Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 14 submissions in the queue.
posted by Fnord666 on Monday January 16 2023, @02:28AM   Printer-friendly
from the Guilt-by-association dept.

From: Gizmodo:

Motherboard originally reported that the bureau has somehow managed to nab the IP address of an alleged criminal using Tor, short for "The Onion Router," as part of an ongoing anti-terrorism case. The guy in question, Muhammed Momtaz Al-Azhari, of Tampa, Florida, was charged in 2020 with attempting to provide material support to ISIS. According to the government, Al-Azhari is "an ISIS supporter who planned and attempted to carry out an attack on behalf of that terrorist organization." Part of the government's case against Al-Azhari revolves around his use of Tor to make multiple visits to an ISIS-related website prior to the planned attack. ...

It's not exactly clear what happened here. Somehow, the government ascertained Al-Azhari's real IP address—which actually turned out to be his grandma's IP address because he was staying with her in Riverside, California at the time of his arrest, court documents state. Since Tor should have protected Azhari's real location and IP address, the question remains: how did the feds get this information?

--------

Is use of TOR probable cause for other investigative techniques that would ordinarily violate civil liberties? (ask a warrant issuing judge.) It it any different from wearing a ski mask to the bank teller window?


Original Submission

This discussion was created by Fnord666 (652) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 1, Funny) by Anonymous Coward on Monday January 16 2023, @02:32AM (5 children)

    by Anonymous Coward on Monday January 16 2023, @02:32AM (#1287020)

    Aren't masks required so people know who you vote for? Thats gotta be protected speech.

    • (Score: 3, Informative) by Anonymous Coward on Monday January 16 2023, @04:41AM (1 child)

      by Anonymous Coward on Monday January 16 2023, @04:41AM (#1287029)

      >masks required so people know who you vote for?

      Yeah, wasn't that the plan for Jan 7th 2021? Round up all the mask wearers?

      • (Score: 1, Touché) by Anonymous Coward on Monday January 16 2023, @03:11PM

        by Anonymous Coward on Monday January 16 2023, @03:11PM (#1287057)

        Round up all the mask wearers?

        Unfortunately they ended up rounding up a bunch of feds instead, so they had to let Ray Epps go and jail a bunch of Republicans who took an unguided tour of the capitol.

    • (Score: 3, Funny) by DannyB on Monday January 16 2023, @05:21PM

      by DannyB (5839) Subscriber Badge on Monday January 16 2023, @05:21PM (#1287089) Journal

      I thought masks were required so that I don't contract, or spread covid-19 after my five covid vaccinations.

      Soon to be six. Or sicks.

      --
      The most difficult part of the art of fencing is digging the holes and carrying the fence posts.
    • (Score: 2) by mcgrew on Monday January 16 2023, @07:33PM (1 child)

      by mcgrew (701) <publish@mcgrewbooks.com> on Monday January 16 2023, @07:33PM (#1287120) Homepage Journal

      Can whomever modded that "funny" please explain it to me? It was a real WOOSHer.

      --
      mcgrewbooks.com mcgrew.info nooze.org
      • (Score: 0) by Anonymous Coward on Monday January 16 2023, @08:03PM

        by Anonymous Coward on Monday January 16 2023, @08:03PM (#1287126)

        Liberal snowflakes wear masks, upstanding patriot conservatives don't. It's a politics joke.

  • (Score: 5, Insightful) by owl on Monday January 16 2023, @03:41AM (5 children)

    by owl (15206) on Monday January 16 2023, @03:41AM (#1287025)

    the question remains: how did the feds get this information?

    One thing that folks who aren't 'info-sec' savy (and that likely describes this one, not 'info-sec' savy) often overlook is the massive asymmetric nature of the govt. inspectors in this environment.

    The govt. can be patient, and keep someone under surveillance 24/7. They have enough employees that they can replace the shift worker every 8 hours so every "watcher" is mostly fresh. And they can just patiently keep watching, day after day after day.

    For the target, the tables are turned. The target has to practice perfect info-sec, every single time. There are no breaks, there are no fresh shift workers arriving after an 8 hour day. All it takes, once one has made themselves a target like this, is just one single slip-up, and the govt. watchers have found their targets real identity/location. The govt. is watching 24/7, and the target has to not have even one slip-up anywhere. Forget to log in with your "tor-browser" and use your regular one, just once, game over. Anything the target does that is a screw-up, security wise, once they have risen to this level of attention by the govt., and the govt. has found out their target.

    So, the most likely answer to 'how' is: the target screwed up, failed to use Tor just once, and the govt. was already monitoring the site, and bam, game over for the target.

    This was also how DPR of The Silk Road fame was eventually caught. He slipped up, once, and didn't properly maintain his "security" and the govt. was already watching at that point, and bam, they had their man.

    • (Score: 3, Insightful) by driverless on Monday January 16 2023, @07:54AM

      by driverless (4770) on Monday January 16 2023, @07:54AM (#1287040)

      Yup. A combination of poor OPSEC by the target and good old-fashioned detective work by law enforcement got him, nothing more, nothing less. Tor is a tool, not magic pixie dust to make you invisible to the law.

