The Tor Project has learned more about last year's attack by Carnegie Mellon researchers on the hidden service subsystem. Apparently these researchers were paid by the FBI to attack hidden services users in a broad sweep, and then sift through their data to find people whom they could accuse of crimes. We publicized the attack last year, along with the steps we took to slow down or stop such an attack in the future: https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack/ Here is the link to their (since withdrawn) submission to the Black Hat conference: https://web.archive.org/web/2014070...-to-break-tor-deanonymizing-users-on-a-budget along with Ed Felten's analysis at the time: https://freedom-to-tinker.com/blog/felten/why-were-cert-researchers-attacking-tor/ We have been told that the payment to CMU was at least $1 million. There is no indication yet that they had a warrant or any institutional oversight by Carnegie Mellon's Institutional Review Board. We think it's unlikely they could have gotten a valid warrant for CMU's attack as conducted, since it was not narrowly tailored to target criminals or criminal activity, but instead appears to have indiscriminately targeted many users at once. Such action is a violation of our trust and basic guidelines for ethical research. We strongly support independent research on our software and network, but this attack crosses the crucial line between research and endangering innocent users. This attack also sets a troubling precedent: Civil liberties are under attack if law enforcement believes it can circumvent the rules of evidence by outsourcing police work to universities. If academia uses "research" as a stalking horse for privacy invasion, the entire enterprise of security research will fall into disrepute. Legitimate privacy researchers study many online systems, including social networks β If this kind of FBI attack by university proxy is accepted, no one will have meaningful 4th Amendment protections online and everyone is at risk. When we learned of this vulnerability last year, we patched it and published the information we had on our blog: https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack/ We teach law enforcement agents that they can use Tor to do their investigations ethically, and we support such use of Tor β but the mere veneer of a law enforcement investigation cannot justify wholesale invasion of people's privacy, and certainly cannot give it the color of "legitimate research". Whatever academic security research should be in the 21st century, it certainly does not include "experiments" for pay that indiscriminately endanger strangers without their knowledge or consent. Continue reading...
The slimy FBI dirt bags will never stop attacking the people. If anybody has any doubts, read up on FBI training protocol, especially Quantico training. They are brainwashed and carefully preened and sculpted into becoming infiltrators and disruptors. They will infest and destroy everything because that's what they've been trained to do. Americans are the terrorists --especially the patriotic and freedom loving types. The FBI even hacks and attacks their own bureau, and part of their training is to suspect other FBI agents. The war on terror is a thinly veiled scheme to actually wage war on dissent at home. The next great battle will be fought in the digital world. The masters have called for it, they must control information exchange, they must shut down the independent movements. The hybridization of technology which brought us smaller, handheld devices is only one step to ease people off of the hacking platform and deliver a completely autonomous browsing arsenal with phones and tablets. Everything is already linked to Facebook, Twitter and a host of other social media outlets. Most devices will be designed to require the use of cloud based storage and easier tracking of online activity. Users of mobile devices are already tracked by GPS and wifi login. Everything will be monitored, from built in cameras and microphones, email, messaging --nothing will be private.
