Did the FBI Pay a University to Attack Tor Users?

The Tor Project has learned more about last year's attack by Carnegie Mellon researchers on the hidden service subsystem. Apparently these researchers were paid by the FBI to attack hidden services users in a broad sweep, and then sift through their data to find people whom they could accuse of crimes. We publicized the attack last year, along with the steps we took to slow down or stop such an attack in the future:
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack/

Here is the link to their (since withdrawn) submission to the Black Hat conference:
https://web.archive.org/web/20140705114447/http://blackhat.com/us-14/briefings.html#you-dont-have-to-be-the-nsa-to-break-tor-deanonymizing-users-on-a-budget
along with Ed Felten's analysis at the time:
https://freedom-to-tinker.com/blog/felten/why-were-cert-researchers-attacking-tor/

We have been told that the payment to CMU was at least $1 million.

There is no indication yet that they had a warrant or any institutional oversight by Carnegie Mellon's Institutional Review Board. We think it's unlikely they could have gotten a valid warrant for CMU's attack as conducted, since it was not narrowly tailored to target criminals or criminal activity, but instead appears to have indiscriminately targeted many users at once.

Such action is a violation of our trust and basic guidelines for ethical research. We strongly support independent research on our software and network, but this attack crosses the crucial line between research and endangering innocent users.

This attack also sets a troubling precedent: Civil liberties are under attack if law enforcement believes it can circumvent the rules of evidence by outsourcing police work to universities. If academia uses "research" as a stalking horse for privacy invasion, the entire enterprise of security research will fall into disrepute. Legitimate privacy researchers study many online systems, including social networks — If this kind of FBI attack by university proxy is accepted, no one will have meaningful 4th Amendment protections online and everyone is at risk.

When we learned of this vulnerability last year, we patched it and published the information we had on our blog:
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack/

We teach law enforcement agents that they can use Tor to do their investigations ethically, and we support such use of Tor — but the mere veneer of a law enforcement investigation cannot justify wholesale invasion of people's privacy, and certainly cannot give it the color of "legitimate research".

Whatever academic security research should be in the 21st century, it certainly does not include "experiments" for pay that indiscriminately endanger strangers without their knowledge or consent.

ItsATrap

November 12, 2015

Permalink

> If I put a lock on my door that is breakable and then the FBI come and break into my house with out a warrant, the FBI are in the wrong, not the lock maker.

You may be interested in these recent stories from Seattle (where the arrest in case discussed by arma occurred):

https://www.thestranger.com/news/feature/2015/10/07/22972128/the-univer…

https://www.thestranger.com/blogs/slog/2015/10/21/23042357/two-weeks-af…

And at

https://theintercept.com/drone-papers

look for the document titled "Performance Work Statement: Course of Instruction in Advanced Force Operations". Ponder the implications of the required experience for the course instructors which is stipulated in this document.

ItsATrap

November 12, 2015

Permalink

Federal agencies are pushing hard in all US governance arenas to force all US persons

o from using landlines to using cell phones

o from using wired only routers to using WiFi (non-WRT) routers

o from using personal hard drives or USB sticks for storage to using "cloud" storage

As with their encryption-workaround programs, they are pursuing a mixture of outlawing what they can, and enacting secret treaties with companies like Apple and Amazon to covertly evade any remaining legal protections for citizen data. (See the leaked White House memo on the USG strategy for obtaining backdoors by the backdoor.)

NSA likes to brag that we are living in the Golden Age of Surveillance, but evidently they feel that their work will not be done until they can freely access all the world's data, which currently they cannot.

ItsATrap

November 12, 2015

Permalink

So it is war?

All of us (citizens) against all of them (governments)?

Actions (burglaries, bribes, infiltrators, state-sponsored-malware, Stingrays, spyplanes, air-to-ground laser strikes) speak louder than words. Thank you, Comey, for clarifying how you view The People.

ItsATrap

November 12, 2015

Permalink

Yes

ItsATrap

November 12, 2015

Permalink

I used Tor to search for a Medical Problem That I have , Might Be ( Cancer) . I just did NOT want anyone to find out (employer ETC) , Also Family. So am I now In trouble ? Thank You Tor For everything you Do To Keep My search Safe. Plz keep up this blog as i try to Read it every day or two-three..etc etc. I Do Not think that is Correct way for Law enforcement To Handle Things. There is so much wrong in This world Today. But There is a lot of Great People Doing Good Thing's ,Try to focus on the Good Things. Thank's again Tor.

ItsATrap

November 12, 2015

Permalink

> Every prosecution was against pedophiles and drug sites, and it's clear that they aren't going after innocent people for visiting innocent websites.

The FBI very much wants you to believe this, but in fact there is plenty of evidence (both circumstantial and documentary) to suggest that the alleged concern over alleged epidemics of baby-raping maniacs or crazed ISIS operatives or heavily armed lunatics is a sham. The evidence suggests that the FBI's real concern is with

o Occupy movement

o anti-foreclosure movement

o student-loan reform movement

o anti-fossil fuels movement

o anti-fracking movement

o Socialist Alternative movement

o Sanders organizers

o the 15 dollar minimum wage movement

o Black Lives Matter movement

o "radicalized" veterans burned by VA

o Somali immigrants

o American Muslims generally

o union organizers

o student "radicals" (not just college but also grade school)

o Americans generally, aged 3-7 years (prime targets of NCTC CVE programs)

These are the people which the FBI really *really* does not want to see adopting Tor, strong encryption, or streetsmart opsec. Because they really fear an imminent popular uprising. Not so much because they fear the riots per se, but because a genuine uprising might be "handled" by the US military's Northern Command, rather than FBI.

