Hacker News new | past | comments | ask | show | jobs | submit login

This is why any server you want hidden should be behind something like whonix where no process running on the server should know the IP.



No, it should be configured to use a purpose-made device that tunnels all traffic over Tor as gateway.


Yes, because running the server in your garage or getting a colocation deal for a special purpose-made device is certainly more secure.


>where no process running on the server should know the IP.

that's not the issue though. Even if the server was behind NAT (and thus only knows its internal IP), it could still find out its real external ip by sending packets to some other machine on the internet and checking what the "from" address was from. preventing this leak can only be done by having a strict routing table and/or outbound firewall. having VMs/containers 7 layers deep wouldn't help if the packets could freely reach the internet unproxied.


if it was behind whonix, all outside traffic would be routed through tor. One of its selling points is that malware running on the VM as root cannot get the real IP (without additional exploits).


Whonix is great but the fact you need two servers and how the set up is more involved than just installing Tor and setting up a Hidden Service are the most common reasons why most takes the easy but less secure route.

Whonix is amazing. I recommend it to anyone who is serious about avoiding even sending a single packet over the clearnet.


Even doing it on a single server is more secure than whatever these guys had. You can only be found if there's an actual exploit in the VM or tor or something, webserver bugs don't pwn you alone.


Damn. If only those child pornographers knew this tip.


If I were going to do something so very illegal, I'd research the hell out of it. If I were going to run something like this, I'd pretty much want to be an expert on the architecture and software stack.

I'd be asking hundreds of questions, taking courses, and using as many layers as would be reasonable to hide even my efforts at learning. I'd probably be obsessed with security, more so than I am now. Much more so, in fact.


And then you'd likely be in a select group of people who could be investigated individually. OPSEC is hard in most circumstances, but it's very hard if you're trying to be an expert on one topic in a short period of time.


Yeah, I'd even have to make a point to hide my learning. Only a specific subset of people would be asking how best to allow uploads while ensuring the IP address was masked via Tor. Added with other questions, it'd put me into a pretty narrow group, so even gathering information would need to be masked.

Fortunately, I don't actually want to do anything illegal. That will make it easier. I do kind of want to learn how to set up a hidden service, but just to satisfy my curiosity.


The original silk road fell because of an opsec failure in a post on stackoverflow...


A few weeks ago, and prompted by an HN post, I considered writing about the possibilities if ML as applied to large aggregate datum and with criminal investigation as the motivation.

With all the public posts, writing style analytics, and use of a common moniker across services, it seems that it may be possible to do just that on a large scale. It seems that it could be made trivial to narrow down lists of suspects by crunching large data sets that contain stuff like SO questions, AC posts on Slashdot, or responses on HN.

After all, how many people are actively seeking to secure a message board as a hidden service and doing so at that time? I sort of envision it as having some commonality with the timing attacks already in use to deanonymize Tor users.

Subject A asked about securing IP addresses for uploads and Sevice A got this feature two weeks later. Subject C asked about this security aspect and Service A has that concern. Subject Q asked about using this forum software and requested this modification. Service A uses that software, etc...

So, maybe Subjects A, C, and Q are all the same people.

While it doesn't prove much, it does potentially aid in narrowing down the list of suspects. Coupled with other bits of information, it may narrow the list down significantly.

That and there are huge sets of data out there. Processing that intelligently, and rapidly, could really change the way investigations are done.


That's what XKEYSCORE does, pretty much. The NSA has spent a lot of time working on these sorts of techniques.


No it doesn't - or at least there is no claim I've seen that this is part of XKEYSCORE. It's not mentioned on the Wikipedia page either[1].

However this is an active areas of research in both classified and (presumably) non-classified areas. See for example this search: https://scholar.google.com.au/scholar?q=related:KbJLbpaKfCkJ...

[1] https://en.wikipedia.org/wiki/XKeyscore


Right, the NSA has a bunch of anti-Tor tools that usually are called QUANTUM-whatever. However, correlation of people across different networks is something that XKEYSCORE does. There's also the writing deanonymisation tools that you mention (but there's Anonymouth[1] which could help).

