Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Half of Tor Sites Compromised, Including TORMail

samzenpus posted about a year ago | from the out-of-action dept.

Government 583

First time accepted submitter elysiuan writes "The founder of Freedom Hosting has been arrested in Ireland and is awaiting extradition to USA. In a crackdown the FBI claims to be about hunting down pedophiles, half of the onion sites in the TOR network have been compromised, including the e-mail counterpart of TOR deep web, TORmail. The FBI has also embedded a 0-day Javascript attack against Firefox 17 on Freedom Hosting's server. It appears to install a tracking cookie and a payload that phones home to the FBI when the victim resumes non-TOR browsing. Interesting implications for The Silk Road and the value of Bitcoin stemming from this. The attack relies on two extremely unsafe practices when using TOR: Enabled Javascript, and using the same browser for TOR and non-TOR browsing. Any users accessing a Freedom Hosting hosted site since 8/2 with javascript enabled are potentially compromised."

cancel ×

583 comments

Sorry! There are no comments related to the filter you selected.

We are living in interesting times (5, Interesting)

Cynops (635428) | about a year ago | (#44471719)

Looks very much like the three letter agencies decided it's time now to start playing hardball.

Re:We are living in interesting times (5, Insightful)

Anonymous Coward | about a year ago | (#44471783)

If anyone else used exploits to screw with people, it would be called hacking and they'd probably go to prison, but when the FBI does it, it's 'okay.'

Re:We are living in interesting times (5, Interesting)

plover (150551) | about a year ago | (#44471965)

If anyone else used exploits to screw with people, it would be called hacking and they'd probably go to prison, but when the FBI does it, it's 'okay.'

Actually, a judge has yet to find whether it's OK or not. The admissibility of the evidence in these cases is going to hinge on whether or not it was collected through legal means. And no matter which way the judge finds, the loser is going to appeal. As far as I know, this is all untested legal ground.

Re:We are living in interesting times (1)

Jane Q. Public (1010737) | about a year ago | (#44472021)

" As far as I know, this is all untested legal ground."

I don't have any specific citations at hand, but I would be VERY surprised if this were "untested ground". I doubt that very much.

Re:We are living in interesting times (2, Interesting)

Anonymous Coward | about a year ago | (#44471833)

We do have to be somewhat real about this. Lolita City, the pedophile HQ of the internet, has over 15,000 members (and who knows how many 'guests'). Of course the FBI was going to attack these massive pedophile rings. Good for them.

But again, there are legal issues here. Why did the FBI have the right to infiltrate TORmail? They are using general warrants here, just like the NSA does. Because one person may be using TORmail for illicit purposes, the FBI feels that it can install tracking and search software on every user.

Re:We are living in interesting times (-1, Flamebait)

cheekyjohnson (1873388) | about a year ago | (#44471913)

We do have to be somewhat real about this.

Okay.

Lolita City, the pedophile HQ of the internet, has over 15,000 members (and who knows how many 'guests').

I don't care.

Another 'three letter' word for you: JEW (-1)

Anonymous Coward | about a year ago | (#44471853)

The JEW is the problem, the JEW runs Congress, the entire media, newspapers, magazines, book publishing, Hollywood, the banking system, which issue 97% of the money in existence (that means they CREATE 97% of the money that exists, out of thin air). The JEW is terrified of being named, due to their endless crimes against their 'cattle' (goyim) - that's you and me.
Don't believe me, do some bloody research and stop believing everything you read on the JEW-TV, or the censored forums on the internet, where anybody who dares to disagree with the JEW policies of mass immigration of non-whites into white countries, etc. will be censored and banned...

Re:Another 'three letter' word for you: JEW (-1)

Anonymous Coward | about a year ago | (#44471931)

We all came from Noah, dumbfuck. We are ALL jews!!!!!!

Re:Another 'three letter' word for you: JEW (-1)

Anonymous Coward | about a year ago | (#44471981)

We all came from Noah, dumbfuck. We are ALL jews!!!!!!

That's so sad that I am going to slit my wrists now.

Re:Another 'three letter' word for you: JEW (-1)

Anonymous Coward | about a year ago | (#44472023)

retard, next you will be picking on the Maori or solo mums or even better solo mum Maori

Its them or US (1)

arcite (661011) | about a year ago | (#44471899)

You think the Russians and the Chinese, or Pakistanis or Nigerians will play with kid gloves? We are establishing the boundaries for the coming century of conflicts, most of which will take place in the digital realm, paying little heed to national borders or treaties. A dirty war fought with dirty weapons. A game of cat and mouse, where winner takes all, and the loser forfeits their digital secrets wholesale. He who controls the information, controls the world. The US is best placed to take the lead, they cannot give up their technological and logistical edge. It's a battle to ensure the world is safe for democracy and capitalism - in other words, to make the world safe for America. It's a golden time to be a contractor.

Re:Its them or US (0)

Anonymous Coward | about a year ago | (#44472005)

It's a battle to ensure the world is safe for democracy and capitalism - in other words, to make the world safe for America.

And who'll keep the world safe from America? At the moment, US democracy does not seem to be doing so good -- maybe stop exporting that until it's sorted.

Re:We are living in interesting times (4, Interesting)

Jane Q. Public (1010737) | about a year ago | (#44471995)

Looks more to me like the 3-letter agencies have decided to BREAK THE LAW.

Unconstitutional surveillance is bad enough. But they don't have any more right to commit "unauthorized access to a computer system" than anybody else. (That is to say, their javascript hack of site visitors who may be innocent.) They can't break the law in order to enforce the law, unless they want to face criminal charges themselves. Aaron Schwartz faced 30 years in prison for far less. I say, let's see the FBI face the same thing.

