FBI Compromises Another Remailer 164
betterunixthanunix writes "Another remailer has been compromised by the FBI, who made a forensic image of the hard disk of a remailer located in Austria. The remailer operator has reissued the remailer keys, but warns that messages previously sent through the remailer could be decrypted. The operator also warns that law enforcement agents had an opportunity to install a back door, and that a complete rebuild of the system will take some time."
wtf fbi (Score:4, Insightful)
Why the fuck are you intruding into and altering foreign systems? That's not your fucking jurisdiction or job!
Leave that shit to the intelligence agencies, if someone must do it.
Re: (Score:1)
The local authorities probably granted FBI access. The FBI didn't walk in by themselves.
It will be interesting to see if remailers work... (Score:4, Interesting)
I mean, if the person they're after, used the remailer system as it is supposed to work...it "should" be uncrackable and untraceable.
It will be interesting to see the system go through what I have to guess is the first actual hard core test it has ever gone through.
Re:wtf fbi (Score:5, Insightful)
I think local authorities might have issued a court order requiring a set of messages to be decrypted.
Not too many people have problems with following court orders for genuine criminal investigations. It's the mass-scanning, fishing expeditions they have a problem with.
The old KGB/Stasi bosses must be having a real laugh at the way the USA is acting lately. Read all your mail, demand papers and feel you up before you can travel anywhere, more people in prison than any other country.
Americans used to joke about all that sort of stuff but guess what...?
Re:wtf fbi (Score:4, Insightful)
Re:wtf fbi (Score:5, Informative)
If you read the thread, it was Austrian authorities that took the image at the request of U.S. authorities.
Re:wtf fbi (Score:4, Informative)
If that's true, I don't understand how this (from the summary above) is possible: "The operator also warns that law enforcement agents had an opportunity to install a back door"
Unless they just installed the backdoor into their image, for some reason. They would have had to have access to the live system to do this part.
Re:wtf fbi (Score:4, Informative)
Austrian Law Enforcement took a disk image, meaning they had direct access to the server. The Austrian's did this at the behest of the FBI. So yes, law enforcement could have installed a backdoor while they had access.
Re: (Score:2)
Re:wtf fbi (Score:5, Informative)
Re:wtf fbi (Score:5, Informative)
Re: (Score:3, Funny)
ASSISTANCE REQUEST
To: Federal Bureau of Investigation
From: Sealand Government
Please provide us soonest with hard drive images of the MegaUpload servers and RAID configuration parameters.
Thank you.
Re: (Score:1, Informative)
1) Read the link first before freaking out. Austrian police did it at the request of the FBI.
2) While there are no details about why this occurred, the owner of the remailer suspects it has something to do with the bomb threats that have been happening for weeks now at the University of Pittsburgh. These threats are being delivered through the remailers and it would appear they hope to find information that might lead them to the individual responsible. In that case, this isn't a unilateral action to see
Re: (Score:2)
That's what empires do!
Re: (Score:2)
Re: (Score:2)
Nonetheless, the FBI is supposed to be about INTERNAL law enforcement, not foreign intelligence.
On the other hand, they're what we have for a national police force, so it's possible that their mandate allows this sort of thing, assuming cooperation by local law enforcement.
Re: (Score:2)
I'm really upset by this. As an Austrian, I'm appalled that our courts would issue an order to clone the complete disk of our Mixmaster node (btw, yes, I know the maintainer personally). The Pittsburgh bomb threats are serious business, and I'd like nothing more than see these "pranksters" (as they see themselves) brought to justice for what they've done. But that doesn't mean that everybody else's secrets have to be exposed at the request of a foreign nation. Where do you draw the line? Which nations can
Re: (Score:1)
Stupid poster... do you or anyone else really think a whole nation is responsible for the acts of a few? How about we all realize the reason for the world wide protests is due to the common element of simply being damn fed-up with the lying cheating dishonest few who are in command positions to do nothing more than threaten and apply the ignorance of brute force.
Re: (Score:1)
Stupid poster... do you or anyone else really think a whole nation is responsible for the acts of a few?