My original point was that OPSEC is hard if you're trying to be a topic expert in a short period of time. You don't need NSA tools to attack someone in that situation.

[1]: https://github.com/psal/anonymouth


In particular, this part:

> It seems that it could be made trivial to narrow down lists of suspects by crunching large data sets that contain stuff like SO questions, AC posts on Slashdot, or responses on HN.

Is what XKEYSCORE does (or at least, it's the interface you use to query the above data sets which are collected as part of PRISM and the other programs).


I've said it before, I'll say it again. Comments like that are why I like HN. I see there is some long reads associated with this subject.

Once again, HN has sent me off into a subject I'd not have found on my own. That's why I like HN as much as I do.


I feel like eventually some combination of factors would nail anyone against that level of effort and access. It would be interesting if there were a platform for people to compete on how long they can keep their servers up without being compromised.


I've forgotten the link, but there was a detailed story some years ago of a child pornography network where all the participants avoided identification in a long, joint investigation by the international crimes unit of the Five Eyes states.

I think it might have been a Defcon or Black Hat talk on ways of communicating anonymously. They certainly didn't use a web forum, it was more along the lines of posting encrypted messages to Usenet that were widely distributed and could only be decrypted by the recipient.

This was taken as evidence that perfect operational security is possible even against nation-state actors committing a large (but not indefinite) amount of resources.



Thanks, this is the one I was thinking of. Couldn't remember his obscure nickname. I remembered the capture rate in the child pornography group wrong, but the point stands :)


Having read that, I almost wish I were doing something illegal so that I could enjoy such a cat and mouse game.

Maybe there should be some sort of informal game, perhaps played with the major law enforcement agencies, with the goal being to avoid identification. It could be justified by asserting that it would aid in training investigation techniques.

It needn't hand over monetary prizes, just admission of success. Maybe it could trade pictures of cats?


But the whole point of being a criminal is to get a lot of money for not much effort. If you have to put that much work into it, you may as well get a job.


I'm assuming pedophilia isn't profit motivated. I don't really know that, but it seems a good assumption. I'm also not even sure where to begin researching that.


That's actually discussed in the VG article - that in pedophilia circles the "currency" is images and videos with much less money changing hands, which makes "follow the money" quite a bit harder.


I am not keen on learning the ropes, but I understand that it is driven by a barter culture and that there are financial exchanges made but that a lot is simply traded.

The illicit nature is probably one of the attractions. My understanding is that people become 'addicted' to it and strive to amass large collections. Few offenders have just a couple of images and videos but, instead, have vast collections. This is more so than is seen with legal pornographic material and possibly has something to do with the rarity and difficulty of access as well as inconsistency of access.

Disclosure: I used to date a lady who studied and worked with sex offenders. However, we seldom discussed her research and never her individual patients. So, I'm largely speculating with just a hint of regurgitating expert information.

So, with that said, it is largely still a fairly taboo subject of study. I guess there are many misconceptions and misunderstandings, even at the academic level. An example might be that sex offenders have a low rate of recidivism, even lower if narrowed to new sex offenses. On the other hand, they often have many victims prior to their first interaction with the justice system. Most victimization isn't done by strangers and involves grooming by a person close to the victim. That sort of stuff.

I don't have a solution, by the way. There has been some serious discussion of allowing current examples of confiscated CP to be used by those who are predisposed to such, but that goes over about as well as a lead balloon. It also doesn't solve the issue where they seem to want more and new material. Maybe CGI will be the answer? I'm just not sure that society will find that acceptable.

It isn't easy to have a conversation about it. She would very seldom disclose her work with the people she knew and had received death threats and had some instances of vandalism. Her work with offenders negatively impacted her social life.

So, we on HN might discuss it and try to remove our biases and be objective, but we are a rarity and previous threads might indicate that not everyone is willing to do so.

Sorry for the novella and meandering nature of my post. I'm not the greatest wordsmith.


The purpose of addressing the security fault in operational security is partial to retain trust trust in the tools used, and understanding the limitation of them. We don't want to read a news article that said "If only those journalist knew".




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: