PDA

View Full Version : Tor Systems Used for Illegal Activities



airdog07
June 27th, 2013, 03:43 PM
Tor Systems Used for Illegal Activities
Added: Tuesday, June 25th, 2013

According to statistics, many thousands of people access shady sites via Tor every day. While most users say they use the systems because they want to stay anonymous, some exploit the layers of proxies to find drugs.

Originally, the Onion Router has been created by the US Navy a decade ago in order to keep government communications safe from prying eyes. The reports say that Tor had reached about 600.000 users annually. The way it works is quite simple to understand – instead of using one proxy to hide the IP addresses, it uses a whole chain of proxies, hence its name.

A decade ago nobody had this concept of privacy, but now this doesn’t seem so far-fetched anymore. While Tor claims to be used daily for various purposes by the military, journalists, law enforcement officers and activists, the Child Exploitation and Online Protection Center is warning that 1/3 of its users are suspected of conducting a wide range of unauthorized activities. Some people confessed they had started using Tor to buy drugs online. This is why some experts now believe that Tor should be blacklisted by governments. As for the United Kingdom, the country’s Prime Minister believes that sites and search engines have to take responsibility for what they offer, particularly when it comes to kids porn. David Cameron believes that Internet companies and search engines should use their extraordinary technical abilities to do more to root out child pornography. As a result, the government keeps convening a round-table of the largest online companies and demands to do more.

In the meanwhile, the backside of the problem is privacy – this is an overgrowing concern in the past several years. The experts admit that because of government collusion with record companies and rights owners to crack down on file-sharing copyrighted content, Internet users had to start using such networks as Tor, which were previously only used by advanced users and people looking for illegal content. So, people targeted by this type of law will do what they can to seek out material.

Among Tor users, there are innocent family people – they use Tor because they just don’t want themselves or family followed around by councils or the police. While the industry experts agree that the problems at hand can’t be ignored, the issue could easily get out of hand, like it happened with P2P.

by sam

airdog07
June 27th, 2013, 03:44 PM
British ISPs Ban Torrent Proxies
Added: Tuesday, June 25th, 2013

It seems that Sky, Virgin Media, BT, and perhaps other ISPs have started an off-the-books campaign against pirate proxies. As you know, some of the major BitTorrent portals, including The Pirate Bay, Kat.ph, H33t, and Fenopy, can’t be accessed in the United Kingdom any longer (at least not by their original web addresses). As a result, Internet users have turned their heads towards alternatives, where the most popular option is pirate proxies. Apparently, the BPI and British broadband providers had done the same.

There is a long list of websites operating as proxies, which appear to be partly blocked now. The matter is that all websites in that list provide access to at least one of the torrent websites previously blocked by court order. The operators of the portals admit they never thought the BPI would go that far. They have already started setting up new servers, but still believe that educating people about alternate methods will be better. Some experts release lists of good methods on their own pages online. In the meanwhile, operators have to move their sites to new servers to keep them accessible.

In response, BPI pointed out that the court orders obtained in relation to TPB cover not just thepiratebay itself, but also websites having the sole or predominant purpose of providing access to the largest BitTorrent tracker in the world. This is why the outfit believes it wouldn’t be right to allow proxy services flagrantly to circumvent blocks ordered by the High Court. The anti-piracy group doesn’t publish the names of proxies, claiming that it wouldn’t be appropriate for them to do so.

airdog07
June 27th, 2013, 03:47 PM
Spybot - Search & Destroy® is still free for private use

Spybot - Search & Destroy from Safer-Networking Ltd.

(http://www.safer-networking.org/)Free VMware vSphere Hypervisor (http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&ved=0CFQQFjAC&url=http%3A%2F%2Fwww.vmware.com%2Fproducts%2Fvsphe re-hypervisor%2Foverview.html&ei=FLPMUfUTpv2JAr6igcgK&usg=AFQjCNEPHZRtYLPIg01I9uMuqaXXVzSu_Q&bvm=bv.48572450,d.cGE)Get started with virtualization for free with the VMware vSphere Hypervisor (based on ESXi). This bare metal hypervisor reduces hardware

(http://www.safer-networking.org/)

airdog07
August 18th, 2013, 07:37 PM
FBI Managed to Hack Tor
Added: Thursday, August 15th, 2013

FreedomWeb, an Ireland-based company providing hosting for “hidden services” over the Tor network, was recently closed down after its owner, Eric Eoin Marques, was alleged of helping spread kids abuse images.

