Half of Tor Sites Compromised, Including TORMail 583
First time accepted submitter elysiuan writes "The founder of Freedom Hosting has been arrested in Ireland and is awaiting extradition to USA. In a crackdown the FBI claims to be about hunting down pedophiles, half of the onion sites in the TOR network have been compromised, including the e-mail counterpart of TOR deep web, TORmail. The FBI has also embedded a 0-day Javascript attack against Firefox 17 on Freedom Hosting's server. It appears to install a tracking cookie and a payload that phones home to the FBI when the victim resumes non-TOR browsing. Interesting implications for The Silk Road and the value of Bitcoin stemming from this. The attack relies on two extremely unsafe practices when using TOR: Enabled Javascript, and using the same browser for TOR and non-TOR browsing. Any users accessing a Freedom Hosting hosted site since 8/2 with javascript enabled are potentially compromised."
Computer Intrusion (Score:2, Insightful)
Computer Intrusion is illegal, and the FBI knows that.
So is spying on someone without a warrant, and given that they can't know who they're spying on, I don't see how they could possibly have obtained a warrant for this action.
I hope the TOR user community sues them. Very roughly. And with extreme prejudice.
The US has gotten way too fucking big for it's britches.
I used to think maybe there was justification for the anti-terrorism attitude that the US has.
I've changed my mind.
My sympathies now lie with those who rise up against these goddamn born-again Nazis in their attempt at world domination.
You go, Al Queda!
Wowsers (Score:0, Insightful)
I know I should be getting all upset about privacy and quoting 1984 and saying things like "slippery slope".. but I'm just too damned impressed.
I mean I think most people assumed _someone_ was trying to or had broken "the tor problem", but this is pretty damn epic, and this is one of those rare times when I actually believe they really are trying to protect the children.
line of beaters (Score:2, Insightful)
So the FBI, with no particular target in mind, are using the Tor network as a line of beaters in the bush scaring out any kind of animal and hopefully only shooting the ones they are trying to find. Meanwhile, every animal is scared out of it's normal activities until the beaters have passed.
Yeah, that's not intrusive at all. No privacy compromised for anyone. And all it takes is the FBI actually infecting the Tor network with their own malware. Thank heavens they're the good guys. Oh, wait, the good guys wouldn't intentionally infect computers and networks, would they?
I kind of want to be angry but.. (Score:1, Insightful)
The "I don't like the government monitoring me" part of me objects to this, but the "Find every pedo and kill them slowly" part of me is currently winning out, because lets face it for every legitimate user of TOR, there was about 200 pedo's.
This has to be illegal (Score:5, Insightful)
Or can FBI hack anyone at will without any legal oversight? I don't remember getting the memo where such behaviour from a government agency is legal.
Well I guess we can stop pretending we live in a law-abiding democratic world. It's an oligarchy run by the banks, the rich, lobyists and professional politicans, and scew everyone else...
--Coder
Re:We are living in interesting times (Score:5, Insightful)
If anyone else used exploits to screw with people, it would be called hacking and they'd probably go to prison, but when the FBI does it, it's 'okay.'
Cybercrime: Legal, but only if you're The Law (Score:5, Insightful)
So basically, if you're legally accessing a website while browsing with Tor, making use of legal services in a legal fashion... the FBI will install a wiretap on your computer, without a warrant, in order to monitor all your activities, on the off chance that you might be up to no good. This is rather like walking out into rush hour traffic, pointing at random cars, and saying "Search that car! We know terrorists use cars, so let's start searching them all."
Dear FBI,
Fuck you. That's a terrorist's mentality. You're worse than the lowly pieces of shit you hunt, because we expected you to uphold principles of integrity, honor, and those other words you got plastered on your slimy logo that used to mean something. You are, in fact, worse than a terrorist: You're a corrupt law enforcement organization with a bigger budget than any terrorist organization out there, and you are doing more harm to this country than catching a hundred Bin Ladens could accomplish.