Last time I checked the U.S. is a democracy and the rest of the world does not consider the U.S. population to be oppressed.
If you don't want the world to hate the U.S. population I suggest that you get your ass up from your chair and try to convince your neighbours to vote for someone who is better than "The lesser evil."
After all, the more people to hate the U.S. the greater is the risk that a few of them are complete nutjobs that are willing to blow themselves up to change things...
Re:wtf fbi (Score:5, Informative)
The U.S. is not a democracy.
The U.S. is a Democratic Republic. Your vote is simply there to elect a representative of "the people". That elected person then votes how they see fit.
Its how easy these elected people can be payed off that's that problem.
Even "your" candidate is most likely being paid by somebody with a lot of money and an agenda.
Re: (Score:3, Informative)
Re: (Score:2, Insightful)
You are right that the U.S. is not a democracy but it is NOT a Democratic Republic. It's a Constitutional Republic [wikipedia.org].
On paper, perhaps. In reality, it is rapidly becoming a fascist republic.
Re: (Score:2)
It is NOT semantics, it is a meaningless argument over the words used to define something that is not clearly definable.
From your own fucking link: Also, a representative democracy may or may not be a constitutional republic. For example, "the United States relies on representative democracy, but [its] system of government is much more complex than that. [It is] not a simple representative democracy, but a constitutional republic in which majority rule is tempered by minority rights protected by law."
Re: (Score:2)
Re:wtf fbi (Score:4, Informative)
In a pure democracy the people vote for *laws* not representatives. That's why the US is considered a Democratic Republic (or a *Representative* Democracy). It has nothing to do with the voting method and *everything* to do with what people get to vote for.
Re: (Score:2, Interesting)
And through partisan gerrymandering and constant corruption, the USA isn't even a representative democracy any more, it's a corporate oligarchy.
Re: (Score:2)
Relevant video http://www.youtube.com/watch?v=Mky11UJb9AY [youtube.com]
Re: (Score:2)
So, you vote for "ratfuck A" instead of "ratfuck B", cause "ratfuck A" made rediculous promises that appeal to you even though you know that "ratfuck A" won't keep them! Also "ratfuck A" belongs to some ethnic/socio-economic group that makes you just "feel good" to vote for!
But in reality ALL "ratfucks" are essentially the same, taking money from the same masters who ultimately control them! And that is ultimately the real truth, no matter which one you vote for it will always be the same!
Re: (Score:2)
How does that relate to my comment?
Though I must say, you don't seem to be far from the truth. Still, same outcome if you vote for someone who votes for someone else as if you vote for that someone else directly.
Re: (Score:2)
Sorry, what I meant was that a "representative republic" vs "direct democracy' argument is specious, when you consider that the potential outcomes are a forgone conclusion!
Re: (Score:2)
Re: (Score:3, Insightful)
You are so naive. Democracy is merely the latest in a line of mechanisms used to legitimize the state in the eyes of its subjects. If one could actually change the policies of the state by "trying to convince your neighbours to vote for someone", then the ruling elite would have to turn to a new legitimization mechanism. One can hardly be held morally responsible for the acts of others over whom one does not exercise agency or coercive influence.
Re: (Score:2)
Y...One can hardly be held morally responsible for the acts of others over whom one does not exercise agency or coercive influence.
Sorry. That statement is historically incorrect. The accurate statement would be: "One should hardly be held morally responsible for the acts of others over whom one does not exercise agency or coercive influence"
Re: (Score:2)
Touché.
Accountability works both ways (Score:3)
In a democracy, just as the government is meant to be accountable to the people, the people are accountable for the government they choose. Democracy doesn't stop at the ballot box. This is something noone seems to get. Why does everyone hate Americans? Because of what their government does. And they keep on putting assholes in charge. Sure, not every American voted the same way, but as a democracy you (theoretically) have the power as a population to stop bad laws from being passed, and to stop bad actions
Re: (Score:3)
If the US were a democracy, then you would have a valid point. It isn't. Having two parties instead of one doesn't make it one, certainly not on any issue in which the two are in agreement.
