Silk Road forums
Discussion => Security => Topic started by: kmfkewm on March 07, 2012, 05:03 am
-
http://arstechnica.com/tech-policy/news/2012/03/stakeout-how-the-fbi-tracked-and-busted-a-chicago-anon.ars
-
The Anon-affiliated hackers who broke into the private intelligence company Stratfor to release e-mails and steal credit cards certainly didn't think they were script kiddies.
LOL!! So using publicly disclosed exploits to attack a company with shit security makes you a "real hacker"? Even if they didn't actually run scripts, they still used attacks that were public domain.
Also, how the hell do you give up so much personal info to some random person on the internet, especially when you appear to know better? You're using tor to communicate with the dude but then you start divulging everything necessary to correlate your identity, all while saying "please don't tell anyone it could compromise my identity". See, that's how the feds catch people 95% of the time: informants. Why break encryption or the tor routing protocol when people like this usually give themselves up? If you're going to volunteer on yourself, then you may as connect directly to your l33t h4x0r friends and stop wasting cycles on tor.
-
To be fair the FBI did do a timing correlation attack to confirm his identity (linking the traffic they saw leave him to the traffic they saw arriving in the IRC room). But they already were pretty damn sure it was him before they managed to target him with that attack. What I take away from this is that the FBI knows how to do timing attacks, and that they didn't own any of the entry guards any of these hackers used for the entire length of their investigation (or else they would have done timing attack to locate them instead of to confirm them after they already were pretty sure they located them via other means). Of course this assumes the media stories can be trusted, if the FBI did timing attack to locate any of them they would never let it slip, instead they would say what they are saying right now: other things happened, like Sabu forgetting to use Tor once.
-
Timing correlation of traffic is certainly a problem, though you already have to be somewhat of a suspect for them to find you in the first place. I always wondered if padding your network traffic with random, unrelated tor activity would help, or do they somehow isolate one stream and correlate from there?
If LE (or any government entity) has bad entry guards in place, I also presume they'll have a way to force you onto them. Either they'll have so many that you're bound to connect eventually, or they'll use other means, like DoS attacks, to heard you to their own nodes. I don't know if this is happening now, but I am almost 100% positive that it will in the near future unless the tor team can come up with a solution. Connecting to tor via roaming wifi remains the safest bet...
-
Again, many nos make a yes.
Geographical location, do not imply or infer or refer to it in any way if at all possible. That's their first fix. Even with more general things, you should, ah, economize on the truth.
I can't believe some of these amateurish stuff, like mentioned you got freaking arrested at some specific place. Not once, but several times! WTF
Doesn't look like he used a private bridge or obfuscated the traffic either.
Looks like it may not be such a bad idea to run TOR 24/7
Also, using Macbooks... that is the final straw!
Relevant Article Comment Quote:
"People have been deanonymized in other ways. If you tell someone your name, or post a picture of yourself (or a famous landmark in your town), or log into an account that you have accessed directly with your IP address, or (as in this case) give out too many details about yourself, there is nothing Tor can do for you. "
-
Timing correlation of traffic is certainly a problem, though you already have to be somewhat of a suspect for them to find you in the first place.
Not really. A timing attack can be used for confirmation, where they already suspect two parties of communicating, but it can also be used for identification, where they want to know who is communicating with a given party (or even want to know who is communicating with who). In this case they used it for confirmation. They could have had rouge entry nodes on the Tor network though, in which case they would be able to deanonymize everyone who used one to go to their IRC server. Timing attacks can be used to confirm a suspect or to locate a target.
I always wondered if padding your network traffic with random, unrelated tor activity would help, or do they somehow isolate one stream and correlate from there?
They only need to measure the timing characteristics of a single packet leaving you and a single packet arriving at the destination to determine that the two packets are identical.
If LE (or any government entity) has bad entry guards in place, I also presume they'll have a way to force you onto them. Either they'll have so many that you're bound to connect eventually, or they'll use other means, like DoS attacks, to heard you to their own nodes. I don't know if this is happening now, but I am almost 100% positive that it will in the near future unless the tor team can come up with a solution. Connecting to tor via roaming wifi remains the safest bet...
They almost certainly have *some* entry guards. They can try to force you onto them with DDOS but it will take a hell of a lot of bandwidth since they need to simultaneously DDOS every node that you select as an entry other than theirs, until you select theirs. If they DDOS the first four guards you select and then your first guard comes back online, you switch back to it. Could take a lot of DDOSing. This is called a congestion attack :)
Yeah WiFi can be helpful.
I doubt Tor people ever find a solution to timing attacks against low latency traffic without using constant rate cover traffic, which is not feasible for Tor to do.
-
They only need to measure the timing characteristics of a single packet leaving you and a single packet arriving at the destination to determine that the two packets are identical.
What do you mean by "timing characteristics of a single packet"?
-
the time a packet leaves location A and arrives at location B