
A dark web tycoon pleads guilty, but how was he caught? - havella
https://www.technologyreview.com/s/615163/a-dark-web-tycoon-pleads-guilty-but-how-was-he-caught/
======
marta_morena
This sounds fishy. He probably pleaded guilty as part of a plea deal, so law
enforcement has a scapegoat and some meaningless "media success" in exchange
for him getting a drastically reduced sentencing. They always do that,
threaten people with insane penalties if they don't accept so shitty plea deal
and if you are not super certain that you can win, you will likely accept that
one, just because it seems "safer".

There are a LOT of cases like this, just most of them don't gain this
publicity. Actually, 95% of court cases never reach court because of this.
Innocent people plead guilty because they don't have the wealth and resources
to win in court. USA is a shithole when it comes to law enforcement. Medieval
and sad. Land of the free (as long as you are rich, that is).

~~~
ChrisCinelli
As a side note:

Promise (YC startup) was also saying that 70% of people in jails are waiting
for judgement or are in for a technical violation (ex: did not show up to a
hearing). And being in jails they end up losing their job, eventually they
lose their house etc.

This is a space with a lot of low hanging fruits. And minor fixes may end up
doing a lot of good.

~~~
heartbeats
It's not so simple.

Why do we have education?

Firstly, because there's needed some way to filter people. If you get 100
applicants, you can't make a detailed consideration. But if only 30 have
degrees, it's much easier. So there is a signalling effect.

But secondly, and more importantly, because you need somewhere to have these
kids. If there's ten million jobs and ten million two hundred thousand jobs,
you'll get problems. This is also why many countries had military service, to
further improve on the unemployment figures.

"We didn't raise [the school leaving age] to enable them to learn more! We
raised it to keep teenagers off the job market and hold down the unemployment
figures."

Prison is just a logical extension of this. If they weren't in prison, they
would be unemployed and causing all sorts of trouble.

~~~
dmos62
You might be responding to the wrong post.

~~~
heartbeats
No, I was responding to this: "minor fixes may end up doing a lot of good".

They won't, since the purpose is just to have somewhere to store people. The
actual crime isn't very interesting, the thing of importance is that they have
somewhere to store them.

~~~
elliekelly
We need to stop dehumanizing prisoners. Prisoners are people and they
shouldn't be "stored" anywhere. They're humans. They _live_ places.

~~~
heartbeats
Something has to be done. It's either the case that they are productive
members of society, in which case they are rarely imprisoned, or that they are
not, in which case they often are.

Children aren't productive members of society, therefore we store them in
schools until they've grown up. Same principle - I'm not dehumanizing kids,
for the record.

The reason there are more prisoners in America is because there's a larger
underclass who are forced out of employment for structural reasons. As long as
these issues persist (and indeed, they will get far worse), we have to keep
the unemployment rate down somehow. Prisons are just the end effect of this
requirement.

The important thing to remember is that the alleged crime doesn't actually
matter. This is also why corrupt Wall Street bankers rarely get harsh prison
sentences. Why would they, when they're going to be able to find a job without
much trouble anyway?

------
searcher1
If you're wondering why a web host, who could potentially be immune to
prosecution under CDA 230, was charged with the distribution of child
pornography, according to the warrant [1] an admin of one of the pedo sites
claimed that Freedom Hosting had "full control" over the websites (well, he
had root access to the servers, but so did OVH), was patching the websites,
that the pedo site hosting was free, and that he assumed that Marques covered
the hosting costs as a service to the "pedo community". Technically the
prosecutors might have had to prove that he knew what the sites were hosting,
but he did plead guilty. Hopefully the actual operators of the pedo sites are
found and prosecuted, and not just this sysadmin.

[1]
[https://www.courtlistener.com/recap/gov.uscourts.mdd.247657/...](https://www.courtlistener.com/recap/gov.uscourts.mdd.247657/gov.uscourts.mdd.247657.13.1.pdf)

~~~
freedrock87
"According to the warrant". Take that with a grain of salt.

~~~
rendall
"but he did plead guilty". Also take that with a grain of salt. Often plea
deals create quite an incentive to plead guilt even when innocent. "Go to
trial, risk 20 years in prison branded as a child porn purveyor. Or plead
guilty, cooperate as a witness, we'll charge you with a lesser crime that will
have you out of prison in 3 years"

------
ohmygodel
Running a hosting server for onion services, as was done in this case, is a
terrible idea. It greatly increases the risk of deanonymization. The question
is less how this hosting service was discovered and more how it ever stayed up
long enough to become so notorious. Here's why:

1\. Each hidden service chooses a "guard" relay to serve as the first hop for
all connections.

