If this doesn't define what TOR really is, what does?

bbrewer

7 Mar 2017 7 Mar '17

1:20 a.m.

http://www.ibtimes.co.uk/playpen-us-doj-drops-child-porn-case-against-jay-mi... "The US Department of Justice (DoJ) has decided to drop its case against Jay Michaud, accused of accessing the notorious and now defunct dark web child pornography website Playpen, instead of sharing the classified technology used to locate thousands of suspects visiting the site."

Show replies by date

juan

7 Mar 7 Mar

1:40 a.m.

On Mon, 6 Mar 2017 20:20:12 -0500 bbrewer wrote:

...

Re: If this doesn't define what TOR really is, what does?

What do you mean? At any rate, it's hard to believe that no one has a copy of the alleged malware...

...

http://www.ibtimes.co.uk/playpen-us-doj-drops-child-porn-case-against-jay-mi...

"The US Department of Justice (DoJ) has decided to drop its case against Jay Michaud, accused of accessing the notorious and now defunct dark web child pornography website Playpen, instead of sharing the classified technology used to locate thousands of suspects visiting the site."

Steve Kinney

5:24 p.m.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/06/2017 08:40 PM, juan wrote:

...

On Mon, 6 Mar 2017 20:20:12 -0500 bbrewer wrote:

...
Re: If this doesn't define what TOR really is, what does?

What do you mean?

At any rate, it's hard to believe that no one has a copy of the alleged malware...

So whatever they are hiding is probably not this: http://resources.infosecinstitute.com/fbi-tor-exploit/ "The FBI used a vulnerability in Firefox 17, on which the Tor browser is based, to turn Freedom Hosting sites into malware spreading tracker tools. It all works on the Firefox 17 JavaScript Zero Day Exploit; this malicious script is a tiny Windows executable hidden variable named “Magneto” which looks for victim’s MAC address and its hostname and sends it back as a HTTP web request to the Virginia server to expose the user’s real IP address. The FBI successfully gained access to the Freedom Hosting server and injected malicious HTML code, which checks whether the user’s browser is Firefox 17 or not." Which raises the question, what ARE they hiding? Some options, in no particular order... 1) An as-yet undetected and unpatched vulnerability affecting Firefox and/or the TOR router was used - and the defense team knows it. 2) The defendant may have traded some information or cooperation, or may have an "insurance file" with enough evidence to convict someone at FBI or DOJ of his same charges or worse. 3) The FBI decided to pick one suspect to kick loose with a bogus story indicating an as-yet undetected and unpatched vulnerability, for propaganda purposes. The fog of physical war is hard enough to see through, but with network warfare that fog is hiding... more fog. :o/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJYvuzMAAoJEECU6c5XzmuqqdYH+wQAyPNymKAPOaIkXF/Y3A7V Ri1rA6XXvxNx6aISrc8yG3xKfqRocGRKmXprRUE7nLrXt92soLSZB5x2Zze3epCn 4wrOFA+Cno3Ig+S1cgmlwf8c59TfYHXRU2S5iUnO7PyRKoG/6VQzMo2PZeglcmQ3 8P31AMl9Za6Hct/rlc84pLBvEHwLQX4Zy2dyrpoLJMKM2jAV4Rwrr4pIXtNjobY/ KxsX3MLyau/BbDNPI/Ev8v5en3lgzYjhu2OUMrsH8cAwmyooZCxnSvyZETQmAm5F CPcOHuRPUK/8TnEROMny6NDaUC+eRbPQJEWhpgJ41DsSy3S3Qf01lsJ0wM52zC4= =2Nz6 -----END PGP SIGNATURE-----

juan

10:55 p.m.

On Tue, 7 Mar 2017 12:24:29 -0500 Steve Kinney wrote:

...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

...

1) An as-yet undetected and unpatched vulnerability affecting Firefox and/or the TOR router was used - and the defense team knows it.

