News

Dread surviving operation onymous

Dread surviving operation onymous

as many of you know Operation Onymous seized over 400 hidden services and identified administrators. thankfully Dread was not one of those services and impressively avoided operation onymous. below is more information about operation onymous and how to better protect your anonymity.

The FBI is calling it Operation Onymous. (As in, no longer “Anonymous.”)
Global law enforcement conducted a massive raid of the Dark Web this week. It started with the FBI takedown of Silk Road 2.0 and the arrest of its alleged operator Blake Benthall in San Francisco on Wednesday. But it quickly exploded from there, as European counterparts seized over 400 black market ‘hidden sites’ and arrested 19 other people alleged to be involved in their operation. Wired called it “a scorched-earth purge of the Internet underground.” But how exactly did law enforcement take their digital blow torches to the Dark Web sites that were using Tor anonymity software to protect themselves? Law enforcement has been mysterious on that count, saying it won’t reveal its methods because they are “sensitive.” two researchers from Carnegie Mellon, Alexander Volynkin and Michael McCord, were preparing for a presentation at hacker conference Black Hat about work they’d done to easily “break Tor.” They were vague about the details but promised that their work wasn’t just theoretical: “Looking for an IP address for a Tor user? Not a problem. Trying to uncover the location of a Hidden Service? Done. We know because we tested it, in the wild.” n July, the talk was suddenly canceled. Tor revealed that a bunch of nodes in its network had been compromised for at least 6 months, and asked users to upgrade their Tor software to patch the vulnerability the attackers used:

On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks.

If you control enough of the Tor network, it’s possible to get a kind of bird’s eye view of the traffic being routed through it. It was clear that Tor thought the Carnegie Mellon researchers were responsible.

Tor’s development team
How did they locate the hidden services?

So we are left asking “How did they locate the hidden services?”. We don’t know. In liberal democracies, we should expect that when the time comes to prosecute some of the seventeen people who have been arrested, the police would have to explain to the judge how the suspects came to be suspects, and that as a side benefit of the operation of justice, Tor could learn if there are security flaws in hidden services or other critical internet-facing services. We know through recent leaks that the US DEA and others have constructed a system of organized and sanctioned perjury which they refer to as “parallel construction.”

Unfortunately, the authorities did not specify how they managed to locate the hidden services. Here are some plausible scenarios:

Operational Security

The first and most obvious explanation is that the operators of these hidden services failed to use adequate operational security. For example, there are reports of one of the websites being infiltrated by undercover agents and the affidavit states various operational security errors.

SQL injections

Another explanation is exploitation of common web bugs like SQL injections or RFIs (remote file inclusions). Many of those websites were likely quickly-coded e-shops with a big attack surface. Exploitable bugs in web applications are a common problem.

Bitcoin deanonymization

Ivan Pustogarov et al. have recently been conducting interesting research on Bitcoin anonymity.

Apparently, there are ways to link transactions and deanonymize Bitcoin clients even if they use Tor. Maybe the seized hidden services were running Bitcoin clients themselves and were victims of similar attacks.

Attacks on the Tor network

The number of takedowns and the fact that Tor relays were seized could also mean that the Tor network was attacked to reveal the location of those hidden services. We received some interesting information from an operator of a now-seized hidden service which may indicate this, as well. Over the past few years, researchers have discovered various attacks on the Tor network. We’ve implemented some defenses against these attacks, but these defenses do not solve all known issues and there may even be attacks unknown to us.

Leave a Reply

Your email address will not be published. Required fields are marked *