-_- The internet is a global and international community and you need to show some restraint, otherwise you're going to create large amounts of resentment and anger throughout the world. No wait: You already have created this. You are endangering the infrastructure and the people you are oath-bound to protect with your actions. I don't give a flying fuck through a rolling doughnut what authority or law you think gives you the right to act in this fashion... you're a public menace. You're just giving everyone who doesn't like this country piles of ammunition and sympathy from the general public that can be used to attack MY country.
Knock it the fuck off. Now.
Re:Computer Intrusion (Score:5, Insightful)
Computer Intrusion is illegal, and the FBI knows that.
Yup...people have been clamoring for more transparency...perhaps this is that?
So is spying on someone without a warrant, and given that they can't know who they're spying on, I don't see how they could possibly have obtained a warrant for this action.
Agreed - the legislation that's in place has granted them far too much power, far more than most of us feel comfortable with.
I hope the TOR user community sues them. Very roughly. And with extreme prejudice.
That'd be nice, but I doubt it'll happen. It won't happen any faster than voting decency into office will :-/
The US has gotten way too fucking big for it's britches.
I agree - we need to get these douchebags outta office and get someone in office that does their f'ing job!
I used to think maybe there was justification for the anti-terrorism attitude that the US has.
I'm sure that at least some of the people involved believe that they're doing the right thing. Their belief doesn't make it "right" however...they need to stay the f out of my life. If I'm not breaking the law, they've got no business knowing a goddamned thing about me.
I've changed my mind.
My sympathies now lie with those who rise up against these goddamn born-again Nazis in their attempt at world domination.
YES! We need to protest, rise up as one mind, with one purpose, to effect change in our Government! Occupy Wall Street was only the beginning!
You go, Al Queda!
I'm sorry, WHAT?!?!?!
Woah, woah, woah, woah....where in the hell did that come from? Now, I fully agree that we need changes in our Government, and I'm even on board with listening to what revolutionaries have to say, but that's a far damn cry from supporting the murder of innocent citizens and the repression of (plenty) of basic human rights. No, I'm afraid your downmods were your own fault.
slavery and death by a thousand cuts (Score:4, Insightful)
Re:I kind of want to be angry but.. (Score:5, Insightful)
The "I don't like the government monitoring me" part of me objects to this, but the "Find every pedo and kill them slowly" part of me is currently winning out
You're part of the problem. Have fun getting groped at airports.
Re:Computer Intrusion (Score:2, Insightful)
Have you not learned from all the stories of computer intrusions that it is only illegal if you are an ordinary person, without access to large amounts of money, or are part of the government?
Re:Computer Intrusion (Score:5, Insightful)
Look, the bottom line is the US is out of control on a global scale, and has caused most of it's own problems and performed actions that resulted in the hatred of so many nations and societies against them.
Al Queda was trained and supported during the cold war, but as soon as it was no longer of interest to the US, they were abandoned to their fate at the hands of the Russian army. Add in the civilian casualties in Afghanistan, and it's no wonder they hate the US.
The US anti-drug war has literally cost hundreds of thousands of people their lives in Mexico, Columbia, and throughout south america.
You spy on the entire world as if it were perfectly acceptable, ignoring diplomatic ties, diplomatic relations, and even fundamental human rights that are enshrined in your own constitution, so long as it's not an american being targetted.
You produce an obscene amount of the carbon footprint of the planet, polluting the whole globe and doing a great deal to rush us all to oblivion.
You shove your laws down everyone's throats, even over trivial industries like entertainment (SOPA.)
Right now you whine like petty children because Russia won't return Snowden to your menacing clutches.
You bomb women and children with little regard using remote drones, and don't even have the decency to put your own lives at risk while doing so.
Your country is bankrupt, both financially and morally. Your cities are cesspools of crime, corruption, and gun/drug violence. Detroit is but the first of many who will be declaring bankruptcy thanks to years of mismanagement and abuse for the sake of short term votes.
You threaten the entire globe with a nuclear arsenal that dwarfs anyone else's save Russia's, who haven't threatened an invasion of anybody in a couple of decades.