2\. A server running multiple hidden services has a guard for each of them.
Each new guard is another chance to choose a guard run by the adversary.

3\. An adversary running a fraction p of the guards (by bandwidth) has a
probability p of being chosen by a given hidden service. A hosting service
with k hidden services is exposed to k guards and thus has ~kp probability of
chosen an adversary's guard. With, say, 50 hidden services, an adversary with
only 2% of guards has nearly 100% chance of being chosen by one of those 50
hidden services.

4\. The adversary can tell when it is chosen as a guard by connecting to the
hidden service as a client and looking for a circuit with the same pattern of
communication as observed at the client. Bauer at el. [0] showed a long time
ago this worked even using only the circuit construction times.

5\. The adversary's guard can observe the hidden service's IP directly.

The risk of deanonymization with onion services in general (i.e. even not
using an onion hosting service) is significant against an adversary with some
resources and time. Getting 1% of guard bandwidth probably costs <$500/month
using IP transit providers (e.g. relay 8ac97a37 currently has 0.3% guard
probability with only ~750Mbps [1]). And every month or so a new guard is
chosen, yielding another chance to choose an adversarial guard. Not to mention
the risk of choosing a guard that isn't inherently malicious but is subject to
legal compulsion in a given jurisdiction (discovering the guard of a hidden
service has always been and remains quite feasible with little time or money,
as demonstrated by Øverlier and Syverson [2]).

[0] "Low-Resource Routing Attacks Against Tor" by Kevin Bauer, Damon McCoy,
Dirk Grunwald, Tadayoshi Kohno, and Douglas Sicker. In the Proceedings of the
Workshop on Privacy in the Electronic Society (WPES 2007), Washington, DC,
USA, October 2007.

[1]
<[https://metrics.torproject.org/rs.html#details/014E24C0CD21D...](https://metrics.torproject.org/rs.html#details/014E24C0CD21D2B9829E841D5EC1D3C415F866BF>)

[2] "Locating Hidden Servers" by Lasse Øverlier and Paul Syverson. In the
Proceedings of the 2006 IEEE Symposium on Security and Privacy, May 2006.

~~~
stock_toaster
Interesting. Looking for more info on what you were talking about (with regard
to "guards"), I dug up this post[1] which has some info too.

[1]: [https://blog.torproject.org/announcing-vanguards-add-
onion-s...](https://blog.torproject.org/announcing-vanguards-add-onion-
services)

~~~
ohmygodel
The page you link describes "vanguards" which apply the guard logic to
positions beyond the first hop. They are only available as a plug-in that you
must separately download and configure. My understanding is that no plans
currently exist to integrate vanguards into Tor due to cost of engineering
challenges that appear if everybody were to use them (including especially how
they would affect load balancing).

~~~
stock_toaster
Thanks for the follow up info and additional explanation!

------
agoristen
This report came out only a few months before he was caught:
[https://www.reddit.com/r/onions/comments/1guiav/we_have_anal...](https://www.reddit.com/r/onions/comments/1guiav/we_have_analyzed_tor_hidden_services_and_shown/)

He was likely de-anonymized through this technique or similar. The issue was
that he trusted the Tor network to keep him anonymous and paid for the servers
with his real identity.

~~~
justaj
Just to be clear: The v3 onion services fix that weakness, right?

~~~
emayljames
I am merely give my opinion, but a service created by the US
government/Military is going to have undocumented "issues". I would not trust
it one shred.

~~~
bufferoverflow
Tor is open source:

[https://www.torproject.org/download/tor/](https://www.torproject.org/download/tor/)

So, no undocumented issues.

~~~
jokoon
I believe tor was researched designed and developed by the government

~~~
kyuudou
NRL (Naval Research Lab)

------
jokoon
Isn't it rather trivial to find who is accessing a website if you can manage
to monitor tor nodes? Just do some heuristic, to see when traffic happens, and
over time, narrow down users.

If you're the FBI and have the authority to monitor the whole internet, isn't
it trivial to catch any tor user?

Tor is still secure, but of course if you are the government and have skilled
engineers, time and admin access to the internet infrastructure (by legit or
covert means, I'm pretty sure the US can monitor traffic outside his
jurisdiction), tor is not safe. But tor is still safe from countries other
than the US, unless the US government have a problem with what you're doing.