A random sampling of major stories from the past few years:

http://www.commondreams.org/newswire/2010/06/29/new-aclu-report-and-web…

https://www.aclu.org/feature/spy-files

https://www.aclu.org/news/aclu-calls-university-washington-curb-campus-…

http://www.theguardian.com/world/2013/aug/28/nypd-surveillance-mosques-…

http://www.firstamendmentcenter.org/aclu-sues-denver-police-over-spy-fi…

http://aclu-co.org/aclu-of-colorado-files-class-action-lawsuit-challeng…

> banks sat down with FBI officials to pool information about OWS protesters harvested by private security

Companies such as Cyveillance monitor blogs such as this for "open source intelligence", which is sold to banks and shared with DHS, FBI, etc.

http://www.nytimes.com/interactive/2014/05/23/us/23occupy-docs.html?_r=0

https://theintercept.com/2015/07/24/documents-show-department-homeland-…

http://www.motherjones.com/politics/2015/07/homeland-security-surveilla…

http://www.theguardian.com/commentisfree/2012/dec/29/fbi-coordinated-cr…

http://nonprofitquarterly.org/2014/07/29/report-us-surveillance-of-jour…

https://theintercept.com/2015/11/11/securus-hack-prison-phone-company-e…

Tip of the iceberg. All manner of lawyer-client, doctor-patient conversations, and jury deliberations are covertly recorded by the USG, which has secret rationales for considering that such conversations are *not* protected under US law, especially when the conversants are impoverished. In particular, the HIPAA Privacy Rule, one of the last remaining bastions of privacy in the US, has apparently been voided by the 21st Century Cures Act.

All of which adds up to a whole bunch of reasons why ordinary people badly need Tor.

So @Tor people: thanks for your work and please keep it coming!

> In particular, the HIPAA Privacy Rule, one of the last remaining bastions of privacy in the US, has apparently been voided by the 21st Century Cures Act.

"Hate-int" (dual to "love-int") is not just for NSA operatives, unfortunately. Here is an excellent new article from Charles Ornstein (part of Pro Publica's series on abuses of electronic medical records) on the horrific damage caused by even "small scale" breaches of medical privacy:

https://www.truthdig.com/report/item/small-scale_violations_of_medical_…
Small-Scale Violations of Medical Privacy Often Cause the Most Harm
Charles Ornstein
10 Dec 2015

> Driven by personal animus, jealousy or a desire for retribution, small breaches involving sensitive health details are spurring disputes and legal battles across the country
> ...
> HIPAA does not give people the right to sue for damages if their privacy is violated. Patients who seek legal redress must find another cause of action, which is easier in some states than others.

The article fails to mention the concern that bills currently being considered or enacted in the US remove even the modest protection afforded to ordinary citizens by HIPAA, for which see

http://www.healthcareitnews.com/news/privacy-advocates-blast-cures-bill
Privacy advocates blast 21st Century Cures bill
Bernie Monegain
14 May 2015

> In an analysis posted on the wesbsite of the National Law Review, lawyers Anna Krause and Paige M. Jennings, note that the Cures legislation would change HIPAA laws. The draft bill, they write, would add a new section to the HITECH Act to permit covered entities to use or disclose personal health information, or PHI, to certain entities for “research purposes” without authorization from the subject individual or a waiver from an IRB or privacy board.
>
> Also, they write, the changes would allow remote access to PHI for certain research purposes; allow one-time authorizations of the use and disclosure of PHI for research; eliminate limitations on remuneration for PHI disclosed for research purposes; and allow disclosure of PHI to FDA-regulated entities for research purposes such as comparative effectiveness analysis.

The bill says "research", not "medical research", so it appears to mandate warrantless access by agencies such as DEA, FBI, NCTC, Fusion Center analysts.

There is an unwritten principle in US LEAs and intelligence agencies which holds that "anything which is not specifically forbidden is permitted". The drafters of these bills know this very well and appear to deliberately to omit to construct each bills language "defensively", or even to properly define terms used in each bill. That is because the persons who draft the most dangerous portions of these bills are usually lobbyists and intelligence agencies, not Congressional staffers.

> "Hate-int" (dual to "love-int") is not just for NSA operatives, unfortunately.

Hate-int has been a feature of FBI's enormous waste of tax dollars over its entire history, back to when it was called the Bureau of Investigation, and J. Edgar Hoover was merely a 21 year old up and coming back room executive.

Perhaps the most notorious example of hate-int by FBI is the anonymous letter penned by William Sullivan, the number two man at FBI--- or, as some revisionist historians now believe, by J. Edgar Hoover himself--- urging Rev. Dr. Martin Luther King to commit suicide. The historian who discovered the original draft in FBI archives, Beverly Gage, described the significance of her find last year:

http://www.nytimes.com/2014/11/16/magazine/what-an-uncensored-letter-to…
What an Uncensored Letter to M.L.K. Reveals
Beverly Gage
11 Nov 2014

> When the Rev. Dr. Martin Luther King Jr. received this letter, nearly 50 years ago, he quietly informed friends that someone wanted him to kill himself — and he thought he knew who that someone was. Despite its half-baked prose, self-conscious amateurism and other attempts at misdirection, King was certain the letter had come from the F.B.I. Its infamous director, J. Edgar Hoover, made no secret of his desire to see King discredited. A little more than a decade later, the Senate’s Church Committee on intelligence overreach confirmed King’s suspicion.
> ...
> The F.B.I.'s entanglement with King began not as an inquiry into his sex life but as a “national security” matter, one step removed from King himself.
> ...
> At this point Hoover decided to escalate his campaign. On Nov. 18, 1964 ... Hoover denounced King at a Washington news conference, labeling him the “the most notorious liar in the country.” A few days later, one of Hoover’s deputies, William Sullivan, apparently took it upon himself to write the anonymous letter and sent an agent to Miami, to mail the package to Atlanta.
> ...
> the debate over how much the government should know about our private lives has never been more heated: Should intelligence agencies be able to sweep our email, read our texts, track our phone calls, locate us by GPS? Much of the conversation swirls around the possibility that agencies like the N.S.A. or the F.B.I. will use such information not to serve national security but to carry out personal and political vendettas. King’s experience reminds us that these are far from idle fears, conjured in the fevered minds of civil libertarians. They are based in the hard facts of history.

Gage notes that

> The current F.B.I. director, James Comey, keeps a copy of the King wiretap request on his desk as a reminder of the bureau’s capacity to do wrong.

Comey wants everyone to believe he is a Boy Scout would never, ever, do harm to anyone for political gain. I believe the reports that he displays the wiretap order, but I doubt his sincerity when he claims to be determined not to continue what FBI has over its entire existence seen as its main mission: combating domestic "radicals" such as Martin Luther King--- or these days, Black Lives Matter activists.

FBI's widespread abuses were not limited by any means to encouraging Dr. King to commit suicide. Here's another long suspected abuse which has recently been confirmed in detail:

http://www.motherjones.com/politics/2015/12/pete-seeger-fbi-file
Pete Seeger’s FBI File Reveals How the Folk Legend First Became a Target of the Feds
David Corn
18 Dec 2015

> From the 1940s through the early 1970s, the US government spied on singer-songwriter Pete Seeger because of his political views and associations.

Yes, Pete Seeger, author of "Where have all the flowers gone?", "Turn, turn, turn", "If I had a hammer", and other classics. Founder of the Clearwater movement (which cleaned up the Hudson river). And--in the view of the FBI for more than three decades-- a bad American, a very dangerous citizen, and someone who posed a continuing threat to national security.

> According to documents in Seeger's extensive FBI file—which runs to nearly 1,800 pages (with 90 pages withheld) and was obtained by Mother Jones under the Freedom of Information Act—the bureau's initial interest in Seeger was triggered in 1943 after Seeger, as an Army private, wrote a letter protesting a proposal to deport all Japanese American citizens and residents when World War II ended.

The letter read:

>> Dear Sirs -
>>
>> I felt shocked, outraged, and disgusted to read that the California American Legion voted to 1) deport all Japanese after the war, citizen or not, 2) Bar all Japanese descendants from citizenship!!
>>
>> We, who may have to give our lives in this great struggle—we're fighting precisely to free the world of such Hitlerism, such narrow jingoism.
>>
>> If you deport Japanese, why not Germans, Italians, Rumanians, Hungarians, and Bulgarians?
>>
>> If you bar from citizenship descendants of Japanese, why not descendants of English? After all, we once fought with them too.
>>
>> America is great and strong as she is because we have so far been a haven to all oppressed.
>>
>> I felt sick at heart to read of this matter.
>>
>> Yours truly,
>>
>> Pvt. Peter Seeger

A few years ago, in a White House ceremony, war criminal and US President Obama awarded a medal to a survivor of the US concentration camps, and officially apologized for the incarceration of millions of US citizens during WWII. The very abuse against which Seeger was so eloquently speaking out, as was his right under the Constitution, even in time of war, even as someone drafted into the US military.

It is worth taking a minute to compare Seeger's letter (signed, which is how he got in trouble) with the anonymous hate letter penned by FBI agent William Sullivan (or his boss, J. Edgar Hoover); you can find the full text here:

https://en.wikipedia.org/wiki/File:Mlk-uncovered-letter.png

Now which of these letters is a good example of a letter from a patriotic good American? The letter by Seeger, or the hate letter by Sullivan?

The FBI writes anonymous hate mail, and persecutes citizens who are brave enough to speak out against abuses by the government. Is that government of the People by the People for the People?

I think the answers are obvious.

FBI and NCTC are pushing their CVE programs, which include new inducements to American citizens to denounce their neighbors for acting or saying something deemed "suspicious" or otherwise "objectionable". In particular, FBI is encouraging schoolchildren to denounce their peers.

What could go wrong here?

Here is a recent example:

http://www.salon.com/2015/12/18/its_the_clock_kid_all_over_again_a_12_y…
Friday, Dec 18, 2015 9:15 PM UTC
It’s the “clock kid” all over again: A 12-year-old Sikh boy is the latest victim of racist terrorism paranoia
Paula Young Lee
18 Dec 2015

> Why did the Arlington police hold a twelve-year-old boy with a heart condition for three days without alerting his parents? Why did the school principal call the police in the first place?
>
> Because his name is Armaan Singh Sarai, his working-class Indian family is Sikh, and a “bully” at his school accused him of having a bomb in his backpack.

Hate-int, indeed.

What could go wrong when FBI misinterprets legal and responsible dissent as a "danger to national security" [sic]?

Corn notes that after the American Legion forwarded Pvt. Seeger's letter:

> Military intelligence officers across the country began probing Seeger and his background. They searched police records in various locales (and found nothing). They discovered that a House committee had come across his name twice while investigating subversives in the pre-war peace movement. They secretly read his mail, including letters from his Japanese American fiancee, Toshi Ohta, who was living in New York City. The investigators were concerned that Ohta was working for the Japanese American Committee for Democracy, which promoted the American war effort but was considered by the military gumshoes to be a Communist-influenced group.
> ...
> As part of the probe prompted by Seeger's protest letter, a military intelligence agent visited the grade school in Litchfield, Connecticut, that Seeger had attended—and found the available records did not cover the period when Seeger had been there. (And, he wrote in a report, "it is doubtful that the information obtained would be of any value.") This agent also went to Seeger's high school in Avon, Connecticut.
> ...
> Another agent went to Harvard University, where Seeger had studied for a year and a half before withdrawing due to financial reasons, and he managed to review Seeger's academic records ("Grades in the first year were fair") and gain access to the membership list of the Harvard Student Union, of which Seeger had been the secretary.
> ...
> An [FBI] agent interviewed [Pete Seeger's] father [Charles Seeger] "under pretext"—meaning the agent cooked up a phony reason for the interview—according to a report he later filed. Charles told the agent that his son had "bummed around" the country, playing the banjo and singing, before being drafted into the Army, and was "very much interested in the common people."
> ...
> Early in the investigation, an officer at Keesler Field interviewed [Pete] Seeger, who noted that he was puzzled that he had not been deployed as an aviation mechanic, given that he had completed his training. Seeger pointed out that he played the five-string banjo well and requested that he be assigned to the Special Services Department, which provided entertainment for the troops.
> ...
> On May Day in 1943, a military intelligence agent in New York City named Harwood Ryan interviewed folk singer Woody Guthrie as part of the Seeger investigation.
> ...
> Ryan ... was suspicious of Guthrie and thought he was being cagey about Seeger's political beliefs. In his report, he noted that in Guthrie's apartment he had spotted a large guitar that bore an inscription: "This machine kills Fascists." Ryan added that he believed "this bears out the belief that the Almanac Players were active singing Communist songs and spreading propaganda."