That seems a plausible explanation to me. Web 'standards' and web browsers are poorly designed pieces of bloatware and thus full of holes. However, I think there's a more interesting issue at hand. One would expect the creators of the tor cyberweapon to do some sort of 'quality control' no? So if they were actually interested in providing security for their users, it would be TRIVIAL for them to constantly monitor a site like the one that was allegedly hacked, and so get a copy of whatever malware was allegedly served. But it seems that they did not such thing. The tor project should be monitoring and protecting 'high value' 'targets' like those that carry so called 'child pornography' but of course they do no such thing. Because they are on the pentagon's payroll.

...

2) The defendant may have traded some information or cooperation, or may have an "insurance file" with enough evidence to convict someone at FBI or DOJ of his same charges or worse.

3) The FBI decided to pick one suspect to kick loose with a bogus story indicating an as-yet undetected and unpatched vulnerability, for propaganda purposes.

Not sure about those two. Another explanation could be this : there wasn't any malware served, and the users of the site were identified using plain old traffic analysis. That's certainly something that both the government AND the tor mafia would like to sweep under the rug.

...

The fog of physical war is hard enough to see through, but with network warfare that fog is hiding... more fog.

Hehe, indeed.

...

:o/

-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJYvuzMAAoJEECU6c5XzmuqqdYH+wQAyPNymKAPOaIkXF/Y3A7V Ri1rA6XXvxNx6aISrc8yG3xKfqRocGRKmXprRUE7nLrXt92soLSZB5x2Zze3epCn 4wrOFA+Cno3Ig+S1cgmlwf8c59TfYHXRU2S5iUnO7PyRKoG/6VQzMo2PZeglcmQ3 8P31AMl9Za6Hct/rlc84pLBvEHwLQX4Zy2dyrpoLJMKM2jAV4Rwrr4pIXtNjobY/ KxsX3MLyau/BbDNPI/Ev8v5en3lgzYjhu2OUMrsH8cAwmyooZCxnSvyZETQmAm5F CPcOHuRPUK/8TnEROMny6NDaUC+eRbPQJEWhpgJ41DsSy3S3Qf01lsJ0wM52zC4= =2Nz6 -----END PGP SIGNATURE-----

John Newman

11:27 p.m.

...

On Mar 7, 2017, at 5:55 PM, juan wrote:

On Tue, 7 Mar 2017 12:24:29 -0500 Steve Kinney wrote:

...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

...
1) An as-yet undetected and unpatched vulnerability affecting Firefox and/or the TOR router was used - and the defense team knows it.

That seems a plausible explanation to me. Web 'standards' and web browsers are poorly designed pieces of bloatware and thus full of holes.

However, I think there's a more interesting issue at hand.

One would expect the creators of the tor cyberweapon to do some sort of 'quality control' no? So if they were actually interested in providing security for their users, it would be TRIVIAL for them to constantly monitor a site like the one that was allegedly hacked, and so get a copy of whatever malware was allegedly served. But it seems that they did not such thing.

The tor project should be monitoring and protecting 'high value' 'targets' like those that carry so called 'child pornography' but of course they do no such thing. Because they are on the pentagon's payroll.

...
2) The defendant may have traded some information or cooperation, or may have an "insurance file" with enough evidence to convict someone at FBI or DOJ of his same charges or worse.

3) The FBI decided to pick one suspect to kick loose with a bogus story indicating an as-yet undetected and unpatched vulnerability, for propaganda purposes.

Not sure about those two. Another explanation could be this :

there wasn't any malware served, and the users of the site were identified using plain old traffic analysis. That's certainly something that both the government AND the tor mafia would like to sweep under the rug.

I think that might be very likely. How many times has the tor project publicly acknowledged attacks involving ephemeral setup of large number of tor nodes for purpose of attack? Would NSA even need to own any nodes considering how many different places they have taps into the internet? I don't think so.

...

...
The fog of physical war is hard enough to see through, but with network warfare that fog is hiding... more fog.

Hehe, indeed.

