Tor Project warns: Academics accused of helping FBI de-anonymize Internet users

Tor Project, the not-for-profit group behind the technology, said on Wednesday that academics from Carnegie Mellon University made “at least $1 million” by helping the FBI de-anonymize Tor users earlier this year during the course of a criminal investigation.

“Such action is a violation of our trust and basic guidelines for ethical research. We strongly support independent research on our software and network, but this attack crosses the crucial line between research and endangering innocent users,” Tor said in a statement.

Tor allows users to stay relatively anonymous online by routing Internet traffic through various nodes around the world, in turn making it difficult for eavesdroppers to see where users are located or the websites they visit. It’s popular among whistleblowers, journalists, human rights workers and law enforcement officials who use the tool to mask their online activity, as well as individuals in repressive regimes where access to online content is restricted by the government.

www.washingtontimes.com...

It seems unlikely law enforcement obtained a warrant
to execute the de-anonymizing process discovered by
researchers “since it was not narrowly tailored to target
criminals or criminal activity, but instead appears to have
indiscriminately targeted many users at once.”

I suspect they were looking for a specific individual
who used Bitcoin on the TOR network to sell drugs.
They may have suspected that person operated out
of a specific geographic area, and this method was
used to help the FBI nab 'em.

This may have been how they caught Ross Ulbricht,
even though the court documents claim it was due
to his own folly:

The FBI caught the man accused of creating Silk Road -- the shadowy e-commerce site it describes as "the most sophisticated and extensive criminal marketplace on the Internet today" -- after he allegedly posted his Gmail address online, according to court documents.

Federal agents swooped on Ross William Ulbricht in a San Francisco public library Tuesday afternoon, charging the 29-year-old American with narcotics trafficking, computer hacking and money laundering. They allege he is "the Dread Pirate Roberts," the Silk Road's mysterious founder, who drew his pseudonym from the feared, fictitious character in the film The Princess Bride.

www.cnn.com...

They did not find Edward Snowden and that is
because he used the Tails operating system
in addition to TOR.

But since we don’t know who wrote Tails, how do we now it isn’t some government plot designed to snare activists or criminals? A couple of ways, actually. One of the Snowden leaks show the NSA complaining about Tails in a Power Point Slide; if it’s bad for the NSA, it’s safe to say it’s good for privacy. And all of the Tails code is open source, so it can be inspected by anyone worried about foul play. “Some of us simply believe that our work, what we do, and how we do it, should be enough to trust Tails, without the need of us using our legal names,” the group says.

Although Tails includes productivity applications like OpenOffice, GIMP and Audacity, it doesn’t make a great everyday operating system. That’s because over the course of day-to-day use, you’re likely to use service or another that could be linked with your identity, blowing your cover entirely. Instead, Tails should only be used for the specific activities that need to be kept anonymous, and nothing else.

www.wired.com...

“The masters of today’s Internet, namely the marketing giants like Google, Facebook, and Yahoo, and the spying agencies, really want our lives to be more and more transparent online, and this is only for their own benefit,” the group says. “So trying to counterbalance this tendency seems like a logical position for people developing an operating system that defends privacy and anonymity online.”

originally posted by: wasaka


They did not find Edward Snowden and that is
because he used the Tails operating system
in addition to TOR.

One of the problems with Tails is how to get a safe copy of it. I mean, how does a person know whether its been...fiddled with! How does a person know when they visit the Tails website that its the real website and not some copy created by the spooks?

i hope russia and snowden open up a network we can bounce through ,i dont hack the governments so why hack me.
paranoid powerfreaks should go catch a real terrorist like cameron,merkel,obama,cheney or the royal pedphilles

(i thought the onions where a u.s.navy seals invention??) link

they are the whole network is soooooooooooo suspect anyway

a reply to: wasaka

Tor was created buy the Navy then sold to another company. They would have known how to disable the anonymizing feature by simply using the algorithm used the anonymize the user in reverse and im pretty sure they already had a program to do so before they "Navy" sold TOR. However if the anonymizing algorithm was changed after it was bought then they would have a problem which I believe might of happened. If you have never used TOR but are old enough to remember AOL then it would remind you of AOL a bunch of crappy websites with very basic functions and a search engine that isn't reliable because the websites go down so often.

