Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Compromises Another Remailer

Posted by Unknown on from the very-serious-pranks dept.

betterunixthanunix writes "Another remailer has been compromised by the FBI, who made a forensic image of the hard disk of a remailer located in Austria. The remailer operator has reissued the remailer keys, but warns that messages previously sent through the remailer could be decrypted. The operator also warns that law enforcement agents had an opportunity to install a back door, and that a complete rebuild of the system will take some time."

14 of 164 comments (clear)

  1. wtf fbi by X0563511 · · Score: 4, Insightful

    Why the fuck are you intruding into and altering foreign systems? That's not your fucking jurisdiction or job!

    Leave that shit to the intelligence agencies, if someone must do it.

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    1. Re:wtf fbi by hendridm · · Score: 5, Informative

      If you read the thread, it was Austrian authorities that took the image at the request of U.S. authorities.

    2. Re:wtf fbi by Anonymous Coward · · Score: 4, Informative

      Austrian Law Enforcement took a disk image, meaning they had direct access to the server. The Austrian's did this at the behest of the FBI. So yes, law enforcement could have installed a backdoor while they had access.

    3. Re:wtf fbi by betterunixthanunix · · Score: 4, Informative

      Read the post; they did have access to the live system. The operator does not think it is likely that a backdoor was installed, but as a security precaution has indicated that the system will eventually be rebuilt (probably with new keys issued).

      --
      Palm trees and 8
    4. Re:wtf fbi by a90Tj2P7 · · Score: 5, Informative

      They didn't. No one did. The admin just told everyone "Depending on how paranoid you are, you may assume the machine is backdoored, since the authorities have had access".

    5. Re:wtf fbi by Mindscrew · · Score: 5, Informative

      The U.S. is not a democracy.

      The U.S. is a Democratic Republic. Your vote is simply there to elect a representative of "the people". That elected person then votes how they see fit.

      Its how easy these elected people can be payed off that's that problem.

      Even "your" candidate is most likely being paid by somebody with a lot of money and an agenda.

    6. Re:wtf fbi by Joce640k · · Score: 5, Insightful

      I think local authorities might have issued a court order requiring a set of messages to be decrypted.

      Not too many people have problems with following court orders for genuine criminal investigations. It's the mass-scanning, fishing expeditions they have a problem with.

      The old KGB/Stasi bosses must be having a real laugh at the way the USA is acting lately. Read all your mail, demand papers and feel you up before you can travel anywhere, more people in prison than any other country.

      Americans used to joke about all that sort of stuff but guess what...?

      --
      No sig today...
    7. Re:wtf fbi by mindbuilder · · Score: 4, Insightful

      US law now allows the military to imprison you for life without trial. See the NDAA. or http://www.youtube.com/watch?v=AKaTxjxnYfE This was signed into law by Obama. There is an exemption for American citizens from the requirement that the military take them to Guantanamo Bay, but the exemption is only to the requirement, the military still has the OPTION to imprison you forever without trial. The law says it is only for suspected terrorists, but the law only requires suspicion, not proof, and anyone can be suspected of being a terrorist. It has been claimed that there is a requirement for one hearing before a judge but I haven't seen that in the law. It boggles my mind that Congress and Obama think it is a good idea to make it legal for the military to secretly snatch you in the middle of the night and imprison you for life without trial on mere suspicion.

  2. Re:Another question by Jeng · · Score: 4, Informative

    The remailers are not the target, it's users are.

    --
    Don't know something? Look it up. Still don't know? Then ask.
  3. Re:remailer? by SJHillman · · Score: 5, Informative

    An anonymous remailer is a server that receives messages with embedded instructions on where to send them next, and that forwards them without revealing where they originally came from.

    http://en.wikipedia.org/wiki/Anonymous_remailer

  4. Re:Crime by v1 · · Score: 5, Insightful

    the problem here is that the US is *known* to be storing ALL email traffic that routes through the united states. Sounds like a daunting task, but there's a reason they have all these big high security data centers all over the place and have "high security rooms" at all the telcos and large ISPs. That traffic gets siphoned off to their data centers for storage for later in case they need it. There's a simple reason why those places have petabytes of storage.

    So there is never a question of "but they'd have to have been watching for that email last week/month/year and it's long since been sent and removed from caches". No. They have it. They have them all, just in case. Watch Enemy of the State. Watch how they pull up satellite footage from hours and days ago. Same principle here, if you can record everything, it works like a time machine. (for the past anyway)

    So yes, busting down a door and taking the remailer keys gives them 100% access to 100% of the traffic that has been sent by that remailer at ANY point in the past where it crossed through a US ISP.

    The truly disgusting part of this is they got the KEYS. Technically all they NEEDED was to hand over the encrypted message to the AU authorities, they break down the door and use the key to decode the message, and turn over the message, then wipe their copy of the key. That would be the "proper" way to do it, not to abuse the system, but instead they handed over the KEYS themselves, and now the US can decrypt truckloads of hard drives of emails that they have NO business having access to. That is the true crime here. It's like having a legal reason to subpoena a safe deposit box at a bank, and the bank hands them over a master key that opens every box in the vault and lets them look through anything they want. That's just WRONG.

    Every time someone sends a bomb threat they can pull this stunt, it's like christmas over at the NSA, "we got another key! lets see what goodies we can find!" Talk about an incentive for abuse... Normally I don't go "tinfoil hat" on things, but THIS is actually an instance where I could start to buy into someone suggesting the NSA/etc forging a bomb threat just to get access to another random footlocker of encrypted data they want a peek at.

    --
    I work for the Department of Redundancy Department.
  5. Re:Are some of u spammers? by Zero__Kelvin · · Score: 5, Insightful

    Because anonymous remailers are not designed and implemented for the use of Spammers any more than the Internet was. By your logic: Spammers use anonymous remailers so taking them down is good, and Spammers use the Internet, so taking it down is good. See the problem there?

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  6. Why was the key not in secure crypto processors? by realxmp · · Score: 4, Interesting

    If we're going to trust these remailers then we need to do things properly. Key goes into the crypto processor, never comes out. Means someone can't just seize your server and image it then use that image to decrypt all traffic that passed through. If they want to try and get it out, fine but they'll need a guy with an Electron microscope to do so and they'll likely trip the tamper measures and bye bye key. If you're particularly paranoid you can even destroy your copy of the key once you've loaded it, this might mean changing your key if you have to move servers but it means that the service you offer is truly tamper evident. Plus you also have the added bonus that a dedicated hardware security module is usually quicker than your processor at doing encryption/decryption.

  7. Re:Crime by Anonymous Coward · · Score: 5, Interesting

    Do they really store ALL email traffic, or just profile and store from selected accounts? The 3GB of mails from my GMail consisting of newsletters and college projects, and millions of other accounts like mine: arent they essentially useless and a waste of space for them?

    Suppose you had a yottabyte of disk storage. 3GB isn't just a drop in the bucket, it's not even a grain of sand at the beach.

    Car Analogy: Most of us break the odd traffic law every now and then. Very rarely, does anybody get caught. At the instant Officer Friendly pegs you on radar doing 35 in a 30 zone, he'd very much like to be able to check your driving history. If there were a giant database of everyone's GPS logs, he could tell whether you were just in a hurry that morning, the sort of driver who usually drives precisely 4 (or 9) miles an hour over the posted speed limit, or if you do 120 in a 60 zone whenever there aren't any cops around. If Officer Friendly had access to that data, he'd be better able to judge whether or not to pull you over.

    For speeding, it's not worth logging the movements of every car and correlating them with local speed limits at the time the log was written.

    For other things, it probably is.

    From NSA's point of view, right now your gmail account is noise. But everyone's political views change over time as a natural part of the process of growing up. Sometimes things go wrong, and perfectly normal people who hold perfectly normal views turn into monsters. There's a 99.99999% probability that you're not one of them. But for the sake of 3 lousy gigs out of a yottabyte, there's a 100% chance that someone's 3GB of noise will contain signal.

    Since they don't posess a time machine that can peer into the future, they don't, and can't, know whose 3GB-of-noise will eventually contain a signal 20 years from now. But 20 years from now, they will have a time machine that can peer back 20 years into the past.