| |

Kashmir Hill Contributor

Welcome to The Not-So Private Parts where technology & privacy collide full bio →

Opinions expressed by Forbes Contributors are their own.

I'm a privacy pragmatist, writing about the intersection of law, technology, social media and our personal information. If you have story ideas or tips, e-mail me at khill@forbes.com. PGP key here. These days, I'm a senior online editor at Forbes. I was previously an editor at Above the Law, a legal blog, relying on the legal knowledge gained from two years working for corporate law firm Covington & Burling -- a Cliff's Notes version of law school. In the past, I've been found slaving away as an intern in midtown Manhattan at The Week Magazine, in Hong Kong at the International Herald Tribune, and in D.C. at the Washington Examiner. I also spent a few years traveling the world managing educational programs for international journalists for the National Press Foundation. I have few illusions about privacy -- feel free to follow me on Twitter: kashhill, subscribe to me on Facebook, Circle me on Google+, or use Google Maps to figure out where the Forbes San Francisco bureau is, and come a-knockin'.

Contact Kashmir Hill

The author is a Forbes contributor. The opinions expressed are those of the writer.

Loading...
Tech 44,178 views

How Did The FBI Break Tor?

Global law enforcement conducted a massive raid of the Dark Web this week. It started with the FBI takedown of Silk Road 2.0 and the arrest of its alleged operator Blake Benthall in San Francisco on Wednesday. But it quickly exploded from there, as European counterparts seized over 400 black market ‘hidden sites’ and arrested 19 other people alleged to be involved in their operation. Wired called it “a scorched-earth purge of the Internet underground.” But how exactly did law enforcement take their digital blow torches to the Dark Web sites that were using Tor anonymity software to protect themselves? Law enforcement has been mysterious on that count, saying it won’t reveal its methods because they are “ sensitive.”

The FBI is calling it Operation Onymous. (As in, no longer “Anonymous.”) In the Benthall indictment, the FBI revealed that part of its investigation was good-old fashioned undercover police work. One of the helpful volunteers Benthall allegedly tapped to help moderate the underground drug marketplace was an undercover Homeland Security agent (who was paid over $30,000 in Bitcoin for his or her efforts). But the indictment is vague about how exactly the FBI got its hands on the supposedly hidden server Silk Road 2.0 was using. In fact the indictment made it sound easy, saying the FBI “identified the server located in a foreign country,” and that law enforcement went in and imaged it sometime around May 30, 2014.

Around that same time, two researchers from Carnegie Mellon, Alexander Volynkin and Michael McCord, were preparing for a presentation at hacker conference Black Hat about work they’d done to easily “break Tor.” They were vague about the details but promised that their work wasn’t just theoretical: “Looking for an IP address for a Tor user? Not a problem. Trying to uncover the location of a Hidden Service? Done. We know because we tested it, in the wild.” In a summary of the talk on the conference website, the researchers claimed that it was possible to “de-anonymize hundreds of thousands of Tor clients and thousands of hidden services within a couple of months,” and that they would discuss examples of their own work identifying ”suspected child pornographers and drug dealers.”

In July, the talk was suddenly canceled. Tor revealed that a bunch of nodes in its network had been compromised for at least 6 months, and asked users to upgrade their Tor software to patch the vulnerability the attackers used:

On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks.

If you control enough of the Tor network, it’s possible to get a kind of bird’s eye view of the traffic being routed through it. It was clear that Tor thought the Carnegie Mellon researchers were responsible. The researchers refused to talk to the press, but a conference spokesperson told Reuters the talk was canceled because the researchers hadn’t cleared the release of their work through their department, the Software Engineering Institute, which receives funding from the Defense Department. At the time, many assumed that the university pulled the plug on the talk because of academic ethics considerations and the gray legal zone it was in, with the researchers casually intercepting Web traffic. But maybe it got pulled because the researchers were revealing a law enforcement technique that the government did not want publicized. If nothing else, it’s highly likely the information the researchers collected about “drug dealers and child pornographers” made its way into law enforcement hands. McCord said he was “unable to comment on the matter.” Carnegie Mellon’s SEI declined comment about the canceled talk and about whether it had provided information from the research to law enforcement.

Is the Carnegie Mellon research linked to this week’s law enforcement raid on the Dark Web? “The feds could certainly ask for the research or try to get it,” says Hanni Fakhoury, an attorney at the Electronic Frontier Foundation. “Whether that actually happened, we have no way of knowing.”

What does seem clear to security researchers, based on law enforcement seizing over 400 Dark Web sites (meaning they found out where they were hosted), is that law enforcement likely found a crack in Tor’s shield of anonymity. “The global law enforcement community has innovated and collaborated to disrupt these ‘dark market’ websites, no matter how sophisticated or far-flung they have become,” said Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division in a press release from the FBI.

“I am 95% certain that law enforcement did a mass de-anonymization attack on Tor hidden services,” says Nicholas Weaver, a researcher at the International Computer Science Institute. He called any link to the earlier research “circumstantial.” But he points out that the work the researchers did was expensive. A “back of the envelope estimate suggests that whoever was running the attack on Tor at the beginning of the year using [Amazon hosting services] spent at least $50,000 in computer time,” says Weaver. That’s not the kind of money an academic can spend on a hobby project.

Tor had little to say about the takedown. “From what we know now, some hidden services and illegal markets were recently seized by International law enforcement,” said Tor executive director Andrew Lewman by email. “Tor was created to protect people’s privacy and anonymity and we don’t condone its use for these illegal activities.”

Despite the crackdown, Dark Web denizens seem undeterred. There’s already a Silk Road 3.0.

Another theory circulating on the Twitters is that Bitcoin over Tor can lead to deanonymization, with many linking to this research paper published in October.


Post Your Comment

Please or sign up to comment.

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.