How a Catfish Works by M2 on Flickr
As most of the internet knows by now, 27 sites (originally reported to be the mindblowingly huge “over 400”) were taken offline and 17 people arrested by the FBI last week in what is known as Op Onymous. The sites were all located on what is known as the Dark Web/Darknet. While the sites existed on the internet, they were not part of the World Wide Web, and did not use the familiar domain name structure which we all know: Word.suffix, like TheCryptosphere.com. Darkweb URLs tend to be deliberately opaque combinations of numbers and dots, often followed by slashes and esoteric punctuation marks, and containing the word “onion,” signifying that it can only be reached via TOR and not your daddy’s regular old web browser.
TOR is a decentralized project and relies on volunteers to run “TOR nodes” through which users’ signals pass in order to connect with the darkweb sites, hosted on supposedly secure servers. By jumping through many TOR nodes, the signal is “laundered” the way money is when it’s passed through multiple holding companies; it becomes harder to trace which user is where, connecting to what.
If you own the node, of course, you can see who is who. You see them come in, metaphorically wearing a pink wig and a business suit, and you see them leave your node now wearing a balaclava and a sundress, looking like a completely different user. But you know.
And if “you” are the FBI, you take notes, and you wait. Then you pounce. It’s a variation of a Man-in-the-Middle scenario, with the FBI in between you and where you want to go.
This came as no surprise to certain savvy observers of the scene.
The Cryptosphere spoke to an information security consultant who wishes to remain unnamed. His remarks focused around the contentious Op Onymous takedown of the (now-resurrected) paste site Doxbin. It returned to life after the administrator publicly released technical information relating to the takedown and asked the collective brains of the internet to see what they could learn from those files.
Our source told us, “A few weeks ago some shitbag posted [dox of] the Judge in the Dread Pirate Roberts Silk Road 1.0 case on a random .onion [darkweb site] and stated he’d be adding family info updates using Doxbin. That, in my opinion, is what added doxbin to the target list for the takedown. Doxbin had clearnet mirrors, but it’s first & foremost an .onion site. TOR, as a host for nefarious .onions, is clearly broken. [Another] security researcher told me TOR is absolutely compromised. For activist communication it’s still useful, but the hosting of illegal businesses is not going to successfully continue. It also looks possible that the box [server] doxbin was on was seized simply because there were other hidden service targets on the same server. Also, a focused DDoS to drive TOR traffic to certain nodes which were used to decloak anonymity may have been the attack vector used by law enforcement.”
In other words, the Feds may have deliberately (and illegally) DDoS’d their competition in order to drive all TOR traffic to their own nodes. If everyone using TOR was forced to go through an FBI node at some point, then everyone is vulnerable.
This, people, is why you always, always use a VPN with TOR. It’s not perfect, but it’s the least you need to do. Our source clarified, “Adding a VPN to TOR doesn’t guarantee anonymity. Also, just hooking up to TOR via home connection is clearly visible to Internet Service Providers. That was stated in the Dread Pirate Roberts/Silk Road 2.0 indictment.”
These events also came as no surprise to Matt DeHart, the youthful American ex-soldier currently an involuntary guest of the government of Canada at the Lindsay, Ontario Supermax prison, his application for political asylum having been refused. There has been no request for extradition from American authorities, so DeHart is in a sort of limbo, waiting for the next move, whether it be from the FBI asking for extradition or from the Canadians, who have reportedly opened an espionage investigation on the would-be welding student.
DeHart and his family believe that his incarceration has a lot more to do with his days as a server admin for Anonymous, back in the old Project Chanology days, than it does with anything the US or Canadian governments are willing to put on paper. With that, and the operative familiarity with TOR that every Anon should have in mind, DeHart today released (via Free Matt DeHart on Facebook) a statement on the Darkweb takedowns and TOR security in general.
Matt’s mom, Leann, recalls: “Matt and I had a number of conversations about this during our trips to the river in 2012 [the two would take walks there to avoid eavesdropping]. He predicted that there would be an onslaught against the hidden service. In 2009, Matt and his group knew the government was creating several fake Tor hidden services and was running hostile scripts. This was an obvious plot to strip the anonymity of Tor users. He saw this day coming.
Matt’s response to the news re. Tor: “The lengths the government went to in 2010 to seize my Tor server presaged this type of behavior. It was apparent then, that the government viewed Tor as a tool for subversives rather than a platform for protected speech.”
