Bitcoin Forum
July 16, 2019, 11:44:53 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [2014-11-08] Forbes: How Did The FBI Break Tor?  (Read 4718 times)
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148
Merit: 1001


In Satoshi I Trust


View Profile WWW
November 08, 2014, 10:09:16 AM
 #1

How Did The FBI Break Tor?

Global law enforcement conducted a massive raid of the Dark Web this week. It started with the FBI takedown of Silk Road 2.0 and the arrest of its alleged operator Blake Benthall in San Francisco on Wednesday. But it quickly exploded from there, as European counterparts seized over 400 black market ‘hidden sites’ and arrested 19 other people alleged to be involved in their operation. Wired called it “a scorched-earth purge of the Internet underground.” But how exactly did law enforcement take their digital blow torches to the Dark Web sites that were using Tor anonymity software to protect themselves? Law enforcement has been mysterious on that count, saying it won’t reveal its methods because they are “ sensitive.”

http://www.forbes.com/sites/kashmirhill/2014/11/07/how-did-law-enforcement-break-tor/

1563320693
Hero Member
*
Offline Offline

Posts: 1563320693

View Profile Personal Message (Offline)

Ignore
1563320693
Reply with quote  #2

1563320693
Report to moderator
1563320693
Hero Member
*
Offline Offline

Posts: 1563320693

View Profile Personal Message (Offline)

Ignore
1563320693
Reply with quote  #2

1563320693
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
notthematrix
Legendary
*
Offline Offline

Activity: 963
Merit: 1000


The All-in-One Cryptocurrency Exchange


View Profile
November 08, 2014, 10:39:46 AM
Last edit: November 08, 2014, 11:20:59 AM by notthematrix
 #2

They did not break tor , it was just some very poor admins.
there were some bugs in old v1 version of tor but they are fiixed for long time.
https://blog.torproject.org/blog/ looks like they try to make them self more important than they are.
but in fact its al big waste of money since minutes later there was a
Silkroad 3.0 http://www.businessinsider.com/theres-already-a-silk-road-30-2014-11

██████
███
███
███
███
███
███
███
███
███
███
███
███
                ▄███
              ▄███▌ █
             ▀▀▀██▄  █
           ▄███▄▄ ▀▀▀█
          █ █████▀▀▀▄▄
         ▄██ ███▄    █
        ▐███▀   ▀█   █
        ████     █   █
       ▄██▀▄█▄▄▄█▀   █
       ▀▄▄███▌      █
   ▄▄▄▀▀▀████       █
 ▄▀    ██ ██       █
▐▌     ██▌▐▌      ▀▄
█      ██ █         ▀▄
█      █▀▄▌          █
█   ▄▀█▄██           █
█ ▄▀      ▀▀▄▄▀▄     █
▀▀             █    █
               █  ▄▀
               ▀▄█
     ▀█████████████▄▄
  ▀ ▀▀▀███████████████▌
   ▀ ▀▀▀▀██▀▀▀▀▀▀██████         ▄███████▄      ▄▄███████▄    ▄███▄    ▄███▄ ▄███▄      ▄███▄
▀ ▀▀▀▀█████▄▄▄▄▄▄█████▌       ▄████▀▀▀████▄   ▐████▀▀█████   ▀████▄  ▄████▀ █████▄    ▄█████
    ▀▀███████████████▀       █████     ████▌          ████▌    ▀████████▀    █████▄  ▄█████▌
   ▀ ▀████████████████▀ ▀    ██████████████▌   ▄▄██████████     ▄██████▄      █████▄▄█████▌
     ██████      ██▀▀▀▀▀▀▀ ▀ █████▀▀▀▀▀▀▀▀    █████▀▀▀█████    ▄████████▄      ██████████▌
     ██████▄▄▄▄▄▄██████▄ ▄    ████▄▄   ▄▄█▄   ████▄  ▄█████  ▄█████▀▀█████▄     ████████▌
     █████████████████▀        ▀███████████   ▀████████████  ████▀    ▀████      ██████▌
     ██████████████▀▀             ▀▀▀▀▀▀▀       ▀▀▀▀▀▀ ▀▀▀    ▀▀        ▀▀        █████
                                                                                ▄█████
                                                                            ▄███████▀
                                                                            ▀████▀▀
███
███
███
███
███
███
███
███
███
███
███
███
██████
|█████████████████
███████████████████
█████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
  WHITEPAPER 
  LIGHTPAPER...
|Instant Deposit
✓ 24/7 Support
Referral Program
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148
Merit: 1001