And yes, it may well be enforceable. Look up 18 USC 242, "Deprivation of Civil Rights Under Color of Law". The civil rights in question here might be, just for example, the privacy of your own computer system, which legally requires a warrant or subpoena to access. Just my opinion, but I don't see how simply visiting a website could constitute probable cause, much less justify intrusion in the form of a "hack".

18 USC 242 IS fairly frequently prosecuted, and last I checked it has a conviction rate of about 98%, which is awesome for any law. And it specifically targets government agents and agencies. The President is not immune.

(P.S. After reading that law, many folks have been prone to conclude that it only applies to racial and other discrimination. That is because of the awkward wording [e.g., there is a strategically placed comma that makes a big difference]. In fact it applies to ANY Constitutional right. However, my mention of it here is not meant to imply that the law does apply here. Only that it might. IANAL and I don't pretend to be one, but I have researched this law and its application.)

Computer Intrusion (2, Insightful)

msobkow (48369) | about a year ago | (#44471721)

Computer Intrusion is illegal, and the FBI knows that.

So is spying on someone without a warrant, and given that they can't know who they're spying on, I don't see how they could possibly have obtained a warrant for this action.

I hope the TOR user community sues them. Very roughly. And with extreme prejudice.

The US has gotten way too fucking big for it's britches.

I used to think maybe there was justification for the anti-terrorism attitude that the US has.

I've changed my mind.

My sympathies now lie with those who rise up against these goddamn born-again Nazis in their attempt at world domination.

You go, Al Queda!

Re:Computer Intrusion (-1, Offtopic)

msobkow (48369) | about a year ago | (#44471737)

Already modded down in 30 seconds.

Fuck you Americans.

Fuck you all.

Re:Computer Intrusion (-1, Offtopic)

mwvdlee (775178) | about a year ago | (#44471799)

And a few minutes later it's "+4 insightful".

Do you always judge prematurely?

Re:Computer Intrusion (-1, Flamebait)

msobkow (48369) | about a year ago | (#44471867)

I judge as quickly as I am judged.

Re:Computer Intrusion (2, Insightful)

mwvdlee (775178) | about a year ago | (#44471933)

Next time you might want to wait until atleast some more votes come in instead of jumping to conclusions.

Re:Computer Intrusion (5, Insightful)

msobkow (48369) | about a year ago | (#44471923)

Look, the bottom line is the US is out of control on a global scale, and has caused most of it's own problems and performed actions that resulted in the hatred of so many nations and societies against them.

Al Queda was trained and supported during the cold war, but as soon as it was no longer of interest to the US, they were abandoned to their fate at the hands of the Russian army. Add in the civilian casualties in Afghanistan, and it's no wonder they hate the US.

The US anti-drug war has literally cost hundreds of thousands of people their lives in Mexico, Columbia, and throughout south america.

You spy on the entire world as if it were perfectly acceptable, ignoring diplomatic ties, diplomatic relations, and even fundamental human rights that are enshrined in your own constitution, so long as it's not an american being targetted.

You produce an obscene amount of the carbon footprint of the planet, polluting the whole globe and doing a great deal to rush us all to oblivion.

You shove your laws down everyone's throats, even over trivial industries like entertainment (SOPA.)

Right now you whine like petty children because Russia won't return Snowden to your menacing clutches.

You bomb women and children with little regard using remote drones, and don't even have the decency to put your own lives at risk while doing so.

Your country is bankrupt, both financially and morally. Your cities are cesspools of crime, corruption, and gun/drug violence. Detroit is but the first of many who will be declaring bankruptcy thanks to years of mismanagement and abuse for the sake of short term votes.

You threaten the entire globe with a nuclear arsenal that dwarfs anyone else's save Russia's, who haven't threatened an invasion of anybody in a couple of decades.

You support the abuse of the Palestinians by your Israeli "allies", turning a blind eye to decades of human and civil rights abuses and blatant flouting of international law.

I'm sick of the US on the global stage.

I swear, you deserve to have your asses handed to you by a conglomeration of the nations you've abused and mistreated these many years.

And don't give me that "Well, I didn't vote for them" bullshit. You know as well as I do that it's the left and right heads of the same two-headed hydra in power down there. Where are the protests in the street? Where are all the so-called second amendment gun nuts when it matters? Where's the revolution that is so badly needed?

But no, you've got your TV pap and your shitty beer and something that claims to be a hamburger in your hand, so you sit idly by and watch it all unfold without saying a word except on slashdot and facebook.

Hell, even your so-called "justice" system condoned the murder of a 17 year old kid because some gun-toting putz started a fight and ended up losing.

Re: Computer Intrusion (-1)

Anonymous Coward | about a year ago | (#44471993)

We have decent beer. That putz won his fight.

Re:Computer Intrusion (-1)

Anonymous Coward | about a year ago | (#44472009)

Niggers.

Re:Computer Intrusion (-1)

Anonymous Coward | about a year ago | (#44472037)

I suggest to everyone that feels this way to do what our family decided to do.

We use to go to America for our holidays every year and drop about $2K-5K US dollars per trip. We haven't done that in years and probably never will again until the people in America show us that they do not support torture, killing innocent people, execution without trial, etc. etc.

As long as the people of America are happy with their government doing stuff like that we just don't want anything to do with them. Sorry we can't help you - you need to help yourself.

