Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Monday November 10 2014, @06:14PM   Printer-friendly
from the your-help-is-needed dept.

Little is known about how U.S. and European law enforcement shut down more than 400 websites, including Silk Road 2.0, which used technology that hides their true IP addresses. The websites were set up using a special feature of the Tor network, which is designed to mask people’s Internet use using special software that routes encrypted browsing traffic through a network of worldwide servers.

The Tor Project, is a nonprofit that relies in part on donations. The project “currently doesn’t have funding for improving the security of hidden services,” wrote Andrew Lewman, the project’s executive director, in a blog post on Sunday. ( https://blog.torproject.org/blog/thoughts-and-concerns-about-operation-onymous )

It is possible that a remote-code execution vulnerability has been found in Tor’s software, or that the individual sites had flaws such as SQL injection vulnerabilities. But Lewman wrote The Tor Project had little information on the methods used by law enforcement in the latest action.

“Tor is most interested in understanding how these services were located and if this indicates a security weakness in Tor hidden services that could be exploited by criminals or secret police repressing dissents,” he wrote.

http://www.pcworld.com/article/2845352/tor-project-mulls-how-feds-took-down-hidden-websites.html

[Related]: https://blog.torproject.org/blog/hidden-services-need-some-love

Can anybody help Andrew Lewman understand what happened ?

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by VLM on Monday November 10 2014, @07:29PM

    by VLM (445) Subscriber Badge on Monday November 10 2014, @07:29PM (#114591)

    I wonder how much latency there is between networks. What I mean is somebody buys something, spike on tor network, a bitcoin activity spike, then the a package arrives the next day from the same post office in the Netherlands. Given an infinite amount of surveillance I wonder how hard this is to perform the giant SQL JOIN.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 3, Interesting) by Covalent on Monday November 10 2014, @07:37PM

    by Covalent (43) on Monday November 10 2014, @07:37PM (#114594) Journal

    This is what I thought, too. This is the NSA we're talking about here...they have access to all sorts of resources.

    They might be able to use power supply, too. Running servers and routers requires some juice. Assuming these guys hosted their own stuff (probably), it's not an infinitely small thing. Lots of marijuana growers are spotted using heat signatures and electric bills. Might be the same kind of thing.

    Or maybe it's just good old-fashioned "police work". Talk to people on the ground, grease a few palms, ask a few neighbors...people love to gab.

    --
    You can't rationally argue somebody out of a position they didn't rationally get into.
    • (Score: 2) by jimshatt on Monday November 10 2014, @10:26PM

      by jimshatt (978) on Monday November 10 2014, @10:26PM (#114652) Journal
      If SR2 was operated by the same guys as SR1, they might've gotten the guy they arrested the first time to talk.
    • (Score: 0) by Anonymous Coward on Monday November 10 2014, @10:44PM

      by Anonymous Coward on Monday November 10 2014, @10:44PM (#114657)

      Or maybe it's just good old-fashioned "police work".

      Are you really so naive as to believe that's still a thing now that they brag about using "parallel construction"?

    • (Score: 2) by urza9814 on Wednesday November 12 2014, @04:52PM

      by urza9814 (3954) on Wednesday November 12 2014, @04:52PM (#115261) Journal

      They might be able to use power supply, too. Running servers and routers requires some juice. Assuming these guys hosted their own stuff (probably), it's not an infinitely small thing. Lots of marijuana growers are spotted using heat signatures and electric bills. Might be the same kind of thing.

      Highly doubtful. You can do that for marijuana because the guys are trying to replicate *the sun*. Those grow lights are probably hundred watt bulbs, and the operations they bust would have dozens or even hundreds of lights. We're talking several kilowatts of power usage.

      How much power do you really think Silk Road servers used? A cheap VPS solution (Digital Ocean, $5/month) gives half a gig of RAM, one CPU core, and 20GB space. My laptop has 12GB of RAM, 4 CPU cores, and 1.25TB of space. My laptop uses under 100W. The increased draw from running Silk Road 2.0 would probably be about equal to the increased draw from leaving a single lightbulb running. There are infinitely many things that could cause that kind of increase. New laptop, new TV, a guest staying over, replacing a lightbulb that burnt out months ago, cooking a few extra meals at home (electric stove or oven.) Hell, try that this month where I live (Rhode Island) and you'd probably bust a few dozen people who have started pulling space heaters out of the closet for the winter. Those things can draw a couple kilowatts each.

  • (Score: 4, Interesting) by Hairyfeet on Monday November 10 2014, @11:30PM

    by Hairyfeet (75) <reversethis-{moc ... {8691tsaebssab}> on Monday November 10 2014, @11:30PM (#114673) Journal

    From what I read (sorry don't have time to Bing it, but it shouldn't be hard to find) the guy that ran the Doxxing onion site said he had gotten several DDoS in a short period of time which was followed by it disappearing completely and what he figured is that they DDoSed the network so that the only nodes not getting pounded were ones in their control so they could then trace the location. Considering we are talking about members of five eyes [wikipedia.org] this is probably pretty easy for them to pull off, which means if true Tor is worth exactly jack and squat when it comse to protecting you from western crackdowns as only the smaller nation states without the number of allies required to pull this off would be unable to trace. Considering what snowden showed us and the "Do as we say, not as we do" attitude of the US? Sadly it really doesn't surprise me that those at the forefront of attacking free speech networks would be the USA.

    Oh and before somebody says "But but but criminals!" I'd remind you that criminal is whatever the government wants it to be and that it wasn't so long ago that being labeled communist or fighting for civil rights was treated as worthy of investigation, hell we even have evidence that the occupy movement had double agents. remember that they ALWAYS use the scumbags as an excuse to curtial freedoms, they then simply add to the definition of what equals a scumbag.

    --
    ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
    • (Score: 0) by Anonymous Coward on Tuesday November 11 2014, @01:42PM

      by Anonymous Coward on Tuesday November 11 2014, @01:42PM (#114821)

      can this country be over now

      we had a great run but it's way too big and things are starting to stink hardcore

      • (Score: 0) by Anonymous Coward on Tuesday November 11 2014, @02:35PM

        by Anonymous Coward on Tuesday November 11 2014, @02:35PM (#114836)
        Speaking on behalf of the rest of the world. No. Too dangerous. The USA still has a lot of nukes.