Perhaps you are from a smaller place, so perhaps I should add that just about nobody knows anything about those candidates that hasn't been made public.
I will agree that if more people paid more attention to the publicly available information, they would be less surprised when the candidate they voted for "betrays" them
Re: (Score:2)
Just because a candidate is well funded doesn't force you (or anyone) to vote for them, or their party. Also, just because your preferred candidate didn't get elected, doesn't mean the candidate who did get elected isn't your representative. You can still write them a letter. Just because your preferred candidates aren't in office doesn't mean you don't live in a democracy. It just means you're in a minority, and the majority (considered by the rest of the world collectively as "Americans") still vote the d
Re: (Score:2)
Except, when you send a letter to a elected official, you get a form letter response that boils down to "I didn't read your letter, and don't care what it said anyways". Do you really think that it is possible for the populous of the US to influence their elected representatives?
Re: (Score:2)
Re: (Score:2)
So if there are two candidates, and you vote for the one who promises to end an injustice, then you are responsible when he doesn't end it?
That statement is itself an act of injustice.
Re: (Score:2)
International law enforcement agreements say otherwise....
Whoosh...
Another question (Score:1)
Did they manufacture any "evidence" in the process?
Re:Another question (Score:5, Informative)
The remailers are not the target, it's users are.
Re: (Score:2)
At this point they are gathering evidence, it is usually once evidence is gathered and found lacking that they would manufacture evidence. They don't even know at this point whom they would have to manufacture evidence against.
Why contaminate a perfectly good case with manufactured evidence when it's not needed?
Re: (Score:2)
Can't they just claim they have evidence but they can't show it to you because it's secret?
Re: (Score:2)
I believe they can, but they first have to find out who you are and that is the stage they are at now.
"Could be decrypted" (Score:4, Informative)
Not if they were encrypted to the end recipient's public key. If not, they were plaintext in transit and possibly on the ISP's server.
Re: (Score:2)
Indeed. I'm not terribly familiar with anonymous remailers, so I don't understand what the keys are for. Why does an anonymous remailer need encryption keys in the first place? If I send them an email, asking them to resend it somewhere else, and they don't log who sends them email, isn't that enough to provide anonymity?
Re: (Score:2)
If I send them an email, asking them to resend it somewhere else, and they don't log who sends them email, isn't that enough to provide anonymity?
What if your connection is being watched?
In practice, people will chain two or more remailers, so that no single remailer knows both the sender and the recipient of a message. Encrypting the messages with each remailer's key is fundamental to this, so that the commands send to one remailer cannot be recorded by another.
Re: (Score:2)
What if your connection is being watched?
Oh, der.
Re: (Score:3)
Indeed. I'm not terribly familiar with anonymous remailers, so I don't understand what the keys are for. Why does an anonymous remailer need encryption keys in the first place? If I send them an email, asking them to resend it somewhere else, and they don't log who sends them email, isn't that enough to provide anonymity?
No. If you e-mail the remailer unencrypted, DHS/NSA/FBI can snoop the e-mail en route to the remailer, seeing what you wrote and who you sent it to.
If you send the e-mail encrypted to the remailer, the agencies won't know what's in the e-mails or who it goes to.
Re: (Score:2)
If you send the e-mail encrypted to the remailer, the agencies won't know what's in the e-mails or who it goes to.
No, they may well know who it goes to, because the system's keys may have been compromised, and the system needs that information to send your mail. By snooping your connection (If you are a person of interest) they know which mail you sent through comparison. The only thing they don't know is what's in the email.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
If this is related to the emailing of bombing threats, then the emails are in plaintext (because the recipient won't have the key). I am guessing the encrypted part is information about the origin of the email. Potentially the remailer encrypted the email when passing between remailers or perhaps they use an encrypted tunnel or something to communicate. The FBI probably needs information from their servers to determine who was the last remailer in the chain. The FBI will probably need to seize the recor
Remailers (Score:1)
So, are there any remailers in countries that don't have reciprocal juristictional arrangements with the USA?
Re: (Score:2)
So, are there any remailers in countries that don't have reciprocal juristictional arrangements with the USA?
