
FBI takes down over 400 .onion sites - aspanda
http://www.fbi.gov/news/pressrel/press-releases/more-than-400-.onion-addresses-including-dozens-of-dark-market-sites-targeted-as-part-of-global-enforcement-action-on-tor-network
======
oofabz
Was anyone charged with a crime? It disturbs me that the FBI has free rein to
seize people's property without even giving them their day in court.

The Fourth Amendment says "nor shall any person [...] be deprived of life,
liberty, or property, without due process of law". I don't see any process of
law here. The FBI is law enforcement, not judicial.

~~~
geofft
That interpretation of "due process" seems to neither make sense nor be just.

Are police officers or FBI agents who are being shot at prohibited from
shooting back at their attacker, because that would deprive life without due
process of law?

Can suspects not be arrested until a court case has exhausted all its appeals,
because that would deprive liberty without due process of law?

The FBI (presumably) had a warrant here, after gathering evidence, and the
cooperation of various other agencies including a few district attorneys. The
US (hopefully) is a land in which the process of acquiring a warrant before
actually seizing anything or arresting anyone is so commonplace that it isn't
even mentioned. There was a process of law, it involved the courts, you didn't
see it because it didn't need to be mentioned, and it didn't involve the
completion of a criminal case.

(There are separate safeguards, against police officers killing people without
reason, arrests happening without a warrant, or liberty or property being
deprived for unreasonably long while a court case is artificially stalled.
Some of those safeguards are not as effective as a free people would hope. But
I don't think that's what you were referencing, and I don't think you can make
a case that any of those happened here.)

~~~
jared314
> The US (hopefully) is a land in which the process of acquiring a warrant
> before actually seizing anything or arresting anyone is so commonplace that
> it isn't even mentioned.

That is not true any more. There was a discussion [1] two months ago about the
changes in the law regarding property seizure post 9/11\. They call it "asset
forfeiture".

[1]
[https://news.ycombinator.com/item?id=8280889](https://news.ycombinator.com/item?id=8280889)

------
dobbsbob
The SR2 guy 'defcon' was also selling his services as a .onion developer/ops
so likely all these other sites he set up for vendors and they were seized
when he was caught and cooperated. From the FBI complaint he was completely
careless like all other recently busted darknet admins and mods so wouldn't be
surprised if they were all hosted at the same host too.

~~~
fabulist
Every time something like this happens, lots of people shout that the sky is
falling and Tor is "dead."

Thank you for putting forward a reasonable hypothesis amid the FUD.

That being said, I doubt he was a developer for 399 other sites, thats quite a
few. I think a "watering hole" style attack is likely here, but I think there
must be a part of the story that hasn't been revealed; perhaps there was a
federation of .onion marketplaces that Benthall was a part of.

~~~
meowface
I work in the security industry, and normally I'm the first one to argue
against the FUD, but this time I'm not so sure. Clearly, out of these ~400 a
decent portion were probably on the same server or in the same datacenter, and
many of their operators were obviously quite careless in terms of personal,
infrastructure, and application security (as has always been the case and will
likely forever remain the case).

But it's still a pretty high number. I would not completely rule out some sort
of trick or analysis being employed by global law enforcement to identify the
ISP or datacenter being used to host hidden services. It may just be a matter
of them plotting the volume of Tor traffic around the world and narrowing it
down from there; it's likely not that difficult to distinguish Tor traffic
from a popular hidden service and Tor traffic from a relay, exit node, or
client.

Note the bottom of the FBI's press release:

>The law enforcement authorities of Bulgaria, Czech Republic, Finland, France,
Germany, Hungary, Ireland, Latvia, Lithuania, Luxembourg, Netherlands,
Romania, Spain, Sweden, Switzerland, and the United Kingdom, whose actions
have been coordinated through Eurojust and Europol’s EC3, provided substantial
assistance.

That's a lot of countries. Many unscrupulous hosting providers are located in
those countries. It's possible that the FBI narrowed their search down to
individual foreign ISPs, then had foreign law enforcement work with ISPs,
NOCs, and hosting companies to place selective taps and narrow things down
even further, centered purely around analysis of Tor traffic volume.

Or they may have found a general purpose vulnerability. Or perhaps a
combination of the two.

These tweets by a (not currently arrested) popular hidden service operator are
also very interesting:

[https://twitter.com/loldoxbin/status/530764492326838272](https://twitter.com/loldoxbin/status/530764492326838272)

[https://twitter.com/loldoxbin/status/530766985794420736](https://twitter.com/loldoxbin/status/530766985794420736)

[https://twitter.com/loldoxbin/status/530768176007884800](https://twitter.com/loldoxbin/status/530768176007884800)

[https://twitter.com/loldoxbin/status/530768358355251200](https://twitter.com/loldoxbin/status/530768358355251200)

[https://twitter.com/loldoxbin/status/530891182612955136](https://twitter.com/loldoxbin/status/530891182612955136)

Tor is not dead, but anyone running an illicit hidden service should probably
be concerned, at least until further details are released or discovered. It's
entirely possible that they took down all of these services purely through
typical cybercrime investigative techniques, but I think it's unwise to rule
out something a bit more powerful this early on.

~~~
fabulist
I seem to stand corrected.

I guess we'll have to watch this story very carefully.

I'm also "in" the security industry (I'm applying to my first jobs, but that
is my chosen career path), and I do not believe Tor is sufficient to protect
one's identity; but it irks me when people dismiss it outright because it has
flaws.

The flaws are serious and should be better known, but nothing will ever excuse
you from maintaining proper OPSEC and employing defense in depth.

------
xnull
Some here may know me as a critic of overreaching and aggressive cyber
enforcement (and related surveillance).

First, I'm quite happy that this activity does not appear to be the result of
wide scale infrastructure sabotage.

And I am quite happy that the FBI is doing its job to combat crime that is
facilitated using (abusing) the technologies that are bastions for free
speech, privacy and whistleblowing.

Of course the flipside is that this means that there are capabilities in place
to disrupt anonymizing technologies - the technologies make investigation more
expensive but ultimately are merely an inconvenience to the powers that be. So
when it comes down to it, anonymizing services and Tor can't be trusted to
secure you if you have something to say where your life is in danger.

The FBI (/others) wants the court system to replace technology as the
gatekeeper to investigation. The court system, however, is brittle. It takes
time, it fails, and it responds to external pressure - there are repeated
studies that show that the length of time persons in US court systems are
convicted to serve is highly correlated with how long it has been since the
precising judge has eaten his last meal. There are also extralegal rights that
law enforcement are given by legislature and evolving interpretations of what
both these legal and extralegal rights entail.

But law enforcement also is justified from their perspective. They don't want
there to be criminals that get away with crimes simply because criminals load
up some software that obfuscate their identities, locations and accounts. If
you look at this published list there _are_ criminal organizations that you
and I as taxpayers do want taken down. (I recognize that the sale and
consumption of drugs is a greyer area of morality as drug use is sometimes
victimless).

I think that for the most part law enforcement is capable of taking down these
services and organizations other ways - ordering assault rifles and monitoring
the drops - and that this provides opportunities for the government to enforce
the law without sabotaging communications infrastructure. Taking down some
.onion addresses doesn't do too much besides annoy the services for a time
anyway unless the services operationally are not capable of standing up a new
address and communicating with customers anonymously.

All in all it's a blurry line but I feel safer with places that are anonymous
and secure than I do by trusting a court system and legal process that can
only see, process, and be accountable for so much.

~~~
sliverstorm
On the bright side it leaves us in the same position as man has always been-
rather charted territory.

I've been skeptical of Tor et-al from day one. I didn't have provable reasons
why, but the court has always served as the gatekeeper to investigation, and
the Tors of the world seemed like the sort of hubris we techies are so prone
to- _" Age-old social justice problems man has struggled with for thousands of
years can be trivially fixed with my technology!"_

It is my opinion that we (techies) overestimate ourselves. Tor is useful, but
it would have to be perfect (which no technology can be) to protect you from
the flawed judicial system. Which is why I think we are destined for
heartbreak, and the longer we forestall that realization the worse off we will
be, for we will ignore the judicial system and allow it to become ever more
broken.

