Get Our Newsletter



Links

Columnists



Site Search


Entire (RSS)
Comments (RSS)

Archive Calendar

September 2019
S M T W T F S
« Aug    
1234567
891011121314
15161718192021
22232425262728
2930  

Guides

How to Become a Bounty Hunter



Tag: TOR

Developer of Anonymous Tor Software Leaves Country to Avoid FBI

Data securityBy Steve Neavling
ticklethewire.com

One of Tor’s core software developers has left the United States because she doesn’t want to expose users to potential spying.

CNN reports that the FBI wants Isis Agora Lovecruft to testify in a criminal hacking investigation.

But fearing she’ll be coerced to undermine Tor, which allows Internet users to hide their locations, she left the U.S. for Germany.

“I was worried they’d ask me to do something that hurts innocent people — and prevent me from telling people it’s happening,” she said in an exclusive interview with CNNMoney.

The FBI declined to comment.

Government Technology: Stop Letting Cybercriminals Hide from FBI

hacker-istock-photoBy Editorial Board
Government Technology

Imagine that a criminal investigator has identified one or more computers that are part of ongoing criminal activity. Unfortunately, the people operating these computers are hiding them. The machines could be anywhere in the world, using anonymous email or tools like Tor to conceal their location.

The investigator also has a tool, a carefully engineered piece of software, which she calls a “Network Investigatory Technique,” or NIT, that will cause a targeted computer to reveal itself. Once she sends the software to the computer she’s investigating, it will reply with a message saying, “I am at this location.” The rest of the security world calls the NIT “malicious code” (“malcode” for short) and deploying it “hacking,” because the software exploits a vulnerability in the target’s computer, the same way a criminal would.

Federal court rules currently say she can use this tool only if she gets an electronic search warrant from a judge. But the computer could be anywhere: to which court should she go to get the warrant?

This is not a hypothetical problem. Online investigations face this problem all the time, when tracking down fraudsters or those issuing threats using anonymous emails, botmasters who have compromised thousands of computers around the planet or purveyors of drugs or child pornography. The current federal rules of criminal evidence (in particular a section known as Rule 41) require investigators to seek warrants from a magistrate judge in the federal court district where the target computer is located.

But if investigators don’t know where in the country, or indeed the world, the computer is, the existing rules effectively dictate that there is no judge who could approve a warrant to actually find out its specific location. In essence, the rule is, “The investigator can get a warrant to hack these computers to reveal their location only when she knows where they already are.” That rule might have made sense before the digital age, but in today’s digital world it forces an end to promising investigations.

To read more click here. 

Other Stories of Interest

To Capture Pedophiles Downloading Child Pornography, FBI Agents Turn into Hacker Spies

Data securityBy Steve Neavling
ticklethewire.com

FBI agents are turning into to hacker spies to capture pedophiles who hide anonymously on the Internet.

CNN reports that the Justice Department launched a massive investigation called Operation Torpedo, which began in 2011 and recently came to a close with the arrests of people downloading child pornography.

The case started when Netherlands police gained access to a large child pornography site whose web hosting service was located in Bellevue, Nebraska.

The FBI raided the home of the man who ran the site, PedoBook, where users could download photos of child pornography.

To break through Tor, which hides users’ location, the FBI was given a search warrant for a “network investigative technique” that allowed agents to use computer codes to track down people who downloaded photos and videos.

FBI Agent Jeffrey Tarpinian describes this hack as “the only available investigative technique with a reasonable likelihood of securing the evidence necessary to prove… the actual location and identity of those users” in court documents from 2012.

What the FBI found was more disturbing than they had realized: Some images were being viewed hundreds of thousands of times.

“They’re hiding in plain sight… we remain powerless to some extent,” said one senior Justice Department official who was authorized to speak without being named. “That’s what creates this sense of urgency.”

FBI Hacked More Than 1,000 Computers to Go After Online Child Pornography

Data securityBy Steve Neavling
ticklethewire.com

The FBI arrested two men on charges of online child pornography after agents were able to hack into their computers to identify their true IP addresses that were hidden by Tor, Hacked.com reports.

The FBI hacked thousands of computers as part of a “bulk hacking campaign” to fight child pornography.

“In order to fight what it has called one of the largest child pornography sites on the dark web, the FBI hacked over a thousand computers,” Motherboard detailed.

The ACLU called the news “simply unprecedented.”

The FBI said some of the sites “contained some of the most extreme child abuse imagery one could imagine, and others included advice on how sexual abusers could avoid detection online.”

The site was “the largest remaining known child pornography hidden service in the world,” the FBI said.

“Fifteen-hundred or so of these cases are going to end up getting filed out of the same, underlying investigation,” Colin Fieman, a federal public defender involved in several related cases, told Motherboard in a phone interview.

“There will probably be an escalating stream of these [cases] in the next six months or so,” Fieman added. “There is going to be a lot in the pipeline.”

FBI Seeks New Authority to Hack into Computers, Spy on Users Anywhere

By Steve Neavling
ticklethewire.com

The FBI is seeking new authority to hack into computers and spy on their users, the Guardian reports.

