[tor-talk] potential leak on Torpedo
https://pay.reddit.com/r/TOR/comments/2b8oq3/please_read_if_you_usedepend_on_tor_never_before/ Please read if you use/depend on Tor. Never before seen FH information. (self.TOR) submitted 16 hours ago * by Deepthroat2 [+1] Hello everyone, I have some information that I have been dying to share for months, but due to the circumstances, and to avoid detection, I had to wait for some time before I was able to safely make this post. My goal here is to provide information that I know is credible and for the Tor community to use it as they see fit, due to the nature of my work, and the severe penalties associated with breaking the rules and giving out information you aren't supposed too, I have no way of verifying or proving anything to you that I say here, I understand if find me less than credible, however, this is essentially a PSA, and you can take it for what it's worth to you. Just about one year ago, the Tor community was shaken by a Firefox exploit which utilized a javascript exploit and an old vulnerbility in the Tor Browser Bundle to unmask some users of Freedom Hosting. There has been rampant misinformation, and speculation to the point that I felt like pulling my hair out, or just simply bursting out into laughter when reading some of the outlandish claims made by people who have little to no idea what they are talking about. Today, I will set the record straight. The FH exploit was a government engineered, and deployed exploit that was designed in response to former Director Mueller's fustration at an earlier child pornography case in which the FBI was ridiculed for being unable to ascertain the source of child pornography, for those who aren't familiar with this case, it involved a man who had accessed child pornography by accident on a Tor hidden service, and then brought his desktop computer to the office, explaining what had happened and that he subsequently preformed a "Full wipe" on the disk. The agent who took the report had limited knowledge about Tor, however, at the time he knew that any directed effort to identify a specific Tor user was hopeless, and in the report he indicated that "There is currently no known way to ascertain the location of a Tor user, thus, no investigative leads exsist." This got leaked to the press, and they had a field day, hinting at the incompetency of the Bureau. Needless to say, the FBI had it's ego hurt quite badly by this public display of incompetency. Then Director Mueller directed the CEOS (Child exploitation and obscenity section) to find a way to penetrate the layers of protection provided by Tor, and to come up with a fesible way to conduct a sting operation in order to bring these people to justice. The FBI had previously conducted a sting on viewers of child pornography in a case out of Nebraska, that resulted in the arrest of about 25 people. This was the first successful take down of CP consumers that were utilizing a Tor hidden service. One of the errors that I see alot on these forums and others was that the Nebraska take down was done in a similar fashion to the FH exploit, with the code being deployed onto the pages of the boards, however, this is not the case. From my understanding, the Nebraska field office was able to find the actual server, take it over covertly, then upload a series of files that purported to be child pornography, but actually contained nothing but encrypted gibberish. They were video files that were embedded with code that called back to a computer that recorded the IP address of the requestor, date and time similar to the way windows media player attempts to recall album information and cover art for music cds and such. These were files that the user actually had to download and attempt to open. This is why the service was run for weeks, and only 25 people were identified as users. This method was described by the techs who deployed it as a "NIT" or "Network Investigational Tool". Now for Freedom Hosting The javascript exploit could not be deployed directly on the servers which Mr. Marques was using due to either technical reasons, or legal requirements by the AUSA in Maryland. So the decision was made to clone the services exactly, and transport then to the home of the FBI CEOS in the Greenbelt division of Maryland. This location was picked specifically because sentencing in this district for Child Pornography crimes is more severe. It was July 31st of 2013 when the exploit actually went live, and tried to identify criminals. It was installed previously, however, there were technical problems early on and the code had to be revised 3 times before it was running as intended, it ran for about 11 days before being shut down. The amount of people identified by this exploit is still a closely gaurded secret, with only agents having a direct "Need to know" being privy to this information. Howver, the victory dance was short lived as news started flowing around that the evidence may not be admissible in court, d
Re: [tor-talk] potential leak on Torpedo
