Half of Tor Sites Compromised, Including TORMail 583
First time accepted submitter elysiuan writes "The founder of Freedom Hosting has been arrested in Ireland and is awaiting extradition to USA. In a crackdown the FBI claims to be about hunting down pedophiles, half of the onion sites in the TOR network have been compromised, including the e-mail counterpart of TOR deep web, TORmail. The FBI has also embedded a 0-day Javascript attack against Firefox 17 on Freedom Hosting's server. It appears to install a tracking cookie and a payload that phones home to the FBI when the victim resumes non-TOR browsing. Interesting implications for The Silk Road and the value of Bitcoin stemming from this. The attack relies on two extremely unsafe practices when using TOR: Enabled Javascript, and using the same browser for TOR and non-TOR browsing. Any users accessing a Freedom Hosting hosted site since 8/2 with javascript enabled are potentially compromised."
We are living in interesting times (Score:5, Interesting)
Looks very much like the three letter agencies decided it's time now to start playing hardball.
Re:We are living in interesting times (Score:5, Insightful)
If anyone else used exploits to screw with people, it would be called hacking and they'd probably go to prison, but when the FBI does it, it's 'okay.'
Re:We are living in interesting times (Score:5, Interesting)
If anyone else used exploits to screw with people, it would be called hacking and they'd probably go to prison, but when the FBI does it, it's 'okay.'
Actually, a judge has yet to find whether it's OK or not. The admissibility of the evidence in these cases is going to hinge on whether or not it was collected through legal means. And no matter which way the judge finds, the loser is going to appeal. As far as I know, this is all untested legal ground.
Re:We are living in interesting times (Score:5, Insightful)
"Actually, a judge has yet to find whether it's OK or not. The admissibility of the evidence in these cases is going to hinge on whether or not it was collected through legal means."
But regardless of whether or not the judge decides to admit the evidence, we wont see any of these agents arrested and sent to prison for what they did.
Re: (Score:3, Funny)
Re:We are living in interesting times (Score:5, Insightful)
This is all handled under one of the new secret courts, where the new secret laws are applied.
So don't expect to see any due process.
The laws and Constitution of the USA have been thoroughly corrupted by the worst enemies of the country: the faceless professional patriots who run the Federal Agencies and Bureaus. As Pogo said during the Vietnam peace-keeping thing we did once: "We have met the enemy, and he is us".
Re:We are living in interesting times (Score:5, Insightful)
Judge? what judge? You are funny. There will be no judge, only terror charges, or 2 years in prison while DOJ pretends to do discovery while lives are being destroyed and property stolen.
Re:We are living in interesting times (Score:5, Insightful)
Actually, a judge has yet to find whether it's OK or not. The admissibility of the evidence in these cases is going to hinge on whether or not it was collected through legal means. And no matter which way the judge finds, the loser is going to appeal. As far as I know, this is all untested legal ground.
You're forgetting something: They said 'pedophile' in the press release.
Re:We are living in interesting times (Score:5, Interesting)
Actually, a judge has yet to find whether it's OK or not. The admissibility of the evidence in these cases is going to hinge on whether or not it was collected through legal means. And no matter which way the judge finds, the loser is going to appeal. As far as I know, this is all untested legal ground.
You're forgetting something: They said 'pedophile' in the press release.
An old Soviet trick to remove a recalcitrant politician or bureaucrat who just wouldn't step down when asked nicely then threatened was to label them a pedophile or a rapist, then 'disappear' them. That's how they got rid of Beria rather than let him take over the whole Soviet Union after Stalin.
Re:We are living in interesting times (Score:5, Informative)
Re:We are living in interesting times (Score:5, Interesting)
Re:We are living in interesting times (Score:5, Interesting)
Although I should point out, Beria actually was a sick fuck. They didn't have to make up half that shit about him. It's just that no one actually could or would do anything about it while Stalin was alive and Beria was still the top flunky.
Re:We are living in interesting times (Score:4, Informative)
Sorry, but the Soviets didn't invent that trick. If anything they copied it from the Nazis, but then the Nazis didn't originate it either. Perhaps they copied it from the Inquisition, or from any of many other prior "practitioners of the art". It's so old that one can't even say how old it is. It *probably* didn't predate language.
The amazing thing is that it still works.
Actually, if you count it as a subset of propaganda, then you need to go back to Edward Bernays and the Wilson administration's implementation of the first government propaganda agency, the Committee on Public Information.
http://en.wikipedia.org/wiki/Edward_Bernays [wikipedia.org]
----
Bernays's public relations efforts helped to popularize Freud's theories in the United States. Bernays also pioneered the PR industry's use of psychology and other social sciences to design its public persuasion campaigns:
" If we understand the mechanism and motives of the group mind, is it not possible to control and regiment the masses according to our will without their knowing about it? The recent practice of propaganda has proved that it is possible, at least up to a certain point and within certain limits."
He called this scientific technique of opinion-molding the 'engineering of consent'.
Bernays began his career as press agent in 1913, counseling to theaters, concerts and the ballet. In 1917, US President Woodrow Wilson engaged George Creel and realizing one of his ideas, he founded the Committee on Public Information. Bernays, Carl Byoir and John Price Jones worked together to influence public opinion towards supporting American participation in World War I.
----
Goebbels owned a copy of Bernays's book on the subject IIRC, and acknowledged Bernays's and Wilson's achievements with the use of propaganda domestically and utilized many of their techniques and principals in Nazi propaganda programs. I believe Stalin is reported to have taken many propaganda ideas and concepts from Bernays's work as well..
