SoylentNews is people
SoylentNews
The FBI is not eager to reveal (more) details about methods it used to identify Tor users as part of a child pornography case. FBI's Operation Torpedo previously unmasked Tor users by serving them malicious scripts from secretly seized .onion sites.
The FBI is resisting calls to reveal how it identified people who used a child pornography site on the Tor anonymising network. The agency was ordered to share details by a Judge presiding over a case involving one alleged user of the site. Defence lawyers said they need the information to see if the FBI exceeded its authority when indentifying users. But the Department of Justice (DoJ), acting for the FBI, said the details were irrelevant to the case. "Knowing how someone unlocked the front door provides no information about what that person did after entering the house," wrote FBI agent Daniel Alfin in court papers filed by the DoJ which were excerpted on the Vice news site.
The Judge ordered the FBI to hand over details during a court hearing in late February. The court case revolves around a "sting" the FBI carried out in early 2015 when it seized a Tor-based site called Playpen that traded in images and videos of child sexual abuse. The agency kept the site going for 13 days and used it to grab information about visitors who took part in discussion threads about images of child abuse.
(Score: 2) by bitstream on Thursday March 31 2016, @07:11PM
So how did they do it?
* Javascript seems to been blocked.
* Drive by download?
* Buffer overflow (fonts, images, anything that loads etc)
Sandbox folks!.
(Score: 0) by Anonymous Coward on Thursday March 31 2016, @07:36PM
diffing the captures from traffic through/from tor exit nodes and traffic of all the fiber taps and using tcp sequence numbers, timestamps and what ever thats somewhat sequential, then co-relating those to a certain % of confidence?
(Score: 2) by bitstream on Thursday March 31 2016, @07:54PM
Between each node sequence numbers will be unique and only relevant between two nodes. Not the whole way. Timestamps probably have the same properties, thus not particular useful. But the time that you register a traffic pattern, and in particular the size of the flow could be correlated. But this requires intercepts at multiple points. And that almost only one actor that has that..
(Score: 0) by Anonymous Coward on Friday April 01 2016, @02:56AM
(Score: 0) by Anonymous Coward on Thursday March 31 2016, @09:14PM
Pervs who are into kids are not thinking about "system security". They're thinking about kids ...
(Score: 4, Funny) by Anonymous Coward on Thursday March 31 2016, @09:48PM
But I thought we were supposed to be thinking of the children!
(Score: -1, Troll) by Anonymous Coward on Thursday March 31 2016, @09:25PM
They can have my identification method for free.
The Tor user is the fat, unshaven wheezy guy at the back with tux stickers all over his ancient laptop.
(Score: -1, Offtopic) by Anonymous Coward on Thursday March 31 2016, @10:39PM
Right, because Macintosh computers and shaving the beard are Haram.
(Score: 0) by Anonymous Coward on Friday April 01 2016, @06:21AM
it's likely some sort of packet beacon, not at the html / java script level, but something at a lower level that causes a direct circuit to be established.
(Score: 2) by bitstream on Friday April 01 2016, @09:23AM
So a sandbox would eliminate such possibility?
Could one nail this breach down to two possibilities? 1) Code that grabs the identity and report back 2) Phone home.
Or are there others that are likely?