The Justice Department is requesting that an obscure regulatory advisory board change the rules of searches and seizures. The two will meet Nov. 5.

Civil liberties groups claim the new rules would violate the first and fourth amendments and are questioning why the Justice Department is seeking the permission without public debate or congressional oversight.

“This is a giant step forward for the FBI’s operational capabilities, without any consideration of the policy implications. To be seeking these powers at a time of heightened international concern about US surveillance is an especially brazen and potentially dangerous move,” said Ahmed Ghappour, an expert in computer law at University of California, Hastings college of the law, who will be addressing next week’s hearing.

The proposed changes involve court-approved warrants, which currently require surveillance to occur in the same district as the judge who approves the warrant.

The proposed changes would eliminate that requirement and allow the FBI to hack into any computer.

The FBI has been having troubles tracking some hackers because their locations are hidden by tools such as Tor.

 

ProPublica: Here’s One Way to Land on the NSA’s Watch List

By by Julia Angwin and Mike Tigas
ProPublica

Last week, German journalists revealed that the National Security Agency has a program to collect information about people who use privacy-protecting services, including popular anonymizing software called Tor. But it’s not clear how many users have been affected.

So we did a little sleuthing, and found that the NSA’s targeting list corresponds with the list of directory servers used by Tor between December 2010 and February 2012 – including two servers at the Massachusetts Institute of Technology. Tor users connect to the directory servers when they first launch the Tor service.

 That means that if you downloaded Tor during 2011, the NSA may have scooped up your computer’s IP address and flagged you for further monitoring. The Tor Project is a nonprofit that receives significant funding from the U.S. government.

The revelations were among the first evidence of specific spy targets inside the United States. And they have been followed by yet more evidence. The Intercept revealed this week that the government monitored email of five prominent Muslim-Americans, including a former Bush Administration official.

It’s not clear if, or how extensively, the NSA spied on the users of Tor and other privacy services.

After the news, one of Tor’s original developers, Roger Dingledine, reassured users that they most likely remained anonymous while using the service: “Tor is designed to be robust to somebody watching traffic at one point in the network – even a directory authority.” It is more likely that users could have been spied on when they were not using Tor.

For its part, the NSA says it only collects information for valid foreign intelligence purposes and that it “minimizes” information it collects about U.S. residents. In other words, NSA may have discarded any information it obtained about U.S. residents who downloaded Tor.

However, according to a recent report by the Privacy and Civil Liberties Oversight Board, the NSA’s minimization procedures vary by program. Under Prism, for example, the NSA shares unminimized data with the FBI and CIA.

In addition, the NSA can also later search the communications of those it has inadvertently caught in its Prism dragnet, a tactic some have called a ” backdoor” search. It’s not clear if similar backdoors exist for other types of data such as IP addresses.

In response to the Tor news, the NSA said it is following President Obama’s January directive to not conduct surveillance for the purpose of “suppressing or burdening criticism or dissent, or for disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion.”

[Disclosure: Mike Tigas is the developer of an app that uses Tor, called the Onion Browser.]

ProPublica is a not-for-profit investigative news website.

How FBI Agents Tracked Down Harvard Student Accused of Making Bomb Threats

Steve Neavling
ticklethewire.com

The FBI had a crisis on its hands.

Several bomb threats were sent via email to Harvard University, causing the school to close buildings during final exams.

The student accused of sending in the threat, sophomore Eldo Kim, took steps to hide his identity using two anonymity tools – the routing service Tor and the temporary mail service Guerrilla Mail, the Verge reports.

But the tools were no match for the FBI, which used the information to track down Kim, who was using Harvard’s wireless network.

Kim told authorities he was trying to get out of a final exam.

STORIES OF OTHER INTEREST

Federal Indictments for Massive Online Drug Ring are First of a Kind

Shoshanna Utchenik
ticklethewire.com

In a brave new high-tech world, the federal indictment of eight online drug traffickers is the first of its kind.

The BBC reports that the feds busted up a $1million-plus illegal drug operation online on a marketplace called “The Farmer’s Market” using the TOR network, which allows emails and websites to hide IP addresses and protect users from detection.

The operation served about 3,0000 customers in every U.S. state and  34 countries , selling LSD, ecstasy, marijuana and other illegal drugs. The Justice Department contends the ring provided order forms, customer service and accepted payments through PayPal, Western Union and other means.

“Operation Adam Bomb,” a 2 year investigation led by the DEA’s L.A. Field Division, resulted in arrests in the  the U.S., Colombia, and the Netherlands, according to a Justice Department press release. The L.A. DEA collaborated with the Hague office, international agencies and the U.S. Post Office.

“The drug trafficking organization targeted in Operation Adam Bomb was distributing dangerous and addictive drugs to every corner of the world, and trying to hide their activities through the use of advanced anonymizing on-line technology,” said Briane M. Grey, DEA Acting Special Agent in Charge.

To read more click here.