Wilson was a real racist/segregationist, political/policy-opposition-arresting piece of work all on his own. People should read about the actions taken and policies enacted by Wilson domestically. In a lot of ways, like the Executive Branch/DoJ running wild, it resembles our current situation with a DoJ exceeding it's powers and deliberately inflicting illegal, un-Constitutional, and criminal injustice for political reasons.
Strat
Re:We are living in interesting times (Score:4, Insightful)
I don't know that what a judge finds matters. We have seen that the executive branch and all of the three-letter-agencies do whatever the hell they want. There is nothing that will change that. Not legislation, not public outcry. Not even presidential decree. Nothing. Will you drive them back into secrecy? Yes. And that is where they will continue to do what they want.
Re:We are living in interesting times (Score:5, Interesting)
It is a legal arena defined by the new secret laws whose application is subject only to the new secret courts.
Congress is not going to do anything about this. Hell, they cannot even decide which hand they should use to wipe their collective ass. The Obama Administration might be complicit in this, or it might have its hands tied. Because the secret courts have the authority to issue secret injunctions against any organization, including other parts of the Federal government, it is possible that Obama has no effective oversight on what they are doing. They seem to report to the Judicial Branch, not the Executive Branch. And the Judicial Branch was not constituted to manage this kind of execution of law.
We are now beginning to see how a rogue element has managed to gain control of significant Federal powers while remaining outside of any of the constitutional checks and balances.
This is not going to end well.
FBI director reports to Clapper, Obama (Score:5, Informative)
Re:FBI director reports to Clapper, Obama (Score:5, Interesting)
It is elements of the FBI charged with executing the secret laws that came into existence more than 6 years ago and are administered by the Judicial Branch through secret courts that were set up for that purpose. Those courts have the authority to issue secret writs that include penalties for even saying that you have received one or are bound by one to act in certain ways.
Mueller may be operating under Judicial constraints that prevent him from saying anything to Obama, or Clapper, or any elected official or appointee of an elected official. There is no way to know. That's part of the secrecy.
There are strong Constitutional walls that prevent the Executive Branch from interfering with the operations of the Judicial Branch. The Judicial Branch has no mechanisms for executing laws on its own. But in this situation, the Judicial has been granted direct control over portions of Executive agencies, and those portions of the affected agencies appear to be legally constrained from reporting to their superiors-on-record about their activities. We have heads of agencies that can commit perjury before Congressional committees with impunity-- apparently because the perjury has been approved by some branch of the Judiciary, either directly or under some umbrella order.
Several years ago, probably for very patriotic reasons to protect everyone from another 9/11, a bunch of lawmakers corrupted the US Constitution with this deadly foolishness. There has been time enough for that corruption to grow the roots it needs-- acquire the secretarial pools, dedicated agents, middle managers, and perhaps even gung-ho janitors-- and now like a corpse flower the thing is coming into bloom.
There are times when getting out the tinfoil hat is appropriate, such as the 1960s in the USA wrt LBJ's "Guns and Butter" Great Society. We are living in another of those times. No matter how dangerous the world becomes, the USA will certainly lose its core values of liberty and justice for anyone if secret laws and secret courts are not terminated.
Re:FISA secret courts (Score:4, Informative)
Actually, these secret courts started in 1978 [wikipedia.org]
citation needed (Score:3)
That court, like any other, can approve the warrant requested by the administration. I've seen no evidence, or even any claim other than yours, that the courts in any way direct the executive agencies. Do you have anything, anything at all, to support your novel and extravagant claims? If not, do
Re:citation needed (Score:5, Informative)
Considering that they've been approving 100% of all warrants? [arstechnica.com] Yeah, pretty sure there's a problem. Reminds me of the kangeroo courts...I mean human rights councils here in Canada. Which had a 100% conviction rate.
Re: (Score:3)
FISA: Where nothing could possibly go worng (Score:5, Funny)
No no no, you don't understand. That 100% rate just proves how good and trustworthy the whole secret system is!
Re:citation needed (Score:4, Interesting)
They approve all applications because: First, the same few FBI lawyers make the applications and have a pretty good idea of what will get approved and what won't. Second, the FISA court clerks know what their bosses will and won't approve, so reject or send back for modification almost all deficient applications before they even hit the judges where they can be counted in this approval rate.
The rate of applications modified or rejected by the clerks is the real approval rate, but that's not tracked.
Re:FISA: Where nothing could possibly go worng (Score:5, Insightful)
No no no, you don't understand. That 100% rate just proves how good and trustworthy the whole secret system is!
There is actually some truth in that statement.
A 100% (or near 100%) rate can have two reasons:
maybe until 2004 (Score:3)
Re: (Score:3)
The Obama Administration might be complicit in this, or it might have its hands tied. Because the secret courts have the authority to issue secret injunctions against any organization, including other parts of the Federal government, it is possible that Obama has no effective oversight on what they are doing
Oh please. If someone had said that about the Bush Administration or any other Administration, they would have been torn to shreds. Obama & his administration knew what the hell is & was going on. If he didn't it was because he chose not to. And if that's the case, then he's a bigger joke than Bush, who at least had the balls to take action(incorrectly or not). So no matter what, he gets to take the blame on this one, just like Bush 1 & 2 and Clinton.
Re:We are living in interesting times (Score:4, Insightful)
"Tyranny is defined as that which is legal for the government but illegal for the citizenry."
Re: (Score:2, Interesting)
We do have to be somewhat real about this. Lolita City, the pedophile HQ of the internet, has over 15,000 members (and who knows how many 'guests'). Of course the FBI was going to attack these massive pedophile rings. Good for them.
But again, there are legal issues here. Why did the FBI have the right to infiltrate TORmail? They are using general warrants here, just like the NSA does. Because one person may be using TORmail for illicit purposes, the FBI feels that it can install tracking and search software
Re:We are living in interesting times (Score:5, Insightful)
Our rights and freedoms are getting reamed so badly in the name of fighting child pornography, that I sometimes think that legalizing transmission and posession of kiddie porn would be the lesser evil. Think about that for a moment.
