Supreme Court Allows FBI To Hack Anyone Using TOR

Discussion in 'privacy general' started by hawki, Apr 30, 2016.

  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,061
    Location:
    DC Metro Area
  2. So sad :(

    This is happening all over the world LEA powers are being expanded at a huge rate.

    Now they have the right to hack any person in the world. Some governments have changed the law to allow LEA to be legally able to run botnets.
     
  3. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Sad indeed. It's very hard to see how this would not cause international incidents, as well as likely being against international law for what it's worth. You hack ours, we'll hack yours, to all of our detriments. If it's established that the affected machine is not in jurisdiction, there doesn't seem to be any obligation to pursue MLAT, that's far too onerous it seems.

    If it stands (Wyden is attempting to raise a bill in Congress to prevent it) - it will break the internet as we know it, with an increase in Great Firewalls of X, with each trading region/power bloc seeking to protect their economic interests - this is about money and power, not crime. It's spooky how they can gather evidence on Silk Road and nasty sites, but the Libor traders, financial fraud on a humongous scale, senior managers in banks, and people with dodgy offshore accounts in tax havens somehow get off scot free.....
     
  4. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    511
    Location:
    Earth .... occasionally
    This was always going to happen.
    Frankly , I'm only surprised that it has taken this long .
    For a long time now , almost any mention of Tor in global media has portrayed it with a negative bias.

    " Tor User = Criminal "

    More bad news this week is that a member of the Tor dev team has " crossed over " and is now helping a
    TLA to trace Tor users.

    { I've just had a quick look for the link to that but can't find it now . Did anyone else see it ? ]

    Update - Found it
     
  5. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,115
    Location:
    Brasil
    So what can we do to protect ourselves?
     
  6. haakon

    haakon Guest

    So, TOR is that good. :confused:
     
  7. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    511
    Location:
    Earth .... occasionally
    As far as Tor goes , the options look bleak :-

    1. Stand up against the ( inevitable ) incoming tide ..... ( Neither The Luddites nor King Canute were successful )
    2. Bury our heads in the sand and assume that all will probably be fine
    3. Accept that what Tor once offered will soon be gone forever ....

    ... I'm hoping that someone here will have something positive to say ..... :doubt:
     
  8. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,115
    Location:
    Brasil
    Considering we, the guys answering this thread (and possibly everyone in this forum) are under surveillance, I don't think there are that many good news, unless there's actually a viable alternative to Tor, and, of course, considering that Supreme Court order can't be used to spy on OTHER "anonimization" networks.
     
  9. haakon

    haakon Guest

    Hide in plain sight.
     
  10. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,115
    Location:
    Brasil
    Well, we still have GnuPG at least :confused: Back to the good-ol e-Mail talks.
     
  11. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    If we can back up a bit - what is being attacked is clients (possibly lots of them) with sessions to a server that has been taken over by LE. At that point, the legal powers being granted are to hack the client using whatever tools are available to LE, regardless of where that client is. When they have done so, they can then find out things like real IP addresses and so on. This is not, of itself, breaking Tor, though it does fall into the realm of auto-attacking clients wherever they are, hopefully, if LE, for visits to criminally oriented sites (though sadly this presumption may not be true).

    It's seemed to me for a while that the browser (with an http/https interactive browsing session) is the weak link in these chains, because it has become such a focus of attack (including zero days), and is now complex and bloated - hence vulnerable to subversion, fingerprinting, timing, size, etc...

    If you make the api from client to "server" rather simpler, then defence is easier. For example, using client-parsed xml messages (on a zero knowledge messaging system) that have no privileged access to the client details AT ALL.

    Reading these threads also provides other ways to make de-anonymisation harder (whoever the attacker is).
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    This doesn't change much. The NSA already tries to hack Tor users, I'm sure. So the FBI? Meh. And there are many other jerks out there who want to pwn you for lulz or money.

    Bottom line: You're always at risk. So compartmentalize! On all levels. There should be no overlap between your real-name stuff and your various personas. No shared friends. No shared activities or interests. No shared social media, websites visited. Nothing shared!

    Also compartmentalize physically. At least use VMs with multiple nested VPN chains. Use pfSense VMs as VPN-client firewalls, to provide solid leak protection and network isolation. Don't enable access from VMs to host. If one VM gets pwned, you the others to be safely isolated. Use Whonix instances for Tor, one for each persona or project. If you're paranoid, use Qubes with Debian and Whonix VMs. If you're really paranoid, use dedicated hardware on LANs that are physically isolated from your real-name stuff, family, etc, etc. And don't share files across security levels.

    Indeed, always assume that stuff is already pwned. And figure out how to be safe if that's so.
     
  13. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    I couldnt agree more. I also dont think legality has stopped the FBI/NSA before. When you have the FISA court that doesnt reject a single request in 2014 and 2015 I dont see the ruling as changing anything. They probably already have a secret ruling that lets them do this to any TOR/VPN user.
     
  14. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402

    Brother from another mother!! LOL!!

    If you can deal with the inconvenience of it, cut from your ISP for hobby stuff, and use a large dbi antenna grabbing public wifi instead. Vpns, TOR same as always just swap the ISP for wifi. Sucks on speed but for critical issues might be a valid choice. You can be 1/2 mile away and be on a wifi with the right antenna.
     
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    :)
    With a parabolic dish and a 600 mW radio, you can hit APs at five miles or more :)
     
  16. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402

    Sounds like the voice of experience over simple theory! I always shorten the distance in "statements" to keep a lower profile. LOL!
     
  17. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Yep, experience. But then, with 2.4GHz, it's a big dish. Much smaller with 5GHz.
     
  18. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    511
    Location:
    Earth .... occasionally
    @mirimir
    @Palancar


    That sounds like mighty good fun !

    Could either of you guys post a link for further reading on how to get started ?

    Thanks :thumb:
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
  20. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.