|
Title: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: LiteCoinGuy on November 12, 2015, 01:40:52 PM The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor
Encryption service Tor was designed to keep its users anonymous, but early last year, it was compromised, handing reams of information about people who used the software to view the "dark web" to an unknown party. Now the non-profit Tor Project that develops and maintains the anonymity software thinks it has its culprit. The group says that Tor was cracked by the FBI, with the help of researchers from Carnegie Mellon University, who were allegedly paid $1 million for their work. https://www.theverge.com/2015/11/11/9719098/fbi-reportedly-paid-1-million-carnegie-mellon-tor Title: Re: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: BADecker on November 12, 2015, 01:52:07 PM An interesting thought about this is, if they spent this much to break TOR, then TOR must be very strong. In addition, they didn't break TOR. They only were able to find some of the people who use TOR. Now, true, this info could connect users with certain websites. But it still doesn't say what the users were doin there. It only gives the FBI locations to set up their surveillance... at peoples' homes.
Use VPN's on top of TOR. Use TOR VPNs to mix signals, something like you would use Bitcoin mixers. :) Title: Re: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: BADecker on November 12, 2015, 02:00:37 PM Another thought.
Linux computers access the Internet in a slightly different way than Windows machines. Maybe MACs are different still. ISPs check the kind of machine you are using, and will sometimes even kick you off if they were expecting you to use one kind, and then you tricked them by using the other kind. Then they reconnect for software that matches your machine. Get a couple of computers simply for accessing the Internet. Let one of them be Windows, and the other Linux. Fire up the Net on one of them, and access your sites on the other via a connection between the two. It should mess the signal up slightly, so that your ISP can't get all the various kinds of personal browsing info that they are looking for. :) Title: Re: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: RustyNomad on November 12, 2015, 02:51:05 PM Quote The Tor Project questioned the legality and ethical basis for the attack, and the collusion between a research institute and the FBI. "There is no indication yet that they had a warrant or any institutional oversight by Carnegie Mellon's Institutional Review Board," the group wrote in a statement. "We think it's unlikely they could have gotten a valid warrant for CMU's attack as conducted, since it was not narrowly tailored to target criminals or criminal activity, but instead appears to have indiscriminately targeted many users at once." What's going to happen now that it's in the open? Will some heads roll? I sincerely doubt it as it seems to be par for the course in the good old US of A for their law enforcement agencies to basically do as they please without any reprimand and or recourse. Bit off topic but I'm really glad to see the changes happening in Europe where Facebook, Apple and Microsoft are planning on setting up some data centres in Germany and some other European countries in order to get their user's data out of the US. Not that it will be any safer there but most of those countries at least follow due process. Anybody see a trend forming in regards to tech firms relocating? Still early days but I'm very sure this trend will continue with more and more tech firms either relocating and or moving their data storage facilities out of the US. Title: Re: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: BADecker on November 12, 2015, 02:56:31 PM Quote The Tor Project questioned the legality and ethical basis for the attack, and the collusion between a research institute and the FBI. "There is no indication yet that they had a warrant or any institutional oversight by Carnegie Mellon's Institutional Review Board," the group wrote in a statement. "We think it's unlikely they could have gotten a valid warrant for CMU's attack as conducted, since it was not narrowly tailored to target criminals or criminal activity, but instead appears to have indiscriminately targeted many users at once." What's going to happen now that it's in the open? Will some heads roll? I sincerely doubt it as it seems to be par for the course in the good old US of A for their law enforcement agencies to basically do as they please without any reprimand and or recourse. Bit off topic but I'm really glad to see the changes happening in Europe where Facebook, Apple and Microsoft are planning on setting up some data centres in Germany and some other European countries in order to get their user's data out of the US. Not that it will be any safer there but most of those countries at least follow due process. Anybody see a trend forming in regards to tech firms relocating? Still early days but I'm very sure this trend will continue with more and more tech firms either relocating and or moving their data storage facilities out of the US. People will find ways around this. How that they know, they will understand what they need to do. TOR VPNs. This is a battle between the forces of good and evil. There are both good and evil, both within and outside of the FBI. People should be free, as long as they don't hurt other people. Thus, the evil is mostly within the FBI. :) Title: Re: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: Bifta on November 12, 2015, 03:09:19 PM I do not think it could be true. I am sure that the FBI knows better hackers who could take care of the TOR. If such information is released, probably for a reason - maybe a distraction from something else ..
Title: Re: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: FruitsBasket on November 12, 2015, 03:11:09 PM An interesting thought about this is, if they spent this much to break TOR, then TOR must be very strong. In addition, they didn't break TOR. They only were able to find some of the people who use TOR. Now, true, this info could connect users with certain websites. But it still doesn't say what the users were doin there. It only gives the FBI locations to set up their surveillance... at peoples' homes. If u use TOR and VPN, are you then compltely anonymous?Use VPN's on top of TOR. Use TOR VPNs to mix signals, something like you would use Bitcoin mixers. :) Title: Re: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: Bifta on November 12, 2015, 03:17:44 PM An interesting thought about this is, if they spent this much to break TOR, then TOR must be very strong. In addition, they didn't break TOR. They only were able to find some of the people who use TOR. Now, true, this info could connect users with certain websites. But it still doesn't say what the users were doin there. It only gives the FBI locations to set up their surveillance... at peoples' homes. If u use TOR and VPN, are you then compltely anonymous?Use VPN's on top of TOR. Use TOR VPNs to mix signals, something like you would use Bitcoin mixers. :) People say that.. But ask Dread Pirate Roberts. FBI till now don't want to say how found him. Almost sure they use some illegal method to truck him. Title: Re: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: BADecker on November 12, 2015, 03:18:56 PM An interesting thought about this is, if they spent this much to break TOR, then TOR must be very strong. In addition, they didn't break TOR. They only were able to find some of the people who use TOR. Now, true, this info could connect users with certain websites. But it still doesn't say what the users were doin there. It only gives the FBI locations to set up their surveillance... at peoples' homes. If u use TOR and VPN, are you then compltely anonymous?Use VPN's on top of TOR. Use TOR VPNs to mix signals, something like you would use Bitcoin mixers. :) Nothing makes you completely anonymous. What it does is, it makes it more difficult to track you. If the VPN is TOR hosted, your ISP might be able to see that you are using TOR. If they are very good, they might be able to see that you are using a TOR hosted VPN. But they would have to track eveyone using that VPN, and the web pages that the VPN accessed, in order to make a guess at which site you were accessing. If nobody else were using that VPN. it would be easier for them. However, all of the above is extremely difficult to do. It slows down even the FBI extremely much, especially if more than one TOR hosted VPNs are being used in series. :) Title: Re: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: ANdr0id on November 12, 2015, 03:21:05 PM An interesting thought about this is, if they spent this much to break TOR, then TOR must be very strong. In addition, they didn't break TOR. They only were able to find some of the people who use TOR. Now, true, this info could connect users with certain websites. But it still doesn't say what the users were doin there. It only gives the FBI locations to set up their surveillance... at peoples' homes. If u use TOR and VPN, are you then compltely anonymous?Use VPN's on top of TOR. Use TOR VPNs to mix signals, something like you would use Bitcoin mixers. :) People say that.. But ask Dread Pirate Roberts. FBI till now don't want to say how found him. Almost sure they use some illegal method to truck him. Title: Re: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: BADecker on November 12, 2015, 03:24:12 PM An interesting thought about this is, if they spent this much to break TOR, then TOR must be very strong. In addition, they didn't break TOR. They only were able to find some of the people who use TOR. Now, true, this info could connect users with certain websites. But it still doesn't say what the users were doin there. It only gives the FBI locations to set up their surveillance... at peoples' homes. If u use TOR and VPN, are you then compltely anonymous?Use VPN's on top of TOR. Use TOR VPNs to mix signals, something like you would use Bitcoin mixers. :) People say that.. But ask Dread Pirate Roberts. FBI till now don't want to say how found him. Almost sure they use some illegal method to truck him. I don't have the article, but it was through his carelessness. One of their people accidentally found an IP address that DPR didn't protect properly. They followed it to the Silkroad login page for verification. The IP address gave the location. They went there and found the host - was it in Norway or Iceland? It still wasn't easy, but it was through Ross's carelessness. :) Title: Re: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: Bifta on November 12, 2015, 03:47:51 PM An interesting thought about this is, if they spent this much to break TOR, then TOR must be very strong. In addition, they didn't break TOR. They only were able to find some of the people who use TOR. Now, true, this info could connect users with certain websites. But it still doesn't say what the users were doin there. It only gives the FBI locations to set up their surveillance... at peoples' homes. If u use TOR and VPN, are you then compltely anonymous?Use VPN's on top of TOR. Use TOR VPNs to mix signals, something like you would use Bitcoin mixers. :) People say that.. But ask Dread Pirate Roberts. FBI till now don't want to say how found him. Almost sure they use some illegal method to truck him. I don't have the article, but it was through his carelessness. One of their people accidentally found an IP address that DPR didn't protect properly. They followed it to the Silkroad login page for verification. The IP address gave the location. They went there and found the host - was it in Norway or Iceland? It still wasn't easy, but it was through Ross's carelessness. :) Host was from Iceland. They truck him through not protected captcha (!!!) - this was some unofficial information. Everyone believes in what he wants .. Title: Re: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: BADecker on November 12, 2015, 04:24:21 PM An interesting thought about this is, if they spent this much to break TOR, then TOR must be very strong. In addition, they didn't break TOR. They only were able to find some of the people who use TOR. Now, true, this info could connect users with certain websites. But it still doesn't say what the users were doin there. It only gives the FBI locations to set up their surveillance... at peoples' homes. If u use TOR and VPN, are you then compltely anonymous?Use VPN's on top of TOR. Use TOR VPNs to mix signals, something like you would use Bitcoin mixers. :) People say that.. But ask Dread Pirate Roberts. FBI till now don't want to say how found him. Almost sure they use some illegal method to truck him. I don't have the article, but it was through his carelessness. One of their people accidentally found an IP address that DPR didn't protect properly. They followed it to the Silkroad login page for verification. The IP address gave the location. They went there and found the host - was it in Norway or Iceland? It still wasn't easy, but it was through Ross's carelessness. :) Host was from Iceland. They truck him through not protected captcha (!!!) - this was some unofficial information. Everyone believes in what he wants .. Ross should have made his own captcha. It isn't that difficult, you know... especially if you are enough of a hacker that you could run a site like Silkroad. :) Title: Re: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: peonminer on November 12, 2015, 04:35:04 PM Damn rats.