Re:We are living in interesting times (Score:5, Insightful)
Re:We are living in interesting times (Score:4, Insightful)
The original idea was that banning the pictures would greatly reduce demand for them, thus eliminating the economic inventive towards the child abuse required for their production.
That's the excuse, anyway. It doesn't explain why many countries then expanded the definition to include photoshopped images where no abuse actually took place ('pesudo-photographs' is the term in UK law), artistic depictions, artistic depictions of non-human characters that have some characteristics of human children (Yes, the UK even thought of that one!) and even completly fictional stories.
The real reason is much simpler. A collective desire: 'This stuff makes me feel icky and I hate the people who like it, so it should be illegal.'
Re: (Score:3)
Seriously, you think this is about pedophiles?
Yes, and clearly. This is the largest pedophile bust in history. Duh. If the biggest bust in history doesn't solidify the topic for you, I have to wonder about your motivations.
Re:We are living in interesting times (Score:5, Insightful)
Seriously, you think this is about pedophiles?
Yes, and clearly. This is the largest pedophile bust in history.
Says who? None of these people have been given their due process. At this point they are, at the very most, alleged child pornography traffickers.
Also, isn't your source of information the very government agency that was using a JavaScript exploit in a potentially illegal fashion to catch these perpetrators? Not exactly an unbiased source of information as to the legitimacy of their actions, huh?
Re: (Score:3)
It's not that much different if you have more than two parties to choose from. In Europe you can vote for the socialists, who promise you the sky and deliver ... umm... well, so far they haven't delivered. You can vote for the populists who threaten you with hell on earth and crime sprees if you don't vote for them, only to deliver ... umm... well, at least as much corruption as the socis. You can vote for the conservatives who'll promise you to protect your belongings, only to rip you off to stuff their cr
Two-party system, three-party system (Score:4, Insightful)
I think there is a practical difference between a 2-party system and a n-party system where n > 2. It's not what you think, though, and I'm not sure which one is really better in practice.
At least from my observations, a two-party system produces heavy polarization. Nowhere have I seen such a polarization as the one in US between Democrats and Republicans. Everyone is sure that their POV is the good one and cannot comprehend how someone can possibly support the other party. As you say, you can choose your flavor of police state.
A system of three roughly equally big parties, however, seems to emphasize consensus. As none of the three parties can hope to form a government alone, they will need to secure the cooperation of at least one of the two other. None of them can afford to become the lone different party, because that would just result always in the other two parties forming a government (unless the winning party manages to persuade enough smaller parties to join a coalition government with the two other parties left out). The result is that you have three basically identical parties that are more or less only differentiated by how they market themselves. Of course there are politicians in the parties that would like to be different, but in order to secure a government with another of the parties, you will need to make concessions, which usually excludes the points of view that are unique to one party.
So, the end result is that you can choose from three flavors which are not really that different. Not that consensus policymaking would necessarily be bad - it's not.
In my country a fourth big party has recently emerged. It will be interesting to see how this affects the dynamics as we've only seen something like two elections where this was the case.
Of course it also depends on the system used in elections. I think the US-style "winner takes it all" system basically forces only two big parties to emerge.
Still, as someone who lives in a country with more than two big parties, I don't think I'd ever want to see a government effectively controlled by only a single party, not for any period of time.
Re:We are living in interesting times (Score:5, Insightful)
Its also things like TORMail, and other non-pedophile sites.
This is good in a way because it proves a good PoC that
"But again, there are legal issues here. Why did the FBI have the right to infiltrate TORmail? They are using general warrants here, just like the NSA does. Because one person may be using TORmail for illicit purposes, the FBI feels that it can install tracking and search software on every user."
because American law enforcement works on the principle of "arrest everyone and sort it all out later". Given the notion that everyone using TOR who's not NSA, is automaticly a criminal of SOME kind, they can just arrest everyone and make them try and prove their innocence, by co-operating somehow with the FBI. They will then use this co-operation as a wedge to keep out dissedents, and create a pool of informants by default, by charging people with crimes they were if only vaugely associated with, with excessive jail times until they give useful informaiton or become informations.
Its also funny that the malware specificlly targets TORBrowser.
I think I called it. When the NSA, CIA, FBI, looses intrest, or no longer needs TOR, they will simply arrest everyone publicly involved with it for pedophilia or whatever other activities go on. They can play stupid to technophile judges, and juries, and know they'll get away with it.
Re:We are living in interesting times (Score:5, Informative)
Re:We are living in interesting times (Score:5, Insightful)
Regardless, they are after those who are in possession of child pornography, which is a crime. You may not think it should be, but that is completely beside the point. In order to find those who MIGHT be in possession of this material, the FBI gained unauthorized access to the computers of nearly EVERYONE who visited sites on Freedom Hosting, whether they were visiting a site that trafficked in this material. There are other sites on Freedom Hosting that do not host or distribute child pornography, and yet their users were exposed, as well.
This is akin to police discovering that a booth at a flea market is selling stolen merchandise. A reasonable course of action would be to obtain a warrant to search the property of the booth's operator. It would also be reasonable to conduct a stakeout of the booth to see who else visits the booth to knowingly buy or sell stolen goods, and then, after observing such activity, search the vehicles of these associates. That's all fine. But here, they basically came in and rummaged through the cars of everyone who came to the flea market, regardless of whether they visited the stolen goods booth or even knew of its existence.
That shit is fucked up, yo.
Re:We are living in interesting times (Score:5, Insightful)
Nevertheless, the legal questions in this case are important for legal speech also, so it must be carefully weighed.
Re:We are living in interesting times (Score:4, Insightful)
Well... that's not entirely true. Yes, no one is making any more money off of traded images, but having a whole section of the Internet to their own allows for the existence of a nice safe place for trade of this stuff, and the desire to "show off" by making new stuff. "New stuff" being further acts.
These people show off the kids they abuse like they are their boyfriend/girlfriends. The real threat is that allowing them to be comfortable anywhere reinforces that abuse. Money is not the only reason kids get abused, although it certainly adds an industrial element to it.
That's one reason that I stay well away from TOR even though I understand the more benign uses it has. There are useful things you can do with it, but the fact that it is ground zero for drug sales and pedophilia makes it a very, very uncomfortable "neighborhood" to be in. Not to mention that even though this action is recent, the fact that you actually use TOR or connect to entry nodes is easily determined and obvious. Even if they don't know where you are going or what you are getting, they know you're up to *something* and that something has a much higher chance of being illicit. Nothing like increasing your NSA threat level for no reason.
Re:We are living in interesting times (Score:5, Insightful)
Re: (Score:3)
You are attempting to conflate attempts to prevent child molesting with all
other "over the top" security measures.
Where did that happen? I have no problem with trying to prevent people from raping others, but if your solution involves violating people's rights or utilizing censorship, I don't want anything to do with it.
Children and animals deserve special protection.
What does having "special protection" entail? Does it involve censorship or people losing their rights just so certain people or animals can have this "special protection"? If so, throw that "special protection" idea right in the garbage.
But those who
prey on children who are unable to protect themselves deserve special attention,
and whether you understand this or not it needs to happen.
The world will not fall apart if you security theater people don't
Re:We are living in interesting times (Score:5, Interesting)
Unconstitutional surveillance is bad enough. But they don't have any more right to commit "unauthorized access to a computer system" than anybody else. (That is to say, their javascript hack of site visitors who may be innocent.) They can't break the law in order to enforce the law, unless they want to face criminal charges themselves. Aaron Schwartz faced 30 years in prison for far less. I say, let's see the FBI face the same thing.
And yes, it may well be enforceable. Look up 18 USC 242, "Deprivation of Civil Rights Under Color of Law". The civil rights in question here might be, just for example, the privacy of your own computer system, which legally requires a warrant or subpoena to access. Just my opinion, but I don't see how simply visiting a website could constitute probable cause, much less justify intrusion in the form of a "hack".
18 USC 242 IS fairly frequently prosecuted, and last I checked it has a conviction rate of about 98%, which is awesome for any law. And it specifically targets government agents and agencies. The President is not immune.
(P.S. After reading that law, many folks have been prone to conclude that it only applies to racial and other discrimination. That is because of the awkward wording [e.g., there is a strategically placed comma that makes a big difference]. In fact it applies to ANY Constitutional right. However, my mention of it here is not meant to imply that the law does apply here. Only that it might. IANAL and I don't pretend to be one, but I have researched this law and its application.)
Re: (Score:3)
Looks very much like the three letter agencies decided it's time now to start playing hardball.
Well when you realize that TOR was originally developed and set up by three letter agencies, its not a surprise that it is being used as a honey pot.
Re:We are living in interesting times (Score:4, Informative)
Only a moron would believe that.
Check your facts:
http://en.wikipedia.org/wiki/Tor_(anonymity_network)#History [wikipedia.org]
https://www.usenix.org/legacy/events/sec04/tech/full_papers/dingledine/dingledine_html/index.html [usenix.org]
Why do you think almost 2/3rds of all TOR sited portal to the net in Virginia?
Re:We are living in interesting times (Score:4, Interesting)
We certainly are living in interesting times and considering that you're 200,000 UIDs older than me, you have to consider what Slashdot was like years ago.
I remember when people started taking shots at Slashdot for the type of articles it posted, flamed it for being too mainstream, Apple-centric, or because it's become a popular wannabe geek pissing ground. Though all these things may be true or not, it doesn't really matter.
What's important to know is that Slashdot is about IT/Geek news and if you look at the IT segment alone it has become massively political. The shit fights between Netscape and Microsoft pale in comparison to the crap we're subjected too today. The Obama administration is now getting involved in the Smartphone wars for example ... who would'a thought? The EU slapping Microsoft over antitrust, so what? The US is now posturing against Russia because of leaked data that has been spilled out on the internet. We're talking about "news for geeks" hosting stories about stuff that wars are made from!
You say hardball? you say interesting times? I say how much more interesting is it gonna get?
Computer Intrusion (Score:2, Insightful)
Computer Intrusion is illegal, and the FBI knows that.
So is spying on someone without a warrant, and given that they can't know who they're spying on, I don't see how they could possibly have obtained a warrant for this action.
I hope the TOR user community sues them. Very roughly. And with extreme prejudice.
The US has gotten way too fucking big for it's britches.
I used to think maybe there was justification for the anti-terrorism attitude that the US has.
I've changed my mind.
My sympathies now
Re: (Score:3)
All these "illegal" acts by a government are only "illegal" within that country. If they target another country, or a citizen of another country, that's called "espionage" and all fallout is handled by the State Department/Foreign Affairs Office or by military action.
Oh, and the punishment for "illegal" acts for the elite (read: government employees and/or corporate executives) is now officially a wrist-slap in a press release, and MAYBE a fine. MAYBE.
Oh, and make sure to say hi to all the nice men in Gua
Re: (Score:3)
Maybe you would consider intentionally hosting a child porn site [gizmodo.com] something legal? That happened inside US, after all.
Anyway, lose any hope to find justice in US, you are part of them and then outside law's reach [rollingstone.com] , or you are not, and you can be labeled as terrorist [topinfopost.com], jailed for decades under any excuse [slashdot.org], or eliminated [rt.com] if you cause trouble to their protegees.