You support the abuse of the Palestinians by your Israeli "allies", turning a blind eye to decades of human and civil rights abuses and blatant flouting of international law.
I'm sick of the US on the global stage.
I swear, you deserve to have your asses handed to you by a conglomeration of the nations you've abused and mistreated these many years.
And don't give me that "Well, I didn't vote for them" bullshit. You know as well as I do that it's the left and right heads of the same two-headed hydra in power down there. Where are the protests in the street? Where are all the so-called second amendment gun nuts when it matters? Where's the revolution that is so badly needed?
But no, you've got your TV pap and your shitty beer and something that claims to be a hamburger in your hand, so you sit idly by and watch it all unfold without saying a word except on slashdot and facebook.
Hell, even your so-called "justice" system condoned the murder of a 17 year old kid because some gun-toting putz started a fight and ended up losing.
Re:Computer Intrusion (Score:3, Insightful)
Next time you might want to wait until atleast some more votes come in instead of jumping to conclusions.
Only sort of offtopic (Score:5, Insightful)
I do not know who to trust or what to think anymore. If this threat is real or not, I imagine we are intended to suppose that it was the US governments blanket surveillance of the world, including domestic spying that tipped them off. On the other hand, the timing is such (Snowden/Manning) that for all I know they made the whole thing up to better justify government wrongdoing in the eyes of the people. Or perhaps al Qaeda made the whole thing up just to see if they can manipulate the movements of our government by taking advantage of info gathering with a campaign of false intel. I don't know who to trust or what to think anymore, with the exception that I know I don't trust my own government. They have proven themselves manipulative liars.
Re:Computer Intrusion (Score:2, Insightful)
Computer Intrusion is illegal, and the FBI knows that.
So is spying on someone without a warrant, and given that they can't know who they're spying on, I don't see how they could possibly have obtained a warrant for this action.
I hope the TOR user community sues them. Very roughly. And with extreme prejudice.
The US has gotten way too fucking big for it's britches.
I used to think maybe there was justification for the anti-terrorism attitude that the US has.
I've changed my mind.
My sympathies now lie with those who rise up against these goddamn born-again Nazis in their attempt at world domination.
You go, Al Queda!
Regardless of how poorly the US government behaves it does not justify supporting Al Qaeda or their tactics which are largely against civilians.
If you want to declaim the US government go right ahead - but in this case the enemy of your enemy is still fucking crazy and should not be supported regardless.
Re:I kind of want to be angry but.. (Score:5, Insightful)
I love hearing cases where the law makes no sense. A 16-year-old and his 16-year-old girlfriend have sex. Statutory rape charges are brought against the boyfriend, but are dismissed because the laws state that you have to be 18 to be charged. The girlfriend records it on her phone, and send a copy to the boyfriend. She gets charged with production of child porn, and he gets charged with having it. Welcome to the new world order.
What does this have to do with Bitcoin? (Score:4, Insightful)
I don't see how this affects Bitcoin at all. It's not an exploit of Bitcoin. Bitcoin isn't dependent on any onion sites, "Freedom Hosting", or Tor. The Silk Road are not the only users of Bitcoin.
Re:We are living in interesting times (Score:5, Insightful)
"Actually, a judge has yet to find whether it's OK or not. The admissibility of the evidence in these cases is going to hinge on whether or not it was collected through legal means."
But regardless of whether or not the judge decides to admit the evidence, we wont see any of these agents arrested and sent to prison for what they did.
EFF (Score:5, Insightful)
EFF in the White house, ASAP please.
I understand there's a legitimate need to conduct surveillance when justified. But having people from the EFF and/or ACLU running, or at least supervising things will likely act as a filter to prevent further abuses and level the playing field.
Re:Cybercrime: Legal, but only if you're The Law (Score:5, Insightful)
I'm not saying this to disagree with OP's rant, just to point out an easily-correctable issue.