As a sidenote I find it bitter satire; people who cannot accept the will of
others seeking tools to forcefully impose their _own_ morality on the world
instead

~~~
etherael
> As a sidenote I find it bitter satire; people who cannot accept the will of
> others seeking tools to forcefully impose their own morality on the world
> instead

By this do you mean those that can't accept the will of others comprise the
judicial system or those not prepared to submit to it and pursuing alternate
avenues? Your comment works either way, but if you're talking about those
attempting to place themselves outside the judicial system that's less them
imposing their own morality on the world and simply not allowing the world to
impose its morality on them.

~~~
sliverstorm
Mostly the former. Some think they are the latter, but a lot of outright
criminals will explain to you how they are actually justified using their own
carefully-crafted moral code that always _conveniently_ allows for their
behavior. That's what I mean by forcing their own morality on the world.

~~~
etherael
Interesting point. Nobody thinks they're the bad guy, but some people are only
considered the bad guy by the state, rather than almost everybody. That's the
latter group to which I referred.

------
kordless
As little as 50 years ago, selling these drugs wasn't illegal in the US. Look
how far we've come.

~~~
nowarninglabel
In response to negativity around the drug war, I'd say that for the first time
in a long time we should be very optimistic about the future of legalization
in the United States. Washington, Oregon, Alaska, Colorado, and D.C. now have
full legalization in legislation. Florida got nearly 58% on medical marijuana
vote that unfortunately needed 60%. 23 states have legalized medical
marijuana. (Up to date map:
[https://localtvwtvr.files.wordpress.com/2014/11/marijuana-
ma...](https://localtvwtvr.files.wordpress.com/2014/11/marijuana-ma..). ) More
importantly, criminalization is moving towards citations across the nation. We
are getting rid of draconian mandatory sentencing for drug crimes. This is all
very good news, and while it's slow, remember that the government moves slow,
but as long as it keeps moving in the right direction, we can look forward to
a time in which full legalization of all scheduled drugs may eventually become
a reality. So instead of being defeatist or spouting sarcasm, step up and
support the people making this happen. It's not just public opinion changing,
it's SSDP, MPP, NORML putting money, time, and effort into lobbying for these
changes. That's against stiff competition from lobbying being done by
prescription drug manufacturers
([http://www.thenation.com/article/180493/anti-pot-lobbys-
big-...](http://www.thenation.com/article/180493/anti-pot-lobbys-big-...)) Now
is a time of pendulum swing in the right direction, and we should be keeping
the momentum going behind it.

~~~
jeangenie
I think the term "legalization" needs to be qualified. The situation is moving
towards extremely limited government-controlled privatization. Citizens can
buy recreational pot in an approved store but it's still illegal to grow a
single plant in your own back yard.

I'm almost positive someone will be absolutely indignant at my temerity for
suggesting the above, but it's worth thinking about what real legalization
would look like.

~~~
jfoutz
It'll never be like growing tomatoes. It'll probably end up like alcohol. You
can't distill at home either. Well, you can, but it's illegal.

~~~
jonnybgood
It's actually legal to brew alcohol for personal use. No selling, however.

~~~
rogerhoward
The parent specifically referred to distilling (making spirits) at home, which
is in fact illegal in the US without a license. Laws vary in other countries,
though this seems pretty common (with the exception of NZ, apparently).

[http://www.ttb.gov/spirits/faq.shtml](http://www.ttb.gov/spirits/faq.shtml)

This is different from brewing beer, cider and winemaking, which are quite
differently regulated.

------
orik
Would a FOIA request need to be made to get the fill list?

------
MCRed
I wish the FBI would spend its time going after actual crimes- like the ones
where people's money are stolen-- rather than political crimes.

But that they aren't is proof positive to me that the government does not
operate for the benefit of the people, but for the benefit of itself.