Re: Computer Intrusion (-1)

Anonymous Coward | about a year ago | (#44472051)

Nice rant... it would be a shame if facts got in the way, about Russia not invading anyone...

Re:Computer Intrusion (1)

Anonymous Coward | about a year ago | (#44471755)

Please report to the nearest TSA office and fill out Form H-334a Selection of Orifice. A warrant will be issued shortly. Failure to report will result in further charges.

Re:Computer Intrusion (2)

achbed (97139) | about a year ago | (#44471765)

All these "illegal" acts by a government are only "illegal" within that country. If they target another country, or a citizen of another country, that's called "espionage" and all fallout is handled by the State Department/Foreign Affairs Office or by military action.

Oh, and the punishment for "illegal" acts for the elite (read: government employees and/or corporate executives) is now officially a wrist-slap in a press release, and MAYBE a fine. MAYBE.

Oh, and make sure to say hi to all the nice men in Guantanamo Bay for me. Your door will be knocked down in 3...2...1...

Re:Computer Intrusion (0)

Anonymous Coward | about a year ago | (#44471817)

Don't worry about the fines; they'll be compensated in next years' budget.

Re:Computer Intrusion (2)

gmuslera (3436) | about a year ago | (#44471875)

Maybe you would consider intentionally hosting a child porn site [gizmodo.com] something legal? That happened inside US, after all.

Anyway, lose any hope to find justice in US, you are part of them and then outside law's reach [rollingstone.com] , or you are not, and you can be labeled as terrorist [topinfopost.com] , jailed for decades under any excuse [slashdot.org] , or eliminated [rt.com] if you cause trouble to their protegees.

Re:Computer Intrusion (2)

achbed (97139) | about a year ago | (#44471927)

Actually, you could argue in a court of law that because the original site was not set up by the FBI that the entire operation fell under an "undercover investigation" status, even after the site was compromised. The FBI even had a fairly clean defense against charges of entrapment as well, because they didn't create the site in the first place, and shut it down shortly after acquiring control.

In this case, if looks like the FBI did a similar play - hack an existing site that is used for illegal activity, gather evidence for a short period of time, shut it down and arrest the owners.

What's probably got everyone rankled this time is a combination of (a) misbelief that Tor is unhackable, (b) use of cracking techniques in the furtherance of an FBI investigation (which they do all the time legally btw), and (c) all the news lately about joint NSA/FBI programs to record everything everyone does which is clearly on the wrong side of both liberties and any sense of reasonableness (even if "legal").

Re:Computer Intrusion (0)

Anonymous Coward | about a year ago | (#44472029)

All these "illegal" acts by a government are only "illegal" within that country. If they target another country, or a citizen of another country, that's called "espionage" and all fallout is handled by the State Department/Foreign Affairs Office or by military action.

Oh, and the punishment for "illegal" acts for the elite (read: government employees and/or corporate executives) is now officially a wrist-slap in a press release, and MAYBE a fine. MAYBE.

Oh, and make sure to say hi to all the nice men in Guantanamo Bay for me. Your door will be knocked down in 3...2...1...

Alas! When the govt. uses what would be from their citizens an illegal act, the feds simply call this a reverse sting. so for them NO foul.

Re:Computer Intrusion (5, Insightful)

RoknrolZombie (2504888) | about a year ago | (#44471813)

Computer Intrusion is illegal, and the FBI knows that.

Yup...people have been clamoring for more transparency...perhaps this is that?

So is spying on someone without a warrant, and given that they can't know who they're spying on, I don't see how they could possibly have obtained a warrant for this action.

Agreed - the legislation that's in place has granted them far too much power, far more than most of us feel comfortable with.

I hope the TOR user community sues them. Very roughly. And with extreme prejudice.

That'd be nice, but I doubt it'll happen. It won't happen any faster than voting decency into office will :-/

The US has gotten way too fucking big for it's britches.

I agree - we need to get these douchebags outta office and get someone in office that does their f'ing job!

I used to think maybe there was justification for the anti-terrorism attitude that the US has.

I'm sure that at least some of the people involved believe that they're doing the right thing. Their belief doesn't make it "right" however...they need to stay the f out of my life. If I'm not breaking the law, they've got no business knowing a goddamned thing about me.

I've changed my mind.

My sympathies now lie with those who rise up against these goddamn born-again Nazis in their attempt at world domination.

YES! We need to protest, rise up as one mind, with one purpose, to effect change in our Government! Occupy Wall Street was only the beginning!

You go, Al Queda!

I'm sorry, WHAT?!?!?!

Woah, woah, woah, woah....where in the hell did that come from? Now, I fully agree that we need changes in our Government, and I'm even on board with listening to what revolutionaries have to say, but that's a far damn cry from supporting the murder of innocent citizens and the repression of (plenty) of basic human rights. No, I'm afraid your downmods were your own fault.

Re:Computer Intrusion (3, Interesting)

Anonymous Coward | about a year ago | (#44471877)

You go, Al Queda!

I'm sorry, WHAT?!?!?!

Woah, woah, woah, woah....where in the hell did that come from? Now, I fully agree that we need changes in our Government, and I'm even on board with listening to what revolutionaries have to say, but that's a far damn cry from supporting the murder of innocent citizens and the repression of (plenty) of basic human rights. No, I'm afraid your downmods were your own fault.

I am not that guy, and while I really don't believe Al Queda are good guys or a group to support, I kinda feel like I should support them in some things. For example they recently said they want to break guantanamo. And hey, I fully support them in that. It seems like the right thing to do, pretty extreme but if the government wanted a less extreme option they had plenty of time for it.
The government is really going to make extremist groups be way easier to relate to.