I'll give you that. I was really angry when I wrote that. Still am, actually. Tor was originally designed by the US Navy. To my knowledge, several organizations within the military still recommend its use, or variant technology, in order to obscure source IP addresses that could identify the person browsing as being part of the US military. Needless to say, installing malware onto a computer that belongs to someone with a high security clearance is a security problem in and of itself. But it gets even worse; Tor is also widely used by political activists in countries like Iran, China, North Korea (okay, maybe not as much, since their internet is next to non-existant...), etc. These people depend on this technology so that they can advocate democracy in their country and provide intelligence that we actually use in this country... like, for example, reporting someone who might be planning a terrorist attack, and who for obvious reasons wants to submit such a report anonymously. But all of that is topped by the fact that now people know where the vulnerability is, and that it can't be easily fixed... we've just handed a large number of criminals carte a loaded gun, all so we can go after a small number of criminals, most of whom aren't a threat to anyone but themselves (drug users).
The FBI's little war on drugs and pedophilia here will cause considerable collateral damage, and in fact poses a clear and present danger to actual national security. Any gains they could have made by catching a few druggies and kid-fuckers is and will be completely buried by the damage. Cyberwarfare should be the domain of the military, not a civilian law enforcement agency. And that's what this is: This isn't just surveillance, this is a military attack against sovereign interests both domestic and foreign, as defined by our own recently enacted laws on cyberwarfare and terrorism... and while I disagree with a lot of the language of those laws, I do agree that when we're talking about anything not tightly bracketed and targetted to domestic activities alone, authority should remain with the military.
The FBI has so completely screwed the pooch here I am giving serious consideration to printing this out, writing down some notes, and driving downtown to meet with my representatives. I really, truly feel that what the FBI is doing is harmful to national security, foreign relations, and is also overstepping its judicial boundaries severely. Anyone who has given serious thought to what the rules of engagement might or should be regarding cyberwarfare would recognize this is a cluster fuck; Not only because they're publicly admitting it, but because even if they didn't, they're endangering the lives of foreign nationals who may in fact be intelligence assets, if not cultural, abroad. Political activists fighting for democracy could be killed because of this -- this is a very real threat. Those people should have our country's support, not suspicion and derision.
This is weapons grade stupidity. Normally I give law enforcement the benefit of the doubt -- a lot of what I read (for example, an article just two days ago on slashdot about the FBI interviewing someone over their browser history), has a grey area, or is missing key facts. I try very hard not to judge people until all the data is in. But this time... there's ample evidence that this was deliberate and it was done with a complete disregard for not just civil liberties, but national security. I mean, it doesn't really matter which side of the debate you're on here: They fucked all of it up.
Re:We are living in interesting times (Score:5, Insightful)
Our rights and freedoms are getting reamed so badly in the name of fighting child pornography, that I sometimes think that legalizing transmission and posession of kiddie porn would be the lesser evil. Think about that for a moment.
Re:We are living in interesting times (Score:5, Insightful)
This is all handled under one of the new secret courts, where the new secret laws are applied.
So don't expect to see any due process.
The laws and Constitution of the USA have been thoroughly corrupted by the worst enemies of the country: the faceless professional patriots who run the Federal Agencies and Bureaus. As Pogo said during the Vietnam peace-keeping thing we did once: "We have met the enemy, and he is us".
Re:We are living in interesting times (Score:5, Insightful)
Judge? what judge? You are funny. There will be no judge, only terror charges, or 2 years in prison while DOJ pretends to do discovery while lives are being destroyed and property stolen.
Re:We are living in interesting times (Score:5, Insightful)
Its also things like TORMail, and other non-pedophile sites.
This is good in a way because it proves a good PoC that
"But again, there are legal issues here. Why did the FBI have the right to infiltrate TORmail? They are using general warrants here, just like the NSA does. Because one person may be using TORmail for illicit purposes, the FBI feels that it can install tracking and search software on every user."
because American law enforcement works on the principle of "arrest everyone and sort it all out later". Given the notion that everyone using TOR who's not NSA, is automaticly a criminal of SOME kind, they can just arrest everyone and make them try and prove their innocence, by co-operating somehow with the FBI. They will then use this co-operation as a wedge to keep out dissedents, and create a pool of informants by default, by charging people with crimes they were if only vaugely associated with, with excessive jail times until they give useful informaiton or become informations.