Iran. North Korea. Syria. China... maybe? They might cooperate with the FBI depending on the target. Same with Russia. Are you looking for a country that doesn't have reciprocal arrangements, but that will also respect your privacy? I doubt it.
So what this really says..... (Score:3, Insightful)
....is that the FBI is a criminal organization.
Anonymous remailers are set up for reason of protection of those with information they want to get out but can as well suffer from a repressive regime, otherwise risking death if not done anonymously. Even universities of law have set such remailer up in respect of the law, ethics and democracy.
Perhaps there is a jail cell next to Bradly available for these. Naw.... not a chance.... somebody is going to die and that will make it ok.
What an upside down world we live in... Ready to flip it right side up?
Re: (Score:3)
If the FBI were serious about catching this guy, they would not be making such a public spectacle -- the sender is goi
Re: (Score:2)
Making forensic copies of remailer disks, seizing remailers, etc. are not going to help them catch the guy who is sending these messages. Look at TFA -- the remailer operator simply reissued the keys. Taking a remailer offline is even more useless -- the FBI misses the opportunity to log messages travelling through the remailer, and to work their way backward through the remailer chain.
If they have copies of emails sent through the remailer prior to the raid, yes it will. It won't help catch future messages, but that isn't the point: the point is to break encryption on emails they already have in their possession. Reissuing the keys won't change the encryption used on those messages.
Also, I don't think they can not make a spectacle: the request to image the disks has to go through official channels or they risk major legal problems later, which means people are going to know about it.
Crime (Score:1, Flamebait)
Re:Crime (Score:5, Insightful)
the problem here is that the US is *known* to be storing ALL email traffic that routes through the united states. Sounds like a daunting task, but there's a reason they have all these big high security data centers all over the place and have "high security rooms" at all the telcos and large ISPs. That traffic gets siphoned off to their data centers for storage for later in case they need it. There's a simple reason why those places have petabytes of storage.
So there is never a question of "but they'd have to have been watching for that email last week/month/year and it's long since been sent and removed from caches". No. They have it. They have them all, just in case. Watch Enemy of the State. Watch how they pull up satellite footage from hours and days ago. Same principle here, if you can record everything, it works like a time machine. (for the past anyway)
So yes, busting down a door and taking the remailer keys gives them 100% access to 100% of the traffic that has been sent by that remailer at ANY point in the past where it crossed through a US ISP.
The truly disgusting part of this is they got the KEYS. Technically all they NEEDED was to hand over the encrypted message to the AU authorities, they break down the door and use the key to decode the message, and turn over the message, then wipe their copy of the key. That would be the "proper" way to do it, not to abuse the system, but instead they handed over the KEYS themselves, and now the US can decrypt truckloads of hard drives of emails that they have NO business having access to. That is the true crime here. It's like having a legal reason to subpoena a safe deposit box at a bank, and the bank hands them over a master key that opens every box in the vault and lets them look through anything they want. That's just WRONG.
Every time someone sends a bomb threat they can pull this stunt, it's like christmas over at the NSA, "we got another key! lets see what goodies we can find!" Talk about an incentive for abuse... Normally I don't go "tinfoil hat" on things, but THIS is actually an instance where I could start to buy into someone suggesting the NSA/etc forging a bomb threat just to get access to another random footlocker of encrypted data they want a peek at.
Re: (Score:2)
Technically all they NEEDED was to hand over the encrypted message to the AU authorities
But what would the Australian authorities be doing with an Austrian server?
.AT has the mountains and .AU has the kangaroos?
When will people learn that
Re: (Score:3)
So yes, busting down a door and taking the remailer keys gives them 100% access to 100% of the traffic that has been sent by that remailer at ANY point in the past where it crossed through a US ISP.
It also gives other remailer operators a chance to reissue their keys and destroy the old keys -- which is basically what needs to happen when you have an agency going around demanding disc images like this. I am not aware of this happening, though.
Re: (Score:2)
The 3GB of mails from my GMail consisting of newsletters and college projects, and millions of other accounts like mine: arent they essentially useless and a waste of space for them?
