks” – commonly used by the NSA and GCHQ to crack Tor anonymity – can never be protected against entirely due the way Tor is constructed, Astoria makes it as difficult as possible for them to succeed.
“In addition to providing high-levels of security against such attacks, Astoria also has performance that is within a reasonable distance from the current Tor client,” Astoria’s developers write. “Unlike other AS-aware Tor clients, Astoria also considers how circuits should be built in the worst case—i.e., when there are no safe relays that are available. Further, Astoria is a good network citizen and works to ensure that the all circuits created by it are load-balanced across the volunteer driven Tor network.”
Astoria is not yet available for download, only being revealed in a research paper by its developers, but it is expected to be released soon.
The FBI is attempting to circumvent the Fourth Amendment of the US Constitution in order to spy on The Onion Network (Tor) and Virtual Proxy Network (VPN) users. According to the Foundation for Economic Education:
The investigative arm of the Department of Justice is attempting to short-circuit the legal checks of the Fourth Amendment by requesting a change in the Federal Rules of Criminal Procedure. These procedural rules dictate how law enforcement agencies must conduct criminal prosecutions, from investigation to trial. Any deviations from the rules can have serious consequences, including dismissal of a case. The specific rule the FBI is targeting outlines the terms for obtaining a search warrant.
It’s called Federal Rule 41(b), and the requested change would allow law enforcement to obtain a warrant to search electronic data without providing any specific details as long as the target computer location has been hidden through a technical tool like Tor or a virtual private network. It would also allow nonspecific search warrants where computers have been intentionally damaged (such as through botnets, but also through common malware and viruses) and are in five or more separate federal judicial districts. Furthermore, the provision would allow investigators to seize electronically stored information regardless of whether that information is stored inside or outside the court’s jurisdiction.
If the Department of Justice’s request is granted, then it will be in direct conflict with the US Constitution. The Fourth Amendment protects US citizens from having their personal effects, which includes electronic devices, from being searched without probable cause or a warrant.
The Tor Project, victims of an attempted hack by a group known as Lizard Squad, has reassured users that the threat is being dealt with and that users’ anonymity remains intact.
It seems that Lizard Squad launched what is known as a Cybil attack, creating new relays in the hope of saturating the network, as opposed to taking control of existing relays. But, despite reports, the hackers only controlled 1% of the total number of relays within the Tor network. Tor confirmed this in a statement to Business Insider:
“This looks like a regular attempt at a Sybil attack: the attackers have signed up many new relays in hopes of becoming a large fraction of the network. But even though they are running thousands of new relays, their relays currently make up less than 1% of the Tor network by capacity. We are working now to remove these relays from the network before they become a threat, and we don’t expect any anonymity or performance effects based on what we’ve seen so far.”
Lizard Squad claimed responsibility for the Christmas attack on Xbox Live and PlayStation Network, explaining that it brought the two online gaming servers down to demonstrate that users were being short changed by a weak, lacklustre network. Its reasoning for attacking Tor is still a mystery but, whatever its motives were, the move has turned the collective head of Anonymous:
Hey @LizardMafia don't fuck with the Tor network. People need that service because of corrupt governments. Stand the fuck down.
Lizard Squad’s latest attack seems to be designed to compromise users’ anonymity by commandeering Tor’s relay nodes. If the hackers take control of enough nodes, it will be able to eavesdrop on, track, and identify Tor users. So far, Lizard Squad has control of 3,000 relays, close to half of all nodes.
If you’ve a spare $1,949 and are in the market for a new laptop, you could do worse than investing in a Librem, the new open source PC from San Francisco-based company, Purism.
Currently seeking crowdfunding on Crowd Supply, the Librem, advertised by Purism as a “Free and Open Source laptop that respects your essential freedoms,” runs almost entirely on open source software, the only exception being the proprietary firmware of its Intel processor. The 15.6-inch screened Librem is packing an Intel i7-4712MQ chipset, 4GB RAM, 500GB hard drive, and a CD/DVD drive. Ports include USB 3.0, HDMI, an SDXC card slot, and an RJ-45 Ethernet port, plus an Atheros-based 802.11n Wi-Fi adapter, a 720p webcam, HD audio, and a flashy backlit keyboard.
Purism said of their new laptop, proudly, “This is the first high-end laptop where you are in control and have complete visibility into the kernel, the operating system, and all software. Meticulously designed chip by chip to work with free and open source software, the Librem is the first laptop to reinstate your rights to freedom and privacy.”
The Librem ships with Purism’s own GNU/Linux Ubuntu derivative, featuring only free software, including Tor, installed and activated by default.