Its also funny that the malware specificlly targets TORBrowser.
I think I called it. When the NSA, CIA, FBI, looses intrest, or no longer needs TOR, they will simply arrest everyone publicly involved with it for pedophilia or whatever other activities go on. They can play stupid to technophile judges, and juries, and know they'll get away with it.
Re:We are living in interesting times (Score:5, Insightful)
Nevertheless, the legal questions in this case are important for legal speech also, so it must be carefully weighed.
Re:We are living in interesting times (Score:5, Insightful)
Actually, a judge has yet to find whether it's OK or not. The admissibility of the evidence in these cases is going to hinge on whether or not it was collected through legal means. And no matter which way the judge finds, the loser is going to appeal. As far as I know, this is all untested legal ground.
You're forgetting something: They said 'pedophile' in the press release.
Re:We all have instances where we fall back... (Score:4, Insightful)
Isn't it interesting how easily people are manipulated? For some it's terrorism, for some child porn. I wonder what it would be for me that I'd consider more important than my freedom.
Still taking suggestions.
Re:We are living in interesting times (Score:4, Insightful)
I don't know that what a judge finds matters. We have seen that the executive branch and all of the three-letter-agencies do whatever the hell they want. There is nothing that will change that. Not legislation, not public outcry. Not even presidential decree. Nothing. Will you drive them back into secrecy? Yes. And that is where they will continue to do what they want.
Re:We are living in interesting times (Score:2, Insightful)
People need free and anonymous communication, without the government attacking every tool people have for that purpose.
Perhaps, but for better or worse, the government will always attack every tool people have for that purpose. It can't help it; it's what it does. The only defense is to build better tools which are safer and more anonymous.
Re:We are living in interesting times (Score:2, Insightful)
and when the product is the ruination of children's lives and welfare
That's not necessarily the case. Pictures distributed after the fact don't really ruin lives; if anything does that, it's the rape. The 'for the children' crowd has polluted your mind. Never compromise on censorship.
Tor collaborated (Score:3, Insightful)
Re:Tips for Tor (Score:2, Insightful)
Honestly never understood why people would use Tor on their regular OS, much less from their home Internet connection. IF I need to use Tor it's likely gonna be from a laptop I dig out of the closet, booted with Tails or another Live-distro, and connected to an open AP somewhere around town.
This scenario creates a one off moment of connection that will likely never be seen again. If someone tried to track it, even the compromised methods above, they'd be hunting down a ghost.
Point of Tor IS anonymity, right?
Re: Computer Intrusion (Score:2, Insightful)
Chechnya. Twice. And before you say it's an internal matter, it's no more an internal matter than if they had invaded Ukraine. The strong splinter states of the USSR got their freedom. The weak ones got steamrolled. In Moscow, Chechens aren't considered Russian... so how could this truly be an internal matter?
Re:We are living in interesting times (Score:4, Insightful)
Well... that's not entirely true. Yes, no one is making any more money off of traded images, but having a whole section of the Internet to their own allows for the existence of a nice safe place for trade of this stuff, and the desire to "show off" by making new stuff. "New stuff" being further acts.
These people show off the kids they abuse like they are their boyfriend/girlfriends. The real threat is that allowing them to be comfortable anywhere reinforces that abuse. Money is not the only reason kids get abused, although it certainly adds an industrial element to it.
That's one reason that I stay well away from TOR even though I understand the more benign uses it has. There are useful things you can do with it, but the fact that it is ground zero for drug sales and pedophilia makes it a very, very uncomfortable "neighborhood" to be in. Not to mention that even though this action is recent, the fact that you actually use TOR or connect to entry nodes is easily determined and obvious. Even if they don't know where you are going or what you are getting, they know you're up to *something* and that something has a much higher chance of being illicit. Nothing like increasing your NSA threat level for no reason.