I would still be curious to see if tor does counter this problem by passively
sending traffic to avoid this. Anyway I stand that there are 2 kinds of
security: security against small bad actors, and security against competent,
resourceful, big actors. The latter is usually impossible to get because it
becomes extremely fastidious and complicated.

~~~
safety-third
This would be more NSA jurisdiction and they do. The problem is most people's
assumption is that if one part of the government has it, then everyone gets
it. This is wildly false. Even within the FBI itself, different departments
and cases get different tiers of access.

Even when the case agents get access, policy dictates what evidence is allowed
to be taken to a public trial. Otherwise you get repeats of the
FBI/4chan/8chan debacle. This is especially true for legal "grey areas" like
mass surveillance. This means that agents will often get evidence they won't
use in order to guide active surveillance using more legal means in order to
collect evidence they feel comfortable admitting in public court.

~~~
anxman
This is not accurate. The NSA launders evidence that would otherwise violate
the 4th amendment through its "special operations division" using "parallel
construction".

------
jascii
The central premise of the article is that there is no disclosure regarding
the vulnerability used, suggesting the existence of some unknown zero-day
exploit..

Various well documented analysis have linked this incident to
"EgotisticalGiraffe", a well known -- and since fixed vulnerability.

FUD or lazy journalism? I mean, at least read the subjects Wikipedia page
before publishing something..

~~~
searcher1
The article explicitly does mention "EgotisticalGiraffe" (the Firefox TBB
exploit). But the point is that the exploit was dropped on all websites that
Freedom Hosting was running, which raises the question that the article is
really about, "how did they know where the hidden services were?"

~~~
hooch
Could they not purchase some “Freedom hosting” and upload a website with
backdoor?

~~~
noident
This seems like the easiest way to do it, so I would speculate that this is
how it was done. All you have to do is put a website up and make the server
phone home, revealing the hidden IP address. Some more speculation: the
government is hiding this fact in order to deter criminal use of Tor.

Of course, I would still assume that other ways of discovering the location of
hidden services have been found. I'm not convinced that onions can be hidden
from an adversary with the resources of a US government agency, particularly
in light of some of the posts that appeared on Hacker Factor recently.

------
casefields
Mirror: [https://outline.com/L8ebnZ](https://outline.com/L8ebnZ)

------
ropiwqefjnpoa
I mean, it's not like he's just some TOR user they were after, he ran a huge
dark web hosting service. There's so much traffic and data to work with, it
was just a matter of time.

------
Causality1
It's strange to me that people who make a habit of doing fantastically illegal
things on the internet are always so sloppy about it. Even if they don't have
the technical ability to break into their neighbor's wifi or set up a long
range antenna to connect to an open access point they can still get a burner
smartphone and drive to a Starbucks. Back when I used to torrent my TV shows I
didn't even let my piracy laptop touch my home network and I never used that
machine for anything other than downloading.

~~~
zelly
> drive to a Starbucks

Didn't help Ross. It's a bad idea to do illegal stuff in public.

~~~
HideousKojima
Ross was dumb enough to get fake passports/ids shipped directly to his home
address

~~~
edm0nd
While Ross did do some bad things, I do not think it is enough to warrant a
double life sentence plus forty years without the possibility of parole.

El Chapo, an actual drug cartel member who is directly responsible for
thousands of deaths, only got a single life sentence.

Ross got screwed on his sentencing and it is totally unjustified.

Free Ross!

~~~
saber6
You're insane. His site facilitated numerous drug deals for profit. He also
paid bitcoin in what he thought was a hit-job (he was duped). This dumbass can
rot in prison. Screw him.

~~~
ieS7rpVU
There is nothing wrong with facilitating drug deals and there is not a shred
of evidence to support the other allegation. An allegation from the US
government means absolutely nothing to me.

It's also quite ironic that an organization that has assassinated numerous
people are attempting to destroy the reputation of one of their enemies by
claiming that he attempted to assassinate somebody.

~~~
saber6
> It's also quite ironic that an organization that has assassinated numerous
> people are attempting to destroy the reputation of one of their enemies by
> claiming that he attempted to assassinate somebody.

The United States Government (USG) enjoys a monopoly of violence (consent of
the governed). However, a citizen (or group of them -- org/corp) does not
enjoy such rights. Your comparison is invalidated.

~~~
ieS7rpVU
Ignoring the fact that many of the people assassinated by the US government
where not US citizens and never set foot on anything the US government claimed
as territory...

Who exactly is consenting to be governed? I know I'm not consenting but I also
know that some other people support the government that purports to govern
them. Is it enough for one person to consent or does something magic happen at
a particular number or portion?

~~~
saber6
> Is it enough for one person to consent or does something magic happen at a
> particular number or portion?

Nah. We have these things called elections (and representational democracy).
In general that mechanism decides how society will progress forward from a
political perspective.