    • (Score: 5, Interesting) by turgid on Monday January 16 2023, @07:58AM (1 child)

      by turgid (4318) Subscriber Badge on Monday January 16 2023, @07:58AM (#1287041) Journal

      Here in the UK they monitor and store every single transaction you do on the Internet and store the data for a year. They don't (routinely) store the content of your transaction, but they store the metadata, source and destination, time of day, that sort of thing. I would imagine that using something like Tor might cause suspicion since, despite having legitimate uses, it also is a very useful tool for criminals. I think if they suspect something, they just need to go to court for a warrant and then they can log and monitor more than just the metadata.

      Many years ago I worked for a company which had a special "box" in the server cabinet that cost > $12k and it was for doing deep packet inspection. We were developing some video gear. One of my colleagues went on YouTube to get some video to test with. Almost instantaneously, the alarms went off, corporate IT in the US were on the phone demanding that he be hauled up before HR and fired.

      He wasn't fired. The Americans were told to calm down.

      I was told by our local IT guy that this black box could to Man In The Middle on encrypted traffic, and in the US it was set up to do so. Corporate IT wanted to do that here in the UK too, but he firmly told them no, that it was illegal here and would not be enabled.

      I also many years ago knew a guy from the former Yugoslavia, who was understandably very nervous about government surveillance. He refused to use the Internet at all, and he was a Computer Scientist.

      • (Score: 3, Touché) by DannyB on Monday January 16 2023, @05:28PM

        by DannyB (5839) Subscriber Badge on Monday January 16 2023, @05:28PM (#1287090) Journal

        He refused to use the Internet at all, and he was a Computer Scientist.

        There is IP by avian carrier.

        I would also point out a minivan full of pocket hard drives has much higher bandwidth than any internet connection. But the latency sucks.

        If he does not use the internet, he might get actual work done.

        --
        The most difficult part of the art of fencing is digging the holes and carrying the fence posts.
    • (Score: 2, Troll) by VLM on Monday January 16 2023, @03:33PM (1 child)

      by VLM (445) on Monday January 16 2023, @03:33PM (#1287065)

      The target has to practice perfect info-sec, every single time

      Its a little worse than that. If our secret political police run 1% of the nodes in the network, you got a 50/50 chance of connecting to a FBI node if you connect 100 times.

      The other problem is "target rich environment" you can just put ALL detected TOR users on a list and then figure out what they're doing later. There's just not that many users and the traffic sticks out like a sore thumb. Like seriously, how many ISIS supporters live in Tampa anyway? Once you got someone on a list, you just wait for enough data to arrive.

      The way it usually works with the FBI is everyone he contacted was an agent trying to entrap him. The market demand for terrorists is WAY higher than the supply so the FBI has to manufacture some once in awhile.

      • (Score: 3, Insightful) by helel on Monday January 16 2023, @06:39PM

        by helel (2949) on Monday January 16 2023, @06:39PM (#1287102)

        Technically it's attempt 69 when you hit that 50% odds.

  • (Score: 5, Informative) by Rosco P. Coltrane on Monday January 16 2023, @03:46AM (8 children)

    by Rosco P. Coltrane (4757) on Monday January 16 2023, @03:46AM (#1287026)

    Firstly, it's very easy to deanonymize people who use TOR but keep letting Javascript script run in their browsers. Like trivially easy. That's why that awful TOR browser exists: everything is so damned disabled in it it's as good as unusable. But it's the only option if you really want TOR to be useful.

    But mostly, there's a very good chance that the US TLAs run more than half the TOR nodes in the world. Think about it: who pays for the bandwidth and the servers, and why would they provide the service anonymously for free to people hitting their servers primarily for sketchy purposes? If one actor runs enough nodes, they can follow a TOR's connection hops and deanonymize the TOR user. It makes total sense that TLAs run TOR as a honeypot.

    So with that in mind, what is TOR good at? Not doing terrorist stuff, that's for sure. What it's good at is downloading geolocked content from servers that don't check for TOR exit nodes (i.e. a free VPN). It's also good for dodging corporate surveillance and giving Google, FB, Microsoft, CloudFlare and Akamai the middle finger - again, provided you use the TOR browser, otherwise again, it's false security.

    Other than that, avoid TOR. It's not worth the risk.

    • (Score: 2) by JoeMerchant on Monday January 16 2023, @04:38AM

      by JoeMerchant (3937) on Monday January 16 2023, @04:38AM (#1287028)

      >it's the only option if you really want TOR to be useful.

      Well, in the theoretical world, you wouldn't be using TOR to access Facebook or other mainstream sites anyway - so the "Dark Web" that caters to TOR users should be setup to work with the TOR browser.

      Ever browse in Lynx? It's useful, on sites that accommodate its limitations, which used to be all sites back around 1994.