In Satoshi I Trust


View Profile WWW
November 08, 2014, 12:16:49 PM
 #3

They did not break tor , it was just some very poor admins.
there were some bugs in old v1 version of tor but they are fiixed for long time.
https://blog.torproject.org/blog/ looks like they try to make them self more important than they are.
but in fact its al big waste of money since minutes later there was a
Silkroad 3.0 http://www.businessinsider.com/theres-already-a-silk-road-30-2014-11

and stuff like Open Bazar.

LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148
Merit: 1001


In Satoshi I Trust


View Profile WWW
November 08, 2014, 12:30:21 PM
 #4

Europol Threatens to Come After People Using Bitcoin on Dark Net Marketplaces Like Silk Road 3.0

“I think there will be more than 55 different markets shut down. We didn’t get (major sites) Agora or Evolution, because there’s only so much we can do on one day.”

https://www.cryptocoinsnews.com/europol-threatens-come-people-using-bitcoin-dark-net-marketplaces-like-silk-road-3-0/


that quote is interesting. maybe these sites are better in protecting themselves.

hilariousandco
Below Average Member
Global Moderator
Legendary
*
Offline Offline

Activity: 2058
Merit: 1614


1 merit = 1 hug


View Profile WWW
November 10, 2014, 10:47:52 PM
 #5

Someone claimed that Agora and Evolution markets were honeypots set up to snare people and that's why they're still untouched, but if that was the case I don't get why they don't just keep all the others up and running under their control or surveillance.

notthematrix
Legendary
*
Offline Offline

Activity: 963
Merit: 1000


The All-in-One Cryptocurrency Exchange


View Profile
November 10, 2014, 10:58:19 PM
 #6

Someone claimed that Agora and Evolution markets were honeypots set up to snare people and that's why they're still untouched, but if that was the case I don't get why they don't just keep all the others up and running under their control or surveillance.

Did they get snowden?
No , did snowden use tor?
Yes...


https://blog.torproject.org/blog/thoughts-and-concerns-about-operation-onymous


What happened

Recently it was announced that a coalition of government agencies took control of many Tor hidden services. We were as surprised as most of you. Unfortunately, we have very little information about how this was accomplished, but we do have some thoughts which we want to share.

Over the last few days, we received and read reports saying that several Tor relays were seized by government officials. We do not know why the systems were seized, nor do we know anything about the methods of investigation which were used. Specifically, there are reports that three systems of Torservers.net disappeared and there is another report by an independent relay operator. If anyone has more details, please get in contact with us. If your relay was seized, please also tell us its identity so that we can request that the directory authorities reject it from the network.

But, more to the point, the recent publications call the targeted hidden services seizures "Operation Onymous" and they say it was coordinated by Europol and other government entities. Early reports say 17 people were arrested, and 400 hidden services were seized. Later reports have clarified that it was hundreds of URLs hosted on roughly 27 web sites offering hidden services. We have not been contacted directly or indirectly by Europol nor any other agency involved.

Tor is most interested in understanding how these services were located, and if this indicates a security weakness in Tor hidden services that could be exploited by criminals or secret police repressing dissents. We are also interested in learning why the authorities seized Tor relays even though their operation was targetting hidden services. Were these two events related?
How did they locate the hidden services?