Re:Computer Intrusion (1)

Ardyvee (2447206) | about a year ago | (#44472047)

And easier for the government to get rid of those that don't agree with them by grouping them with terrorist groups. It's so clever it's almost stupidly so, so much that it's quite hard to miss. After all, everyone agrees that we should get rid of terrorists.

Re:Computer Intrusion (1)

Anonymous Coward | about a year ago | (#44471997)

You go, Al Queda!

I'm sorry, WHAT?!?!?!

Woah, woah, woah, woah....where in the hell did that come from? Now, I fully agree that we need changes in our Government, and I'm even on board with listening to what revolutionaries have to say, but that's a far damn cry from supporting the murder of innocent citizens and the repression of (plenty) of basic human rights. No, I'm afraid your downmods were your own fault.

My sentiment exactly. Or to quote The Beatles,

but if you want money for people with minds that hate, all I can tell you is brother you'll have to wait

Re:Occupy wall street is Al Queda (0)

Anonymous Coward | about a year ago | (#44472011)

Anonymousse Leejun and the associated operations are mostly a bunch of kids that get manipulated by Al Quaeda, etc....
Thoses people don't think by themselves.

Re:Computer Intrusion (0)

Anonymous Coward | about a year ago | (#44472045)

I hate to put it this way... but... the enemy of my enemy just may be my friend.

I am friends with soldiers that killed afghani children.
I am friends with hackers that have been monitored or arrested.
I am friends with protestors against taxation and our unending wars.

When the government treats me as an enemy... their enemies become more attractive to me.

I don't care to think of Al Qaeda as a friend... but frankly, there are no civilians in this war.

Your taxes paid for bullets that killed children. So did mine.

Frankly, I don't give two fucks that it wasn't pragmatic, practical, or you had to make the "tough choice" to live unimprisoned.

You funded death and destruction beside me.

If AQ wants to kill some civilians over that, then maybe our civilians should stop subsidizing gunships made to kill them.

So yeah, I'll say it... go Al Qaeda -- at least they don't lie to me about what their intentions are.

The government has declared transparent democratic process their enemy and acted accordingly. They have imprisoned people for chalking signs, and freed cronies who stole billions. They have executed american citizens without a trial, subsidized the rape of children in other nations, and sat and watched while our own embasses were bombed.

They've done a lot of good things to, but they have also singlehandedly caused more harm to my friends, family, and to the world as a whole than any /other/ entity I can name.

Re:Computer Intrusion (1, Insightful)

whoever57 (658626) | about a year ago | (#44471857)

Computer Intrusion is illegal, and the FBI knows that.

Have you not learned from all the stories of computer intrusions that it is only illegal if you are an ordinary person, without access to large amounts of money, or are part of the government?

Re:Computer Intrusion (0)

Anonymous Coward | about a year ago | (#44471863)

i jsut want my govt back...u know, the leave it to beaver type of government, the kind that didn't try to put everyone in prison, even if they didnt do anything.
the police used to wear blue, and be nice, now they all wear black and TRY to arrest you, if they cant, they destroy all you have.
the terrorist are in charge.

al quata didn't exist before the cia made it up

the terrorists are playing both sides.

welcome to the 21st century which hunt

1 question, if that freedom hostive server was in the usa, this is understood. but if it was, WHY!!!! there is nothing free here....

Re:Computer Intrusion (1)

gl4ss (559668) | about a year ago | (#44471865)

you think FBI gives a shit about breaking the law? of course not, american cops regularly take phones of suspects and use them to entrap more suspects, all without a warrant, impersonating some other dude to encourage some other dude to perform a crime is normal operating procedure - and indeed keeping the pedo servers running when they could have shut them down seems to be normal operating procedure as well! guess how many countries legal system actually allows for that, for cops to sell drugs and guns to criminals?

explains why the american jails and prisons are filled to the brim though and why there's a non-voting underclass that is growing daily. it's the new segregation.

anyhow, don't "resume" normal browsing if browsing with tor.

what's a joke about the tracking is that they don't actually know if the tracked ip they get is coming from tor nodes or from the people browsing the busted sites and these ip's intersect(I'm not sure if the default is to act as an exit node as well and are they just going to start busting up tor exit nodes and then later going "our bad" when they can't pin anything? fear tactics to shut down tor?)

Re:Computer Intrusion (0)

Anonymous Coward | about a year ago | (#44471885)

I hope the TOR user community sues them. Very roughly. And with extreme prejudice.

State Sovereign immunity. They'll be laughed out of court.

Re:Computer Intrusion (1, Insightful)

sociocapitalist (2471722) | about a year ago | (#44471969)

Computer Intrusion is illegal, and the FBI knows that.

So is spying on someone without a warrant, and given that they can't know who they're spying on, I don't see how they could possibly have obtained a warrant for this action.

I hope the TOR user community sues them. Very roughly. And with extreme prejudice.

The US has gotten way too fucking big for it's britches.

I used to think maybe there was justification for the anti-terrorism attitude that the US has.

I've changed my mind.

My sympathies now lie with those who rise up against these goddamn born-again Nazis in their attempt at world domination.

You go, Al Queda!

Regardless of how poorly the US government behaves it does not justify supporting Al Qaeda or their tactics which are largely against civilians.

If you want to declaim the US government go right ahead - but in this case the enemy of your enemy is still fucking crazy and should not be supported regardless.