Title: Re: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: BADecker on November 12, 2015, 04:55:41 PM Damn rats. But good eating if you know how to cook them, and if you can catch them without getting all chewed up. ;D Title: Re: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: European Central Bank on November 12, 2015, 08:23:51 PM Why should anyone be surprised? I've no idea about how it works but something that flies in the face of law enforcement will always be the focus of their intense attention. We need a million different types of Tor, not just one.
Title: Re: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: toddtervy on November 12, 2015, 08:43:14 PM FBI is a bunch of corrupt morons it seems, should've been dismantled long ago.
Title: Re: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: BADecker on November 12, 2015, 10:58:07 PM FBI is a bunch of corrupt morons it seems, should've been dismantled long ago. As long as government allows taxation rather than donation to government sponsored causes, the whole government is corrupt. :) Title: Re: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: peonminer on November 13, 2015, 01:19:41 AM An interesting thought about this is, if they spent this much to break TOR, then TOR must be very strong. In addition, they didn't break TOR. They only were able to find some of the people who use TOR. Now, true, this info could connect users with certain websites. But it still doesn't say what the users were doin there. It only gives the FBI locations to set up their surveillance... at peoples' homes. If u use TOR and VPN, are you then compltely anonymous?Use VPN's on top of TOR. Use TOR VPNs to mix signals, something like you would use Bitcoin mixers. :) People say that.. But ask Dread Pirate Roberts. FBI till now don't want to say how found him. Almost sure they use some illegal method to truck him. Read. Quote Despite the elaborate technical underpinnings, however, the complaint portrays Ulbricht as a drug lord who made rookie mistakes. In an October 11, 2011 posting to a Bitcoin Talk forum, for instance, a user called "altoid" advertised he was looking for an "IT pro in the Bitcoin community" to work in a venture-backed startup. The post directed applicants to send responses to "rossulbricht at gmail dot com." It came about nine months after two previous posts—also made by a user, "altoid," to shroomery.org and Bitcoin Talk—were among the first to advertise a hidden Tor service that operated as a kind of "anonymous amazon.com." Both of the earlier posts referenced silkroad420.wordpress.com. http://arstechnica.com/security/2013/10/silk-road-mastermind-unmasked-by-rookie-goofs-complaint-alleges/ Title: Re: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: pattu1 on November 14, 2015, 12:01:59 AM Should the ethics committee (or equivalent) of Carnegie Mellon look into this?
It is one thing to find out flaws in the tor network, it is another to use it to indiscriminately snoop for the FBI. Title: Re: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: BADecker on November 14, 2015, 12:05:08 AM Should the ethics committee (or equivalent) of Carnegie Mellon look into this? It is one thing to find out flaws in the tor network, it is another to use it to indiscriminately snoop for the FBI. The Carnegies and the Mellons are a couple of big-money families. They, along with others, run the government and control the FBI. It was probably Carnegie Mellon that called the FBI in, in the first place. :) Title: Re: The FBI reportedly paid Carnegie Mellon University $1 million to attack Tor Post by: pattu1 on November 14, 2015, 09:10:03 AM Should the ethics committee (or equivalent) of Carnegie Mellon look into this? It is one thing to find out flaws in the tor network, it is another to use it to indiscriminately snoop for the FBI. The Carnegies and the Mellons are a couple of big-money families. They, along with others, run the government and control the FBI. It was probably Carnegie Mellon that called the FBI in, in the first place. :) The larger education community can still act against individual researchers, if they were unethical. Not sure if they have the backbone to do it though. |