And there you have it, in one perfect image. During its entire existence, FBI has spent uncounted billions of US tax dollars protecting America--- from Woody Guthrie's terribly dangerous anti-fascist guitar.

90 odd pages of Seeger's FBI file were redacted from the version obtained by Mother Jones using the FOIA. Sources say these concern active investigations of persons one to three hops away from Seeger.

See Tim Weiner's book Enemies for much more on the history of the FBI's war on domestic political dissidents, over the entire course of its unfortunate existence.

ItsATrap

November 12, 2015

Permalink

Would it help if you included in Tor's ToS that "you can't use this software if you're attempting to exploit it" or something to that effect?

ItsATrap

November 12, 2015

Permalink

I don't understand how the faculty, students, and powers that be at CMU aren't outraged and disgusted that this occurred at their university. Attacks on privacy software? Hiding the vulnerabilities? This is the antithesis of what CERT was created for... extremely troubling.

And, for that matter, Anonymous hasn't targeted both CERT and CMU? These folks go after far less nefarious attacks on privacy and civil rights. They have work to do, and it ought to involve the student body so that they grasp what is happening under their school's name.

ItsATrap

November 12, 2015

Permalink

Seems like Institutional Review Boards would be a good way to have recourse for these kinds of things. If the Institutional Review Board makes an error they are liable. Pretty straight-forward. Maybe have a list-of-suggested-guidelines for IRBs.

ItsATrap

November 12, 2015

Permalink

LOVE IT. After all of Nick and Roger's kissing pig arse, they do this. Of course no one here will learn from it.

ItsATrap

November 13, 2015

Permalink

Even with a warrant, the nature of Tor doesn't permit any single person to be identified without compromising the anonymity of other people. The distinction can only be made after the anonymity has been compromised.
The Tor network is quite a touchy area in politics. Criminal activity facilitated by the internet is not exclusive to the Tor Network, but it certainly is highly concentrated. Should the FBI turn a blind eye to all the criminal enterprises hosted on the Tor Network in order to preserve the privacy of a few bystanders?

Those that are innocent and have had their anonymity compromised haven't lost any of their civil liberties. They still have the Freedom Of Expression.
The FBI certainly haven't been squandering this asset in order to catch the small fish either. So while you may be using Tor to negotiate deals in order to do tax evasion, the FBI hasn't shown any interest in targeting these individuals who commit these white collar crimes, or crimes with a less serious nature; on the Tor Network.

Also, is it illegal for the FBI to compromise the anonymity of the users. After all if I operate an Exit Node, even though the traffic is not intended for me, it passes through my computer, and I can see what the content is and the pseudonymous-identity that it was intended for.

About the researchers; they shouldn't be morally obligated to participate in the Tor Project and Donate to them in order to 'atone' for what they have done. In this case; what they did was with good intentions. They saw the opportunity to catch these people who commit crimes of a vile nature, and financially profit from it.

ItsATrap

November 13, 2015

Permalink

No lawyer, so speaking off the top of my head here.
Is there such a thing as a common law maladministration tort in the USA?
If so could the FBI people responsible for the contract fall foul of that?
Thinking about it, if there was a distinction between that part of the university who undertook the research with a wide brief for intercept, and a set of data later handed over to the FBI, then could a maladministration tort be applicable to the joint enterprise as defined within the contractual agreement. If so that would leave both entities liable.
Is it unlawful to report suspected crimes? No.
Should one specifically go looking for crimes within the remit of general academic research? No.
Should academic research into criminal activity within a given sector of society report identified crimes? No.
Has TOR gained from the research? Yes.
Has the FBI gained? Possibly.
Has society gained? Possibly.
Has the University gained? Yes $$$$$$$.
Has academic research gained. No - BECAUSE THIS WILL TAINT ALL FUTURE ACADEMIC RESEARCH by reducing peoples willingness to co-operate in those more sensitive areas.

ItsATrap

November 13, 2015

Permalink

De-anonymizing foreign exiles of despotic regimes could mean a death sentence for these people using tor for free speech. FBI trots out pedo crimes every time they want to take your freedom. I'd love to see a tally of how many pedos and terrorists have been caught by spying vs how many non violent drug offenders have been caught, I wonder which tally is greater? End the drug war, end the spying, onions for all!

> I'd love to see a tally of how many pedos and terrorists have been caught by spying vs how many non violent drug offenders have been caught, I wonder which tally is greater?

This would be quite difficult, precisely because FBI does everything it can to hide such damning statistics, but it would also be an excellent research project for Pro Publica or another such investigative journalism organization.

We should indeed be concerned about FBI, NSA, CIA, DEA, NCTC etc possibly passing information on Uzbek or Syrian exiles back to their home country.

ItsATrap

November 13, 2015

Permalink

@arma:

This summer, when two researchers at CMU suddenly pulled a talk, they were named as the persons suspected of operating the 116 rogue nodes which joined in January. In the comments, someone (probably an FBI shill) suggested:

> Someone should go to CMU and kill those researchers.

You replied:

> Yeah, uh, please don't do this. We like researchers. That's how we understand privacy and security these days. That's how the papers on http://freehaven.net/anonbib/ come to exist. Many of us are active in the research community.

Indeed, I think I see a consensus emerging that the proper response to discovering that some "researcher" has sold their data to the FBI for one million dollars is to shun them. Don't threaten them with physical harm, but when you see them, distinctly, slowly, and clearly state "You are dead to me", and walk away. Email the departmental mailing list. Write letters to the editor of professional newsletters. Name them and shame them. Advise visitors to refuse to shake their hand in the faculty lounge. Drum the evil-doers out of the academy.

People like that will be happier working directly (and covertly) for the US military or security forces anyway.

arma added (back in August):

> There is a lot of quite reasonable talk these days about "the real criminals", but it sure isn't those two researchers at cert.