TOR is hard to trace IF you know how to use it. First off using your own network is stupid, use a place like starbucks would be better suited, Next your going to want to scan the starbucks network and spoof someones IP address and mac address. Then you would use TOR with a Linux OS like Kali and use proxy chains to keep any program that you run from giving the actual location away.

Even if they get a trace on you it will lead back to the spoofed IP address and to someone else's computer.

When I say Starbucks I mean any place with free wifi and when I say get on the network I don't mean walk into the location and sit down and get on the network because of the cameras. I mean parked in a car away from any cameras maybe using a war driver antenna.

I honestly believe TOR is still safe because They "government" would never suggest it isn't safe anymore if it wasn't safe they would simply just catch the people using it and never say a word or tell people how TOR keeps criminals safe but they cant stop it lol. However I believe Bitcoin isn't safe anymore! plain and simple.

originally posted by: jobless1
a reply to: wasaka

I honestly believe TOR is still safe because They "government" would never suggest it isn't safe anymore if it wasn't safe they would simply just catch the people using it and never say a word or tell people how TOR keeps criminals safe but they cant stop it lol. However I believe Bitcoin isn't safe anymore! plain and simple.

Bitcoin isn't safe anymore? Do tell, why do you say that?

a reply to: wasaka

It's not that Bitcoin is a get rich quick scheme, it's that fiat is a get-poor-slow scheme. Both time and wealth are relative, that's why this financial singularity *feels* a bit like a scheme at newcomer's first glance. It takes $22 to have the same purchasing power as one dollar in 1913. That is a 95% decline. And that is as measured by the Bureau of Labor Statistics (the government). So yes fiat is a get poor scheme, while Bitcoin is more like gold and silver.

a reply to: wasaka

bitcoin is the engine that runs the black market without bitcoin you cant hide the transactions from website to consumer hence bitcoin isn't safe. Even you should know the MT GOX was hacked which distributed the transactions. This is effectually known as a man in the middle attack.

man in the middle attack:One example is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. However all they have to do is watch the connection between the transaction and trace it to the Ip address

I believe free software that holds the bitcoins known as a bitcoin wallet you need to link it with an email address! Unless you spoof your ip address and mac address while making the email and link to a public network while making a transaction your screwed.

Here is some information
Given incentive enough, the addresses you use are traceable back to you, unless you are a perfect anonymity paranoid with some tech skills.

First at all, if you connect to internet using an ISP service you are paying, the IP you use is linked to you. If i have access to the bitcointalk server logs and your ISP information, then i know who you are. Same is true for a gmail account, an irc connection, or whatever activity you do using your IP. This includes sending transactions. While the blockchain won't store your IP, the bitcoin network, at some point, knew that you used that IP. A determined attacker could monitorize the network gathering this info (or have it stored).

So, let's say you created an address to receive funds and published it in site example.com. If someone can access the logs of example.com and your ISP info, he could know who you are. Your ISP data, in most places, should be law protected and difficult to obtain, in my country a judge has to allow access to it, but the true is that linking a range of ips to one user is not that hard (again, given incentive enough).

There are few ways to remain 100% anonymous. Tor is your best bet, and even using it you still need to be paranoid and higienic to not leak any information about real you.

Note that this info applies to pretty much every activity on the internet, not just bitcoins.

hope that helps

the talk talk hackers used tor and tails and still got caught,so think again !!!

originally posted by: jobless1
a reply to: wasaka

bitcoin is the engine that runs the black market
without bitcoin you cant hide the transactions from website to consumer
hence bitcoin isn't safe.

You are correct that "without Bitcoin [or some other
alternative] you CAN'T hide the transaction from
website to consumer." I agree.

Then you state: "hence bitcoin isn't safe."

You just took a leap from A to Z and mixed all
the letters in between. Your statement is illogical.
It is nonsense, like saying: "Cash is used to buy
illegal drugs, hence cash isn't safe."

Explain to me how cash could be unsafe?
Is it not the fool with the cash who is
unsafe for being in a bad neighborhood?