...
:o/

-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJYvuzMAAoJEECU6c5XzmuqqdYH+wQAyPNymKAPOaIkXF/Y3A7V Ri1rA6XXvxNx6aISrc8yG3xKfqRocGRKmXprRUE7nLrXt92soLSZB5x2Zze3epCn 4wrOFA+Cno3Ig+S1cgmlwf8c59TfYHXRU2S5iUnO7PyRKoG/6VQzMo2PZeglcmQ3 8P31AMl9Za6Hct/rlc84pLBvEHwLQX4Zy2dyrpoLJMKM2jAV4Rwrr4pIXtNjobY/ KxsX3MLyau/BbDNPI/Ev8v5en3lgzYjhu2OUMrsH8cAwmyooZCxnSvyZETQmAm5F CPcOHuRPUK/8TnEROMny6NDaUC+eRbPQJEWhpgJ41DsSy3S3Qf01lsJ0wM52zC4= =2Nz6 -----END PGP SIGNATURE-----

Steve Kinney

8 Mar 8 Mar

5:37 a.m.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/07/2017 06:27 PM, John Newman wrote:

...

...
...
Not sure about those two. Another explanation could be this :

there wasn't any malware served, and the users of the site were identified using plain old traffic analysis. That's certainly something that both the government AND the tor mafia would like to sweep under the rug.

...
I think that might be very likely. How many times has the tor project publicly acknowledged attacks involving ephemeral setup of large number of tor nodes for purpose of attack?

...
Would NSA even need to own any nodes considering how many different places they have taps into the internet? I don't think so.

Sounds reasonable if NSA was involved: But this show was billed as an FBI production, and I don't think the NSA ventures into law enforcement territory. The narrative presented by the FBI, including the use of an exploit against Firefox + Microsoft sounded plausible to me at the time. :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJYv5iJAAoJEECU6c5Xzmuq1lcIALirvX7yZ10VI8sbQNyjrPLI hcXa4kiQF4yvzGZMLYaXGCVHU8VJ2J0qE0YBr/vG5K0Z1LjiwMuPxNUgg3worx9n NXRMWO5LaF/4F5b6nQPuqlt/fpizKMpr3WTuhLTz2FkR+rMonlCVFm3QdsQ9dvwJ haZ/UwetKzJNxJfFDQNCKobtknZyfs05hUvcdWMLefiZeOXD9duNmk8PUNBwJy4I +Y+467G9BKDrs5AUQVe4rKBWoG4xI8ewB7Ks1oHjWueAhZ9vGyaTWx7dvRl/iOqK RU7UplXG8H72BwFQDABbxPRpgli+zc4NKAH1WlOk00rKXWzfDKZ4gSCuJ7uC/Do= =B6WC -----END PGP SIGNATURE-----

juan

6:06 a.m.

On Wed, 8 Mar 2017 00:37:13 -0500 Steve Kinney wrote:

...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On 03/07/2017 06:27 PM, John Newman wrote:

...
...
...
Not sure about those two. Another explanation could be this :

there wasn't any malware served, and the users of the site were identified using plain old traffic analysis. That's certainly something that both the government AND the tor mafia would like to sweep under the rug.

...
I think that might be very likely. How many times has the tor project publicly acknowledged attacks involving ephemeral setup of large number of tor nodes for purpose of attack?

...
Would NSA even need to own any nodes considering how many different places they have taps into the internet? I don't think so.

Sounds reasonable if NSA was involved: But this show was billed as an FBI production, and I don't think the NSA ventures into law enforcement territory.

well, this isn't exactly news... https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intelligence-launderi... or was your remark sarcastic? =P

...

The narrative presented by the FBI, including the use of an exploit against Firefox + Microsoft sounded plausible to me at the time.