So we are left asking "How did they locate the hidden services?". We don't know. In liberal democracies, we should expect that when the time comes to prosecute some of the seventeen people who have been arrested, the police would have to explain to the judge how the suspects came to be suspects, and that as a side benefit of the operation of justice, Tor could learn if there are security flaws in hidden services or other critical internet-facing services. We know through recent leaks that the US DEA and others have constructed a system of organized and sanctioned perjury which they refer to as "parallel construction."

Unfortunately, the authorities did not specify how they managed to locate the hidden services. Here are some plausible scenarios:
Operational Security

The first and most obvious explanation is that the operators of these hidden services failed to use adequate operational security. For example, there are reports of one of the websites being infiltrated by undercover agents and the affidavit states various operational security errors.
SQL injections

Another explanation is exploitation of common web bugs like SQL injections or RFIs (remote file inclusions). Many of those websites were likely quickly-coded e-shops with a big attack surface. Exploitable bugs in web applications are a common problem.
Bitcoin deanonymization

Ivan Pustogarov et al. have recently been conducting interesting research on Bitcoin anonymity.

Apparently, there are ways to link transactions and deanonymize Bitcoin clients even if they use Tor. Maybe the seized hidden services were running Bitcoin clients themselves and were victims of similar attacks.
Attacks on the Tor network

The number of takedowns and the fact that Tor relays were seized could also mean that the Tor network was attacked to reveal the location of those hidden services. We received some interesting information from an operator of a now-seized hidden service which may indicate this, as well. Over the past few years, researchers have discovered various attacks on the Tor network. We've implemented some defenses against these attacks, but these defenses do not solve all known issues and there may even be attacks unknown to us.

For example, some months ago, someone was launching non-targetted deanonymization attacks on the live Tor network. People suspect that those attacks were carried out by CERT researchers. While the bug was fixed and the fix quickly deployed in the network, it's possible that as part of their attack, they managed to deanonymize some of those hidden services.

Another possible Tor attack vector could be the Guard Discovery attack. This attack doesn't reveal the identity of the hidden service, but allows an attacker to discover the guard node of a specific hidden service. The guard node is the only node in the whole network that knows the actual IP address of the hidden service. Hence, if the attacker then manages to compromise the guard node or somehow obtain access to it, she can launch a traffic confirmation attack to learn the identity of the hidden service. We've been
discussing various solutions to the guard discovery attack for the past many months but it's not an easy problem to fix properly. Help and feedback on the proposed designs is appreciated.

*Similarly, there exists the attack where the hidden service selects the attacker's relay as its guard node. This may happen randomly or this could occur if the hidden service selects another relay as its guard and the attacker renders that node unusable, by a denial of service attack or similar. The hidden service will then be forced to select a new guard. Eventually, the hidden service will select the attacker.

Furthermore, denial of service attacks on relays or clients in the Tor network can often be leveraged into full de-anonymization attacks. These techniques go back many years, in research such as "From a Trickle to a Flood", "Denial of Service or Denial of Security?", "Why I'm not an Entropist", and even the more recent Bitcoin attacks above. In the Hidden Service protocol there are more vectors for DoS attacks, such as the set of HSDirs and the Introduction Points of a Hidden Service.

Finally, remote code execution exploits against Tor software are also always a possibility, but we have zero evidence that such exploits exist. Although the Tor source code gets continuously reviewed by our security-minded developers and community members, we would like more focused auditing by experienced bug hunters. Public-interest initiatives like Project Zero could help out a lot here. Funding to launch a bug bounty program of our own could also bring real benefit to our codebase. If you can help, please get in touch.
Advice to concerned hidden service operators

As you can see, we still don't know what happened, and it's hard to give concrete suggestions blindly.

If you are a concerned hidden service operator, we suggest you read the cited resources to get a better understanding of the security that hidden services can offer and of the limitations of the current system. When it comes to anonymity, it's clear that the tighter your threat model is, the more informed you need to be about the technologies you use.

If your hidden service lacks sufficient processor, memory, or network resources the DoS based de-anonymization attacks may be easy to leverage against your service. Be sure to review the Tor performance tuning guide to optimize your relay or client.

