SoylentNews is people
SoylentNews
From: Gizmodo:
Motherboard originally reported that the bureau has somehow managed to nab the IP address of an alleged criminal using Tor, short for "The Onion Router," as part of an ongoing anti-terrorism case. The guy in question, Muhammed Momtaz Al-Azhari, of Tampa, Florida, was charged in 2020 with attempting to provide material support to ISIS. According to the government, Al-Azhari is "an ISIS supporter who planned and attempted to carry out an attack on behalf of that terrorist organization." Part of the government's case against Al-Azhari revolves around his use of Tor to make multiple visits to an ISIS-related website prior to the planned attack. ...
It's not exactly clear what happened here. Somehow, the government ascertained Al-Azhari's real IP address—which actually turned out to be his grandma's IP address because he was staying with her in Riverside, California at the time of his arrest, court documents state. Since Tor should have protected Azhari's real location and IP address, the question remains: how did the feds get this information?
--------
Is use of TOR probable cause for other investigative techniques that would ordinarily violate civil liberties? (ask a warrant issuing judge.) It it any different from wearing a ski mask to the bank teller window?
(Score: 5, Insightful) by owl on Monday January 16 2023, @03:41AM (5 children)
One thing that folks who aren't 'info-sec' savy (and that likely describes this one, not 'info-sec' savy) often overlook is the massive asymmetric nature of the govt. inspectors in this environment.
The govt. can be patient, and keep someone under surveillance 24/7. They have enough employees that they can replace the shift worker every 8 hours so every "watcher" is mostly fresh. And they can just patiently keep watching, day after day after day.
For the target, the tables are turned. The target has to practice perfect info-sec, every single time. There are no breaks, there are no fresh shift workers arriving after an 8 hour day. All it takes, once one has made themselves a target like this, is just one single slip-up, and the govt. watchers have found their targets real identity/location. The govt. is watching 24/7, and the target has to not have even one slip-up anywhere. Forget to log in with your "tor-browser" and use your regular one, just once, game over. Anything the target does that is a screw-up, security wise, once they have risen to this level of attention by the govt., and the govt. has found out their target.
So, the most likely answer to 'how' is: the target screwed up, failed to use Tor just once, and the govt. was already monitoring the site, and bam, game over for the target.
This was also how DPR of The Silk Road fame was eventually caught. He slipped up, once, and didn't properly maintain his "security" and the govt. was already watching at that point, and bam, they had their man.
(Score: 3, Insightful) by driverless on Monday January 16 2023, @07:54AM
Yup. A combination of poor OPSEC by the target and good old-fashioned detective work by law enforcement got him, nothing more, nothing less. Tor is a tool, not magic pixie dust to make you invisible to the law.
(Score: 5, Interesting) by turgid on Monday January 16 2023, @07:58AM (1 child)
Here in the UK they monitor and store every single transaction you do on the Internet and store the data for a year. They don't (routinely) store the content of your transaction, but they store the metadata, source and destination, time of day, that sort of thing. I would imagine that using something like Tor might cause suspicion since, despite having legitimate uses, it also is a very useful tool for criminals. I think if they suspect something, they just need to go to court for a warrant and then they can log and monitor more than just the metadata.
Many years ago I worked for a company which had a special "box" in the server cabinet that cost > $12k and it was for doing deep packet inspection. We were developing some video gear. One of my colleagues went on YouTube to get some video to test with. Almost instantaneously, the alarms went off, corporate IT in the US were on the phone demanding that he be hauled up before HR and fired.
He wasn't fired. The Americans were told to calm down.
I was told by our local IT guy that this black box could to Man In The Middle on encrypted traffic, and in the US it was set up to do so. Corporate IT wanted to do that here in the UK too, but he firmly told them no, that it was illegal here and would not be enabled.
I also many years ago knew a guy from the former Yugoslavia, who was understandably very nervous about government surveillance. He refused to use the Internet at all, and he was a Computer Scientist.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 3, Touché) by DannyB on Monday January 16 2023, @05:28PM
There is IP by avian carrier.
I would also point out a minivan full of pocket hard drives has much higher bandwidth than any internet connection. But the latency sucks.
If he does not use the internet, he might get actual work done.
The lower I set my standards the more accomplishments I have.
(Score: 2, Troll) by VLM on Monday January 16 2023, @03:33PM (1 child)
Its a little worse than that. If our secret political police run 1% of the nodes in the network, you got a 50/50 chance of connecting to a FBI node if you connect 100 times.
The other problem is "target rich environment" you can just put ALL detected TOR users on a list and then figure out what they're doing later. There's just not that many users and the traffic sticks out like a sore thumb. Like seriously, how many ISIS supporters live in Tampa anyway? Once you got someone on a list, you just wait for enough data to arrive.
The way it usually works with the FBI is everyone he contacted was an agent trying to entrap him. The market demand for terrorists is WAY higher than the supply so the FBI has to manufacture some once in awhile.
(Score: 3, Insightful) by helel on Monday January 16 2023, @06:39PM
Technically it's attempt 69 when you hit that 50% odds.