I presume you have since updated your opinion of their character?

This summer, several users speculated that these two researchers might have not only recorded PII on real people, but might have passed it (or sold it) to the USG. You commented:

> Well, we don't even know that there is any collected data. I think there's a good chance that the researchers were planning to win fame and admiration at black hat, rather than planning to be an arm of the feds.

Too bad you turned out to be too trusting.

There's a lesson here, captured in the saying "fool me once, shame on you, fool me twice, shame on me".

It is not very pleasant living in a state of paranoia, but we must all recognize the unpleasant reality that our choices are between paranoia and willing victimhood. We are living in a global police state, with all that entails: infiltrators, intimidation, rampant corruption and state-sponsored criminality including burglary, kidnapping, torture, assassination, and the ever-looming threat of outright genocide.

Let's not overlook an important implication of the latest revelation of how far previous norms of civil behavior have been broken down by rogue agencies like FBI: if (one academic unit at) CMU can happily function as a covert "arm of the feds", so can similar units at other universities. So can DARPA. The US State Department. Maybe even NSF.

Many Tor users have for years urged the leadership of the Tor Project to make it a priority to seek to expunge USG funding sources, particularly funding sources allied to DARPA, such as SRI. To the ordinary Tor user, taking money from such sources will always seem weird, even suspicious. Your user base does not want Tor to be funded mostly by the USG, and IMO they are quite right to be suspicious of the motives of such entities.

Please forgive my presumption, but I cannot help but speculate that one possible reason for your refusal to consider to giving DARPA the boot is that you and some of the founders of Tor retain a soft spot for SRI and DARPA for personal reasons. If so, I can understand that people who have for years enjoyed working with particular NRL, SRI or DARPA colleagues might retain a fondness for such agencies, because they like particular people who happen to work there. Nothing wrong with that in principle: its only human to sometimes like some people who live on the other side of the trenches.

But-- assuming there is a kernel of truth in my guess-- you can't let personal ties blind you to the essential malevolence of agencies which enabled phenomena such as "targeted drone strikes", FBI/NCTC targeting of children aged 3-7 for CVE (Countering Violent Extremism) "interventions" (which in the UK already include removing children from homes!), deliberate aerial assaults on fully functioning trauma centers, warrantless suspicionless worldwide dragnet surveillance, militarization on the "home front" (a term which US special forces take much too literally), etc.

ItsATrap

November 13, 2015

Permalink

The FBI took $1 million of your tax bucks and paid a major University to do what? Beta-test the Tor software!! And, the result? The Tor software got even better! As for pedos, they don't need Tor; a trip to their local McDonald's and they can download all the pedo that they want. Any proxy will do, and for many, Tor may simply be too slow for them. The last hidden pedo site had 250,000 registrants, per the FBI who took the site down, and so, the pedos are out there, in mass. And short of complete totalitarianism (and, even with it), they will remain anonymous, unless they are careless (such as clicking on a flash video in spite of the Tor Browser warnings) and/or they dox themselves.

Bank robbers, of course, often use guns, ski masks, and plastic bags to do their nefarious deeds, and yet, those things remain legal for those who want to buy. With Tor and even with out it, there will be people (drug dealers and pedos) who will continue to do evil things.

ItsATrap

November 13, 2015

Permalink

This is damaging to the fabric of a free society. Though I do see how some blame lies with the TOR team, the FBI had no right using an educational institution as an arm of the law. That's right up there with issuing warrants on journalists for source information - plainly put, it affects our ability to access unbaised information and share ours with the world.

Though I'm hopeful it won't happen again, it's only a matter of time before they come up with a new method, or perhaps recycle an old one in a more sophisticated manor.

Only time will tell.

ItsATrap

November 13, 2015

Permalink

My daughter just told me she read the news and that she's leaving her PhD work at CMU for another university because of it. She's some kind of computer designer.

ItsATrap

November 14, 2015

Permalink

While I personally choose not to use of have dealings with those in the illegal drug or sexual slavery industries, I would be remiss if I did not point out that the same elites that overtly rape and pillage the economies of the entire world are also behind the above stated industries according to the documentary, "Let's Make Money." In short, freedom is just a delusion, war is an instrument of these satanic Nazis to help them cull the human herd , according to Satan's Ten Commandments a.k.a. the Georgia Guidestones in Elberton Georgia, U.S.A. There goal is to own the Earth and everything in, on, and under it.

ItsATrap

November 14, 2015

Permalink

Sooo... the feds exploited a security vulnerability in Tor to try catching drug dealers and pedophiles? And... I am supposed to be hugely surprised here? LOL!

ItsATrap

November 14, 2015

Permalink

Tor has been funded in the past by various government agencies, specifically including intelligence, so that US spies could fly under the radar of humanitarian / criminal traffic. If, now, Intelligence wants to de-anonymize Tor when they want to go after drug money, bitcoin, and pedos, to say nothing of "terrorists", then the same exploits they use will be used by others to go after people for political reasons, around the world.

To combat this, turn the focus of an exploit back onto US Intelligence, and out them where they attack Tor, or when they use Tor as rent-seekers.

When intelligence realizes that they MUST ACCEPT Tor, if they want to continue to rely on it for intelligence, then maybe we will see this die down. Spies need Privacy, real privacy, in order to operate, and they cannot have real privacy, if the rest of us stop using Tor, thus leaving every tor connection an obvious spy node.

For every FBI, DEA, or DHS takedown of a Tor site, there needs to be a corresponding outing, especially of obvious criminal behaviour, of spies coloring outside the lines of their jobs, taking them down. This may also be a great way to finally put an end to the DRM war.

Hey FBI, if you want to continue to use Tor, stop DRM prosecution, stop the pump-and-dump of bitcoin, stop the attacks on other Tor users. It is really simple- We Win, or You Lose!

ItsATrap

November 14, 2015

Permalink

[sarcasm] Thank you torproject, for helping terrorists coordinate attacks in secret. [/sarcasm]

Torproject, and all those who support it, are enemy of Republic of France and of its people.

> why didnt the FBI just go to the NSA to decloak Tor?