*Another possible suggestion we can provide is manually selecting the guard node of a hidden service. By configuring the EntryNodes option in Tor's configuration file you can select a relay in the Tor network you trust. Keep in mind, however, that a determined attacker will still be able to determine this relay is your guard and all other attacks still apply.
Final words

The task of hiding the location of low-latency web services is a very hard problem and we still don't know how to do it correctly. It seems that there are various issues that none of the current anonymous publishing designs have really solved.

In a way, it's even surprising that hidden services have survived so far. The attention they have received is minimal compared to their social value and compared to the size and determination of their adversaries.

It would be great if there were more people reviewing our designs and code. For example, we would really appreciate feedback on the upcoming hidden service revamp or help with the research on guard discovery attacks (see links above).

Also, it's important to note that Tor currently doesn't have funding for improving the security of hidden services. If you are interested in funding hidden services research and development, please get in touch with us. We hope to find time to organize a crowdfunding campaign to acquire independent and focused hidden service funding.

Finally, if you are a relay operator and your server was recently compromised or you lost control of it, please let us know by sending an email to bad-relays@lists.torproject.org.

Thanks to Griffin, Matt, Adam, Roger, David, George, Karen, and Jake for contributions to this post.

Updates:
* Added information about guard node DoS and EntryNodes option - 2014/11/09 18:16 UTC

██████
███
███
███
███
███
███
███
███
███
███
███
███
                ▄███
              ▄███▌ █
             ▀▀▀██▄  █
           ▄███▄▄ ▀▀▀█
          █ █████▀▀▀▄▄
         ▄██ ███▄    █
        ▐███▀   ▀█   █
        ████     █   █
       ▄██▀▄█▄▄▄█▀   █
       ▀▄▄███▌      █
   ▄▄▄▀▀▀████       █
 ▄▀    ██ ██       █
▐▌     ██▌▐▌      ▀▄
█      ██ █         ▀▄
█      █▀▄▌          █
█   ▄▀█▄██           █
█ ▄▀      ▀▀▄▄▀▄     █
▀▀             █    █
               █  ▄▀
               ▀▄█
     ▀█████████████▄▄
  ▀ ▀▀▀███████████████▌
   ▀ ▀▀▀▀██▀▀▀▀▀▀██████         ▄███████▄      ▄▄███████▄    ▄███▄    ▄███▄ ▄███▄      ▄███▄
▀ ▀▀▀▀█████▄▄▄▄▄▄█████▌       ▄████▀▀▀████▄   ▐████▀▀█████   ▀████▄  ▄████▀ █████▄    ▄█████
    ▀▀███████████████▀       █████     ████▌          ████▌    ▀████████▀    █████▄  ▄█████▌
   ▀ ▀████████████████▀ ▀    ██████████████▌   ▄▄██████████     ▄██████▄      █████▄▄█████▌
     ██████      ██▀▀▀▀▀▀▀ ▀ █████▀▀▀▀▀▀▀▀    █████▀▀▀█████    ▄████████▄      ██████████▌
     ██████▄▄▄▄▄▄██████▄ ▄    ████▄▄   ▄▄█▄   ████▄  ▄█████  ▄█████▀▀█████▄     ████████▌
     █████████████████▀        ▀███████████   ▀████████████  ████▀    ▀████      ██████▌
     ██████████████▀▀             ▀▀▀▀▀▀▀       ▀▀▀▀▀▀ ▀▀▀    ▀▀        ▀▀        █████
                                                                                ▄█████
                                                                            ▄███████▀
                                                                            ▀████▀▀
███
███
███
███
███
███
███
███
███
███
███
███
██████
|█████████████████
███████████████████
█████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
  WHITEPAPER 
  LIGHTPAPER...
|Instant Deposit
✓ 24/7 Support
Referral Program
Coogan
Newbie
*
Offline Offline