Re:Computer Intrusion (1)

Dunbal (464142) | about a year ago | (#44472033)

But it's not a coup if we don't call it a coup, and it's not really spying if we're not actually spying. The program is doing the spying... The US government is getting more brazen by the day when it breaks its own laws.

Did I read that right? (1)

djupedal (584558) | about a year ago | (#44471725)

"Any users accessing a Freedom Hosting hosted site since 8/2 with javascript enabled are potentially compromised."


That would include all the FBI computers used to deliver the poison, then?

Re:Did I read that right? (1)

elysiuan (762931) | about a year ago | (#44471753)

Probably not but the analysis of the malware is still on-going. Hence 'potentially'. Regardless I think it's safe to assume any thing traced back to FBI lab computers are probably not high on the list of actionable items.

Re:Did I read that right? (2)

ColdWetDog (752185) | about a year ago | (#44471881)

"Any users accessing a Freedom Hosting hosted site since 8/2 with javascript enabled are potentially compromised."

That would include all the FBI computers used to deliver the poison, then?

Nah, they're probably using IE 6. Still.

Re:Did I read that right? (1)

gmuslera (3436) | about a year ago | (#44471883)

You should had to be running Firefox 17 on windows afaik (that was the version included by the Tor Bundle). Anyway, running a browser in a disposable linux container [docker.io] should be more or less safe between sessions.

Re:Did I read that right? (4, Informative)

Skuto (171945) | about a year ago | (#44471895)

You should had to be running Firefox 17 on windows afaik (that was the version included by the Tor Bundle).

You had be running the specific, modified Firefox version that's shipped with Tor.

Mozilla's Firefox 17 (ESR) has been patched for this vulnerability. (i.e. it's not a real 0-day)

Re:Did I read that right? (2)

viperidaenz (2515578) | about a year ago | (#44471919)

Firefox 17.0.7 is still the latest in the ESR update channel.

Tips for Tor (5, Informative)

Meditato (1613545) | about a year ago | (#44471733)

Put your Tor client in a Secure Linux VM, so none of your hardware information can be exposed. Go to https://check.torproject.org/ [torproject.org] to check if Tor is working, and make sure NoScript or something similar is enabled.

Re:Tips for Tor (2)

CRCulver (715279) | about a year ago | (#44471761)

make sure NoScript or something similar is enabled.

If a server for which you need to enable Javascript has been compromised, NoScript is no help at all.

Re: Tips for Tor (0)

Anonymous Coward | about a year ago | (#44471763)

"...make sure NoScript or something similar is enabled"

Yes. If you are using Tor with javascript enabled you are doing it wrong

Re: Tips for Tor (0)

Anonymous Coward | about a year ago | (#44471801)

Actually there is a good reason they have it enabled. A great number of people use tor to actually browse the web and not just hidden services. many sites on the web need javascript thus a great number of people (probably a big majority) will have javascript enabled. To try and make it harder to fingerprint a user based on what his browser settings, they have it enabled by default.

Re: Tips for Tor (2)

achbed (97139) | about a year ago | (#44471825)

...and if you're using the same browser for TOR and unsecure web, you're doing it wrong.

Re: Tips for Tor (0)

Anonymous Coward | about a year ago | (#44471957)

yes but noscript alows you to chose wich websites get to run scripts, which will drasticly reduce the risk even if you enable some

Re:Tips for Tor (5, Informative)

Cynops (635428) | about a year ago | (#44471773)

Or use Tails, a Linux distro specifically designed for paranoia. You burn it on a CD (or USB stick) and boot from it into a Linux desktop environment specially crafted for privacy and security. All internet traffic is routed through Tor (sic), so after rebooting you should be fine.

Re:Tips for Tor (2, Informative)

Anonymous Coward | about a year ago | (#44471847)

Tails have Javascript enabled, so would be insecure. Wait for the next update.

Re:Tips for Tor (1)

Splab (574204) | about a year ago | (#44471921)

Just a little gotcha with Tails - they have for some reason decided to enable Javascript; one does wonder if they have done so to help FBI?

Re:Tips for Tor (1)

mrmeval (662166) | about a year ago | (#44471959)

That can still expose a signature of the hardware. If you do pick up some malware your hard drive is still available unless you've unplugged it or encrypted it. I'll stick with the VM solution.

Re:Tips for Tor (2)

aliquis (678370) | about a year ago | (#44472053)

... and then log into your gmail account, twitter, facebook, ebay, paypal and so on through said desktop environment and tor.. Because like.. secure!

No defcon? (5, Funny)

Anonymous Coward | about a year ago | (#44471741)

Should have invited the feds to defcon after all. Seems they got bored this weekend.

it's now just a matter of days (0)

ka9dgx (72702) | about a year ago | (#44471743)

This tells me (along with the heightened "terror alert" level) that we're about to find out why the TSA has been buying up all the bullets. WW3 any day now.

Re:it's now just a matter of days (1)

RoknrolZombie (2504888) | about a year ago | (#44471821)

I hadn't heard this - something in the news?

Re:it's now just a matter of days (1)

ka9dgx (72702) | about a year ago | (#44471985)

The Feds are shutting down the last bastions of free speech, have crippled the 2nd amendment by buying up all the ammo, have closed all our embassies in the Islamic parts of the world... it's just a question of time, in my mind, until we once again go to war for the petrodollar.

Wowsers (0, Insightful)

Anonymous Coward | about a year ago | (#44471747)

I know I should be getting all upset about privacy and quoting 1984 and saying things like "slippery slope".. but I'm just too damned impressed.

I mean I think most people assumed _someone_ was trying to or had broken "the tor problem", but this is pretty damn epic, and this is one of those rare times when I actually believe they really are trying to protect the children.

