As most of the internet knows by now, 27 sites (originally reported to be the mindblowingly huge “over 400”) were taken offline and 17 people arrested by the FBI last week in what is known as Op Onymous. The sites were all located on what is known as the Dark Web/Darknet. While the sites existed on the internet, they were not part of the World Wide Web, and did not use the familiar domain name structure which we all know: Word.suffix, like TheCryptosphere.com. Darkweb URLs tend to be deliberately opaque combinations of numbers and dots, often followed by slashes and esoteric punctuation marks, and containing the word “onion,” signifying that it can only be reached via TOR and not your daddy’s regular old web browser.
TOR is a decentralized project and relies on volunteers to run “TOR nodes” through which users’ signals pass in order to connect with the darkweb sites, hosted on supposedly secure servers. By jumping through many TOR nodes, the signal is “laundered” the way money is when it’s passed through multiple holding companies; it becomes harder to trace which user is where, connecting to what.
If you own the node, of course, you can see who is who. You see them come in, metaphorically wearing a pink wig and a business suit, and you see them leave your node now wearing a balaclava and a sundress, looking like a completely different user. But you know.
And if “you” are the FBI, you take notes, and you wait. Then you pounce. It’s a variation of a Man-in-the-Middle scenario, with the FBI in between you and where you want to go.
This came as no surprise to certain savvy observers of the scene.
The Cryptosphere spoke to an information security consultant who wishes to remain unnamed. His remarks focused around the contentious Op Onymous takedown of the (now-resurrected) paste site Doxbin. It returned to life after the administrator publicly released technical information relating to the takedown and asked the collective brains of the internet to see what they could learn from those files.
Our source told us, “A few weeks ago some shitbag posted [dox of] the Judge in the Dread Pirate Roberts Silk Road 1.0 case on a random .onion [darkweb site] and stated he’d be adding family info updates using Doxbin. That, in my opinion, is what added doxbin to the target list for the takedown. Doxbin had clearnet mirrors, but it’s first & foremost an .onion site. TOR, as a host for nefarious .onions, is clearly broken. [Another] security researcher told me TOR is absolutely compromised. For activist communication it’s still useful, but the hosting of illegal businesses is not going to successfully continue. It also looks possible that the box [server] doxbin was on was seized simply because there were other hidden service targets on the same server. Also, a focused DDoS to drive TOR traffic to certain nodes which were used to decloak anonymity may have been the attack vector used by law enforcement.”
In other words, the Feds may have deliberately (and illegally) DDoS’d their competition in order to drive all TOR traffic to their own nodes. If everyone using TOR was forced to go through an FBI node at some point, then everyone is vulnerable.
This, people, is why you always, always use a VPN with TOR. It’s not perfect, but it’s the least you need to do. Our source clarified, “Adding a VPN to TOR doesn’t guarantee anonymity. Also, just hooking up to TOR via home connection is clearly visible to Internet Service Providers. That was stated in the Dread Pirate Roberts/Silk Road 2.0 indictment.”
These events also came as no surprise to Matt DeHart, the youthful American ex-soldier currently an involuntary guest of the government of Canada at the Lindsay, Ontario Supermax prison, his application for political asylum having been refused. There has been no request for extradition from American authorities, so DeHart is in a sort of limbo, waiting for the next move, whether it be from the FBI asking for extradition or from the Canadians, who have reportedly opened an espionage investigation on the would-be welding student.
DeHart and his family believe that his incarceration has a lot more to do with his days as a server admin for Anonymous, back in the old Project Chanology days, than it does with anything the US or Canadian governments are willing to put on paper. With that, and the operative familiarity with TOR that every Anon should have in mind, DeHart today released (via Free Matt DeHart on Facebook) a statement on the Darkweb takedowns and TOR security in general.
Matt’s mom, Leann, recalls: “Matt and I had a number of conversations about this during our trips to the river in 2012 [the two would take walks there to avoid eavesdropping]. He predicted that there would be an onslaught against the hidden service. In 2009, Matt and his group knew the government was creating several fake Tor hidden services and was running hostile scripts. This was an obvious plot to strip the anonymity of Tor users. He saw this day coming.
Matt’s response to the news re. Tor: “The lengths the government went to in 2010 to seize my Tor server presaged this type of behavior. It was apparent then, that the government viewed Tor as a tool for subversives rather than a platform for protected speech.”
Then again, is “protected speech” anything more than a quaint 20th Century ideal, at this point?
Featured Image: How a Catfish Works by M2 on Flickr