Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you read the statements in the Freedom Hosting case you can see that the FBI managed to deanonymize the Tor network using browser tricks. Once you've got the network the rest is pretty straight forward tracking the bits I would suppose.

This also explains why the other market place shut down quickly, unlike DRP they apparently deduced it was only a matter of time before their location and identity was disclosed.



That isn't correct. The US placed a virus on the sourcecode of freedom hosting, either by seizing control of the servers, or by hacking, which exploited a vulnerability specific to version of firefox found in a popular all in one TOR access kit.

They did not compromise the network, they compromised an out of date version of firefox.

They might well be able to de-annonimize TOR, by monitoring traffic between a large enough proportion of TOR nodes. Given recent NSA/GCHQ long distance cable intercept stories, this is no longer unrealistic. But there is no direct evidence yet. It is also worth mentioning that the US has spent a lot of effort developing an attack capability, and probably hit enemies like Silk Road with attacks as sophisticated as Aurora or Stuxnet. Maybe we just don't hear about that, because of the beauty of parallel construction.


The US placed a virus on the sourcecode of freedom hosting, either by seizing control of the servers, or by hacking, which exploited a vulnerability specific to version of firefox found in a popular all in one TOR access kit.

I think we said the same thing, or at least if I interpret your statement correctly I meant the same thing. I said "browser tricks" and you said "vulnerability specific to firefox (a browser)" and I said "de-anonymized" (which was the analysis that most people pointed to as to why the FBI was collecting data from various hosts) and you described the same scenario " ... monitoring traffic between a large enough proportion of TOR nodes ..."

My interpretation of the events was, they got to Freedom hosting, they used that to exploit browsers into giving them correlating information about Tor endpoints, and using that traffic and resources in the already documented 'meta data snooping' programs that other parts of the government have and have made available, they figured out which servers were serving up the Silk Road web site, and by that (and a copy of the servers hard drives aka a server image) figured out who the guy was who was using the Dread Pirate Roberts moniker.

So is your understanding of how this went down different than that? And was that explanation different (other than detail) than my original comment which you assert was incorrect? Happy to be shown where I am wrong here, so I'm trying to figure out what what part you disagreed with.


Well, I read your comment as saying that TOR should be seen as compromised. Your comments about other market owners only seem make sense if that was what you were saying. I just pointed out that the previous attack you mentioned was a bit of a one off, and any repeat would need its own unique set of vulnerabilities. Hence so far as we know, no virus on SR.


Fair enough. Basically the attack is:

  1) Compromise a web server on Tor
  2) Buy a zero day browser exploit, create payload to expose
     data about endpoints and exits.
  3) Profit!
(Sorry the punchline is always Profit! but in this case it's probably "Seize!")


chuck, don't know whether you'll read this but in the light of subsequent tor nsa stories your comments were scarily prescient. congrats.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: