When news broke of Silk Road 2.0’s seizure by law enforcement a lot of people probably wrote it off as an isolated incident. Silk Road 2.0 was the successor to the original Silk Road web site and like its predecessor it was an underground bazaar for narcotics, fueled by more than $8 million in Bitcoin transactions and operated as a hidden service on the Tor anonymity network.
According to the criminal complaint filed against Blake Benthall, the alleged 26-year-old operator of Silk Road 2.0, law enforcement officers caught their suspect using old fashioned police work. Specifically they sent in a mole, or what the text of the complaint refers to as an HSI-UC (a Homeland Security Investigations agent operating in an Undercover Capacity). Anyway, the undercover spy was wildly effective, gaining access to the Silk Road 2.0 discussion forum while the scheme was still in its formative stages and eventually acquiring administrative access to the web site after it launched.
But it turns out that the Silk Road 2.0 take-down was just the appetizer of a much larger main course called Operation Onymous. Onymous, as in anything but anonymous. Within a matter of hours it was announced that a joint operation involving dozens of officers from the FBI, the DHS, and Europol had taken down a grand total of 414 hidden services on the Tor network. This wasn’t just a single bust, no sir. This was a global dragnet that resulted in the arrest of 17 suspects.
The success of this international operation raises a question: how did they locate the hidden servers and identify the people who managed them?
In this instance Tor hidden services failed to live up to their namesake. Was the sudden collapse of several hundred Tor “.onion” domains the result of traditional police tradecraft ─developing informants, patiently waiting for opportunities, doggedly following leads─ or were security services quietly wielding advanced technical methods?
All told the cops are pretty tight-lipped. Wired Magazineasked Troels Oerting, head of the European Cybercrime Center, this very question and he replied:
This is something we want to keep for ourselves… The way we do this, we can’t share with the whole world, because we want to do it again and again and again.
Even with the discretion of insiders like Oerting there have been recent developments that hint at what’s going on behind closed doors. For instance, the FBI has just proposed that the U.S. Advisory Committee on Rules and Criminal Procedure alter federal search and seizure rules so that law enforcement agents can hack into machines that have been “concealed through technological means.” This is no doubt a thinly veiled reference to Tor.
The FBI’s request infers that public gripes against ostensibly strong encryption by officials like FBI Director James Comey, GCHQ Director Robert Hannigan, and former NSA General Counsel Stewart Baker are mere theater. The feds already have tools at their disposal to defeat encryption-based tools like Tor. In fact, an internal NSA document admits that “[A] critical mass of targets use Tor. Scaring them away from Tor might be counterproductive.”
Really? I wonder why?
This past summer I questioned the wisdom of netizens putting all their eggs in the Tor basket, as did other writers like Pando’s Yasha Levine. Granted there were protests voiced by advocates, some of which I responded to. Still, the public record demonstrates that Tor isn’t a guarantee against the intrigues of a knowledgeable adversary. And now we clearly see the purported security of the Tor anonymity network unraveled on a grand scale. Not just for one or two illicit websites but hundreds. As to whether it’s possible for an app to safeguard essential civil liberties… the techno-libertarians of Silicon Valley can eat crow.
The reality is that the Deep State’s minions aim to eradicate genuine anonymity for everyone but themselves. The steady erosion of privacy is a part of a long-term campaign to consolidate control as economic inequality accelerates and perpetual war expands. The looming Malthusian disaster born of our leaders’ unenlightened self-interest will be a brutal spectacle and the members of the ruling class want to make sure that they’ll have a good view.
Good computer security is hard – it requires a lot of technical knowledge, and takes a lot of time and effort … And at the end of the day, there will always still be weaknesses in your system. This means that you should never be lulled into a false sense of security, thinking that you are working on a “secure” system. You can have a more secure system or a less secure system, but there is no such thing as a perfectly secure system.
Adversaries like the FBI and NSA are technologically superior and have immensely greater resources than you do, and will compromise your system if they are determined to do so. But this does not mean that you should do nothing. What you can do is close off the obvious and easy-to-exploit vulnerabilities, forcing them to use more complex, expensive (in time and resources), and error-prone methods to violate your privacy.
