Forums › Life › Computers, Gadgets & Technology › The attack that broke the Dark Web—and how Tor plans to fix it
No, just our privacy, anonymity and every one of out human rights.
I doubt the Internet would easily be switched off as it is also carrying other important stuff like “old fashioned” telephone calls (including those to 112 / 999 / 911 services) but there is no crypto scheme that can defeat the laws of physics.
In most cases the cops do not need to decrypt the comms at all; they only need to geolocate it and match it up with real life incidents such as a rise in drug overdoses in one particular area or young middle class people seeking addiction treatment.
In a lot of Northern European countries only certain ISPs wiil have anything to do with TOR exit nodes (as their use often gets the associated IP address marked as “dangerous/source of malware so it cannot be shared with other customers) and these ISPs often have big science universities and the public sector as clients.
In the video below I have (using a normal unencrypted VOIP setup) telephoned a speaking clock in Hamburg, Germany routing the call from my VDSL connection with the main data centre in Northern England via Canada (as its cheaper than going via Europe for some reason). The “1980s style” modified electronic radio clock is receiving the official German time from DCF77 radio transmitter in Frankfurt. The wristwatch next to it uses MSF UK (a transmitter on the border of England and Scotland) for its time reference.
The speaking clock is not the official one from “Die Telekom” (that cannot be dialled from outside DE) but appears to be some hobbyists project in Hamburg. Although with all these radio time signals plus GPS and NTP the whole concept of a speaking clock is a bit of an anachronism [!]; I can see why Telekom and BNetZA would encourage someone to do this as it means anyone who wants to test VOIP circuits to Germany could do so without telephoning other numbers that would inconvenience people.
The combined effect of lag (due to the compression/encoding of the audio), jitter and various buffers used in the VOIP equipment to guard against this (if there is too much the audio of the telephone call starts breaking up) cause time to go “backwards!”
Digital data will however always travel at around the speed of light (with a slight correction factor depending on the type of fibre optic cables used or if anything wireless is involved). With enough accurate clocks and people monitoring the packets at various parts of the network (plus a lot of hard maths and most likely Fortran being involved at some point) it is possible to locate both ends of where the data traffic is being exchanged; without knowing exactly what the content is.
Most telecom companies and ISPs in Europe do this sort of monitoring routinely (alongside the Universities) simply to check their networks are working correctly as a coindition of their license with the Communications Ministry, particularly with more and more “time critical” content like telephone calls and real time audio/video being sent along IP-based links.
There is nothing sketchy or hidden about this and the papers are usually openly available on the personal websites of the profs involved and/or the Communications Ministry websites.
TOR and other crypto schemes are resource intensive and create more lag and jitter than clear traffic. They will always have some data transmitted in the clear so the other end knows what crypto scheme is in use; so always stand out amongst other signals even if the content cannot be immediately monitored.
You seen all the stuff about the mass de-anonymization attack carried out by Carnegie Mellon university? They are the bastards responsible for the takedowns of the markets etc.
@tryptameanie 975261 wrote:
You seen all the stuff about the mass de-anonymization attack carried out by Carnegie Mellon university? They are the bastards responsible for the takedowns of the markets etc.
yes, although I felt that all the outrage and angst over this (particularly American) style response (to a phenomenon mostly created by the USA and its insistence on strong drugs control laws) overshadowed previous incidents where European cops had busted smaller groups of people using darknet on their own long before USA was assisting them; most likely using the time based geolocation (the technique being published in 2008 by British profs) without breaking the rest of TOR (and thus arousing suspicion).
Cops/Governments co-operating with Universities is nothing new either.
Historically Universities have always been controlled by either powerful business/govt interests or faith groups; in some countries (including USA) there are still relgiious universities (which may seem backward but many are responsible for a lot of interesting research in modern computer science)
Maybe it is Americans and some British who have this over-romanticsed view about the amount of freedom you get at uni (I’ve already mentioned how simply using the Internet as recently as 1991/2 got me expelled from one in London) but even before the darkweb in the late 90s there were many British dealers who thought University areas were soft touches getting busted hard; because it turned out 20% of the students in some classes were CID.
This wasn’t even some shadowy undercover sting but the detectives were genuinely at University to learn stuff; as Tony Blair introduced a fast track scheme whereby those Police Officers with a degree could move up the ranks quicker.
I totally agree with what you just said GL but this looks like he research project prety much decloaked the entire network, seriously damaging real peoples lives. The FBI then appears to have got a court order to take this data and do whatever the fuck they like with it. They could never have got a warrant to do a massively broad attack like that, they have to be very narrowly tailored to single suspects. This must mean that there is a mass of information stored somewhere on everyone using the network for whatever purposes. That data is gonna be massively valuable to every nation on earth now for so many purposes that it won’t stay concealed for long I doubt. Totally goes against what universities should be doing. Ed Felten has a good blog post on this that I’ll try find.
@tryptameanie 975264 wrote:
I totally agree with what you just said GL but this looks like he research project prety much decloaked the entire network, seriously damaging real peoples lives. The FBI then appears to have got a court order to take this data and do whatever the fuck they like with it. They could never have got a warrant to do a massively broad attack like that, they have to be very narrowly tailored to single suspects. This must mean that there is a mass of information stored somewhere on everyone using the network for whatever purposes. That data is gonna be massively valuable to every nation on earth now for so many purposes that it won’t stay concealed for long I doubt. Totally goes against what universities should be doing. Ed Felten has a good blog post on this that I’ll try find.
Compared with ethical standards for other sciences this is true; but the study of computer science in its own right (instead of simply a branch of mathematics) is relatively new; perhaps even younger than I am!. So the ethical standards have not yet developed as much as something like chemistry, physics or pharmacology.
There was similar angst 30 years ago when the prof at Netherlands PTT published info on how to spy on other remote computer display screens from a few hundred metres away using a modified TV set; even though the modifications required a level of knowledge and other test equipment unlikely to be found outside a University, a TV sharp enough to read an 80 character display wouldn’t be cheap or particularly portable.
I also read through the experiment book [aimed at teens/young adults of the era] from that professor chap in the UK who discovered heroin; and did some more research on him (discovering he only lived to age 50).
Although the experiments which do result in (small) fires, explosions etc or involve use of particularly harsh chemicals are accompanied by appropriate safety warnings; others involved using large amounts of mercury poured out into open containers. Exposure to this and its vapour does slowly poison everyone within range. It took the scientific community a few decades to realise this.
There is never any real consensus about what Universities should and shouldn’t be doing other than basic safeguarding of younger students and even then many fail dismally – campuses in USA, UK and even DE are actually still unsafe for young people often on their own, worse than they were in the 1990s and they can easily become victims of crime, sexual assault even in supposedly safe areas like the halls of residence or the student union entertainment venues; whilst the same campus often has all its science and computer labs locked down hard to protect the commercial property (both hardware and intellectual property) stored in there.
0
Voices
8
Replies
Tags
This topic has no tags
Forums › Life › Computers, Gadgets & Technology › The attack that broke the Dark Web—and how Tor plans to fix it