Activity: 54
Merit: 0


View Profile
November 11, 2014, 12:27:55 PM
Last edit: August 17, 2015, 06:43:08 PM by Coogan
 #7

I don't think anything is safe now and I certainly don't trust tor. It's really saddening what our governments are doing enroaching on our freedom just because they ironically claim they want to protect it. 17cmKa1BbAJ32sMQ9bKqQgAG1JJFJJUTMh
notthematrix
Legendary
*
Offline Offline

Activity: 963
Merit: 1000


The All-in-One Cryptocurrency Exchange


View Profile
November 11, 2014, 01:55:26 PM
 #8

I don't think anything is safe now and I certainly don't trust tor. It's really saddening what our governments are doing enroaching on our freedom just because they ironically claim they want to protect it.
You dont come with any agrumentes , and you are a newbie sorry Smiley
Tor is Save ,,, https://www.youtube.com/watch?v=oL1UyLRo1Ds knows
and I rather trust him then some newbie Smiley


██████
███
███
███
███
███
███
███
███
███
███
███
███
                ▄███
              ▄███▌ █
             ▀▀▀██▄  █
           ▄███▄▄ ▀▀▀█
          █ █████▀▀▀▄▄
         ▄██ ███▄    █
        ▐███▀   ▀█   █
        ████     █   █
       ▄██▀▄█▄▄▄█▀   █
       ▀▄▄███▌      █
   ▄▄▄▀▀▀████       █
 ▄▀    ██ ██       █
▐▌     ██▌▐▌      ▀▄
█      ██ █         ▀▄
█      █▀▄▌          █
█   ▄▀█▄██           █
█ ▄▀      ▀▀▄▄▀▄     █
▀▀             █    █
               █  ▄▀
               ▀▄█
     ▀█████████████▄▄
  ▀ ▀▀▀███████████████▌
   ▀ ▀▀▀▀██▀▀▀▀▀▀██████         ▄███████▄      ▄▄███████▄    ▄███▄    ▄███▄ ▄███▄      ▄███▄
▀ ▀▀▀▀█████▄▄▄▄▄▄█████▌       ▄████▀▀▀████▄   ▐████▀▀█████   ▀████▄  ▄████▀ █████▄    ▄█████
    ▀▀███████████████▀       █████     ████▌          ████▌    ▀████████▀    █████▄  ▄█████▌
   ▀ ▀████████████████▀ ▀    ██████████████▌   ▄▄██████████     ▄██████▄      █████▄▄█████▌
     ██████      ██▀▀▀▀▀▀▀ ▀ █████▀▀▀▀▀▀▀▀    █████▀▀▀█████    ▄████████▄      ██████████▌
     ██████▄▄▄▄▄▄██████▄ ▄    ████▄▄   ▄▄█▄   ████▄  ▄█████  ▄█████▀▀█████▄     ████████▌
     █████████████████▀        ▀███████████   ▀████████████  ████▀    ▀████      ██████▌
     ██████████████▀▀             ▀▀▀▀▀▀▀       ▀▀▀▀▀▀ ▀▀▀    ▀▀        ▀▀        █████
                                                                                ▄█████
                                                                            ▄███████▀
                                                                            ▀████▀▀
███
███
███
███
███
███
███
███
███
███
███
███
██████
|█████████████████
███████████████████
█████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
  WHITEPAPER 
  LIGHTPAPER...
|Instant Deposit
✓ 24/7 Support
Referral Program
cr1776
Legendary
*
Offline Offline

Activity: 2296
Merit: 1025


View Profile
November 11, 2014, 05:52:13 PM
 #9

I don't think anything is safe now and I certainly don't trust tor. It's really saddening what our governments are doing enroaching on our freedom just because they ironically claim they want to protect it.
You dont come with any agrumentes , and you are a newbie sorry Smiley
Tor is Save ,,, https://www.youtube.com/watch?v=oL1UyLRo1Ds knows
and I rather trust him then some newbie Smiley



Parts of Tor may be safe, but using it and expecting to run a hidden service or to use it to access a web site while remaining hidden from the DEA, FBI, CIA, NSA, etc and non-US agencies is just plain stupid. Between MITM attacks, three letter agencies running more than half the exit nodes, limiting internal hops, ddos attacks, non distributed directories etc, the security of Tor is insufficient to be considered safe against state sponsored attacks.