They have, of course, but NSA tends to balk at anything which might reveal to public scrutiny their illegal SIGINT methods or anything about what they think they know about anyone. NSA fears that if data from NSA spying in used by FBI in a criminal case, "sensitive information" might leak into court. NSA is determined to prevent even the slightest possibility of that happening.

The same fear explains the elaborate "parallel construction" routinely used by DEA to obscure the original source (NSA) of information used to build criminal cases against accused drug smugglers.

ItsATrap

November 14, 2015

Permalink

Former NCTC Director Michael Leiter wasted no time blaming privacy advocates for the Paris attacks. Hours after the events, when an interviewer asked him why expanded dragnet surveillance laws enacted in France after the Charlie Hebdo attack had not prevented Friday's attacks, he offered a one word answer "encryption".

But another "security consultant" offered a contrary view:

http://www.aljazeera.com/indepth/opinion/2015/11/paris-normal
Paris and the new normal
The difficulty in monitoring grassroots terrorists activities render many countries fragile to such attacks.
Martin Reardon
14 Nov 2015

> the attackers most likely adhered to two principles that al-Qaeda perfected over the years: keeping their operational and support cells to the minimum number necessary to ensure a reasonable degree of success, and minimising or completely ruling out the use of electronic communications.

ItsATrap

November 14, 2015

Permalink

http://arstechnica.com/tech-policy/2015/11/fbi-the-allegation-that-we-p…
FBI: “The allegation that we paid CMU $1M to hack into Tor is inaccurate”
Revelation raises more questions than it answers, Carnegie Mellon still silent.
Cyrus Farivar
13 Nov 2015

> "The allegation that we paid [Carnegie Mellon University] $1 million to hack into Tor is inaccurate," an FBI spokeswoman told Ars in a Friday morning phone call.
...
> it's not clear from the FBI's statement which part is inaccurate: the specific payment amount or its involvement entirely.

Have no reporters asked the two CMU researchers for comment?

ItsATrap

November 14, 2015

Permalink

> an org that has and uses a SCIF tends to be able to get some exceptions to the usual processes

Quite a few SCIFs are shared by various federal and state agencies, and university "researchers" doing classified research (often using funds outside the intelligence budget), who are sometimes "retired" spooks. Some US universities even have CIA agents who work full time on campus in "security think tanks". Sources say that the ever expanding roster of federal agencies with access to NSA databases in SCIFs include several which have no obvious connection to intelligence or law enforcement or tax collection, such as the Department of Agriculture, Department of Education, and Social Security Administration. Even more strange, these agencies also operate their own SWAT teams.

There is a SCIF at Mineta Airport in San Jose which is said to be used by NSA, DHS, and FBI's aerial ELINT units. Confirmation that at least one FBI Cessna has an ELINT (Stingray?) capability (and carry laser target designators) was obtained recently by ACLU:

https://www.aclu.org/blog/free-future/fbi-documents-reveal-new-informat…

Ties between the University of Maryland and NSA are longstanding and well known. One might also mention Princeton and (think is awkward) MIT, but the fact is that the the intelligence agencies have a presence on most major universities, especially those located near major internet/software companies or centers of federal infrastructure.

"Retired" spooks are infiltrating not only universities but also political bodies. After leaving government, Michael Leiter worked for Palantir and apparently now works at Leidos, which changed its name from SAIC after the bad publicity resulting from it carelessly losing the employee information of millions of military members and their families, ironically including people working at the NSA/TAO cyberespionage facility in San Antonio. At least one former SAIC analyst is now a member of a key state legislature.

The same people who brought federal employees the OPM breach have also been entrusted with the personal medical records of a hundred million ordinary persons. The former SAIC split off a company which is now responsible for the "network security" (or better say insecurity) of one of the two largest providers of electronic medical records in the cloud, better known to intelligence agencies as "watering hole sites".

ItsATrap

November 14, 2015

Permalink

http://triblive.com
FBI denies paying to unmask anonymous Tor users, but does fund research by Carnegie Mellon
Andrew Conte
12 Nov 2015

> The FBI does have an academic partnership with Carnegie Mellon University's researchers, the agency acknowledged Friday, but denied a claim it paid them at least $1 million to unmask users of the hidden Internet known as Tor.
> ...
> CMU officials, including one of the key researchers, declined to comment. Alexander Volynkin, the researcher, and his colleague, Michael McCord, last year had planned to make a presentation at the 2014 Black Hat cyber security conference in Las Vegas demonstrating how the anonymity of Tor users could be defeated for $3,000 until university lawyers stopped them.
> ...
> The CMU researchers might have gone too far if they not only found a weakness in the Tor networks but then used it to identify everyone using the hidden Internet, said Jeremy Gillula, staff technologist with the Electronic Frontier Foundation, a San Francisco nonprofit that advocates for online privacy. “We're all for security research and discovering vulnerabilities like this,” he said. “But there's a difference between discovering the vulnerability and then abusing it. It seems to us like they crossed an ethical line.”

Wow, "hidden internet known as Tor"... None of these stories manages to clearly distinguish between using the Tor network to browse and using hidden services to connect to hidden servers.

Tor Project should have a page which explains the difference for the benefit of baffled reporters working under deadline pressure.

ItsATrap

November 14, 2015

Permalink

Nice compendium here:

http://www.computerworld.com/article/3005083/security/tor-fbi-cmu-milli…

The FBI's carefully worded disclaimer admits they pay CMU for research but denies a one million dollar payment for the IP addresses of Tor hidden service users. The explanation may be that FBI bean counters decided that paying the one million dollar bounty to SEI CERT is not the same thing as paying CMU itself.

ItsATrap

November 14, 2015

Permalink

Edward Snowden ‏tweeted on 11 Nov 2015:

> Wow. @CarnegieMellon is America's Shanghai Jiaotong.

I *think* this might be in reference to the notorious attack on Google in late 2010, which according to Google specifically targeted (among many others) Chinese political dissidents living in the US.

