How did they take down Silk Road 2.0? Magic, I say! - What I am reading 11/11/2014

Before we get started remember it's Veterans Day - or Remembrance Day for you Australian, Canadian and Brit weirdos.  (Just have to be different, don't you?) I don't speak French so who knows what they call it, besides I think they still use that weird calendar based on how many times Napoleon farted as a child or whatever.  Anyway take a few minutes for reflection on the meaning of the day.




So first up - The FBI and other law enforcement agencies around the world took down 400 or so Darknet services, most (or all) of which were running on the TOR network.  People are going crazy trying to figure out how:

Ars Technica - Silk Road, other Tor “darknet” sites may have been “decloaked” through DDoS -

An apparent distributed denial of service (DDoS) attack against Doxbin may have been used to uncover its actual location, and the same approach may have been used to expose other darknet servers seized by law enforcement.

...

The theory posited by “the kid who started Doxbin“ to nachash was that the attack was an attempt to force connections to the site’s various .onion addresses to follow paths that went over Tor network nodes set up by law enforcement. By filling up the “circuits” through secure Tor network nodes, law enforcement operatives could have made it possible to connect to the services only through Tor routing servers they controlled—allowing them to see the real Internet Protocol address of the server hosting them.

Law enforcement seized Tor nodes and may have run some of its own -

Lewman noted that it’s possible law enforcement attacked the Tor network itself to make de-anonymization of the servers they targeted possible. On July 4, the Tor Project identified a group of Tor relays that were actively trying to break the anonymity of users by making changes to the Tor protocol headers associated with their traffic over the network.

...

Another potential weak point in the Tor network is what is known as a “guard attack.” ... (R)esearchers found a method to reveal the “guard nodes” for specific hidden services. These are the connection points for darknet servers and the only systems on Tor that know the real IP address of those hidden servers. That knowledge, the researchers said, could be used for a “large-scale opportunistic de-anonymization attack capable of revealing IP addresses of a significant fraction of Tor’s hidden services

Slashdot - Tor Project Mulls How Feds Took Down Hidden Websites -

According to Lewman, the task of hiding the location of low-latency web services is a very hard problem and we still don't know how to do it correctly. It seems that there are various issues that none of the current anonymous publishing designs have really solved. "In a way, it's even surprising that hidden services have survived so far. The attention they have received is minimal compared to their social value and compared to the size and determination of their adversaries."

So in short no one knows what happened or how the feds did it.  At some point I am sure the technical details will come out, but honestly it doesn't matter.  I have been saying for quite awhile that TOR is only secure up until the point that the government decides that it is enough of a nuisance to go after it.  At that point limitless money and an army of PhDs descend to destroy your fantasies of privacy. 
(Which is not to say that services like TOR and encryption don't have value, just that if you think that they will really, really, truly protect you from the government (or at least the US government) then you, my friend, are deluded. )

Wired - Sorry, But Technology Alone Can’t Help Us Build a Better World -

If anything close to a consensus emerged, it was that technology can’t transcend history or politics. And within the everyday messiness of human lives and conflict, that technology is only as good as the hands of the people it’s in. “It certainly can’t alone,” Dorsey said, when asked if technology could bring equality and peace. “To me, technology fundamentally is just a tool. It’s up to us to figure out how to use those tools and how to apply those tools.”

I had something profound to say about the converse of the title, but not being a very profound guy that caused me to pass out and hit my head and now I don't remember it.  The gist of my thought was this however, just as technology isn't necessarily the panacea (uh-oh swooning again) for all the world's problems, there is no technology in and of itself that is necessarily evil, except Terminator robots, it's all about the use men put the technology to.

Medium - My Hacker, My Source, My Snitch -

Basically a plug for the author's upcoming book on Anonymous, just a bare outline of her relationship with Sabu.