Re: (Score:3)
Actually, you could argue in a court of law that because the original site was not set up by the FBI that the entire operation fell under an "undercover investigation" status, even after the site was compromised. The FBI even had a fairly clean defense against charges of entrapment as well, because they didn't create the site in the first place, and shut it down shortly after acquiring control.
In this case, if looks like the FBI did a similar play - hack an existing site that is used for illegal activity,
Re:Computer Intrusion (Score:5, Insightful)
Computer Intrusion is illegal, and the FBI knows that.
Yup...people have been clamoring for more transparency...perhaps this is that?
So is spying on someone without a warrant, and given that they can't know who they're spying on, I don't see how they could possibly have obtained a warrant for this action.
Agreed - the legislation that's in place has granted them far too much power, far more than most of us feel comfortable with.
I hope the TOR user community sues them. Very roughly. And with extreme prejudice.
That'd be nice, but I doubt it'll happen. It won't happen any faster than voting decency into office will :-/
The US has gotten way too fucking big for it's britches.
I agree - we need to get these douchebags outta office and get someone in office that does their f'ing job!
I used to think maybe there was justification for the anti-terrorism attitude that the US has.
I'm sure that at least some of the people involved believe that they're doing the right thing. Their belief doesn't make it "right" however...they need to stay the f out of my life. If I'm not breaking the law, they've got no business knowing a goddamned thing about me.
I've changed my mind.
My sympathies now lie with those who rise up against these goddamn born-again Nazis in their attempt at world domination.
YES! We need to protest, rise up as one mind, with one purpose, to effect change in our Government! Occupy Wall Street was only the beginning!
You go, Al Queda!
I'm sorry, WHAT?!?!?!
Woah, woah, woah, woah....where in the hell did that come from? Now, I fully agree that we need changes in our Government, and I'm even on board with listening to what revolutionaries have to say, but that's a far damn cry from supporting the murder of innocent citizens and the repression of (plenty) of basic human rights. No, I'm afraid your downmods were your own fault.
Re: (Score:3, Interesting)
You go, Al Queda!
I'm sorry, WHAT?!?!?!
Woah, woah, woah, woah....where in the hell did that come from? Now, I fully agree that we need changes in our Government, and I'm even on board with listening to what revolutionaries have to say, but that's a far damn cry from supporting the murder of innocent citizens and the repression of (plenty) of basic human rights. No, I'm afraid your downmods were your own fault.
I am not that guy, and while I really don't believe Al Queda are good guys or a group to support, I kinda feel like I should support them in some things. For example they recently said they want to break guantanamo. And hey, I fully support them in that. It seems like the right thing to do, pretty extreme but if the government wanted a less extreme option they had plenty of time for it.
The government is really going to make extremist groups be way easier to relate to.
Re:Computer Intrusion (Score:5, Interesting)
Everybody has a tipping point. I think for US it's going to be the Big Brother issues.
I'm from Turkey and for us the tipping point was a park.
For years, we had been suffering the same politics of fear that I see in US. The government was practically putting anyone (particularly people speaking against them) under surveillance, making journalists wait in custody for years before even having their trials, suing people in a corrupt justice system just for speaking their minds using something equivalent of the Patriot Act. The freedom of speech was no where to be seen.
During all this time, what stopped people from acting was the feeling of being alone and powerless. And that's what happens when all the media is corrupt and distorting and hiding what's really going on. But people were no fools. Thanks to the internet, there were ways of knowing what's really been going on and people have been getting the news.
So one day, police attacked hundreds of people who were having a sit-in for saving a park and the trees in it with. Anger overwhelmed fear and in a few hours millions were on the street, protesting. I had seen nothing like this. People coming out of Yoga classes were throwing tear gas grenades back to the police. Mothers were preparing solutions to use against the effect of pepper spray. Nobody was afraid of being against the police anymore. The whole story is really interesting, from using google maps to track and distribute police movements to a whole series of sub-culture graffiti on the walls of Istanbul. If you want to learn more, visit this [showdiscontent.com], this [readlists.com] and this [washingtonpost.com] link.
This lasted for two weeks. For the first five days there was *nothing* on TV or newspapers about this. This was an eye opener for the people who have seen what wasn't being reported. It was what they needed for reverse-engineering the mass-media and bypassing it with social media.
Now everything is calmer, at least in appearance. But the change that people have gone through is an irreversible process. And I think it is, or will be, of a much important consequence than over-throwing an oppressive government. Because the problem doesn't reside within a single government. It's this whole inhumane, ecologically unmaintainable, unjust system and it is all around the world. We all need to open our eyes and do something about it.
Re:Computer Intrusion (Score:5, Interesting)
Al Qaeda are a bunch of murderous thugs. They get and should get no sympathy whatsoever. But it's the US governments own responses which gives them grounds to curry sympathy. This is why they wanted us in Afghanistan, in Iraq, and beyond. Our government had its own reasons to want to do this, but in the end the result is the same.
So when you draw lines on your mental map and you are thinking about enemy of my enemy, keep in mind that Al Qaeda and the Feds may be better seen as allies, for the moment at least, rather than enemies. Oh, they dont like each other. But they have been strengthening each others hands and playing together to common goals for a long time. In Afghanistan during the soviet period, in the balkans, and right now in Syria. Al Qaeda, contentless US Press releases to the contrary, was weak and nearly powerless in 2002, and today it has a presence in countries from Mali to Indonesia, and can even field an army (by all accounts the strongest and most successful in the entire opposition) to contend in the Syrian Civil War.
And the US is backing them, there, much as we did in the Balkans not so very long ago. What's really going on here?