Apparently, the Federal Bureau of Investigation has managed to hack Tor. According to its Open Watch blog, users of Tor hidden services suddenly discovered that their copies of the browser were infected with malicious Javascript which de-anonymized them.

The experts suggest that the FBI has hacked them. The matter is that Tor Browser is originally shipped with Javascript disabled, but it seems to have been somehow switched back on again to make the browser more useful. Despite the fact that this move can be regarded as a victory for the FBI against kids pornographers using the Tor network, it also represents a serious security breach for international activists and online users living in repressive states which use the services with the only purpose to practice free speech on the Internet.

In its efforts to take down kids abuse images, the authorities might have exposed countless activists to arrest and torture. But the experts suggest that as far as the untouchables are concerned, those activists are foreigners and very far away. The affected service, OpenWatch, has been in the early stages of designing an alternative to Freedom Hosting, named OnionCloud, in order to allow anonymous Heroku-like app hosting.

airdog07
August 18th, 2013, 07:40 PM
TOR Recommended to Stay Away from Windows
Added: Saturday, August 17th, 2013

TOR is warning Internet users to abandon Windows after it was revealed that American spooks were spreading malware on the popular anonymizing network exploiting Firefox zero-day vulnerability. The latter allowed the FBI to use JavaScript code in order to harvest crucial identifying data on PCs visiting some services using The Onion Router network.

1923

TOR developers suggest users to simply switch away from Windows. The matter is that the malicious Javascript which exploited zero-day vulnerability was created to target Windows PCs running Firefox 17 ESR, a version customized to view websites through TOR.

In the meantime, people using Linux and OS X remained unaffected. Although there’s nothing to stop the spooks writing a version of the code targeting Linux and OS X, it is still less likely to happen. It seems that the fake Javascript was planted on services where the attacker was interested to see who visited. It collected the hostname and MAC address of a user’s PC and sent it to a remote computer. This exploit was targeted specifically to unmask people using Tor Browser Bundle without really installing any backdoors on their host.

The TOR developers also recommended peoples to turn off Javascript by clicking the blue "S" by the green onion within the TOR browser. They explained that disabling JavaScript may reduce users’ vulnerability to other attacks similar to the last one. However, disabling JavaScript would make some online services not work like users expect. A future version of the browser will have an easier interface to allow people to configure their JavaScript settings. Although Mozilla has already patched the hole in Firefox, some users may still be using the earlier versions of the TOR Browser Bundle.

airdog07
August 24th, 2013, 08:21 PM
Pirate Browser Hit Torrent Sites
Added: Saturday, August 24th, 2013

The largest BitTorrent tracker in the world, The Pirate Bay, is now celebrating a massive 100,000 downloads of its own censorship dodging Pirate Browser in just a couple days. The new browser, containing Firefox portable, foxyproxy, and Tor, was developed by TPB team to get around government blockades placed on torrent services and other file-sharing sites.

1924


It’s been a while that a range of European countries, including the United Kingdom, Belgium, Italy, and Ireland, have imposed blocks on accessing TPB and other services. For example, in the UK, online filters will have to become default for all packages offered by Internet service providers. This is why the Pirate Browser has additional purposes beyond torrenting.

It should be noted that the browser by itself doesn’t guarantee anonymity. The Pirate Bay points out that if you really want to get that rare commodity, you can sign up with a trusted VPN in order to route your traffic through. However, even this way won’t secure you 100%.

In the meantime, the immediate success of the Pirate Browser will be a blow to such governments as the UK’s, where its deeply unpopular policy, traditionally dressed up as a moral crusade to protect kids, is actually being used to decide what is and what is not acceptable for grown adults to access on the Internet. The BitTorrent tracker itself has long been a target of entertainment industry backed politicians who are told that piracy is an enormous threat to the world economy. The Pirate Bay, its operators and owners have frequently been vocal about their opposition to such policies, because those are restrictive to online freedoms.

airdog07
October 8th, 2013, 06:27 AM
FBI Admits It Controlled Tor Servers Behind Mass Malware Attack By Kevin Poulsen (http://www.wired.com/threatlevel/author/kevin_poulsen/)