Then again, is “protected speech” anything more than a quaint 20th Century ideal, at this point?
Featured Image: How a Catfish Works by M2 on Flickr
Categories: Activism, Anonymity, Anonymous, Censorship, Communication, Crypto, Cyber, FBI, Matt DeHart, News, Privacy, Security, TOR, US Government
The Cryptosphere 
I do indeed use a VPN wen using Tor,and pretty much all the time too.thats fairly obvious to ‘double layer’ the protection.
LikeLike
I recall a time when the Harvard Business school stopped teaching business ethics. A high proportion of their next graduating class went to prison for insider trading. They brought back the curriculum.
Unfortunately, despite the high level of power wielded by I.T. and math majors, no university has a core curriculum for these groups which includes ethics courses, or the discussion of ethics in other coursework. When we covered basic cryptography back in 1984, there was no discussion at all of privacy or other ethical concerns. It was all about the methods.
The ethic of privacy, of human rights, and the power inherent in communication technologies needs to be up in front all the time, so that people in these fields will think about it.
It is also a fact that the NSA is the largest (and one of the best paying) employers of mathematicians in the USA. There are few other employers for high end mathematicians, aside from a few university positions and they just don’t offer that sort of money. One might think it odd that in ANY era (let alone this one) that the NSA can still attract employees. You might just wonder how large a pay-check is needed for a person to be willing to throw away their ethics. However there is a missing element here.
Even with professors, and even the largest organisation for mathematics in the USA, begging mathematics graduate students not to work for the NSA, it is always the NSA desk that has the most applicants at the job fairs. Why?
Well for one thing there is that lack of a real dialogue on ethics, but think about this too. How many gifted mathematicians (and I.T. People for that matter) are on the Asperger’s spectrum?
Do you know anything about what Asperger’s Spectrum Disorder does to the development of social intelligence. I am certain that the NSA people do.
It isn’t just about social awkwardness. Asperger’s Spectrum Disorder includes the inability to understand how other people feel emotionally, The normal development of adult “Theory of Mind”, which is where we get empathy, altruism and ethics – is often just missing.
Going back to social awkwardness, if a person has Asperger’s Spectrum Disorder and does not cope well with interactions with other people, human contact, etc – is that person likely to want to work :
* with students every day in a crowded university
* in a corporation where (lets face it) you keep your job by being “one of the team”, making small talk, and going out after work (even when highly inconvenient)
* OR – in an NSA analyst group… with limited human contact, at high level of constant concentration, where the job is to just “do math”; to create mathematical models; to produce computer pattern recognition algorithms in order to chug through data – and to never have to deal with a student in your life
It is a fairly obvious answer.
In schools for kids with Aspurger’s they study human facial expressions – and often use art tutorials to do this. Why? Because those with the disorder require help understanding what other people feel based facial expressions (and by vocal cues). People who have Aspurger’s have difficulty understating other people on an emotional level. This can take the form of just plain not considering other people in their decisions (another thing kids with the disorder are trained to do).
This is only usually a problem with those who have it very badly. However those who are still quite functional will have an exploitable weakness, and I doubt this has escaped the notice of those who are hiring them to do unethical things for the NSA.
Imagine for a moment an extreme *but quite simple) example. Imagine that a person like the main character in “Rain Man” was hired by a group like the NSA or the CIA to count the number of protesters in a crowd at a glance… and to pick out their faces later on…
When the NSA acts as the employer of gifted mathematicians and IT people they will invariably get a fair number of people who have Asperger’s. I have seen it in software houses. Many people who have the largest gifts in pattern recognition, mathematics, etc are going to have Aspurger’s tendencies, which also means that unless they take a lot of special effort they will not necessarily understand the human ethics of the job they are doing.
What are the ramifications when the NSA seeks to employ people who cannot tell when the things they are asked to do, are just plain wrong?
LikeLike
I’m not on board with classifying people on the Asperger’s spectrum as amoral, incapable of making ethical judgements. After all, Rain Man, your own example, was a highly moral person.
I mean, Adrian Lamo is on the spectrum. And so, by his own admission, is Julian Assange. And they have a strong disagreement over moral principles, particularly with regard to turning in Chelsea Manning.
Literal insensitivity to others cannot be equated with amorality; morals do not arise from sensitivity to others, or blind people would all be assholes.
LikeLike
Of note:
LikeLike