On Tue, 2013-10-08 at 05:22 -0300, Juan Garofalo wrote:
That is possible, but is there evidence of that actually happening, in the case of freedom hosting?
Hadn't fh been running for a couple of years, like silk road? (or more?) - If fh's security was so lousy the so called authorities should have got him (way) sooner?
The Wired articles mention that the FBI and the operator "struggled for control of the servers" by changing passwords on each other. You're ignoring the fact that once a server is exploited, it's an unbounded road from there to actionable, convictable evidence. Suppose the Freedom Hosting operator only ever logged in via SSH over another hidden service endpoint. How would the FBI find him? What if the servers they compromised were VMs with traffic forced through Tor? What if they were some other crazy configuration dreamed up by someone hosting a hidden service hosting service? For DPR, we know he got lazy, and more than that, that he was extremely sloppy. I'd bet that the Freedom Hosting guy was a similar situation. There are plenty of illegal *websites* that haven't been busted yet. -- Sent from Ubuntu