      >mostly, there's a very good chance that the US TLAs run more than half the TOR nodes in the world.

      So very much this ^^^, and why would people think that's not the case?

      --
      🌻🌻 [google.com]
    • (Score: 5, Interesting) by MostCynical on Monday January 16 2023, @04:46AM (4 children)

      by MostCynical (2589) on Monday January 16 2023, @04:46AM (#1287030) Journal

      I run my browser in what is, almost 'tor state' - noscript, ghostery, ublock origin...

      It is very hard to browse like this - so it is not surprising people slip up/just can't be bothered.
      it shouldn't be hard to protect yourself when online, but it really is the wild west

      Note, I also run chromium for all those sites that just won't work without 'showing my underwear'..

      (I also think children should NOT be allowed on the web. No need to think of the children if there aren't any - but if adults can't protect themselves, why let children near the place)

      --
      "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
      • (Score: 3, Interesting) by bzipitidoo on Monday January 16 2023, @12:02PM (3 children)

        by bzipitidoo (4388) on Monday January 16 2023, @12:02PM (#1287051) Journal

        Ad blocking works great. Noscript, on the other hand, is a huge pain to use. Most web sites won't work without Javascript. I am constantly allowing Javascript scripts just so I can do my job. A typical site wants to run a dozen different scripts, and the Noscript user is left to guess which ones are really needed.

        Another annoyance is the incessant messaging "This site uses cookies! Agree?". I often manually delete the treacherous cookies that sites such as the nytimes use to block you and nag you to subscribe because you've reached the limit on the number of free articles you're allowed to read. Delete their cookies to reset that number. Would be better to automate that, but I do not know what browser extensions do that.

        • (Score: 4, Informative) by owl on Monday January 16 2023, @03:39PM

          by owl (15206) on Monday January 16 2023, @03:39PM (#1287069)

          Another annoyance is the incessant messaging "This site uses cookies! Agree?".

          A side effect of the GDPR.

          Would be better to automate that, but I do not know what browser extensions do that.

          For NYT and other paywall nag schemes, it is better to just search the URL at archive.today and see if an archive copy is already present (it often is) and if not, archive it. This JS bookmarklet will automate the process of "looking up" the current URL of the page in archive.today:

          javascript:(function(){window.location="https://archive.is/"+window.location;})();

        • (Score: 1, Interesting) by Anonymous Coward on Monday January 16 2023, @03:42PM

          by Anonymous Coward on Monday January 16 2023, @03:42PM (#1287071)

          I work around that by writing userscripts that replicate the broken functionality in a way that gives me 100 % control over what they do. Granted, with some of the more egregious abominations out there that isn't an option unless you're willing to spend an awful amount of time on it --- and those tend to be moving targets too.

        • (Score: 2) by Reziac on Tuesday January 17 2023, @02:24AM

          by Reziac (2489) on Tuesday January 17 2023, @02:24AM (#1287170) Homepage

          I use NoScript, and do not find it to be a PITA. Most sites only need one or two servers enabled, and it's usually fairly obvious, because they have CDN or the like in the domain name. And once that scripting is enabled, usually the superfluous servers vanish from NoScript's list. And most of the ad and tracking servers are known names. On maybe one site out of a hundred, I have to do more server-fishing to locate the necessary scripting. But once it's done for a given site, I never need to do it again. On perhaps one site in a thousand I give up and resort to a different browser.

          --
          And there is no Alkibiades to come back and save us from ourselves.
    • (Score: 2, Interesting) by shrewdsheep on Monday January 16 2023, @09:56AM

      by shrewdsheep (5215) on Monday January 16 2023, @09:56AM (#1287045)

      Firstly, it's very easy to deanonymize people who use TOR but keep letting Javascript script run in their browsers. Like trivially easy. That's why that awful TOR browser exists: everything is so damned disabled in it it's as good as unusable. But it's the only option if you really want TOR to be useful.

      I believe this is true when the target site itself is compromised. In this case, it seems to me that you are in pretty hot waters anyway. You might leave a crypto trail (as in you wallet id), or you have a login handle on the site, that identifies you (as in discussion board that is not liked by a TLA). Getting a fingerprint of your browser would do essentially the same thing. Maybe it could help to detect aliased accounts. What could javascript do on top of that?

    • (Score: 5, Insightful) by Runaway1956 on Monday January 16 2023, @10:40AM

      by Runaway1956 (2926) Subscriber Badge on Monday January 16 2023, @10:40AM (#1287047) Journal

      there's a very good chance that the US TLAs run more than half the TOR nodes in the world.

      In a nutshell, you've explained how the FBI can find anyone, if they want to find him badly enough. It only takes one poisoned router, and government owns hundreds, maybe even thousands. Somewhere, there's an article explaining how that whole MITM thing works with TOR. TOR can be useful to non-government actors, but only so long as government finds it advantageous to allow those actors to act.

      --
      ‘Never trust a man whose uncle was eaten by cannibals’
(1)