While no single individual system can ultimately be completely protected from them, the collective effect of millions of people making it more costly will overwhelm their ability to target everyone (because they can only afford so many computers, so much electricity, so many analysts, etc.) … Whereas, if none of us do anything, it is very cheap and easy for them to spy on everyone. That is a complete lack of concern about security leads to complete and total surveillance. We should not make this easy for them.
While ultimately, the solutions to the problem of mass surveillance are political, not technological, we should utilize any technological methods we can to disrupt their intelligence efforts as we work towards these political solutions.
“Free” email services such as Gmail, Yahoo, or Microsoft (MSN, Hotmail) might not cost you anything in the sense of money, but they are certainly not free in the sense of freedom. The price you pay for using these services is a complete loss of privacy and control over your data. The use of these services enables state intelligence/police agencies to easily monitor our communications and behavior/interests, map out our social networks, and then use this information to systematically destroy radical social movements.
What’s wrong with corporate email? What are they doing with your data?
Corporations such as Google provide their email service to you for “free” so that they can collect data about you and sell it for a profit. What they are actually offering you is spyware. Google collects and analyzes the contents of your emails and “private” messages, creates lists of everyone you communicate with, and tracks your behavior as you search and surf the web (what sites you visit, how long you spend there, etc). They then store all of this information in their massive databases, compile a detailed profile of you, and sell access to this information to advertisers and other companies.
The amount of personal information that is collected by companies such as Google and Facebook is truly vast, and historically unprecedented. Consider for a moment how detailed of a psychological/behavioral profile of you can be constructed by being able to read every email you’ve sent over the past few years, having a list of everyone you’ve communicated with, viewing everything you’ve searched for on Google, what sites you’ve visited (i.e. they know what kind of things you’re reading, what videos you watch, places you go, what you like to do for fun, your medical conditions, what you purchase online, political groups/ideas you’re interested in, your sexual preferences, and countless other things that you probably wouldn’t feel comfortable sharing with a complete stranger) … And now consider that they have this kind of information about hundreds of millions of people.
Collaboration with state intelligence/police agencies
The major problem with this is that in addition to collecting and selling your private data, these corporations also willingly hand over this information to intelligence agencies and police. This type of intelligence gathering would cost the state billions of dollars if they had to do it themselves. But now, they can have companies like Google do it for them (supported by ad revenue) for free.
Never before have governments had access to this kind of detailed behavioral/psychological profiles of the people and groups that they consider “threats”(and identifying who these threats are is also much easier, now that they can easily do things like sitting down at the computer and saying “Give me a list of all of the people in Seattle, WA who regularly read anarchist literature.”)
Governments sometimes use this information to arrest people and throw them in prison (or kill them). However in order to uphold the illusion of “democratic governance” they can only do this to the highest valued targets. What surveillance and data mining is most useful for is social control through misinformation, manipulation, distraction, and disruption. I am pointing this out because when I’m talking about email security with people, they often say things like “Well it’s not like I’m going to be stupid enough to talk about illegal activity over email!” … but that’s not the point. What is more important is that you are giving the state detailed information about your plans/strategies, your beliefs, your personal preferences, your fears, your friends, your family, your interests … and they can use this to more effectively neutralize our collective efforts at radical change through propaganda, manipulation and deception, without appearing to be as violently repressive.
Sure, FBI agents can infiltrate our groups, break into our homes and install monitoring hardware, follow us around, and disrupt our meetings. They can get information about us if they want to by a variety of means. But by using corporate email and social media and freely sharing our most intimate personal details with them over the Internet, organizing our political activities on Google Groups and Facebook Pages, we give them far more information and make it extremely cost effective for them to monitor and manipulate a much larger number of people. That is by using Google, Facebook, Yahoo, etc. we are making mass surveillance and political repression easier. We are enabling them when we should be working to make things as difficult for them as possible.
Free alternatives to corporate email
If you’re doing any type of social justice organizing, independent journalism, or anything else that might make you a target for government surveillance and repression there are several free, non-profit alternative email services that are run by organizations who respect user privacy and will not collaborate with intelligence/police agencies.
