SoylentNews is people
SoylentNews
Unlike conventional World Wide Web technologies, the Tor Darknet onion routing technologies give users a real chance to remain anonymous. Many users have jumped at this chance – some did so to protect themselves or out of curiosity, while others developed a false sense of impunity, and saw an opportunity to do clandestine business anonymously: selling banned goods, distributing illegal content, etc. However, further developments, such as the detention of the maker of the Silk Road site, have conclusively demonstrated that these businesses were less anonymous than most assumed.
Intelligence services have not disclosed any technical details of how they detained cybercriminals who created Tor sites to distribute illegal goods; in particular, they are not giving any clues how they identify cybercriminals who act anonymously. This may mean that the implementation of the Tor Darknet contains some vulnerabilities and/or configuration defects that make it possible to unmask any Tor user. [In this securelist.com article, the authors] present practical examples to demonstrate how Tor users may lose their anonymity.
Original Submission
(Score: 0) by Anonymous Coward on Friday June 19 2015, @09:12PM
Pardon the question from one who only knows the basics of Tor and not specifics....
Part of the FBI's explanation according to the website cited by kaszz above (https://www.nikcub.com/posts/analyzing-fbi-explanation-silk-road/) :
8. Upon examining the individual packets of data being sent back from the website,3 we noticed that the headers of some of the packets reflected a certain IP address not associated with any known Tor node as the source of the packets. This IP address (the “Subject IP Address”) was the only non-Tor source IP address reflected in the traffic we examined... When I typed the Subject IP Address into an ordinary (non-Tor) web browser, a part of the Silk Road login screen (the CAPTCHA prompt) appeared.
The author does not believe the methods actually described work as described, BTW. But what drew my attention: I'm aware that there are known Tor exit nodes (for example, Wikipedia prohibits editing from them - or did, anyway...) But is it really possible for the FBI (or any other entity without mammoth monitoring resources Not Specifically Acquired) to be able to know a certain given address is not coming from a Tor node? Or, another way: How would one KNOW with certainty that a given IP address is or is not a Tor source?
The other item for me: The FBI can swear up one side and down the other that NSA had nothing to do with it. But once the Pandora's Box of parallel construction has been opened there is no way that trust can be restored that it didn't occur. (Or that DEA shared information with FBI that was originally sourced from NSA would provide pretty plausible deniability.)
(Score: 0) by Anonymous Coward on Friday June 19 2015, @11:59PM
Geoip db has a list of tor exit nodes.
Or, if you want fresher information:
https://check.torproject.org/cgi-bin/TorBulkExitList.py [torproject.org]
Entry nodes are common knowledge too-- the Tor directory nodes have to tell your client where to connect. Here is a site that uses this information (note the csv download of all tor nodes):
https://torstatus.blutmagie.de/ [blutmagie.de]