Re:Wowsers (0)

Anonymous Coward | about a year ago | (#44471815)

and this is one of those rare times when I actually believe they really are trying to protect the children.

Why would you believe that? Furthermore, even if they are, is tossing privacy out the window to apprehend various bogeymen truly wise?

Re:Wowsers (2)

gmuslera (3436) | about a year ago | (#44471911)

They want to protect the children as much as they chasing terrorist, capture some people that sell/use drugs or catch (not very big) tax evaders, They will use those "wars" to show some results, but their main target is still the US population, the only ones capable to take them out of power.

line of beaters (2, Insightful)

Anonymous Coward | about a year ago | (#44471751)

So the FBI, with no particular target in mind, are using the Tor network as a line of beaters in the bush scaring out any kind of animal and hopefully only shooting the ones they are trying to find. Meanwhile, every animal is scared out of it's normal activities until the beaters have passed.

Yeah, that's not intrusive at all. No privacy compromised for anyone. And all it takes is the FBI actually infecting the Tor network with their own malware. Thank heavens they're the good guys. Oh, wait, the good guys wouldn't intentionally infect computers and networks, would they?

Re:line of beaters (1)

achbed (97139) | about a year ago | (#44471879)

Wow, people don't read. Tor was not infected. One particular hosting provider was infected for a short while (in order to gather evidence), and then was taken down and the owner arrested. I would expect that Silk Road is probably under the same kind of attack right now and has been for quite some time.

I kind of want to be angry but.. (1, Insightful)

Anonymous Coward | about a year ago | (#44471767)

The "I don't like the government monitoring me" part of me objects to this, but the "Find every pedo and kill them slowly" part of me is currently winning out, because lets face it for every legitimate user of TOR, there was about 200 pedo's.

Re:I kind of want to be angry but.. (1)

Anonymous Coward | about a year ago | (#44471803)

Pretty much this.

One of the few times when law enforcement has claimed they did something to protect the children and I actually believe them.

Re:I kind of want to be angry but.. (5, Insightful)

cheekyjohnson (1873388) | about a year ago | (#44471829)

The "I don't like the government monitoring me" part of me objects to this, but the "Find every pedo and kill them slowly" part of me is currently winning out

You're part of the problem. Have fun getting groped at airports.

Re:I kind of want to be angry but.. (2)

cheekyjohnson (1873388) | about a year ago | (#44471835)

With that said, why would you want to kill pedophiles? Not every pedophile is a child molester (nor is a child molester necessarily a pedophile), and not every pedophile even looks at child pornography.

Re:I kind of want to be angry but.. (2)

pipatron (966506) | about a year ago | (#44471949)

I think I've read research showing that even most child molesters are not pedophiles. Also, I don't think it's technically illegal to be a pedophile in any country, but since sharing child pornography is illegal it's irrelevant if the perpetrator is a pedophile, child molester, or just some random guy.

Re:I kind of want to be angry but.. (5, Insightful)

achbed (97139) | about a year ago | (#44471971)

I love hearing cases where the law makes no sense. A 16-year-old and his 16-year-old girlfriend have sex. Statutory rape charges are brought against the boyfriend, but are dismissed because the laws state that you have to be 18 to be charged. The girlfriend records it on her phone, and send a copy to the boyfriend. She gets charged with production of child porn, and he gets charged with having it. Welcome to the new world order.

Re:I kind of want to be angry but.. (1)

pipatron (966506) | about a year ago | (#44471989)

Images and videos of child abuse are a very small part of Tor. Most of the traffic consists of ordinary adult pornography.

You have to understand that if you want to peddle child pornography, Tor is a lousy place due to the slow speeds. Far better to buy time on some russian anonymous proxy.

Re:I kind of want to be angry but.. (1)

slashmon (3007991) | about a year ago | (#44472007)

Pedophilia is a sexual preference that is as unchangeable as hetero or homo-sexuality. Actually practicing it sexually with a child is illegal, yes. But most with pedophilia are non-practicing and hurt no one. That is the real story you don't see on tv. Pedophile does not equal child molester. This is starting to become better known. http://www.commonatheist.com/ped.htm [commonatheist.com] [commonatheist.com]

8/2 (1)

Anonymous Coward | about a year ago | (#44471769)

What does 8/2 mean? August 2d or 8th of February?

Kind of ambiguous...

Re:8/2 (2)

elysiuan (762931) | about a year ago | (#44471793)

My fault, at least August 2nd. Potentially longer.

This has to be illegal (5, Insightful)

coder111 (912060) | about a year ago | (#44471771)

I wonder about the legality of FBI's action here. Ok, I guess they have some kind of search order/wiretap order for "investigating pedophiles" against one specific site, but what about collateral damage? I mean they shut down an email service used by normal people as well. They did track and spy on activities on normal law abiding citizens. Did they effectively break into a big number of law abiding citizen's machines against whom no search or writetap orders were issued?

Or can FBI hack anyone at will without any legal oversight? I don't remember getting the memo where such behaviour from a government agency is legal.

Well I guess we can stop pretending we live in a law-abiding democratic world. It's an oligarchy run by the banks, the rich, lobyists and professional politicans, and scew everyone else...

--Coder

Re:This has to be illegal (0)

Anonymous Coward | about a year ago | (#44471851)

Didn't you get the memo that legal is really just something you have to work around?