Re:Computer Intrusion (Score:5, Insightful)
Look, the bottom line is the US is out of control on a global scale, and has caused most of it's own problems and performed actions that resulted in the hatred of so many nations and societies against them.
Al Queda was trained and supported during the cold war, but as soon as it was no longer of interest to the US, they were abandoned to their fate at the hands of the Russian army. Add in the civilian casualties in Afghanistan, and it's no wonder they hate the US.
The US anti-drug war has literally cost hundreds of thousands of people their lives in Mexico, Columbia, and throughout south america.
You spy on the entire world as if it were perfectly acceptable, ignoring diplomatic ties, diplomatic relations, and even fundamental human rights that are enshrined in your own constitution, so long as it's not an american being targetted.
You produce an obscene amount of the carbon footprint of the planet, polluting the whole globe and doing a great deal to rush us all to oblivion.
You shove your laws down everyone's throats, even over trivial industries like entertainment (SOPA.)
Right now you whine like petty children because Russia won't return Snowden to your menacing clutches.
You bomb women and children with little regard using remote drones, and don't even have the decency to put your own lives at risk while doing so.
Your country is bankrupt, both financially and morally. Your cities are cesspools of crime, corruption, and gun/drug violence. Detroit is but the first of many who will be declaring bankruptcy thanks to years of mismanagement and abuse for the sake of short term votes.
You threaten the entire globe with a nuclear arsenal that dwarfs anyone else's save Russia's, who haven't threatened an invasion of anybody in a couple of decades.
You support the abuse of the Palestinians by your Israeli "allies", turning a blind eye to decades of human and civil rights abuses and blatant flouting of international law.
I'm sick of the US on the global stage.
I swear, you deserve to have your asses handed to you by a conglomeration of the nations you've abused and mistreated these many years.
And don't give me that "Well, I didn't vote for them" bullshit. You know as well as I do that it's the left and right heads of the same two-headed hydra in power down there. Where are the protests in the street? Where are all the so-called second amendment gun nuts when it matters? Where's the revolution that is so badly needed?
But no, you've got your TV pap and your shitty beer and something that claims to be a hamburger in your hand, so you sit idly by and watch it all unfold without saying a word except on slashdot and facebook.
Hell, even your so-called "justice" system condoned the murder of a 17 year old kid because some gun-toting putz started a fight and ended up losing.
Re: (Score:3)
The main reason I'm so pissed off is I'm Canadian, and that means your three letter agencies are busy spying on me for all it's worth. Until today I didn't actively hate the US.
Your making enemies as fast as you're losing friends.
Re: (Score:3)
How are you 'putting presume on it to change' ? Because to be honest, I've not seen anything like that yet.
Really, I would like to know.
Re: (Score:3)
No. Just NO.
I'm retired and have time on my hands. I'm also a long-time free-speech and gun rights advocate, giving money, time, and voice to both issues.
I sat at my computer and watched the entire trial as it was streamed. All of it. If you haven't done the same and have only listened to the mass media, you have no idea what happened that night. If you watche
Re: (Score:3)
And what do you propose I do? Walk from Canada to the White House to plant a picket sign?
I wrote my own government with my concerns.
What have you done?
Re: (Score:3, Insightful)
Next time you might want to wait until atleast some more votes come in instead of jumping to conclusions.
Did I read that right? (Score:2)
That would include all the FBI computers used to deliver the poison, then?
Re: (Score:2)
Probably not but the analysis of the malware is still on-going. Hence 'potentially'. Regardless I think it's safe to assume any thing traced back to FBI lab computers are probably not high on the list of actionable items.
Re: (Score:3)
"Any users accessing a Freedom Hosting hosted site since 8/2 with javascript enabled are potentially compromised."
That would include all the FBI computers used to deliver the poison, then?
Nah, they're probably using IE 6. Still.
Re:Did I read that right? (Score:5, Informative)
You should had to be running Firefox 17 on windows afaik (that was the version included by the Tor Bundle).
You had be running the specific, modified Firefox version that's shipped with Tor.
Mozilla's Firefox 17 (ESR) has been patched for this vulnerability. (i.e. it's not a real 0-day)
Re: (Score:3)
Firefox 17.0.7 is still the latest in the ESR update channel.
Tips for Tor (Score:5, Informative)
Put your Tor client in a Secure Linux VM, so none of your hardware information can be exposed. Go to https://check.torproject.org/ [torproject.org] to check if Tor is working, and make sure NoScript or something similar is enabled.
Re: (Score:3)
Re:Tips for Tor (Score:5, Informative)
Or use Tails, a Linux distro specifically designed for paranoia. You burn it on a CD (or USB stick) and boot from it into a Linux desktop environment specially crafted for privacy and security. All internet traffic is routed through Tor (sic), so after rebooting you should be fine.
Re: (Score:2, Informative)
Tails have Javascript enabled, so would be insecure. Wait for the next update.
Re: (Score:3)
...and if you're using the same browser for TOR and unsecure web, you're doing it wrong.
No defcon? (Score:5, Funny)
line of beaters (Score:2, Insightful)
So the FBI, with no particular target in mind, are using the Tor network as a line of beaters in the bush scaring out any kind of animal and hopefully only shooting the ones they are trying to find. Meanwhile, every animal is scared out of it's normal activities until the beaters have passed.
Yeah, that's not intrusive at all. No privacy compromised for anyone. And all it takes is the FBI actually infecting the Tor network with their own malware. Thank heavens they're the good guys. Oh, wait, the good g
This has to be illegal (Score:5, Insightful)
Or can FBI hack anyone at will without any legal oversight? I don't remember getting the memo where such behaviour from a government agency is legal.