Personally I use Riseup.net but there are several other options including Resist.ca, Tao.ca, and Autistici/Inventati. Riseup.net is based out of Seattle, Washington, Autistici/Inventati is based out of Italy, and Resist.ca/Tao.ca are based out of Canada (but all of them provide free services to people anywhere in the world). All of these sites are anti-authoritarian communications collectives whose mission is to provide free, secure email, chat, VPN and other web services for people who are working towards radical social change.
These sites are completely funded by donations so if you use their services, and can spare a few dollars every now and then, you should donate some to keep them running. But neither of them require you to pay anything if you can’t afford to.
How to smoothly transition from your old corporate email to your new address
Just like Gmail, Riseup.net and the other services mentioned above will let you access your email through your web browser. However, I’d highly recommend downloading a free, open-source email reader such as Mozilla Thunderbird (from the same folks who make the Firefox web browser). This will enable you to easily manage multiple email accounts from one place, without having to go from one website to another. There are other benefits to using a standalone email reader like Thunderbird: it will enable you to easily use PGP encryption for your emails, keep a calendar/task list, let you download your emails and store them offline, and many other useful things.
As far as transitioning to your new email from the old one, another way that an email program will be helpful is that it will let you receive emails with one address (for instance, your old Gmail address) and then reply to that message with a different email than the one that received it. This is the easiest way to notify people about your new email address. Instead of having to send a mass email out to everyone you know saying you’ve switched over, you can just periodically check your Gmail account in your mail reader and then reply to all the messages there using your Riseup.net or Autistici account and let them know that “By the way, this is my new email address, please use it from now on” … after a few months of doing this, you will get hardly any emails at your old Gmail address.
…But don’t get lulled into a false sense of security!
Switching to a provider like Riseup.net addresses a specific security vulnerability – that of corporate email providers having access to your private communications. However, it by no means solves all of the problems with email/internet security. For instance, if you are not using PGP encryption, your emails are still being transmitted in cleartext and are readable by large telecoms and governments, who have large scale packet interception/analysis systems. And even if you are using PGP encryption, you are still not being protected from traffic analysis (i.e. the contents of your email might be unreadable, but they can still see who you are talking to and what the subject line of your emails are). Basically, you should always keep in mind that there is no such thing as perfect security, and that there is no simple technological solution that will make your communications totally secure. Understand what the benefits of switching to a secure email provider are, but don’t overestimate these benefits …
[…] recent history is chock full of instances where the FBI employed malware like Magic Lantern and CIPAV to foil encryption and identify people using encryption-based anonymity software like Tor. If it’s expedient, the FBI will go so far as to impersonate a media outlet to fool suspects into infecting their own machines. It would seem that crooks aren’t the only attackers who wield social engineering techniques.
In fact, the FBI has gotten so adept at hacking computers, utilizing what are referred to internally as Network Investigative Techniques, that the FBI wants to change the law to reflect this. The Guardianreports on how the FBI is asking the U.S. Advisory Committee on Rules and Criminal Procedure to move the legal goal posts, so to speak:
The amendment [proposed by the FBI] inserts a clause that would allow a judge to issue warrants to gain ‘remote access’ to computers ‘located within or outside that district’ (emphasis added) in cases in which the ‘district where the media or information is located has been concealed through technological means’. The expanded powers to stray across district boundaries would apply to any criminal investigation, not just to terrorist cases as at present.
In other words the FBI wants to be able to hack into a computer when its exact location is shrouded by anonymity software. Once they compromise the targeted machine it’s pretty straightforward to install a software implant (i.e. malware) and exfiltrate whatever user data they want, including encryption passwords.
If encryption is really the impediment that director Comey makes it out to be, then why is the FBI so keen to amend the rules in a manner which implies that they can sidestep it? In the parlance of poker this is a “tell.”
As a developer who has built malicious software designed to undermine security tools I can attest that there is a whole burgeoning industry which prays on naïve illusions of security. Companies like Hacking Team have found a lucrative niche offering products to the highest bidder that compromise security and… a drumroll please… defeat encryption.