From

https://en.wikipedia.org/wiki/Industrial_espionage

> In February 2010, computer experts from the U.S. National Security Agency claimed that the attacks on Google probably originated from two Chinese universities associated with expertise in computer science, Shanghai Jiao Tong University and the Shandong Lanxiang Vocational School, the latter having close links to the Chinese military.

Someone please correct me if you know otherwise!

ItsATrap

November 15, 2015

Permalink

Isnt it be less bad maybe, having a University tampering with traffic cause they could have some common sense about human rights and so discard unneeded data at least? Well its offending against free human comminication anyway so consens may vote cutting tampering subnets from network!
tsc

ItsATrap

November 15, 2015

Permalink

It doesn't make sense that a prestigious university like CMU would agree to the inevitable damage to its academic reputation for a measly million. Do we know who accepted the money?

If they found out about it after the fact, that could explain why they've kept silent.

ItsATrap

November 15, 2015

Permalink

OK, I get that FBI are the bad guys here. I don't expect cries of "FBI is naughty" to change anything, and it's a waste of time to complain about it. I just want to know whether their exploit has been thwarted yet.

As I understand it, last summer someone who had access to a copy of the slides for the withdrawn talk informed Tor Project what they revealed about the nature of the vulnerability, and within a few days it was fixed.

ItsATrap

November 15, 2015

Permalink

After the Charlie Hebdo attack in January, the enemies of privacy were quick to blame "encryption we can't break" as the explanation for why the French intelligence services failed to break up the pre-operational planning. Prime Minister Cameron called for a ban on encryption, and the Indian government actually briefly established just such a ban (before wiser heads organized a panicked repeal). The French government also pushed through new massively invasive dragnet surveillance powers and rapidly expanded the roster of domestic intelligence analysts.

Obviously, more and more dragnet surveillance failed to break up the pre-operational planning for the attacks last Friday. That comes as no surprise to those familiar with the reasons why dragnet surveillance and the searching of ever more enormous haystacks for nearly microscopic needles customarily fail to achieve their stated goals. But within hours, the usual suspects, including former CIA director Michael Morrell and former NCTC director Michael Leiter, were claiming that "encryption we can't read" was the cause of the most recent attacks, with Morrell explicitly calling for "a re-examination of the balance between privacy and security". We know what that means: more dragnet surveillance powers, more restrictions on travel and communications and news gathering, fewer options for less-insecure computing.

People like Comey, Morrell, and Leiter would like to see all personal storage devices (hard drives, DVDs, USB pen drives) banned in favor of forcing everyone to store all their data in the cloud, where the USG can get at our private lives. They would like to ban all personal computing devices (desktop PCs, laptops) in favor of forcing everyone to do their computing in the cloud (which means: no anonymity, privacy, or security). But none of this really concerns "national security". It is all about population control. Control of an increasingly restive population by an increasingly isolated, unpopular and illegitimate financial/political elite.

The leaked White House memo on intelligence agencies anti-encryption strategy made it clear that the security police are determined to get their way one way or another, by means legal or not. The memo explicitly stated that an "untoward event" could be exploited to push through hasty laws mandating back doors. Such an event has just been provided by that other notable Enemy of the People, ISIS/L. (IS claims to a government, and is in fact functioning as the government ruling most of Syria, so the People should regard it as an established government, however barbaric, not as an underground terror group.)

These renewed calls to ban "unauthorized encryption" raises the urgent question: if the USG bans Tor, what is our plan? Shouldn't the Project have plans to relocate to a safer base, such as Iceland or Norway, on an emergency basis? Should the French government ban Tails, what is the plan? Tor and Tails might have only months or days to move before a new emergency law comes into effect, so the time to plan is now. People all over the world depend on Tor and Tails, and we need to ensure that these projects will continue regardless of ill-considered actions by the current FR or US governments.

I am optimistically assuming that Tor and Tails will not become illegal in every nation, but perhaps we should start thinking about that possibility too.

Laws banning secure private communication are like laws banning oxygen. At some point, even persons who have been law-abiding citizens all their lives have to recognize that no-one is morally bound to observe a law which would makes their continued existence illegal, even though they cannot be reasonably suspected of capital crimes. Failure to act on this principle was one of the root causes of why the Nazi regime was able to kill so many innocent civilians including young children: too few ordinary Germans mustered the courage to confront the government by refusing to obey a long series of laws which gradually made it impossible for persons of Jewish heritage to legally exist, regardless of whether they were suspected of having committed any crimes. The horrific memory of these events is one reason why modern Germans are so resistant to the current US-created global security-surveillance state.

We must also never forget that most German intellectuals even as late as 1936 refused to believe that the most civilized nation on Earth (Germany) could descend into state-sponsored criminality. When we hear "patriotic" Americans protest that their nation could never commit genocide, we must respond: in the past, it *has* committed genocide (against Native Americans, Filipinos, etc). Only those who recognize that the US enjoys no divine immunity from such enormous state-sponsored crimes can possibly be able to prevent this ever-present potential from being realized. Again.

Technology always threatens to permit every abuse targeting "mere" dozens or thousands of victims to be scaled up to target millions or tens or hundreds of millions. We must all remember that while "targeted drone strikes" might today appear to target "only" people "of military age" living in certain geographic regions, when enough actors possess enough armed drones, and enough "intelligence" infrastructure, very large scale attacks become possible, possibly even tempting to political leaders increasingly desperate to preserve their power and prerogatives. This week, Jihadi John, next week, perhaps, peaceful Black Lives Matter demonstrators. The government of India (the world's largest democracy) is already employing armed drones against mass protests in that nation.

We also need to recall that Los Zetas (the Mexican criminal syndicate) began its existence as an elite Mexican special forces unit. Bearing in mind recent arrests of DEA, DHS-CBP, FBI, and USSS agents on a variety of felony charges, and the rampant illegality of NSA/CIA/SOCCOM burglaries, buggings, kidnappings, torture, and assassinations, we can only conclude that these agencies are operating as state-sponsored criminal gangs, which have perhaps never been truly under the control of the nominal Chief Executive. Might they in future might spin off their own avowedly terroristic splinter groups? Another example from recent US history suggests this is not impossible.