:o)

-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJYv5iJAAoJEECU6c5Xzmuq1lcIALirvX7yZ10VI8sbQNyjrPLI hcXa4kiQF4yvzGZMLYaXGCVHU8VJ2J0qE0YBr/vG5K0Z1LjiwMuPxNUgg3worx9n NXRMWO5LaF/4F5b6nQPuqlt/fpizKMpr3WTuhLTz2FkR+rMonlCVFm3QdsQ9dvwJ haZ/UwetKzJNxJfFDQNCKobtknZyfs05hUvcdWMLefiZeOXD9duNmk8PUNBwJy4I +Y+467G9BKDrs5AUQVe4rKBWoG4xI8ewB7Ks1oHjWueAhZ9vGyaTWx7dvRl/iOqK RU7UplXG8H72BwFQDABbxPRpgli+zc4NKAH1WlOk00rKXWzfDKZ4gSCuJ7uC/Do= =B6WC -----END PGP SIGNATURE-----

Steve Kinney

5:50 p.m.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/08/2017 01:06 AM, juan wrote:

...

On Wed, 8 Mar 2017 00:37:13 -0500 Steve Kinney wrote:

...

Sounds reasonable if NSA was involved: But this show was billed as an FBI production, and I don't think the NSA ventures into law enforcement territory.

...
well, this isn't exactly news...

...
https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intelligence-l aundering

...
or was your remark sarcastic? =P

Good point: I was mostly serious, though of course I would never imagine that clandestine security services "obey the law" just because it's the law - the reason they are "clandestine" is to enable them to break the law at will. The FBI and the military intelligence services have traditionally been rivals, very protective of the boundaries defining their respective turfs. But now that the FBI enforces U.S. law against foreign nationals on foreign soil - a rather bizarre development - it is easy to imagine that mechanisms for routine integration of FBI and NSA functions have developed. The example above - NSA and DEA working hand in hand - may not be the most relevant indicator though. Back when Phil Agee went walkabout and wrote Inside The Company, there was a firestorm of controversy and Congress yanked the CIA's leash hard by slashing budgets for U.S. terrorist operations in South and Central America. At that time the DEA stepped in and took up the slack, as it was well positioned to bypass Congress and fund its own operations by dealing drugs. Since the 1970s the DEA has been ass deep in political warfare overseas, so I think it is reasonable to presume that they have a long standing BFF relationship with both CIA and NSA. FBI? Maybe, maybe not, but on reflection I do think it's likely that barriers between that organization and NSA etc. are falling fast, if not already completely gone. All that said, I do think the method the FBI says it used to bust the Playpen trash would have been both practical, more cost effective and easier to sell as "legal" in Court than farming it out to the NSA. :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJYwERbAAoJEECU6c5XzmuqQyYIALkWZCxhx6XG9uxupnVdvCqK hPHL8i6wmUw+OO+PcwqoMQF/gfZaG3Nofvljse6ZOX8T0z82hFTlDNsBT09CY5ef xA6vC2gOSb7jMF7YP+XuzI9GFk5emx12VQUQWkjG/xQpM+NfzZwUilnwArYjwgKL 7CVBo/9tXRUuIdE+bORZH9aSzx1KhuT5lR7HhoFfGYJcZkBBs12+Pw23QZBoC3/D fSTERw7ofMOsdwcT4vigF2NnhgEP17TFRWEFIPGnOm21m9py63n9l2KzXd4XuGJW 7343IaUeL8FSGwUi4x2ZQGVACuSXhW+7CxxonfGDcwco60tstZpBMNev8cSjQpM= =lLcr -----END PGP SIGNATURE-----

John Newman

6:21 p.m.

...

On Mar 8, 2017, at 12:50 PM, Steve Kinney wrote: All that said, I do think the method the FBI says it used to bust the Playpen trash would have been both practical, more cost effective and easier to sell as "legal" in Court than farming it out to the NSA.

The firefox malware seems logical, probably the easiest way to bust the site users... but only after the FBI took the server over. It was a tor hidden service, and i don't remember any details being given about how they physically located the server in the first place? In the case of the silk road it was supposedly busted code, a captcha that leaked the real servers IP, but i don't recall what (if any) explanation was given for playpen..

John Newman

9 Mar 9 Mar

2 p.m.

On Wed, Mar 08, 2017 at 01:21:28PM -0500, John Newman wrote:

...