I read this on Reddit, but I have to say. Did he say anything new? Most of what was stated was already known or at least most guessed at it. On 07/21/2014 10:31 AM, Eugen Leitl wrote: https://pay.reddit.com/r/TOR/comments/2b8oq3/please_read_if_you_usedepend_on_tor_never_before/ Please read if you use/depend on Tor. Never before seen FH information. (self.TOR) submitted 16 hours ago * by Deepthroat2 [+1] Hello everyone, I have some information that I have been dying to share for months, but due to the circumstances, and to avoid detection, I had to wait for some time before I was able to safely make this post. My goal here is to provide information that I know is credible and for the Tor community to use it as they see fit, due to the nature of my work, and the severe penalties associated with breaking the rules and giving out information you aren't supposed too, I have no way of verifying or proving anything to you that I say here, I understand if find me less than credible, however, this is essentially a PSA, and you can take it for what it's worth to you. Just about one year ago, the Tor community was shaken by a Firefox exploit which utilized a javascript exploit and an old vulnerbility in the Tor Browser Bundle to unmask some users of Freedom Hosting. There has been rampant misinformation, and speculation to the point that I felt like pulling my hair out, or just simply bursting out into laughter when reading some of the outlandish claims made by people who have little to no idea what they are talking about. Today, I will set the record straight. The FH exploit was a government engineered, and deployed exploit that was designed in response to former Director Mueller's fustration at an earlier child pornography case in which the FBI was ridiculed for being unable to ascertain the source of child pornography, for those who aren't familiar with this case, it involved a man who had accessed child pornography by accident on a Tor hidden service, and then brought his desktop computer to the office, explaining what had happened and that he subsequently preformed a "Full wipe" on the disk. The agent who took the report had limited knowledge about Tor, however, at the time he knew that any directed effort to identify a specific Tor user was hopeless, and in the report he indicated that "There is currently no known way to ascertain the location of a Tor user, thus, no investigative leads exsist." This got leaked to the press, and they had a field day, hinting at the incompetency of the Bureau. Needless to say, the FBI had it's ego hurt quite badly by this public display of incompetency. Then Director Mueller directed the CEOS (Child exploitation and obscenity section) to find a way to penetrate the layers of protection provided by Tor, and to come up with a fesible way to conduct a sting operation in order to bring these people to justice. The FBI had previously conducted a sting on viewers of child pornography in a case out of Nebraska, that resulted in the arrest of about 25 people. This was the first successful take down of CP consumers that were utilizing a Tor hidden service. One of the errors that I see alot on these forums and others was that the Nebraska take down was done in a similar fashion to the FH exploit, with the code being deployed onto the pages of the boards, however, this is not the case. From my understanding, the Nebraska field office was able to find the actual server, take it over covertly, then upload a series of files that purported to be child pornography, but actually contained nothing but encrypted gibberish. They were video files that were embedded with code that called back to a computer that recorded the IP address of the requestor, date and time similar to the way windows media player attempts to recall album information and cover art for music cds and such. These were files that the user actually had to download and attempt to open. This is why the service was run for weeks, and only 25 people were identified as users. This method was described by the techs who deployed it as a "NIT" or "Network Investigational Tool". Now for Freedom Hosting The javascript exploit could not be deployed directly on the servers which Mr. Marques was using due to either technical reasons, or legal requirements by the AUSA in Maryland. So the decision was made to clone the services exactly, and transport then to the home of the FBI CEOS in the Greenbelt division of Maryland. This location was picked specifically because sentencing in this district for Child Pornography crimes is more severe. It was July 31st of 2013 when the exploit actually went live, and tried to identify criminals. It was installed previously, however, there were technical problems early on and the code had to be revised 3 times before it was running as intended, it ran for about 11 days before being shut down. The amount of people identified by this exploit is still a closely gaurded secret, with only agen
Re: [tor-talk] potential leak on Torpedo
On Mon, 21 Jul 2014 16:31:35 +0200 Eugen Leitl wrote: > > https://pay.reddit.com/r/TOR/comments/2b8oq3/please_read_if_you_usedepend_on_tor_never_before/ > "There is currently no known way to ascertain the location of a Tor > user, thus, no investigative leads exsist." yeah, keep the tor propaganda and disinformation coming. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