Personally, I get the feeling they are going to try and use this case to set a precedent. If they find FH guilty of aiding in CP distribution, they can find google guilty if they want to. FH didn't know who hosted wat, thats how they were set up to be. Its really the same as taking down facebook because somebody put CP on their server. They probably couldn't know but are still guilty for hosting it. So if they win this case, they are going to have some leverage against plenty of sites. And it gonna be hard to defend FH to the average judge.

Re:This has to be illegal (1)

achbed (97139) | about a year ago | (#44471983)

Didn't you get the memo that legal is really just something you have to work around?

The FISA court can neither confirm nor deny the existence of such a memo, nor the contents of any such memo even if it existed. So, here's a selection of 100% black redacted pages that may or may not have anything to do with said memo.

(see 100 page attachment with all-black pages)

Re:This has to be illegal (1)

Anonymous Coward | about a year ago | (#44471887)

If you think the FBI is the only entity who has access to the goings on of TOR, change the type of weed you smoke.

It wouldn't be surprising to find good ol' China owning various nodes, perhaps an exit node or two, and using font order and such (Try EFF's Panopticlick -- even with Flash and JS off, it can still ID machines by many other ways.

The FBI is an easy punching bag -- /. is getting a lot of eyeballs and clicks (thus revenue) for the anti-US hate mongering, but there are a lot of countries far better in the espionage department that have their hooks into TOR. They just tend to actively seek out and destroy people selling top secret documents for cash (and their families) as opposed to just saber rattling.

Re:This has to be illegal (0)

Anonymous Coward | about a year ago | (#44471897)

Well I guess we can stop pretending we live in a law-abiding democratic world.

Why would anyone pretend that that's the case to begin with? The FBI did all sorts of 'evil' things in the past (e.g. harassing war protestors and civil rights activists).

Re:This has to be illegal (1)

sociocapitalist (2471722) | about a year ago | (#44471925)

I wonder about the legality of FBI's action here. Ok, I guess they have some kind of search order/wiretap order for "investigating pedophiles" against one specific site, but what about collateral damage? I mean they shut down an email service used by normal people as well. They did track and spy on activities on normal law abiding citizens. Did they effectively break into a big number of law abiding citizen's machines against whom no search or writetap orders were issued?

Or can FBI hack anyone at will without any legal oversight? I don't remember getting the memo where such behaviour from a government agency is legal.

Well I guess we can stop pretending we live in a law-abiding democratic world. It's an oligarchy run by the banks, the rich, lobyists and professional politicans, and scew everyone else...

--Coder

It's only important that it's illegal if if:
  - a) they get caught
  - b) you can prove it
  - c) you can do something about it
  - d) what you can do about it is enough to make any substantial difference

Cybercrime: Legal, but only if you're The Law (5, Insightful)

girlintraining (1395911) | about a year ago | (#44471789)

So basically, if you're legally accessing a website while browsing with Tor, making use of legal services in a legal fashion... the FBI will install a wiretap on your computer, without a warrant, in order to monitor all your activities, on the off chance that you might be up to no good. This is rather like walking out into rush hour traffic, pointing at random cars, and saying "Search that car! We know terrorists use cars, so let's start searching them all."

Dear FBI,

Fuck you. That's a terrorist's mentality. You're worse than the lowly pieces of shit you hunt, because we expected you to uphold principles of integrity, honor, and those other words you got plastered on your slimy logo that used to mean something. You are, in fact, worse than a terrorist: You're a corrupt law enforcement organization with a bigger budget than any terrorist organization out there, and you are doing more harm to this country than catching a hundred Bin Ladens could accomplish.

-_- The internet is a global and international community and you need to show some restraint, otherwise you're going to create large amounts of resentment and anger throughout the world. No wait: You already have created this. You are endangering the infrastructure and the people you are oath-bound to protect with your actions. I don't give a flying fuck through a rolling doughnut what authority or law you think gives you the right to act in this fashion... you're a public menace. You're just giving everyone who doesn't like this country piles of ammunition and sympathy from the general public that can be used to attack MY country.

Knock it the fuck off. Now.

Re:Cybercrime: Legal, but only if you're The Law (1)

Anonymous Coward | about a year ago | (#44471935)

That's a terrorist's mentality.

Strictly speaking, I don't think that is a terrorist's mentality. From your car analogy, the FBI seems to be hoping we won't care that our rights are violated, a terrorist would hope that we would care. The methods are similar, which indicates incompetency on the part of the FBI (yes, if you were really good at the job you claim to perform, you wouldn't have needed to do this), but I don't think comparing their objectives is accurate.

I'm not saying this to disagree with OP's rant, just to point out an easily-correctable issue.

Idiots (0, Interesting)

Anonymous Coward | about a year ago | (#44471791)

Wait, wait, wait, woah, woah woah. Are you serious?

No, really, I'm not believing what I'm reading here. Is this REALLY serious?

People actually, seriously believed Tor was some sort of privacy magic bullet? A network where anyone can host an exit node, nobody knows who those exit nodes are, and there's no control on what happens at those exit nodes, and this is all by DESIGN, and people somehow thought this was impervious to surveillance and thoroughly uncompromisable? REALLY? What, did everyone just think that the government wasn't allowed to use publicly-available network services or something?

No wonder the government's getting away with everything. When people who claim to be privacy nuts are such godawfully fucktarded morons to fall for this, I guess we're pretty well doomed on that front. Wait, I've got it! Someone else suggest a private browsing mechanism over public channels! I'm SURE it'll work this time! I don't know how, but if we just keep throwing the words "anonymized" and "encrypted" in it over and over again and post about it on Slashdot, it's sure to work! Yeah!

Idiots.