This may not be clear immediately when the government supports officially sanctioned perjury (parallel construction) but anyone who uses Tor for something like Silk Road 3, 4 etc is not using their intelligence.  In short, Tor should not be considered safe for anything but the most innocuous of uses. This is not a criticism, but the facts.

One hopes that Tor upgrades address the attack vectors in the future, but currently there are many unknowns. Tor is a great concept, but is not perfect.



Skeksis
Member
**
Offline Offline

Activity: 66
Merit: 10


View Profile
November 11, 2014, 06:36:23 PM
 #10

I don't think anything is safe now and I certainly don't trust tor. It's really saddening what our governments are doing enroaching on our freedom just because they ironically claim they want to protect it.
You dont come with any agrumentes , and you are a newbie sorry Smiley
Tor is Save ,,, https://www.youtube.com/watch?v=oL1UyLRo1Ds knows
and I rather trust him then some newbie Smiley



And I'd rather trust someone who can speak English and doesn't disregard what someone says just because they're a newbie. Clearly tor isn't fully safe to use. Many people have been tracked via it and many people have had their blockchain wallets hacked when using it. Also, just because Snowden says something doesn't mean it's flawless. He doesn't know lots of stuff about the NSA or what they can do now.
cr1776
Legendary
*
Offline Offline

Activity: 2296
Merit: 1025


View Profile
November 14, 2014, 08:09:42 PM
 #11

CASE IN POINT: "81% of Tor users can be de-anonymised by analysing router information, research indicates"

Research undertaken between 2008 and 2014 suggests that more than 81% of Tor clients can be ‘de-anonymised’ – their originating IP addresses revealed – by exploiting the ‘Netflow’ technology that Cisco has built into its router protocols, and similar traffic analysis software running by default in the hardware of other manufacturers.

http://thestack.com/chakravarty-tor-traffic-analysis-141114







I don't think anything is safe now and I certainly don't trust tor. It's really saddening what our governments are doing enroaching on our freedom just because they ironically claim they want to protect it.
You dont come with any agrumentes , and you are a newbie sorry Smiley
Tor is Save ,,, https://www.youtube.com/watch?v=oL1UyLRo1Ds knows
and I rather trust him then some newbie Smiley



Parts of Tor may be safe, but using it and expecting to run a hidden service or to use it to access a web site while remaining hidden from the DEA, FBI, CIA, NSA, etc and non-US agencies is just plain stupid. Between MITM attacks, three letter agencies running more than half the exit nodes, limiting internal hops, ddos attacks, non distributed directories etc, the security of Tor is insufficient to be considered safe against state sponsored attacks.

This may not be clear immediately when the government supports officially sanctioned perjury (parallel construction) but anyone who uses Tor for something like Silk Road 3, 4 etc is not using their intelligence.  In short, Tor should not be considered safe for anything but the most innocuous of uses. This is not a criticism, but the facts.

One hopes that Tor upgrades address the attack vectors in the future, but currently there are many unknowns. Tor is a great concept, but is not perfect.




Swordsoffreedom
Hero Member
*****
Offline Offline

Activity: 1008
Merit: 1000


★YoBit.Net★ 1400+ Coins Exchange


View Profile
November 15, 2014, 12:28:47 AM
 #12

I don't think anything is safe now and I certainly don't trust tor. It's really saddening what our governments are doing enroaching on our freedom just because they ironically claim they want to protect it.

Well I do think that tor is broken or at least starting to get picked at the seams
But its only a matter of time until the next generation protocols resolve this issue for another 10 to 20 years
Were in limbo for the meanwhile, and yep gov encroaching on liberty at the expense of everything else.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!