Inside The Dark Web - Documentary

GoldMarketing said:
dank-memes.jpg
Click to expand...

This kind of made me depressed.
 


For those of you who are confident in Tor, and aren't at all concerned about it's creation and continued funding by the US Government, I'd be interested to hear your thoughts on why the talk about its vulnerabilities in August was cancelled.

Researchers from the CERT division of Software Engineer Institute (SEI) at Carnegie Mellon University, which "works closely with the Department of Homeland Security," were set to give a talk purporting to demonstrate a way to deanonymize Tor users at Black Hat USA, a major cybersecurity conference, in early August. Alexander Volynkin and Michael McCord, both researchers at CMU, were slated to disclose a method for identifying Tor users and services with "newly discovered shortcomings in design and implementation of the Tor network," an abstract for the talk said, that only cost $3,000 or so to exploit.


But on Monday, the presentation was abruptly canceled. Black Hat organizers were told by legal counsel for the SEI and Carnegie Mellon University that Volynkin would "not be able to speak at the conference because the materials that he would be speaking about have not yet been approved by CMU/SEI for public release"
Click to expand...
and:

The researchers behind Black Hat presentation originally referenced the NSA's tactics in their talk title: "You don't have to be the NSA to break Tor."
Click to expand...
Source

Apparently the NSA was behind the move to have the talk cancelled:

Alexander Volynkin and Michael McCord’s talk was to center on how adversaries could “de-anonymize hundreds of thousands Tor clients and thousands of hidden services within a couple of months,” and do so cheaply.
Click to expand...

To be sure, Tor has its vulnerabilities. The NSA likely put the screws to CMU to back off, the former intelligence official said, and there are two probable reasons: either to protect its own use of Tor or to ensure that knowledge of how to crack Tor remains within a more limited circle.
Click to expand...
Source
 
They would surpress something like that so that tor doesnt patch whatever loop hole they are using. simple as that. eventually, it will get fixed and they will find another attack vector. It's a never ending cycle.

I remember the developers saying something about the black hat incident but cant find anything atm. Basically its just FUD. Tor still is a pain in their ass.
 
Found it,

https://blog.torproject.org/blog/recent-black-hat-2014-talk-cancellation

Tehnical details of the attack they did:
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack

We believe they used a combination of two classes of attacks: a traffic confirmation attack and a Sybil attack.
Click to expand...

On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks.

The attacking relays joined the network on January 30 2014, and we removed them from the network on July 4. While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected.
Click to expand...

Bad and Malicious relays will always exist on the network. They just get discovered and routed out. tor is not an end all to being anonymous, it still falls back on the user to be smart and use many different ways to stay anonymous online.
 
(O_o) said:
Found it,

https://blog.torproject.org/blog/recent-black-hat-2014-talk-cancellation

Tehnical details of the attack they did:
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack


Bad and Malicious relays will always exist on the network. They just get discovered and routed out. tor is not an end all to being anonymous, it still falls back on the user to be smart and use many different ways to stay anonymous online.
Click to expand...

Sounds like that was something different, especially since it was identified and fixed prior to their talk about this other issue being shut down in August. Seems like the national security gag order is still in place based on the article, so this publicly known attack is unlikely to be the same attack they identified. I certainly understand why the Tor Project would want to conflate the two though.
 
UG is probably right. NSA has techniques out of the ass, which we will probably never know about in our lifetimes. So if you're a spy working for the Chinese govt, then yeah, the NSA can probably get by your protocols.

If you're John Doe selling some weed in Ohio, and have the local cops and FBI trying to track you? They probably can't see fuck all, at least nothing that can be proven in court.
 
There is one popular dark net marketplace that everyone seems to think is actually a honeypot run by LE. Then there are those that say LE would never do that because it would require them to break the law in order to do it. lol.
 
Unarmed Gunman said:
Sounds like that was something different, especially since it was identified and fixed prior to their talk about this other issue being shut down in August. Seems like the national security gag order is still in place based on the article, so this publicly known attack is unlikely to be the same attack they identified. I certainly understand why the Tor Project would want to conflate the two though.
Click to expand...

From the technical attack at the bottom:

OPEN QUESTIONS:
Q1) Was this the Black Hat 2014 talk that got canceled recently?

We spent several months trying to extract information from the researchers who were going to give the Black Hat talk, and eventually we did get some hints from them about how "relay early" cells could be used for traffic confirmation attacks, which is how we started looking for the attacks in the wild. They haven't answered our emails lately, so we don't know for sure, but it seems likely that the answer to Q1 is "yes". In fact, we hope they *were* the ones doing the attacks, since otherwise it means somebody else was.
 
(O_o) said:
From the technical attack at the bottom:

OPEN QUESTIONS:
Q1) Was this the Black Hat 2014 talk that got canceled recently?

We spent several months trying to extract information from the researchers who were going to give the Black Hat talk, and eventually we did get some hints from them about how "relay early" cells could be used for traffic confirmation attacks, which is how we started looking for the attacks in the wild. They haven't answered our emails lately, so we don't know for sure, but it seems likely that the answer to Q1 is "yes". In fact, we hope they *were* the ones doing the attacks, since otherwise it means somebody else was.
Click to expand...

It seems pretty clear that the reason they never got a heads up from the guys at Carnegie Mellon is because the guys at Carnegie Mellon don't have faith in the independence of the people leading up the Tor Project, being as how they get funding from the US Government and have ties to the NSA.

Either way, it's all speculation. If you just want to buy weed and adderall and you know exactly what you're doing then you might be ok. But if you think your online activity is undetectable to the FVEY that's pretty unlikely.
 
I tried dark web in past, couldn't find way around could not see it too dark and no light switch available.
 
That Dark web doco talks about a site where the personal information/marketing data can be auctioned....anyone know what site that is?
 
You're probably thinking about superget.info and it's shut down now.

fun fact, it was turned into an FBI honeypot once the owner was busted.

Tons of similar sites still exist though.
 
jryan54 said:
That Dark web doco talks about a site where the personal information/marketing data can be auctioned....anyone know what site that is?
Click to expand...
My FUD meter started ringing when she said that, but as I listened, it sounded to me like she was talking about Google Adwords etc, certain ad networks seem to tick the boxes.
 
Jacob Applebaum is one of the most passionate voices behind TOR. Could he be an "asset" and just putting on a show for the dev community? Maybe, If he's full of shit, he has alot of people fooled, myself included.

Just ask yourself this one question. If you where in charge of the NSA, would you have a few of your people be part of the Tor dev community? It's almost certain. I can all but guarantee at least 1 of the core dev team works for the NSA or one of its sister agency's.

With that in mind. Does the average hacker need a backdoor to "hack" a piece of software? lol Not at all. Your average hacker exploits, bugs in code. It could be something as simple as something that wasnt "escaped" properly, and you're vulnerable. Even if Tor get's audited every update (it doesn't), there will be bugs in the code. It would seem very likely that some "bugs" may not be accidental. And if you've got a spy or 2 writing code those bugs become even more likely.

Yes this is pure speculation. But it makes more sense to me than any other argument I have heard about the safety of tor.
 
You must log in or register to reply here.
Top Bottom