...
On Mar 8, 2017, at 12:50 PM, Steve Kinney wrote: All that said, I do think the method the FBI says it used to bust the Playpen trash would have been both practical, more cost effective and easier to sell as "legal" in Court than farming it out to the NSA.

The firefox malware seems logical, probably the easiest way to bust the site users... but only after the FBI took the server over.

It was a tor hidden service, and i don't remember any details being given about how they physically located the server in the first place?

I did a brief google search and the EFF has some info on this case at - https://www.eff.org/pages/playpen-cases-frequently-asked-questions#whathappe... https://www.eff.org/deeplinks/2016/09/playpen-story-fbis-unprecedented-and-i... As to how the FBI found the tor hidden service in the first place, the claim is simply that they recieved a tip that the hidden service playpen's "actual IP address was publicly visible." Specifically, "The tip the FBI received pointed out that Playpen was misconfigured, and its actual IP address was publicly available and appeared to resolve to a location within the U.S. " So I guess that (maybe?) answers that. John

Steve Kinney

6:18 p.m.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/09/2017 09:00 AM, John Newman wrote:

...

On Wed, Mar 08, 2017 at 01:21:28PM -0500, John Newman wrote:

...

Specifically, "The tip the FBI received pointed out that Playpen was misconfigured, and its actual IP address was publicly available and appeared to resolve to a location within the U.S. "

So I guess that (maybe?) answers that.

If we can learn anything from the spook shops, it's this: Never be 100% confident that you have figured out what the other guys are doing. They call their sphere of operations a 'wilderness of mirrors' for good reason; creating and penetrating multiple layers of deception and misdirection is an all day every day thing over there. Regular folks believe there are things called "facts" and call cognitive bias and logical fallacies "common sense." Spook shops train their inmates to recognize and /try/ to avoid these habits, while exploiting them in others. "There is no such thing as finished intelligence, only finished intelligence officers." - The Covert Comic :o/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJYwZyMAAoJEECU6c5XzmuqpP8H/iET7Dtyj5Yuw6M2waDJLtZ6 wEL7WJWN5JzQ3IrtSz+vPv6o1G2/pw2Ss8ZrCKCsZKvEhzxneTifKpu9eZbi2DcL XIZzEckwaoo9qVVQ/bFl+scK0QgpZU4o1h5F4rIwk1PXnJe5fDiAa6gFH+c/QOnQ eTDeN50lrO9txR7cI5lMuk+5BYqS1+2e2YLFJTwH7qbz8K/t2nw1arnWZTw4orYS 2hS5DGqMGJA4YS+kRKn1IoFSDwm/7R8yHEug+hphzP/P8s+XRwvl7jwcCQE4rhAc LQU0BH+yIiVPT7Au7p1kMZ35m7fouYD+w/DFK+G/nY5ZJym5QOFEN8ZCgXxQ4k8= =94X0 -----END PGP SIGNATURE-----

juan

7:06 p.m.

On Thu, 9 Mar 2017 09:00:22 -0500 John Newman wrote:

...

Specifically, "The tip the FBI received pointed out that Playpen was misconfigured, and its actual IP address was publicly available and appeared to resolve to a location within the U.S. "

So I guess that (maybe?) answers that.

I suppose your comment is sarcasm?

...

John

John Newman

7:59 p.m.

On Thu, Mar 09, 2017 at 04:06:01PM -0300, juan wrote:

...

On Thu, 9 Mar 2017 09:00:22 -0500 John Newman wrote:

...
Specifically, "The tip the FBI received pointed out that Playpen was misconfigured, and its actual IP address was publicly available and appeared to resolve to a location within the U.S. "

So I guess that (maybe?) answers that.

I suppose your comment is sarcasm?

Yes :P Fucking befuddled by how they don't even make more than a minimal effort at a cover story.

2752

Age (days ago)

2754

Last active (days ago)

List overview

Download

12 comments

4 participants

participants (4)

bbrewer
John Newman
juan
Steve Kinney