Re:Crime (Score:5, Interesting)
Suppose you had a yottabyte of disk storage. 3GB isn't just a drop in the bucket, it's not even a grain of sand at the beach.
Car Analogy: Most of us break the odd traffic law every now and then. Very rarely, does anybody get caught. At the instant Officer Friendly pegs you on radar doing 35 in a 30 zone, he'd very much like to be able to check your driving history. If there were a giant database of everyone's GPS logs, he could tell whether you were just in a hurry that morning, the sort of driver who usually drives precisely 4 (or 9) miles an hour over the posted speed limit, or if you do 120 in a 60 zone whenever there aren't any cops around. If Officer Friendly had access to that data, he'd be better able to judge whether or not to pull you over.
For speeding, it's not worth logging the movements of every car and correlating them with local speed limits at the time the log was written.
For other things, it probably is.
From NSA's point of view, right now your gmail account is noise. But everyone's political views change over time as a natural part of the process of growing up. Sometimes things go wrong, and perfectly normal people who hold perfectly normal views turn into monsters. There's a 99.99999% probability that you're not one of them. But for the sake of 3 lousy gigs out of a yottabyte, there's a 100% chance that someone's 3GB of noise will contain signal.
Since they don't posess a time machine that can peer into the future, they don't, and can't, know whose 3GB-of-noise will eventually contain a signal 20 years from now. But 20 years from now, they will have a time machine that can peer back 20 years into the past.
Re: (Score:2)
Problems with that sort of data mining is the enormous amounts of information one would have to store to hopefully have some information that is helpful, and you don't always know what is going to be helpful.
As an example I have stated in numerous topics that there are few prominent people I would like to see shot, therefor it makes sense for the government to then begin logging all my posts with the thinking that if I did plan on doing something or I did something already they would already have a case aga
NSA criminals (Score:3)
And this is what is wrong with America. People will go t
Federal Backup Service (Score:3)
Re: (Score:2)
There is a simple solution to this. Encrypt each connection to a remailer using an authenticated transient key. Something like SSL. I don't know if it's being done or not, but it seems pretty obvious, and it definitely protects against eavesdroppers gaining the key and decrypting past messages.
Re: (Score:1)
So, effectively, the FBI has just committed a crime. They have intruded into the server of a foreign company and added a backdoor. I am surprised Austria is not up in complete arms over this. Anonymity in of itself is not a crime so the FBI really behaved egregiously!
They did neither. The Austrian authorities, at the request of the FBI and in compliance with international agreements, created a bit copy of the hard drive. The whole point of a whole disk copy like that is that you DON'T access the original, and therefore can't compromise the evidence or lose/overwrite files/properties. There's no proof of any backdoor being installed, the admin just said that since they had the server they could possibly installed one.
Re:Crime (Score:4, Informative)
Couldn't even bother to read the first paragraph of the article, eh?
Today, the police arrived with a court order that allowed them to
create a forensic disk image of the austria remailer. This apparently
was on request of the US authorities, related to the Pittsburgh bomb
threats. (emphasis mine)
It was the Austrian police who had a valid court order who 'intruded'. As for the 'added a backdoor':
Depending on how paranoid you are, you may assume the machine is
backdoored, since the authorities have had access.
Doesn't say the FBI ever had access. Doesn't say there IS a backdoor, just that if you're paranoid yo umay assume there is one.
Re: (Score:2)
Couldn't even bother to read the first paragraph of the article, eh?
THIS... IS... SLASHDOT!
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
include could the FBI briing a rogue remailer online using the image?
How would the image help them? The FBI can set up a honeypot remailer any time they want, with or without the secret keys of another remailer.
why wasnt full disk encryption used in this case to store the private keys?
Elsewhere in the thread the operator stated that had WDE been in use, he would still have given the police his key. Why would a remailer operator allow himself to be arrested just to protect strangers?
in my opinion everything from the case fans to the bolts in the mounting rails on this server are now tainted. Sell it on ebay and build a new one.
That is why the system cannot just be rebuilt overnight; parts must be procured, software must be obtained from a trusted source, etc.