Well I guess we can stop pretending we live in a law-abiding democratic world. It's an oligarchy run by the banks, the rich, lobyists and professional politicans, and scew everyone else...
--Coder
Cybercrime: Legal, but only if you're The Law (Score:5, Insightful)
So basically, if you're legally accessing a website while browsing with Tor, making use of legal services in a legal fashion... the FBI will install a wiretap on your computer, without a warrant, in order to monitor all your activities, on the off chance that you might be up to no good. This is rather like walking out into rush hour traffic, pointing at random cars, and saying "Search that car! We know terrorists use cars, so let's start searching them all."
Dear FBI,
Fuck you. That's a terrorist's mentality. You're worse than the lowly pieces of shit you hunt, because we expected you to uphold principles of integrity, honor, and those other words you got plastered on your slimy logo that used to mean something. You are, in fact, worse than a terrorist: You're a corrupt law enforcement organization with a bigger budget than any terrorist organization out there, and you are doing more harm to this country than catching a hundred Bin Ladens could accomplish.
-_- The internet is a global and international community and you need to show some restraint, otherwise you're going to create large amounts of resentment and anger throughout the world. No wait: You already have created this. You are endangering the infrastructure and the people you are oath-bound to protect with your actions. I don't give a flying fuck through a rolling doughnut what authority or law you think gives you the right to act in this fashion... you're a public menace. You're just giving everyone who doesn't like this country piles of ammunition and sympathy from the general public that can be used to attack MY country.
Knock it the fuck off. Now.
Re:Cybercrime: Legal, but only if you're The Law (Score:5, Insightful)
I'm not saying this to disagree with OP's rant, just to point out an easily-correctable issue.
I'll give you that. I was really angry when I wrote that. Still am, actually. Tor was originally designed by the US Navy. To my knowledge, several organizations within the military still recommend its use, or variant technology, in order to obscure source IP addresses that could identify the person browsing as being part of the US military. Needless to say, installing malware onto a computer that belongs to someone with a high security clearance is a security problem in and of itself. But it gets even worse; Tor is also widely used by political activists in countries like Iran, China, North Korea (okay, maybe not as much, since their internet is next to non-existant...), etc. These people depend on this technology so that they can advocate democracy in their country and provide intelligence that we actually use in this country... like, for example, reporting someone who might be planning a terrorist attack, and who for obvious reasons wants to submit such a report anonymously. But all of that is topped by the fact that now people know where the vulnerability is, and that it can't be easily fixed... we've just handed a large number of criminals carte a loaded gun, all so we can go after a small number of criminals, most of whom aren't a threat to anyone but themselves (drug users).
The FBI's little war on drugs and pedophilia here will cause considerable collateral damage, and in fact poses a clear and present danger to actual national security. Any gains they could have made by catching a few druggies and kid-fuckers is and will be completely buried by the damage. Cyberwarfare should be the domain of the military, not a civilian law enforcement agency. And that's what this is: This isn't just surveillance, this is a military attack against sovereign interests both domestic and foreign, as defined by our own recently enacted laws on cyberwarfare and terrorism... and while I disagree with a lot of the language of those laws, I do agree that when we're talking about anything not tightly bracketed and targetted to domestic activities alone, authority should remain with the military.
The FBI has so completely screwed the pooch here I am giving serious consideration to printing this out, writing down some notes, and driving downtown to meet with my representatives. I really, truly feel that what the FBI is doing is harmful to national security, foreign relations, and is also overstepping its judicial boundaries severely. Anyone who has given serious thought to what the rules of engagement might or should be regarding cyberwarfare would recognize this is a cluster fuck; Not only because they're publicly admitting it, but because even if they didn't, they're endangering the lives of foreign nationals who may in fact be intelligence assets, if not cultural, abroad. Political activists fighting for democracy could be killed because of this -- this is a very real threat. Those people should have our country's support, not suspicion and derision.
This is weapons grade stupidity. Normally I give law enforcement the benefit of the doubt -- a lot of what I read (for example, an article just two days ago on slashdot about the FBI interviewing someone over their browser history), has a grey area, or is missing key facts. I try very hard not to judge people until all the data is in. But this time... there's ample evidence that this was deliberate and it was done with a complete disregard for not just civil liberties, but national security. I mean, it doesn't really matter which side of the debate you're on here: They fucked all of it up.
slavery and death by a thousand cuts (Score:4, Insightful)
Be smarter (Score:5, Interesting)
First of all, use Whonix [whonix.org] to access Tor, never the same browser you use for any other purpose.
Second, use Firefox with a JonDoFox profile [anonymous-...ervers.net] which is not included in Whonix Workstation by default.
Third, go to ip-check.info [ip-check.info] and run the test on your browser. Everything should be green or yellow at the worst. If you see anything in red, fix it before you go to any questionable site. Finally, make sure you don't have any DNS Leaks in your host OS by running this test [dnsleaktest.com] also from your regular host browser. Don't use or trust DNS from your ISP.
If you want to be extra-cautious, run the Whonix Gateway after you establish a VPN connection. Choose an offshore provider that has multi-hop technology to avoid traffic analysis. I'm using iVPN [ivpn.net] who is located in Malta.
Only sort of offtopic (Score:5, Insightful)
I do not know who to trust or what to think anymore. If this threat is real or not, I imagine we are intended to suppose that it was the US governments blanket surveillance of the world, including domestic spying that tipped them off. On the other hand, the timing is such (Snowden/Manning) that for all I know they made the whole thing up to better justify government wrongdoing in the eyes of the people. Or perhaps al Qaeda made the whole thing up just to see if they can manipulate the movements of our government by taking advantage of info gathering with a campaign of false intel. I don't know who to trust or what to think anymore, with the exception that I know I don't trust my own government. They have proven themselves manipulative liars.