There’s a moral to this story. Cryptome’s John Young prudently observes:
Protections of promises of encryption, proxy use, Tor-like anonymity and ‘military-grade’ comsec technology are magic acts — ELINT, SIGINT and COMINT always prevail over comsec. The most widely trusted and promoted systems are the most likely to be penetrated, exploited, spied upon, successfully attacked, covertly compromised with faults hidden by promoters, operators, competitors, compromisers and attackers all of whom warn against the others while mutually benefiting from continuous alarms about security and privacy.
When someone promises you turnkey anonymity and failsafe protection from spies, make like that guy on The Walking Dead and reach for your crossbow. Mass surveillance is a vivid expression of raw power and control. Hence what ails society is fundamentally a political problem, with economic and technical facets, such that safeguarding civil liberties on the Internet will take a lot more than just the right app.
Over the last years, we learned a lot about how the Great Firewall of ChinaisblockingTor. Some questions remained unanswered, however. Roya, Mueen, Jed, and I just published a project which seeks to answer some of these open questions. Being curious as we are, we tried to find answers to the following questions:
Is the filtering decentralised (i.e., happening in provinces) or centralised (i.e., happening in Internet exchange points (IXP))?
Are there any temporal patterns in the filtering? Or in other words, are there certain times when people are more likely to be able to connect to Tor?
Similarly, are there any spatial patterns? Are folks in some special regions of China able to connect to Tor while others cannot?
When a computer in China tries to connect to a Tor relay, what part of the TCP handshake is blocked?
It turns out that some of these questions are quite tricky to answer. For example, to find spatial patterns, we need to be able to measure the connectivity between many Tor relays and many clients in China. However, we are not able to control even a single one of these machines. So how do we proceed from here? As so often, side channels come to the rescue! In particular, we made use of two neat network measurement side channels which are the hybrid idle scan and the SYN backlog scan. The backlog scan is a new side channel we discovered and discuss in our paper. Equipped with these two powerful techniques, we were able to infer if there is packet loss between relay A and client B even though we cannot control A and B.
You might notice that our measurement techniques are quite different from most other Internet censorship studies which rely on machines inside the censoring country. While our techniques give us a lot more geographical coverage, they come at a price which is flexibility; we are limited to measuring Internet filtering on the IP layer. More sophisticated filtering techniques such as deep packet inspection remain outside our scope.
Now what we did was to measure the connectivity between several dozen Tor relays and computers in China over four weeks which means that we collected plenty of data points, each of which telling us “was A able to talk to B at time T?”. These data points reveal a number of interesting things:
It appears that many IP addresses inside the China Education and Research Network (CERNET) are able to connect to at least our Tor relay.
Apart from the CERNET netblock, the filtering seems to be quite effective despite occasional country-wide downtimes.
It seems like the filtering is centralised at the IXP level instead of being decentralised at the provincial level. That makes sense from the censor’s point of view because it is cheap, effective, and easy to control.
Now what does all of this mean for Tor users? Our results show that China still has a tight grip on its communication infrastructure, especially on the IP and TCP layer. That is why our circumvention efforts mostly focus on the application layer (with meek being an exception) and pluggable transport protocols such as ScrambleSuit (which is now part of the experimental version of TorBrowser) and obfs4 are specifically designed to thwart the firewall’s active probing attacks.
For years, the US government loudly warned the world that Chinese routers and other internet devices pose a “threat” because they are built with backdoor surveillance functionality that gives the Chinese government the ability to spy on anyone using them. Yet what the NSA’s documents show is that Americans have been engaged in precisely the activity that the US accused the Chinese of doing. […]
A June 2010 report from the head of the NSA’s Access and Target Development department is shockingly explicit. The NSA routinely receives – or intercepts – routers, servers and other computer network devices being exported from the US before they are delivered to the international customers.
The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users. The document gleefully observes that some “SIGINT tradecraft … is very hands-on (literally!)”.
Eventually, the implanted device connects back to the NSA. The report continues: “In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure. This call back provided us access to further exploit the device and survey the network.” […]