A few years ago, the noted journalist James Bamford (author of three books on NSA) uncovered documents from the early years of the Kennedy administration--- which the Pentagon admits are authentic--- showing that the then Chairman of the Joint Chiefs of Staff, Gen. Lyman Lemnitzer, a political opponent of the Kennedys, was engaged in potentially treasonous activities of the most serious nature. From

https://en.wikipedia.org/wiki/Operation_Northwoods

> Operation Northwoods was a proposed operation against the Cuban government, that originated within the Department of Defense (DoD) and the Joint Chiefs of Staff (JCS) of the United States government in 1962. The proposals called for the Central Intelligence Agency (CIA) or other US government operatives to commit acts of terrorism against American civilians and military targets, blaming it on the Cuban government, and using it to justify a war against Cuba.

The Wikipedia article continues by saying that the plan was rejected by Kennedy, but Bamford says (and I think the available evidence supports this) that Lymnitzer's plan called for the US military to create provocations, without anyone ever telling President Kennedy that the US military was actually responsible for the supposed "terrorist attacks". These attacks would have included the downing of a civilian airliner. (In one version of the Northwoods plan, the downing would have been an elaborate hoax involving two identical aircraft to be switched mid-flight, so that one with zero to few people could be shot down while the other, with the supposed civilian victims, would land safely in a secret military airfield.) If this sounds like a Hollywood action film script, well, reality of often much stranger--- and always far more dangerous--- than fiction.

That was in 1962. I believe it would be dangerously naive to assume that, in 2015, there cannot be contemporaneous Lemnitzers running amok inside the highest levels of the USG.

Similar remarks apply to the French government, which has in its recent history hardly been immune from imperial abuses.

I believe that the Tor Project and Tails Project must be prepared to protect the millions of people around the world who depend upon Tor and Tails, by being ready to relocate or even going underground. What other alternative do we have, if the US or French governments declare "unauthorized" encryption to be illegal? Snowden said it best: "I cannot live in a surveillance state".

ItsATrap

November 15, 2015

Permalink

If IS (Islamic State in Iraq, Syria, Lebanon) wanted to ensure that the alarm call sounded by arma would be drowned out by a new outrage, the 13 November attacks in Paris could not have been better timed.

In the wake of the attacks, the enemies of privacy wasted no time in blaming:

o Tor
o Snowden
o amnesia in general
o encryption in general
o "encrypted apps" in particular

https://news.yahoo.com/
Paris attacks show U.S. surveillance of Islamic State may be ‘going dark’
Officials contend Snowden disclosures, use of sophisticated encryption and messaging apps are making terrorists harder to track
Michael Isikoff and Daniel Klaidman
14 Nov 2015

> Over the past year, current and former intelligence officials tell Yahoo News, IS terror suspects have moved to increasingly sophisticated methods of encrypted communications, using new software such as Tor, that intelligence agencies are having difficulty penetrating — a switch that some officials say was accelerated by the disclosures of former NSA contractor Edward Snowden.

(New? At least the reporters didn't call it TOR. Note that the anonymous officials did not quite say that IS is using Tor.)

http://www.cbsnews.com/news/paris-attacks-how-encrypted-apps-help-terro…
How encrypted apps help terrorists stay below the radar
Apparent lack of chatter before Paris attacks may indicate a dangerous change in the way extremist groups are communicating with each other
14 Nov 2015

People such as former CIA Deputy Director Michael Morrell, former NCTC Director Michael Leiter, former FBI Deputy Director Timothy Murphy, NYPD Commissioner Bill Bratton, and NYPD Counter-terrorism chief John Miller all specifically cited "encrypted apps" to explain how IS was able to carry out the attacks without being detected in advance. Several of these current and former officials implied that because the attacks were coordinated, the attackers must [sic] have been using "encrypted apps". But none of the "journalists" quoting sometimes anonymous "intelligence officials" making these claims asked their sources whether they knew of any hard evidence to support them.

Indeed, the questionable assertion that the attackers were exchanging encrypted communications appears to contradict something NCTC Director Matthew Olsen said the day before the attacks, that NSA has overheard (repeat, overheard) IS members discussing cryptography, and that some IS members have "stopped using communications at all". Olsen also cited "encryption", but his remarks appear to call into question some elements of James Comey's rantings about the internet supposedly "going dark". Indeed, the rumored "lack of chatter" before the recent attacks seem to be more consistent with no communication than encrypted communication. Furthermore, some of the unsubstantiated anecdotes Olsen cited appear to refer to alleged events which occurred months or years previously.

Director Olsen also warned that IS members are "reading the newspapers and seeing what we can do”. Well, duh. Unfortunately, the lesson some politicians are likely to draw from this is that because IS members can read the news, governments should prevent any "unauthorized" reading of the news.

It is a truism that "the first enemy of war is truth". We must act quickly to counter the lies which are being spread by the servants of authoritarianism in our society. The tech community must respond robustly to those who would whistleblowers, privacy advocates, and the Tor Project for events such as the 13 Nov attacks.

ItsATrap

November 16, 2015

Permalink

There is good and bad in every environment. So is it rational thought to place blame on the environment or is the corrupt and nefarious that dwell it. Always remember there are no rules to be followed until the game falls under scrutiny.

ItsATrap

November 16, 2015

Permalink

University of Michigan school of engineering has been found to be engaged in suspicious activity that could be used to probing for a running proxy such as Tor.

ItsATrap

November 17, 2015

Permalink

criminals exist with TOR or without so here its not TOR the problem for sure ... but the FBI have to respect the privacy of innocent people but of course they do what they want .

ItsATrap

November 17, 2015

Permalink

I am a free and secular and atheist bloger from iran.
I am using tor every day for anonimity.
more thanks for tor project developers
but I am sorry.
because I live in a religious totalitarism country(Iran)
and I can not donate or pay money for tor.
Iran is a big prison.
vivia freedom
viva freedom
viva tor project
we are on your side.
more thanks.

ItsATrap

November 17, 2015

Permalink

So continuing with this logic, now university students can be used to listen to wiretaps en masse in the hopes of uncovering something illegal.
Awesome.