09.13.13
4:17 PM


http://www.wired.com/images_blogs/threatlevel/2013/09/Networking-switches-660x433-1.jpg
Photo: Andrew Hart (http://www.flickr.com/photos/andrewfhart/8106189987/in/photostream/)/Flickr

It wasn’t ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors.
Freedom Hosting’s operator, Eric Eoin Marques, had rented the servers from an unnamed commercial hosting provider in France, and paid for them from a bank account in Las Vegas. It’s not clear how the FBI took over the servers in late July, but the bureau was temporarily thwarted when Marques somehow regained access and changed the passwords, briefly locking out the FBI until it gained back control.
The new details emerged in local (http://webcache.googleusercontent.com/search?q=cache:oZqPbrxgxTIJ:www.independent.ie/irish-news/courts/child-porn-accused-trying-to-move-to-russia-fbi-29574802.html+&cd=1&hl=en&ct=clnk&gl=us) press reports (http://www.rte.ie/news/2013/0912/473824-eric-eoin-marques/) from a Thursday bail hearing in Dublin, Ireland, where Marques, 28, is fighting extradition to America on charges that Freedom Hosting facilitated child pornography on a massive scale. He was denied bail today for the second time since his arrest in July.
Freedom Hosting was a provider of turnkey “Tor hidden service” sites — special sites, with addresses ending in .onion, that hide their geographic location behind layers of routing, and can be reached only over the Tor anonymity network. Tor hidden services are used by sites that need to evade surveillance or protect users’ privacy to an extraordinary degree – including human rights groups and journalists. But they also appeal to serious criminal elements, child-pornography traders among them.
On August 4, all the sites hosted by Freedom Hosting — some with no connection to child porn — began serving an error message with hidden code embedded in the page. Security researchers dissected the code (http://www.wired.com/threatlevel/2013/08/freedom-hosting/) and found it exploited a security hole in Firefox to identify users of the Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia. The FBI was the obvious suspect, but declined to comment on the incident. The FBI also didn’t respond to inquiries from WIRED today.
But FBI Supervisory Special Agent J. Brooke Donahue was more forthcoming when he appeared in the Irish court yesterday to bolster the case for keeping Marques behind bars, according to local press reports. Among the many arguments Donahue and an Irish police inspector offered was that Marques might reestablish contact with co-conspirators, and further complicate the FBI probe. In addition to the wrestling match over Freedom Hosting’s servers, Marques allegedly dove for his laptop when the police raided him, in an effort to shut it down.
Donahue also said Marques had been researching the possibility of moving his hosting, and his residence, to Russia. “My suspicion is he was trying to look for a place to reside to make it the most difficult to be extradited to the U.S.,” said Donahue, according to the Irish Independent (http://www.independent.ie/irish-news/courts/child-porn-accused-trying-to-move-to-russia-fbi-29574802.html).
Freedom Hosting has long been notorious for allowing child porn to live on its servers. In 2011, the hactivist collective Anonymous singled out the service for denial-of-service attacks after allegedly finding the firm hosted 95 percent of the child porn hidden services on the Tor network. In the hearing yesterday, Donahue said the service hosted at least 100 child porn sites with thousands of users, and claimed Marques had visited some of the sites himself.
Reached by phone, Marques’ lawyer declined to comment on the case. Marques faces federal charges in Maryland, where the FBI’s child-exploitation unit is based, in a case that is still under seal.
The apparent FBI-malware attack was first noticed on August 4, when all of the hidden service sites hosted by Freedom Hosting began displaying a “Down for Maintenance” message. That included at least some lawful websites, such as the secure email provider TorMail.
Some visitors looking at the source code of the maintenance page realized that it included a hidden iframe tag that loaded a mysterious clump of Javascript code from a Verizon Business internet address. By midday, the code was being circulated and dissected all over the net. Mozilla confirmed the code exploited a critical memory management vulnerability in Firefox that was publicly reported (http://www.mozilla.org/security/announce/2013/mfsa2013-53.html) on June 25, and is fixed in the latest version of the browser.
Though many older revisions of Firefox were vulnerable to that bug, the malware only targeted Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle – the easiest, most user-friendly package for using the Tor anonymity network. That made it clear early on that the attack was focused specifically on de-anonymizing Tor users.
Tor Browser Bundle users who installed or manually updated after June 26 were safe from the exploit, according to the Tor Project’s security advisory (https://blog.torproject.org/blog/tor-security-advisory-old-tor-browser-bundles-vulnerable) on the hack.
http://www.wired.com/images_blogs/threatlevel/2013/08/magneto.png
The payload for the Tor Browser Bundle malware is hidden in a variable called “magneto.”

