SoylentNews is people
SoylentNews
Silk Road 2.0 and 400 other sites believed to be selling illegal items including drugs and weapons have been shut down. The sites operated on the Tor network - a part of the internet unreachable via traditional search engines. The joint operation between 16 European countries and the US saw 17 arrests.
Although details of how the sites were identified are not given, it does suggest that software now exists that removes the veil that behind which the DarkNet once hid. Any Soylentils have any ideas of how this might be achieved? This story might be the clue.
More information can be found here : http://www.bbc.co.uk/news/technology-29950946
This discussion has been archived.
No new comments can be posted.
Huge Raid to Shut Down 400-plus DarkNet Sites
|
Log In/Create an Account
| Top
| 31 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
New crypt. See /usr/news/crypt.
(Score: 5, Interesting) by cafebabe on Saturday November 08 2014, @07:53PM
If I was in the surveillance business, I'd be dumping all TCP SYN packets to a giant OLAP database. From here, it is trivial to perform a PageRank [wikipedia.org] in the manner that I'd process telephone calls [soylentnews.org].
To locate a specific site in an onion routing network, inject TCP requests to locate all nodes. Omissions are not critical. From the subset of TCP SYN packets emitted from these nodes, find paths which converge on one IP address. Even with a dataset of one billion rows, it would be possible to find likely candidates with one SQL query.
To find high volume darknet markets, rank the quantity of TCP SYN packets from exit nodes and then investigate each site for illegal commerce. An investigation of the top 1,000 sites may yield about, oh, 400 marketplaces.
How would this type of sieving be avoided? Erm, don't use anything which works like a TCP SYN packet.
1702845791×2
(Score: 1, Informative) by Anonymous Coward on Saturday November 08 2014, @08:01PM
"To find high volume darknet markets, rank the quantity of TCP SYN packets from exit nodes and then investigate each site for illegal commerce. An investigation of the top 1,000 sites may yield about, oh, 400 marketplaces."
Tor hidden service traffic does not leave the Tor network. No exit nodes are involved.
Among other things, this means to run a Tor hidden service you don't need to disclose your location or IP, you don't need a fixed IP, and you don't need a globally routable address: you can serve Tor hidden services from behind NAT with a fire wall and a dynamic IP. It's pretty nice for home servers even if you don't need the privacy.
(Score: 2) by cafebabe on Saturday November 08 2014, @08:29PM
I define an exit node as the last node in the chain to emit a TCP SYN packet. Sites of interest receive large numbers of TCP SYN packets but don't emit a corresponding number.
1702845791×2
(Score: 0) by Anonymous Coward on Saturday November 08 2014, @09:47PM
Tor hidden service connections as far as TCP go are outgoing from both the user and the server. They meet somewhere in the middle of the Tor network. This makes clients and servers pretty similar from a traffic perspective.
(Score: 0) by Anonymous Coward on Sunday November 09 2014, @06:18PM
So they can figure out which hidden services are popular.
(Score: 2, Interesting) by Rosco P. Coltrane on Saturday November 08 2014, @08:35PM
I have a feeling it's nothing as complicated as that. The Tor network is pretty secure, but browsers aren't if you don't know how to configure them, and there's always plain old social engineering and police infiltration work. The weak link in anything secure is the users, and you can often circumvent it altogether by fooling or conning them.
(Score: 3, Insightful) by cafebabe on Saturday November 08 2014, @08:56PM
I'd like to credit old-fashioned police detective work but I find it more likely that a panopticon of Zircon, Echelon, Prism and suchlike is sieved by central agencies before parallel construction [soylentnews.org] is done by local agencies.
Regarding infiltration, deny anyone who pushes for privileges. This approach also reduces technical problems.
1702845791×2
(Score: 2) by Dunbal on Saturday November 08 2014, @09:28PM
It's the same theory as the one behind why DRM will never work. If your computer can find it, my computer can find it.
(Score: 2) by cafebabe on Saturday November 15 2014, @01:12PM
If a service is made available to untrusted parties via indirection and the indirection relies upon volunteers who cannot be trusted and establishment of connections is logged by untrusted parties then the service can be located without indirection by one or more parties.
1702845791×2
(Score: 4, Interesting) by edIII on Saturday November 08 2014, @10:55PM
I don't necessarily agree with you on the implementation, but the basics are if you control the whole network there is no anonymity.
TCP/IP isn't designed for anonymity and it certainly doesn't support it. What TOR does is provide a deniable property to communications, but only as a matter of scope. It's not a true property, or in other words, emergent. The real problem is that regardless of hidden services, it's possible for Eve to record all of the traffic activity with known addresses (TCP/IP can't support anything else).
Your neighbor might not be able to defeat that deniable property, your local law enforcement or ISP couldn't defeat that deniable property, but a national intelligence community collecting packets from all the Tier 1 providers just might.
If you collect enough instances of the traffic (especially if you initiate it) I'm sure that math and science support the notion that you could determine a likely node with a suitable degree of confidence. It's 100% confidence to nail you in court (theoretically), but it can be much less to identify a lead in an investigation which likely screws you with surveillance ultimately. I can't possibly see how over time an attacker is gaining more and more nodes involved in these illicit communications and not being able to identify nodes accessing it more often.
What TOR has to overcome is a design in which it's assumed all network traffic activity is recorded for the whole network all the time, in addition to ensuring an equal distribution of access to services across the entire TOR network. Anything less, and it starts becoming apparent that the child porn is hitting your TOR node far more often than statistically believable. At that point, it seems like a five minute conversation with the judge and FBI as to whether or not they can install malware. Which is of course hilarious. The FBI asking permission.
Delivering anonymity in the light of who we are really trying to be anonymous from, is a little disheartening.
Although, my intuition tells me this has much less to do with TOR onion routing protocols and topology, and is more likely to be tools to gain access remotely through an .onion addressed server and then initiate identification from the remote end directly akin to tracing wires in a building. With everything else coming to light about the seemingly massive critical bugs in our software it's not an entirely unfounded fear as an attack vector. So we shouldn't throw the TOR network away yet and claim it's tainted.
If I was operating a TOR hidden service I would do everything absolutely possible to look at information leakage through interactions with the service itself. This includes firewall rules to prevent a server from sending out packets at all unless it's routed through the TOR network.
Additionally, I wouldn't be so adverse to the idea of researchers creating fake criminal honeypots to see if they can catch the intelligence apparatuses at work and determine how they are doing it so we can put a stop to it. What's the difference between Mafia Wars and real life? Perspective.
Maybe we should all just create a massively fun game where we sell and send plastic bags of "weed" and "coke" you can buy from the grocery store, and create Darknets to do it. I'm betting that might be the most effective way to put a monkey wrench into their toy.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1, Insightful) by Anonymous Coward on Sunday November 09 2014, @03:35AM
Bad idea. Selling obviously fake drugs under the impression that they're real will get you convicted for trafficking. Thats not a new thing either, its been happening for decades. Although on the plus side, this "game" would force more people to realize how destructive prohibition is by ruining even more innocent lives.
(Score: 0) by Anonymous Coward on Sunday November 09 2014, @06:13AM
> It's 100% confidence to nail you in court (theoretically),
My understanding that "beyond reasonable doubt" is reckoned to be about 75% confidence
(Score: 2) by cafebabe on Saturday November 15 2014, @01:24PM
Default route considered harmful [wikipedia.org].
1702845791×2