What does this have to do with Bitcoin? (Score:4, Insightful)
I don't see how this affects Bitcoin at all. It's not an exploit of Bitcoin. Bitcoin isn't dependent on any onion sites, "Freedom Hosting", or Tor. The Silk Road are not the only users of Bitcoin.
EFF (Score:5, Insightful)
EFF in the White house, ASAP please.
I understand there's a legitimate need to conduct surveillance when justified. But having people from the EFF and/or ACLU running, or at least supervising things will likely act as a filter to prevent further abuses and level the playing field.
Tor collaborated (Score:3, Insightful)
Nobody mentioned the exploit? (Score:5, Interesting)
There's a pretty good unwrapping of the payload here [mozilla.org], and it's a pretty creative exploit of the javascript interpreter to execute shellcode. Just from a glance at the shellcode, I see a hand-crafted HTTP header so at minimum they're using the OS network stack directly to give the tor-level UUID a public IP coorelation. Beyond that, they could be doing anything since they're already through the sandbox.
Re:Nobody mentioned the exploit? (Score:4, Informative)
"custom software to monitor peer-to-peer networks"
http://news.cnet.com/8301-10784_3-9920665-7.html [cnet.com] from 2008
"unique serial numbers" from the person's computer and keeps a tally.."
Why doesn't Tor block scripts? (Score:4, Informative)
OK, so why the hell doesn't someone take the five minutes to add some code to Tor that would strip out client-side scripting? It's not that hard; plenty of other secure networks do it (ex. Freenet) so why the hell doesn't Tor? I mean yeah, I get it, they give you ample warnings before you download, but is there any legitimate reason they don't do this or have they just decided they don't want to try to stop this kind of attack?
really? (Score:3)
BUT, seriously, who the hell would use TOR on a browser and then use it for non-tor stuff? I didn't know that was even possible given how the tor browser bundle works. This is seriously going to catch like zero people, lol. But A+ for effort. Then again, some pedos are notoriously dumb.
I'm kinda mad that tormail is down though. That was a huge privacy/anti-NSA tool. Obviously they took that down on purpose as "collateral" just so it's gone. That sucks.
The dangers of Big Data crime enforcement (Score:4, Informative)
We're now in the age of Big Data crime enforcement, where to be abnormal, in the sense of deviating too far from the median/norm is all it takes to be flagged as a suspect. The danger I see in the future is that, in order to avoid being caught in the net of the federal surveillance agencies people will deliberately start acting within the "norm", like visiting the sites online, Facebook/Twitter/G-something for your communication needs, or CNN/Fox/BBC for your "news", or whatever local site is "popular" in your area. To have an opinion will be to choose from an approved list, much like a multiple-choice exam or, worse, like the presidential election.
Re: Already the case (Score:3)
The exploit phones home, IP address 65.222.202.54 (Score:4, Informative)
The exploit transmits your identifying information to IP address 65.222.202.54. The information includes a unique tracking number generated by the exploit server, your computer's MAC address, your computer's host name, and any other IP addresses and host names visible on your local network.
This IP address traces back to a Verizon business account just outside Washington D.C., not far from FBI and CIA headquarters. You can see the IP location trace here [truevue.org], complete with a zoomable Google map. However note that the location trace is probably just an approximate location. Zooming all the way in shows a local shopping center, but that's probably just the location randomly landing at the "center" of a town or other service area.
-
Re: (Score:3)
My fault, at least August 2nd. Potentially longer.
Re: (Score:3)
Exit nodes weren't involved in this since it's an attack against hidden services whose traffic by definition remains within the TOR network. It's not really an attack on TOR, it was an attack on the server software Freedom Hosting was running and clueless/idiot TOR users with javascript enabled and other unsafe TOR habits.
Totally agree with you on people thing that TOR is some anonymity panacea is shortsighted.
Re: (Score:2)
Re: (Score:3, Informative)
Crazy libertarian conspiracy talk, Not real.
http://www.snopes.com/politics/guns/ssabullets.asp [snopes.com]
Re:I kind of want to be angry but.. (Score:5, Insightful)
The "I don't like the government monitoring me" part of me objects to this, but the "Find every pedo and kill them slowly" part of me is currently winning out
You're part of the problem. Have fun getting groped at airports.
Re: (Score:3)
With that said, why would you want to kill pedophiles? Not every pedophile is a child molester (nor is a child molester necessarily a pedophile), and not every pedophile even looks at child pornography.
Re: (Score:3)
Re:I kind of want to be angry but.. (Score:5, Insightful)
I love hearing cases where the law makes no sense. A 16-year-old and his 16-year-old girlfriend have sex. Statutory rape charges are brought against the boyfriend, but are dismissed because the laws state that you have to be 18 to be charged. The girlfriend records it on her phone, and send a copy to the boyfriend. She gets charged with production of child porn, and he gets charged with having it. Welcome to the new world order.
Re: (Score:3)
The "I don't like the government monitoring me" part of me objects to this, but the "Find every pedo and kill them slowly" part of me is currently winning out, because lets face it for every legitimate user of TOR, there was about 200 pedo's.
Have fun when FBI decides to make you a pedo by uploading crap using their malware.
Re: (Score:3)
Re: (Score:3)
Firefox 17 is Mozilla's Extended Support Release. I believe the 17.0.x branch still gets minor updates. The articles are vague about the zeroday and whether they affect the latest of that line (17.0.7, which is in the Tor Browser Bundle).
Re:We all have instances where we fall back... (Score:4, Insightful)
Isn't it interesting how easily people are manipulated? For some it's terrorism, for some child porn. I wonder what it would be for me that I'd consider more important than my freedom.
Still taking suggestions.