Perhaps the strongest evidence that the attack was a law enforcement or intelligence operation was the limited functionality of the malware.
The heart of the malicious Javascript was a tiny Windows executable hidden in a variable named “Magneto.” A traditional virus would use that executable to download and install a full-featured backdoor, so the hacker could come in later and steal passwords, enlist the computer in a DDoS botnet, and generally do all the other nasty things that happen to a hacked Windows box.
But the Magneto code didn’t download anything. It looked up the victim’s MAC address — a unique hardware identifier for the computer’s network or Wi-Fi card — and the victim’s Windows hostname. Then it sent it to a server in Northern Virginia server, bypassing Tor, to expose the user’s real IP address, coding the transmission as a standard HTTP web request.
“The attackers spent a reasonable amount of time writing a reliable exploit, and a fairly customized payload, and it doesn’t allow them to download a backdoor or conduct any secondary activity,” said Vlad Tsyrklevich, who reverse-engineered the Magneto code (http://tsyrklevich.net/tbb_payload.txt), at the time.
The malware also sent a serial number that likely ties the target to his or her visit to the hacked Freedom Hosting-hosted website.
The official IP allocation records maintained by the American Registry for Internet Numbers (https://www.arin.net/) show the two Magneto-related IP addresses were part of a ghost block of eight addresses that have no organization listed. Those addresses trace no further than the Verizon Business data center in Ashburn, Virginia, 20 miles northwest of the Capital Beltway.
The code’s behavior, and the command-and-control server’s Virginia placement, is also consistent with what’s known about the FBI’s “computer and internet protocol address verifier,” or CIPAV, the law enforcement spyware first reported (http://www.wired.com/politics/law/news/2007/07/fbi_spyware) by WIRED in 2007.
Court documents and FBI files released under the FOIA have described the CIPAV as software the FBI can deliver through a browser exploit to gather information from the target’s machine and send it to an FBI server in Virginia. The FBI has been using the CIPAV (http://www.wired.com/threatlevel/2009/04/fbi-spyware-pro/) since 2002 against hackers, online sexual predators, extortionists, and others, primarily to identify suspects who are disguising their location using proxy servers or anonymity services, like Tor.
Prior to the Freedom Hosting attack, the code had been used sparingly, which kept it from leaking out and being analyzed.
No date has been set for Marques’ extradition hearings, but it’s not expected to happen until next yea

airdog07
October 8th, 2013, 06:33 AM
Silk Road bust hints at FBI's new cybercrime powers

17:45 04 October 2013 by Hal Hodson
1944

The biggest drug marketplace on the internet has been busted. The illicit empire of the Silk Road came crashing down on Wednesday after its founder Ross Ulbricht, aka Dread Pirate Roberts , was arrested and charged with narcotics trafficking, money laundering, computer-hacking and attempted murder. He was caught through ads and coding queries related to Silk Road, posted to the web in the early days of development, and tagged using his real email address.

The end of Silk Road means the FBI has now brought down two of the most famous services on Tor, the anonymising software that lets users access hidden parts of the internet, known as the darknet.

Earlier this year, it busted shady web-hosting company Freedom Hosting – known for turning a blind eye to child porn websites. Although Ulbricht was caught though a couple of small mistakes, the computers running Silk Road and Freedom Hosting were supposed to be impossible to find, running as hidden services within Tor, obscured from the rest of the internet by layers of routing computers. The FBI not only found the hidden servers, but managed to take complete control of them without their owners even noticing, logging the activity of the services' users and, in the case of Freedom Hosting, distributing malware to identify them.

Investigators at Baneki Privacy Labs, a non-profit internet research collective, say that's highly unusual. Despite reports in the Guardian newspaper today that the NSA has been attempting to unmask Tor users, such sophistication is unprecedented for the FBI. "Not many people in the world were taking heavier security measures than Freedom Host and the Silk Road," a Baneki investigator who did not want to be named told New Scientist.