Lack of logic to the side, it is an unfair
mischaracterization of the circumstance.
You defame Bitcoin, sir. And I for one
will not stand for it!

Even you should know the MT GOX was hacked which distributed the transactions.
This is effectually known as a man in the middle attack.

You got the right terms down, but you seem to have
a fundamental failure to comprehended these terms
or use these words properly in a sentence. If English
is our second language that goes part of the way to
explain this nonsense, put only part way.

Yes, MT GOX went down. If they CLAIM to have been
'hacked', then suspect it was an inside-job. This in
no way reflex badly on the Blockchain technology
which is Bitcoin. When bad companies fail, that
is good for the economy, it means those coins
will now find their way to better companies.
People who use Bitcoin accept that risk,
because there is no government or bank
that regulates this FREE MARKET.

The free market is a beautiful thing and thanks
to Bitcoin mankind has one once again,

after long last.... Praise the Lord !!!

man in the middle attack:One example is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. However all they have to do is watch the connection between the transaction and trace it to the Ip address

As you said, "Note that this info applies to pretty
much every activity on the internet, not just bitcoins.

For those reading this, you can now ignore the previous
statement(s) as valid reason to say "Bitcoin isn't safe."

This is quit simply "hogwash."

I believe free software that holds the bitcoins known as a bitcoin wallet you need to link it with an email address! Unless you spoof your ip address and mac address while making the email and link to a public network while making a transaction your screwed.

Wrong. Better go check your facts.

Just yesterday I created a Bitcoin Paper Wallet
and I did it off-line. That Bitcoin address and
the private key are 100% safe. The is no IP
address or email address link to it.

Now if you talking about on-line wallets,
then yes you're correct. MT GOX was a
huge risk to use, knowing this, I never
had any dealings with that honeytrap.

The savvy Bitcoin user knows how to use
"cold storage" because they KNOW that these
on-line wallets get hacked all the time.

For long-term storage of bitcoins (or giving as gifts) it's not safe to store your bitcoins in an exchange or online wallet. These types sites are regularly hacked. Even keeping a live wallet on your own computer can be risky.

By printing out your own tamper-resistant bitcoin wallets and generating your own addresses, you can minimize your exposure to hackers as well as untrustworthy people in your home or office. Just transfer your bitcoins into your new wallets, and use common sense to keep your wallets safe the way you would jewels and ordinary cash. Or give them away!

bitcoinpaperwallet.com...

originally posted by: stuthealien
the talk talk hackers used tor and tails and still got caught,so think again !!!

If you just use it to buy weed, well then
you have little cause to worry. The dealer
has more reason to worry 1) because he is
the target of false-authority law enforcement,
and 2) because if he isn't computer savvy he
will reveal his IP address in numerous ways.

Know that I'm not savvy enough, keeps me
a buyer and not a seller.

*laughing* People talk about "honey pots" on TOR (enticing websites & whatnot) to help catch criminals...

TOR itself isf one HUGE honey pot. TOR was created by the defense industry...

a reply to: wasaka

seriously I could post what my degree is in! However you would just caulk it up to pretending or you could look at some of my posts when helping people who have computer problems however most of the time the answers are simple and Tor, proxy's, ip spoofing and changing your mac address isn't very well known subject material unless lets say you learned it through higher education or you are highly paranoid. War driving also isn't a well known subject by its name however if I said cracking wep you might just understand. I have used kali linux on a virtual machine "vmware and virtualbox" while using tor with proxy chains making sure no other program or service gives away my address.

However smart you are I sincerely hope your printer isn't a network printer? Because that would be just soo funny and i hope you cleared the data! Although you did say you did if offline however do you go online with the printer attached to the computer your using? My guess is your going to say no and that you know all this. Well good for you.

However disregarding the information I have given is clearly stupid as you needed to prove its safe buy downloading a program from github lol then printing the wallet out on paper so you can what? hand it to the person without being traced? why not give them cash?

also how did you get the bitcoins in question? Paypal is linked to an email account or did you mine them "how many fractions of a bitcoin do you have lol" or maybe a friend gave them to you yeah we will go with a friend gave them to you to make it safe. Then WTF is the point of the bitcoins in the first place if you cant securely do any type of transaction without being anonymous.