On Mar 7, 2017, at 5:55 PM, juan <juan.g71@gmail.com> wrote:
On Tue, 7 Mar 2017 12:24:29 -0500 Steve Kinney <admin@pilobilus.net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
1) An as-yet undetected and unpatched vulnerability affecting Firefox and/or the TOR router was used - and the defense team knows it.
That seems a plausible explanation to me. Web 'standards' and web browsers are poorly designed pieces of bloatware and thus full of holes.
However, I think there's a more interesting issue at hand.
One would expect the creators of the tor cyberweapon to do some sort of 'quality control' no? So if they were actually interested in providing security for their users, it would be TRIVIAL for them to constantly monitor a site like the one that was allegedly hacked, and so get a copy of whatever malware was allegedly served. But it seems that they did not such thing.
The tor project should be monitoring and protecting 'high value' 'targets' like those that carry so called 'child pornography' but of course they do no such thing. Because they are on the pentagon's payroll.
2) The defendant may have traded some information or cooperation, or may have an "insurance file" with enough evidence to convict someone at FBI or DOJ of his same charges or worse.
3) The FBI decided to pick one suspect to kick loose with a bogus story indicating an as-yet undetected and unpatched vulnerability, for propaganda purposes.
Not sure about those two. Another explanation could be this :
there wasn't any malware served, and the users of the site were identified using plain old traffic analysis. That's certainly something that both the government AND the tor mafia would like to sweep under the rug.
I think that might be very likely. How many times has the tor project publicly acknowledged attacks involving ephemeral setup of large number of tor nodes for purpose of attack? Would NSA even need to own any nodes considering how many different places they have taps into the internet? I don't think so.
The fog of physical war is hard enough to see through, but with network warfare that fog is hiding... more fog.
Hehe, indeed.
:o/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJYvuzMAAoJEECU6c5XzmuqqdYH+wQAyPNymKAPOaIkXF/Y3A7V Ri1rA6XXvxNx6aISrc8yG3xKfqRocGRKmXprRUE7nLrXt92soLSZB5x2Zze3epCn 4wrOFA+Cno3Ig+S1cgmlwf8c59TfYHXRU2S5iUnO7PyRKoG/6VQzMo2PZeglcmQ3 8P31AMl9Za6Hct/rlc84pLBvEHwLQX4Zy2dyrpoLJMKM2jAV4Rwrr4pIXtNjobY/ KxsX3MLyau/BbDNPI/Ev8v5en3lgzYjhu2OUMrsH8cAwmyooZCxnSvyZETQmAm5F CPcOHuRPUK/8TnEROMny6NDaUC+eRbPQJEWhpgJ41DsSy3S3Qf01lsJ0wM52zC4= =2Nz6 -----END PGP SIGNATURE-----