He says that Ulbricht was meticulous in his administration of the Silk Road server, and that it's very unlikely that he shared it with any associates. The FBI usually access servers by putting pressure on someone with administrative access, but not this time.

The Baneki researcher says the FBI managed to get administrative access to the Silk Road servers and make a copy of the hard drives, then sit in the background watching all the traffic."We don't know how that was done, are aware of no routine techniques that would enable that kind of intrusion. If there's technology to do that, it's very advanced."

Many Silk Road buyers and sellers are panicking about the bust. One, called jayman62, wrote on Reddit: "all our money is gone. i just loaded mine 10 minutes before they seized it. im screwed. it wasnt all my money and its very dangerous people i now owe large sums too. im a dead man."

The Silk Road take-down also has implications for two important internet technologies – Tor and digital currency Bitcoin.

Bitcoin lost 40 per cent of its value as soon as news broke that the FBI had seized Silk Road servers, taking 27,000 Bitcoins with them, worth around £2.2m,

, as well as transaction records. "Silk Road was an important part of the Bitcoin economy, and probably the largest use of Bitcoin as a currency, as opposed to a speculative instrument," says Nicolas Christin of Carnegie Mellon University in Pittsburgh, who published a paper analysing Silk Road in 2012.

Tor may see a more chilling effect. Baneki researchers argue that FBI busts of the two highest-profile Tor services will destroy any trust the public had in the system, which has also been used by dissidents in repressive regimes to organise themselves. "The masses will never trust Tor again," the Baneki investigator says.

The Tor Project argues that Ulbricht's slip-ups do not mean that Tor itself has been compromised. But the FBI complaint against Ulbricht does not explain how the organisation tracked down the Silk Road server, which was supposed to be hidden by Tor. The FBI declined to comment, but there are a number of possibilities. A handful of recent and upcoming research papers have shown that the Tor network is no longer a safe place to run hidden services.

"In general, Tor architecture is not suited for protecting anonymity of long-term, popular web services," says Alex Biryukov of the University of Luxembourg. The Tor Project acknowledged as much earlier this year, and even laid out a roadmap to fix the issues, if and when it can find the resources. Its current insecurity isn't stopping other black markets from filling the void left by Silk Road's demise. Sheep Marketplace and Black Market Reloaded both offer drugs and weapons and are both still accessible via Tor – for now.

Biryukov and his co-authors examined Tor's hidden services in a research paper presented at the IEEE Symposium on Security and Privacy earlier this year. It took them $11,000 and eight months to get into a position where they could have revealed the real IP address of a hidden service (they avoided actually learning the IP address to preserve privacy). In a later paper, they found that the majority of hidden .onion sites, which require Tor to access, are either botnets – used to send spam or launch attacks on institutions – adult sites or black markets.

Another paper by researchers at Georgetown University and the US Naval Research Laboratory, both in Washington DC, shows that Tor users can be unmasked in as little as a day with a given amount of control over the network, control which, thanks to Edward Snowden, we know that the NSA does have. The paper will be presented in November at the Conference on Computer and Communications Security in Berlin, Germany.

For the Baneki investigator, there is no doubt that the NSA is behind the FBI's newfound powers. "The underlying firepower is all NSA, what your ten billion dollars a year buys you," he says.

In the "post-Snowden world", the NSA's capabilities have been revealed to be beyond what even the most paranoid had previously feared. "We're in a different world now. We now know there's an 800-pound gorilla in the corner," says the investigator. "The Silk Road came up, and the gorilla has smashed it."

airdog07
October 8th, 2013, 06:45 AM
The FBI busted Silk Road, but not the 'dark web' behind it

'Dread Pirate Roberts' wasn't as smart as he — and everyone else — assumed he was

By Adrianne Jeffries on October 2, 2013 07:35 pm Email 105Comments

Silk Road, the underground website where dealers sold illegal drugs, was supposed to be safe. The site was nestled deep in the dark web, accessible only through the anonymizing network Tor. All transactions were done in the anonymizing virtual currency Bitcoin. Its owner-operator, Dread Pirate Roberts, was said to be a criminal mastermind and technical wunderkind who never left a trail. It was all very hackerish and clandestine.

And yet, today the FBI shut down the site and arrested Dread Pirate Roberts. "This is supposed to be some invisible black market bazaar. We made it visible," an FBI spokesperson told Forbes after the bust. "No one is beyond the reach of the FBI. We will find you."