Threat trails... (Score:1)
According to the link discussion, this came about as the result of a Pittsburgh bomb threat, as authorities try to trace the original sender.
Copying a whole hard disk seems a bit much. Especially since it's a foreign country. I guess if it were US, they would sieze the hardware instead. Still, I have to wonder about collateral data that went through that remailer. Say they find something unrelated but illegal. Jurisdiction go out the window here, or is the US really the gonna be world cop for the Internet?
Signal to Noise (Score:1)
I hope others here and around are helping do their part, sending meaningless noise messages through the reamailer networks.
FBI & Technology (Score:2)
Nothing would surprise me after reading this [slashdot.org].
Oblig. Austrian (Score:2)
"I'll be back!"
Life imitates art, because when he came back, he was pwnd by Connor.
Why was the key not in secure crypto processors? (Score:5, Interesting)
Re: (Score:2)
...or, to avoid 'specialist' hardware (and thus bring it into the realm of a $10/month VM), would it be possible for the machine to boot up and wait for a key to be sent to it, which it would store only in RAM?
This idea suggests it might be possible for the FBI to nab a server and actually get nothing at all. If they had some way to breakpoint the system and read the RAM then presumably they'd get everything though (which the crytpo chip wouldn't be vulnerable to).
This method also means it would be possible
Re: (Score:2)
FOIA Request (Score:1)
Backdoor (Score:3)
Re: (Score:3)
Re: (Score:2)
Since 911 we are living in Jack Bauer land. Better hope the Good Guys never lose their moral compass.
IIRC near the beginning of season 2, Jack Bauer killed a suspect in custody. I think the good guys lost their moral compass years ago... (Besides, what "good guys"? The government is just the last thug standing.)
email scrutinized and retained by third parties (Score:2)
transparent remailers (Score:2)
If remailers are getting taken down because authorities want images of their hard drives, what about just giving that to them? Pre-emptively? The hard drives should have nothing revealing on them, I think. Is that your understanding, too? If so, then remailers could continue to operate despite law enforcement investigation.
The sticking points I see:
How about... (Score:2)
Why not try and induce a mass media frenzy that can focus on twhen the FBI has found leaks, and compromised particular networks, specifically the ones that are responsible for the worst spam. Then attach all sorts of fake info about busts, raids, etc...and that they are looking for more of the individuals associated through C&Cs and will use the ip list to track them down.
This would lead to all or any of the people using the C&C to stop right away for fear of getting caught and laying low until it t
Re: (Score:2, Informative)
I'm going to take this opportunity to post a link to information about remailers, but I think you are an idiot for asking.
http://www.andrebacard.com/remail.html [andrebacard.com]
Re: (Score:2)
I don't expect everyone to know everything about every topic, but I do expect people to make the effort to find out what something is before they put out a request for information.
And no it is not betterunixthanunix's fault that people viewing a news for nerds website can't figure out what a remailer is. A basic grasp of english tells you what a remailer is, and if you do not have a basic grasp of english you should be used to looking up words when viewing an english language website.
Re: (Score:2)
Re: (Score:2)
Up to +1 Flamebait
I really should get some sort of achievement for that.
Re:remailer? (Score:5, Informative)
An anonymous remailer is a server that receives messages with embedded instructions on where to send them next, and that forwards them without revealing where they originally came from.
http://en.wikipedia.org/wiki/Anonymous_remailer [wikipedia.org]
Re: (Score:2)
Lets break the word down for you:
[re]-[mailer]
I'm sure you can figure it out from there. If you still can't, go here [lmgtfy.com].
Re: (Score:2)
And nothing of value was lost.
Re: (Score:2)
Encryption keys were lost ...
Re:Are some of u spammers? (Score:5, Insightful)
Re: (Score:2)
Right, it looks as a decent process was followed here. FBI found came up with a potential issue, made a request thru the local government and made their case. Their local court ruled on the request and produced a warrant.
They imaged the machines for later infestation by the FBI, instead of asking for confiscation, so while there was a bit of downtime it wasn't a knock out blow.