~~~
ieS7rpVU
Imagine this hypothetical scenario:

The US government, acting in accordance with its constitution invades and
occupies Canada. Congress creates 13 new states corresponding to the previous
provinces and territories and elections are held. Almost all of the elected
members from the newly annexed areas are opposed to the annexation and
introduce a bill to allow the 13 new states to secede from the US but the bill
is overwhelmingly defeated by members of Congress from the other 50 states.

Does the US government in this scenario enjoy the consent of the governed?

If they do, imagine that the original US population was more split on the
issue so that the secession bill would have passed with Canada divided into 13
states. However the pre-annexation Congress anticipated this and resolved to
make Canada a single state that would consequently not have sufficient
representation to pass the bill even with the support of opponents from some
of the other 50 states.

Does the US government still enjoy the consent of the governed in the second
scenario?

------
pier25
OTOH if these techniques and vulnerabilities were made public it would benefit
cybercriminals as they could defend themselves better.

~~~
DINKDINK
>if these techniques and vulnerabilities were made public[...]

Should the government prove that it followed the law when investigating a
criminal? Did they obtain the proper warrants that people recognize preserve
stable law and order?

It's unreasonable to assume that the vulnerability, that brought this case to
justice, is the last one that could ever be used. More so, if you assume that
most people are good and a healthy society needs privacy, we now know that
there is a vulnerability that will affect more good people than bad and we are
duty bound to protect good people's privacy.

Checks on the government's power aren't there to let 'bad people' go free,
there there because we know if we let the government's power reign free, more
good people will be hurt than the few 'bad people' we punish.

~~~
onetimemanytime
>> _Should the government prove that it followed the law when investigating a
criminal? Did they obtain the proper warrants that people recognize preserve
stable law and order?_

That is the concern. A lot of people say "you either did it or not" but the
Fourth Amendment disagrees...any evidence must be obtained by following the
law.

~~~
A4ET8a8uTh0
In theory, maybe. As in, I agree with you on principle, but if you do even a
cursory read about recent abuses that include parallel construction, PATRIOT
act and BSA, you may find that it is no longer the case.

Hell, during my last attended CAMS conference, FBI guy outright said said that
if the new lawyer doesn't know how to play ball with those ( informatikn
gathered by SARs ), he gets pulled to the side and told whats what.

Chilling. And no one questioned it. Including me.

------
SadWebDeveloper
afaicr the bug used was the one reported as MFSA 2013-53 aka CVE-2013-1690[1]
but someone correct me if m wrong.

[1] [https://www.mozilla.org/en-
US/security/advisories/mfsa2013-5...](https://www.mozilla.org/en-
US/security/advisories/mfsa2013-53/)

~~~
AlexCoventry
No, that was used after they had seized the site, to unmask its users.

------
rahuldottech
Hacker Factor has a series of articles about various attacks on Tor:
[https://www.hackerfactor.com/blog/index.php?/archives/868-De...](https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-
Tor-Circuits.html)

The tor daemon really needs to be re-written and audited. Apparently the
codebase right now is a huge mess.

~~~
zelly
You can make a mistake in your code and end up causing someone to go to
prison. What a time to be alive.

~~~
AlexCoventry
In the 80s,it was already possible to make a mistake in your code which would
cause someone to die horribly.

[https://en.m.wikipedia.org/wiki/Therac-25](https://en.m.wikipedia.org/wiki/Therac-25)

------
Pigo
The military needs, or needed, Tor to be functioning and anonymous for their
own use, correct?

~~~
strictnein
Tor was created to help dissidents of other nations communicate. The military
does not run on Tor.

~~~
cronix
> Tor was created to help dissidents of other nations communicate [1]

Why would the US Navy develop something to help dissidents in other nations?

[1]
[https://en.wikipedia.org/wiki/Tor_(anonymity_network)#Histor...](https://en.wikipedia.org/wiki/Tor_\(anonymity_network\)#History)

> The core principle of Tor, "onion routing", was developed in the mid-1990s
> by United States Naval Research Laboratory employees, mathematician Paul
> Syverson, and computer scientists Michael G. Reed and David Goldschlag, with
> the purpose of protecting U.S. intelligence communications online. Onion
> routing was further developed by DARPA in 1997

~~~
dsl
> Why would the US Navy develop something to help dissidents in other nations?

From their website: "The [Naval Research Laboratory] works closely with the
National Security Agency (NSA), Space and Naval Warfare Systems Command
(SPAWAR), Defense Advanced Research Projects Agency (DARPA), and Defense
Information Systems Agency (DISA)."

~~~
cronix
Those are US gov't agencies, not "dissidents in other nations."