This was all very alarming for the community of Silk Road users who believed that technology was keeping them safe. Actually, it was alarming for anyone who uses the Tor network for privacy — which includes journalists, activists, and even law enforcement. How could FBI take down a site protected by Tor, the gold standard for anonymity?

"How could the FBI take down a site protected by Tor, the gold standard for anonymity?"

Tor stands for The Onion Router, a reference to its layers of security. Tor has two main functions: one for users, one for website operators. First, Tor protects users who want to mask their activities on the web; connect to Tor, and your data will be bounced around, making random stops, until its true origin is nearly impossible to identify.

"The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you — and then periodically erasing your footprints," according to the nonprofit Tor Project, which leads development on the open source software. Users who bought and sold on the Silk Road were all signed into Tor at the time.

The second use case for Tor is to protect websites by requiring that all traffic to the site be untraceable. These "hidden services" are only accessible through Tor, creating a second, secret internet that some call the "dark web." These sites are invisible to Google's spiders, and there is no search engine for the dark web. Users must be signed into Tor and must know the exact address of where they're going. In theory, assuming other precautions are taken with the actual software running the server, Tor should protect websites from revealing the location of their servers.

The FBI managed to locate the server that was hosting Silk Road, however. So does this mean Tor failed?

""Tor is not broken.""

While it is possible that the FBI discovered some vulnerability in Tor that was not disclosed in the criminal complaint, it seems much more likely that this was old-fashioned police work. Dread Pirate Roberts made a number of errors, according to the FBI, including connecting to the Silk Road server using only a Virtual Private Network and not Tor and using an email address that contained his real name in a way that could be traced back to Silk Road. The police even intercepted a Silk Road package containing nine pieces of fake identification with the photo of the man they eventually arrested.

"Tor is not broken," Karen Reilly, development director at the Tor Project, said in an email. "According to the criminal complaint, the accused was found through mistakes in operational security. Tor can not protect you if you use your legal name on a public forum, use a VPN with logs that are subject to a subpoena, or use any other services that collect personal information that is freely given or collected in the background."

In other words, it looks like this was a case of sloppiness.

The FBI says in its complaint that it obtained an "image" of the Silk Road server, which is a technical term in computer forensics that refers to a bit-for-bit copy. That usually means the data was obtained from a service provider, Chester Wisniewski, a senior security advisor for network security firm Sophos, told The Verge. Even if the server was hosted outside the US, Silk Road was trafficking in drugs, guns, hacking software, child pornography, and even murder-for-hire.

"That's the problem with Silk Road," Wisniewski says. "If you're dealing in stolen music and software, you can get away with that all day long. Once you start engaging in the variety of things that were going on at places like Silk Road, there's almost always a violation of the law. Any country at some point will comply with a lawful request for data."

Indeed, the complaint says the image was obtained via a Mutual Legal Assistance Treaty request, suggesting cooperation with a foreign government. Having a copy of the server would have allowed the FBI to comb through private messages and turn up more ways to find Dread Pirate Roberts. The FBI has held back on releasing all the details of its investigative techniques, and some won't be revealed until a trial, if ever. The complaint refers to persons "known and unknown" who helped Dread Pirate Roberts, suggesting that maybe the FBI knew administrators or mods who could have been turned into informants.

"The FBI has held back on releasing all the details"

It's also possible that the data was obtained from the server through some kind of virus or malware injected by the FBI, which wouldn't be Tor's fault, either. The FBI has in the past used malware to compromise servers for hidden services, as it admitted two weeks ago in connection with the bust of a company that provided hosting for them. However, that doesn't seem to be what happened in this case.

"Tor is still the single biggest leap forward in my lifetime for anonymity on the internet," says Steve Santorelli, a former Scotland Yard detective and spokesperson for Team CYMRU, a security research firm focused on the internet. "Literally, people's lives get saved because of Tor. But there are so many different ducks that need to be lined up for you to be completely bombproof. That's why people go to jail."

Related Items bitcoin darknet silk road dread pirate roberts tor project dark web
1945

Of course the “deep web” will still exist! Saying that the deep web will cease to exist because the silk road was shut down is like saying organized crime will cease to exist because Al Capone was arrested.

Even if tor has been compromised (it was developed by the military, there is a chance that the nsa actually has a back door), or if it can be defeated by deep packet inspection, the criminals would move onto something else!

