Tor is at the center of a huge crackdown on child-pornography out of Ireland.
Could it be that Jacob Appelbaum will develop other reasons why he has to stay in Germany and not go to the United States and maybe not travel at all?
As you can see from his talk with Roger Dingledine, one of the original coders of Tor, Jake is on something of a campaign tour to promote Tor and try to get more people to use it. With the Edward Snowden story and more attention to Appelbaum's online footprint, he says he needs to stay in Germany now as he continues to hawk Tor. Now that effort may be facing some setbacks.
The story of the crack-down on the child pornography ring is different depending on who is telling it.
Before It's News -- which seems sortof the Lifenews.ru of America to me -- says that "half of Tor is compromised".
The reason is that the FBI reportedly did a script attack on the sites and essentially went and grabbed all the browser IDs so they could out the users.
Oh, you know who else did that? Fractured Crystal in Second Life with the Emerald Viewer, when he set it up so that everyone clicking on a link and downloading a file was also accessing the i-frames of a site of an enemy and essentially DdoSing him. So it was like hijacking and using people and had privacy implications as well. That was enough to sink the approved 3rd party status of Emerald Viewer for ever...oh, until they renamed it and came back on alts.
In any event, Tor supposedly has 2,000 nodes (not a figure you can believe as it comes from Jacob Appelbaum), so if there are now only 1,000 or whatever, that means they are all more exposed, they are easier to stand out. Says Before It's News:
This is undoubtedly a big blow to the TOR community, Crypto Anarchists, and more generally, to Internet anonymity. All of this happening during DEFCON.
I can't help thinking that the demise of Tor -- used for WikiLeaks, Silk Road illegal narcotics trade, anarchists planning mayhem, Occupy, etc. -- is maybe a good thing. Not that I don't think they're capable of rolling new alts and re-spawning and living to grief another day.
But I don't think hackers' own illicit methods should be used against them -- because of the kind of society that we get as a result. I'd like to hear more about this story, because the FBI may have felt they had to pour purple die on all the Tor users in order to flush out those using the child pornography, which is what they were legitimately after. There may be no further damage to the non-criminal users, and frankly, they're all being warned and all re-doing their passports and footprints.
I'd like to hear if this really violated anybody's rights other than "the right to have Tor to defeat surveillance" which isn't a right (and don't go invoking the 4th amendment, which isn't open-ended and speaks of "reasonable" search and seizure for a reason -- a concept I don't want anarchist hackers defining anyway.)
Interestingly, the main story in the Irish press about the child pornography ring bust doesn't even mention Tor. Maybe because Tor is one of those geeky things that not everyone knows about, and is the mechanics or technical side of how so many contributors to the sexual abuse and exploitation of children can get away with their crimes.
There's a Russian connection to this story as well as you can read.
He also told the court several weeks ago he searched online about Russian visas out of curiosity due to the issues surrounding former US NSA contractor Edward Snowden.
Russia also happens to be one of the largest havens in the world for child pornographers.
Here is how the zero-day is explained by BIN:
If you saw this while browsing Tor you went to an onion hosted by Freedom Hosting. The javascript exploit was injected into your browser if you had javascript enabled.
What the exploit does:
The JavaScript zero-day exploit that creates a unique cookie and sends a request to a random server that basically fingerprints your browser in some way, which is probably then correlated somewhere else since the cookie doesn’t get deleted. Presumably it reports the victim’s IP back to the FBI.
An iframe is injected into FH-hosted sites:
Now, look over at Boing Boing and there just isn't the same degree of information, the same journalistic (even for BIN) use of "presumably" regarding the FBI, or the same up-front linkage to the Irish press describing the awfulness of this crime (instead a link at the bottom to another nerd site contains a link). Oh, and Cory Doctorow doesn't mention that 1,000 or more nodes -- "half" could be compromised. Ever the truth-teller...
And instead, there is only a focus on the evil FBI outing privacy and the self-referential concerns of the darknet set:
Users of Tor hidden services report that their copies of "Tor Browser" (a modified, locked-down version of Firefox that uses Tor by default) were infected with malicious Javascript that de-anonymized them, and speculate that this may have originated with with FBI. Tor Browser formerly came with Javascript disabled by default, but it was switched back on again recently to make the browser more generally useful. Some are predicting an imminent Bitcoin crash precipitated by the shutdown.
Interesting that Bitcoin depends on Tor so much as well! Bitcoin has been terribly overhyped, and anyone who lived through the Second Life virtual stock market and banking era knows how it will end -- in tears.
The Register says the Tor servers "vanished."
Yes, I imagine Jake is standing in a pool of server water now wailing "All my beautiful wickedness..."
OpenWatch tries to parse this:
As this is part of an ongoing FBI investigation, there is no conclusive evidence that the injection of this JavaScript is the result of a government operation, however, this does fall under a known pattern of FBI behavior related to child porn sting operations. It is possible that the attack, which delivers a weaponized exploit to Firefox users running Windows systems, is the work of non-government cyber criminals, although the timing of the arrest and the appearance of this code on a number of hidden services hosted by Freedom Hosting does seem to imply a government operation.
The execution of malicious JavaScript inside the Tor Browser Bundle, perhaps the most commonly used Tor client, comes as a surprise to many users. Previously, the browser disabled JavaScript execution by default for security purposes, however this change was recently reverted by developers in order to make the product more useful for average internet users. As a result, however, the applications has become vastly more vulnerable to attacks such as this
It's possibly that some grouping in Anonymous decided to attack the child pornographers because certain Anon factions have operations doing this -- they try to track and out and entrap them. Some Anonymous don't like Appelbaum for their own sectarian reasons. Tor is not liked by all hackers. So this story is still a bit murky.
Recent Comments