Re:We are living in interesting times (Score:5, Insightful)
Re:We are living in interesting times (Score:5, Insightful)
Re:We are living in interesting times (Score:5, Insightful)
Regardless, they are after those who are in possession of child pornography, which is a crime. You may not think it should be, but that is completely beside the point. In order to find those who MIGHT be in possession of this material, the FBI gained unauthorized access to the computers of nearly EVERYONE who visited sites on Freedom Hosting, whether they were visiting a site that trafficked in this material. There are other sites on Freedom Hosting that do not host or distribute child pornography, and yet their users were exposed, as well.
This is akin to police discovering that a booth at a flea market is selling stolen merchandise. A reasonable course of action would be to obtain a warrant to search the property of the booth's operator. It would also be reasonable to conduct a stakeout of the booth to see who else visits the booth to knowingly buy or sell stolen goods, and then, after observing such activity, search the vehicles of these associates. That's all fine. But here, they basically came in and rummaged through the cars of everyone who came to the flea market, regardless of whether they visited the stolen goods booth or even knew of its existence.
That shit is fucked up, yo.
Re:We are living in interesting times (Score:5, Insightful)
Seriously, you think this is about pedophiles?
Yes, and clearly. This is the largest pedophile bust in history.
Says who? None of these people have been given their due process. At this point they are, at the very most, alleged child pornography traffickers.
Also, isn't your source of information the very government agency that was using a JavaScript exploit in a potentially illegal fashion to catch these perpetrators? Not exactly an unbiased source of information as to the legitimacy of their actions, huh?
Re:We are living in interesting times (Score:4, Insightful)
The original idea was that banning the pictures would greatly reduce demand for them, thus eliminating the economic inventive towards the child abuse required for their production.
That's the excuse, anyway. It doesn't explain why many countries then expanded the definition to include photoshopped images where no abuse actually took place ('pesudo-photographs' is the term in UK law), artistic depictions, artistic depictions of non-human characters that have some characteristics of human children (Yes, the UK even thought of that one!) and even completly fictional stories.
The real reason is much simpler. A collective desire: 'This stuff makes me feel icky and I hate the people who like it, so it should be illegal.'
Re:FISA: Where nothing could possibly go worng (Score:5, Insightful)
No no no, you don't understand. That 100% rate just proves how good and trustworthy the whole secret system is!
There is actually some truth in that statement.
A 100% (or near 100%) rate can have two reasons:
Two-party system, three-party system (Score:4, Insightful)
I think there is a practical difference between a 2-party system and a n-party system where n > 2. It's not what you think, though, and I'm not sure which one is really better in practice.
At least from my observations, a two-party system produces heavy polarization. Nowhere have I seen such a polarization as the one in US between Democrats and Republicans. Everyone is sure that their POV is the good one and cannot comprehend how someone can possibly support the other party. As you say, you can choose your flavor of police state.
A system of three roughly equally big parties, however, seems to emphasize consensus. As none of the three parties can hope to form a government alone, they will need to secure the cooperation of at least one of the two other. None of them can afford to become the lone different party, because that would just result always in the other two parties forming a government (unless the winning party manages to persuade enough smaller parties to join a coalition government with the two other parties left out). The result is that you have three basically identical parties that are more or less only differentiated by how they market themselves. Of course there are politicians in the parties that would like to be different, but in order to secure a government with another of the parties, you will need to make concessions, which usually excludes the points of view that are unique to one party.
So, the end result is that you can choose from three flavors which are not really that different. Not that consensus policymaking would necessarily be bad - it's not.
In my country a fourth big party has recently emerged. It will be interesting to see how this affects the dynamics as we've only seen something like two elections where this was the case.
Of course it also depends on the system used in elections. I think the US-style "winner takes it all" system basically forces only two big parties to emerge.
Still, as someone who lives in a country with more than two big parties, I don't think I'd ever want to see a government effectively controlled by only a single party, not for any period of time.
Re:We are living in interesting times (Score:4, Insightful)
"Tyranny is defined as that which is legal for the government but illegal for the citizenry."