Re:Idiots (2)

elysiuan (762931) | about a year ago | (#44471807)

Exit nodes weren't involved in this since it's an attack against hidden services whose traffic by definition remains within the TOR network. It's not really an attack on TOR, it was an attack on the server software Freedom Hosting was running and clueless/idiot TOR users with javascript enabled and other unsafe TOR habits.

Totally agree with you on people thing that TOR is some anonymity panacea is shortsighted.

Re:Idiots (1)

pipatron (966506) | about a year ago | (#44472039)

When people who claim to be privacy nuts are such godawfully fucktarded morons to fall for this, I guess we're pretty well doomed on that front.

Do you really believe that everyone using Tor are identical clones? Maybe the fraction of users they got with this method were not self-proclaimed privacy nuts? Maybe these are the same people who fall for Nigeria scams, or vote for "the lesser of two evils" instead of voting for someone who they really like to rule the nation?

slavery and death by a thousand cuts (4, Insightful)

Kevin Fishburne (1296859) | about a year ago | (#44471819)

I'm starting to wish governments would just get it over with and declare a permanent state of emergency. A different arm band for each person's assessed threat level, embedded RFID with skin tattoo for redundancy and mandatory iris, DNA and fingerprint sampling for all citizens. Upgrade traffic cameras with RFID readers and facial recognition software, require RFID and cellular GPS transponders on all automobiles and motorcycles and perform mandatory searches of persons and vehicles for any traffic stop. Nationalizing all ISPs, search engines, telco providers and banks would also be a smart move. Frankly I'm disappointed the government is taking this long. Guess that's democracy for ya.

Good news then, (1)

arcite (661011) | about a year ago | (#44471905)

We're half way there.

Re:slavery and death by a thousand cuts (0)

Anonymous Coward | about a year ago | (#44471973)

Insert "how to boil a frog" here, and that pretty much covers it.

Wait, hang on ... (0)

Anonymous Coward | about a year ago | (#44471837)

People browse TOR with Javascript enabled?!? And use the same browser for non-TOR and TOR browsing?!? They fk'n deserve to get busted. Fk'n Retards.

Firefox 17?!? (0)

Anonymous Coward | about a year ago | (#44471839)

How old is it?

Re: Firefox 17?!? (1)

Skuto (171945) | about a year ago | (#44471871)

Tor ships their own, modified version of Firefox. I guess that's why it's ancient. The exploit they used doesn't exist in Mozilla's version as that has been patched for it a while ago.

Re: Firefox 17?!? (2)

Agent ME (1411269) | about a year ago | (#44472017)

Firefox 17 is Mozilla's Extended Support Release. I believe the 17.0.x branch still gets minor updates. The articles are vague about the zeroday and whether they affect the latest of that line (17.0.7, which is in the Tor Browser Bundle).

Be smarter (5, Interesting)

Anonymous Coward | about a year ago | (#44471889)

First of all, use Whonix [whonix.org] to access Tor, never the same browser you use for any other purpose.
 
Second, use Firefox with a JonDoFox profile [anonymous-...ervers.net] which is not included in Whonix Workstation by default.
 
Third, go to ip-check.info [ip-check.info] and run the test on your browser. Everything should be green or yellow at the worst. If you see anything in red, fix it before you go to any questionable site. Finally, make sure you don't have any DNS Leaks in your host OS by running this test [dnsleaktest.com] also from your regular host browser. Don't use or trust DNS from your ISP.
 
If you want to be extra-cautious, run the Whonix Gateway after you establish a VPN connection. Choose an offshore provider that has multi-hop technology to avoid traffic analysis. I'm using iVPN [ivpn.net] who is located in Malta.

Only sort of offtopic (5, Insightful)

wjcofkc (964165) | about a year ago | (#44471951)

Yesterday I made a posting on CNN regarding the story about the heightened terrorist threat alert. While it covers a different subject, I could re-write it to fit this situation, but I think the slashdot crowd will get my drift, here is a direct copy\paste:

I do not know who to trust or what to think anymore. If this threat is real or not, I imagine we are intended to suppose that it was the US governments blanket surveillance of the world, including domestic spying that tipped them off. On the other hand, the timing is such (Snowden/Manning) that for all I know they made the whole thing up to better justify government wrongdoing in the eyes of the people. Or perhaps al Qaeda made the whole thing up just to see if they can manipulate the movements of our government by taking advantage of info gathering with a campaign of false intel. I don't know who to trust or what to think anymore, with the exception that I know I don't trust my own government. They have proven themselves manipulative liars.

What does this have to do with Bitcoin? (3, Insightful)

Agent ME (1411269) | about a year ago | (#44471999)

I don't see how this affects Bitcoin at all. It's not an exploit of Bitcoin. Bitcoin isn't dependent on any onion sites, "Freedom Hosting", or Tor. The Silk Road are not the only users of Bitcoin.

Surprised? Sadly not. (1)

gallondr00nk (868673) | about a year ago | (#44472019)

It goes without saying that if the US government is so paranoid and afraid that it'll tap your god damn Facebook profile, then it is going to be hell bent on trying to get at Darknets, anonymising services and Tor.

Abuse of power comes as no surprise.

We all have instances where we fall back... (1, Interesting)

SocietyoftheFist (316444) | about a year ago | (#44472035)

against our "stout" principles. I'm a libertarian leaning type of guy, that said... I abhor child abuse and especially child sexual abuse, it should be an automatic death sentence, so if they got even one fucking child rapist, I somehow find myself turning a blind eye to this obvious subversion of personal rights.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>