Of course, the criminals will always slip up somewhere, and no amount of encryption can stop that.

Finally, I’m going to repost this classic:

-----------------------------------------------------------------------------------------------------
shava23

Tor was originally developed by the US Naval Research Lab — but it’s an open source project under constant review by security researchers and academics and hackers all over the world. It’s subject to audit of the code and it’s not uncommon for papers pointing out various flaws in Tor security to be featured like badges of honor at security conferences (Hey! Look what I managed to find!) at which point the Tor Project scrambles (if they weren’t informed in advance) and fixes the flaw ASAP and gets a fix deployed into the field as soon as humanly possible if not sooner. The guys are dedicated.

Implying that this crew, who are taking huge paycuts over what they could be getting from private industry or the NSA for that matter, working long hours and busting their butts so journalists, human rights workers, democracy activists (and yes, even the jerks who abuse the network) can have decent anonymity online, is really a slam against a highly dedicated group of hacktivists.

I don’t work for the project for years (left in 2007), but it bugs me that this “potential government backdoor” issue keeps coming up like people think they are clever. It portrays a fundamental misunderstanding of open source.

I think that the government was clever giving it away (“Hey look, Ali! This communication — it looks like onion routing! Must be US military intelligence!” Not very anonymous, is it?) and we were clever rewriting it from the ground up as open source for nearly a decade now of arms race with China, Iran, and everyone else who’s given us hives trying to defeat us in the effort to unmask privacy online (alas, including some entities stateside, although most of our support has also been from the supporters of internet freedom who are also most ardently from the US. We are a contentious bunch — the country was designed to be scrappy.). It makes us stronger, but it’s an asymmetrical fight.

Instead of slamming the project, you should donate to it.

The people who really need the software aren’t exactly going to give us their credit card and personally identifying information eh? Ethnic Tibetan bloggers in China. Arab Spring organizers. Women communicating trying to escape trafficking. Those sorts.

No government anywhere is monolithic. My experience as founding executive director of Tor taught me that, if I hadn’t suspected it before hand. The whistleblowers from the NSA who pre-dated Snowden — officers Stark, Weibe and Binney — who you all basically ignored in 2007? They should be patent proof that there are people in every part of government who care deeply about civil liberties and our Constitutional rights.

Don’t assume because someone is associated with the military, law enforcement, government, Congress, the executive branch or what have you that they are an enemy. MLK didn’t, and he got the wedge of the Voting Rights Act and other fundamental compromises that changed the culture and law enacted and worked into our lives. Keep your eyes on the prize, and stop painting this into comic book boundaries and characters, if you want to be effective in changing the world.

We need all of you to engage these issues, not just bitch about them, sitting in your ergonomic chairs.

Shava Nerad, founding executive director, the Tor Project
I don’t speak for the project, just volunteer a bit since 2007, but I like them a lot.

-------------------------------------------------------------------------------------------------------------------------------------------------------------
The feds pay for 60 percent of Tor’s development. Can users trust it? By
(http://www.washingtonpost.com/brian-fung/2013/07/22/a6298bda-f2de-11e2-ae43-b31dc363c3bf_page.html) Brian Fung
September 6 at 4:17 pm


(http://www.washingtonpost.com/blogs/the-switch/wp/2013/09/06/the-feds-pays-for-60-percent-of-tors-development-can-users-trust-it/#comments)

http://www.washingtonpost.com/blogs/the-switch/files/2013/08/tor.png


This week, we learned that the NSA had managed to circumvent (http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security) much of the encryption that secures online financial transactions and other activities we take for granted on the Internet. How? By inserting backdoors into the very commercial software designed to keep sensitive medical records, bank files and other information private.
The NSA's sustained attempt to get around encryption calls into question many of the technologies people have come to rely on to avoid surveillance. One indispensable tool is Tor, the anonymizing service (http://torproject.org/) that takes a user's Internet traffic and spits it out from some other place on the Web so that its origin is obscured.
So far there's no hard evidence that the government has compromised the anonymity of Tor traffic. But some on a Tor-related e-mail list recently pointed out that a substantial chunk of the Tor Project's 2012 operating budget came from the Department of Defense (https://www.torproject.org/about/findoc/2012-TorProject-FinancialStatements.pdf), which houses the NSA.