Slashdot Mirror

← Back to Stories (view on slashdot.org)

DOJ Official Tells 100 Federal Judges To Use Tor (vice.com)

Posted by EditorDavid on from the onion-router dept.

The director for the Cybercrime Lab at the Department of Justice urged a roomful of 100 federal judges to use Tor to protect their computers, remembers judge Robert J. Bryan. An anonymous reader quotes a report from Vice: While the US is the biggest funder of the non-profit that maintains the software, law enforcement bodies such as the FBI are exploiting Tor browser vulnerabilities on a huge scale to identify criminal suspects. To add to that messy, nuanced mix, one Department of Justice official recently personally recommended Tor to a room of over a hundred federal judges...

"I almost felt like saying, 'That's not a good way to protect your stuff, because the FBI can go through it like eggshells,'" Bryan continues. Of course, this isn't really true: although the FBI has had some notable successes at identifying criminal suspects on the dark web with technological means, it is not the norm. It's worth remembering Carroll is not the only Justice Department or US law enforcement official to endorse Tor...one FBI agent was also an advocate of Tor.

27 of 61 comments (clear)

  1. FBI approved eggshells by turkeydance · · Score: 1

    for your honor's consideration

    1. Re:FBI approved eggshells by PRMan · · Score: 4, Insightful

      Tor kept the Silk Road online for 2 years where without it they would have shut him down immediately. And they found him with old fashioned police work, not Tor hacking.

      They have become better at finding IP leaks to exploit, but to say that they can go through Tor like eggshells is overstating it quite a bit.

      --
      Peter predicted that you would "deliberately forget" creation 2000 years ago...
    2. Re:FBI approved eggshells by lgw · · Score: 3, Informative

      TOR seems really good at preventing mass harvesting of data by the government. Everything we've seen requires them to make a special effort to hack someone they're interested in, so maybe it's not so useful for high-profile criminal activity. But for doing things today which may be made illegal one day in the future, and your browsing history used against you, it seems to work fine.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    3. Re:FBI approved eggshells by AmiMoJo · · Score: 1

      If you use it perfectly it will keep you safe. Use the Tails live CD, ideally through public wifi some distance from where you live. Never, ever enable Javascript. Never make your browser window maximised or full screen. And of course, never reveal any identifying information yourself.

      Makes running a criminal empire difficult, but that's not the design goal. It's great for people looking for uncensored web access, journalists trying to get stories out, whistleblowers leaking information etc. It kept Snowden safe, and you have to assume they were looking for spies in their own ranks and leaking information.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    4. Re:FBI approved eggshells by GLMDesigns · · Score: 1

      No you dope your government created TOR!

      Therefore what?

      That the concept of TOR is flawed? Or that sufficient nodes are covertly run by agencies that it makes the whole process null and void?

      It's possible but ... I don't think so.

      --
      If you're scared of your govt then you need to further restrict its powers
      Vote 3rd Party in 2016 and beyond
    5. Re: FBI approved eggshells by GLMDesigns · · Score: 1

      Where is the evidence that he was killed. I'm as interested as anyone else but ... the more damning the claim the more evidence you need to be able to promote it.

      What is the evidence he was killed?

      What motive was there for his death?

      And why use the police (in uniform) to do it as opposed to another random killing by who-knows-who?

      --
      If you're scared of your govt then you need to further restrict its powers
      Vote 3rd Party in 2016 and beyond
    6. Re:FBI approved eggshells by Falos · · Score: 1

      This. There's a (frequently understated) distinction between mass automated logging and targeted, active monitoring. Very diligent use of TOR and associated tools/behavior can resist or even outright beat the latter, but most of us are just trying to beat the former, not the latter's scrutiny.

      It's pretty easy (tinfoil check: probably) to get "on a list" but I'm confident (mostly) that getting put under a microscope is very rare and only happens to people involved with large amounts of money, influence (incl politics/dissent), or as parent says, high profile criminal activity, especially re: FBI.

      Again, most of us aren't trying to beat microscopes, just dragnets. There's plenty others aside the FBI's, so we just spew solutions shotgun style and hope some stick. TOR is a good one.

    7. Re:FBI approved eggshells by lgw · · Score: 1

      No you dope your government created TOR!

      And why do you imagine they did so? Can you not think of a government purpose that could be served by allowing someone to "VPN" into a US government server without another government being able to tell that that connection had been made?

      --
      Socialism: a lie told by totalitarians and believed by fools.
    8. Re:FBI approved eggshells by Keybounce · · Score: 1

      *DO* make your browser window full sized.

      The size of the window can be determined by the web site, and used to track people. If your window size is the same as most users, you're just a blip. But if your window size is unique, you stand out as an individual.

    9. Re:FBI approved eggshells by AmiMoJo · · Score: 1

      Maximizing the window reveals monitor resolution and toolbar sizes (by inference from the available rendering area). The Tor browser by default picks a window size that is common, and if you check with fingerprinting tools it's actually less unique than when maximized.

      I tried it a while back. With the default size I got about 1 in 4000 with panopticlick. Maximized that fell to 1 in about 2,000,000, much worse.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    10. Re:FBI approved eggshells by Keybounce · · Score: 1

      Wow.

      Thank you for that. I had assumed that maximum size would be limited only by screen resolution (1024 wide), and common to anyone else with the same monitor size.

  2. Three card monte by BlackSabbath · · Score: 1

    "Our helpful DoJ tech will install Tor on your laptop your honour."

  3. OPSEC by tacarat · · Score: 2

    The military should be using it too. I imagine a judge's personal computer habits are wonderful places to score data regarding blackmail material, pending judgements for buying and shorting stocks, etc.

    --
    "Common sense will be the death of us all"
    1. Re:OPSEC by Frosty+Piss · · Score: 1

      I imagine a judge's personal computer habits are wonderful places to score data regarding blackmail material, pending judgements for buying and shorting stocks, etc.

      Many in the Judicial refuse to use the Intertubes at all.

      --
      If you want news from today, you have to come back tomorrow.
    2. Re:OPSEC by h33t+l4x0r · · Score: 1

      The military should *not* be using Tor. Look, unless you're doing some shady dark web stuff, your Tor traffic eventually has to pass through a random exit node which you do not control. It can be controlled by some Russian hacker. Why would you think the military should be ok with that?

    3. Re:OPSEC by No+Longer+an+AC · · Score: 1

      How many of us really have anything blackmail-worthy that would be revealed by our internet usage?

      The worst they could get on me would be some kinky, but legal, porn searches. I wouldn't want everyone in the world to know about that, but if I were a judge I wouldn't let someone blackmail me over it either.

      If the information came out and I had to even address it, I'd simply say "Yeah, I have viewed porn on the internet. So what?"

      Maybe it would be more typical for someone to casually "pirate" movies or TV shows or music. I really doubt the public is going to be very shocked by that either.

      So unless their internet activity involves something like taking bribes or some other abuse of power - or looking at child-porn which most people don't have any desire to do, they really aren't in much of a position to be blackmailed.

      There are surely corrupt judges in the system and ones who maybe just cheat on their spouses, but I'd actually like to think that most of them aren't corrupt. Perhaps I'm naive in thinking that, but for many people as long as we protect our identity and bank acount and credit card information, there really isn't much to fear, is there?

      And if I were a corrupt judge or cheating on my spouse, I would be very careful not to use anything but a burner phone to set up a meeting in person. No text messages and definitely no e-mail would be used.

      And I'm not cheating on my wife, I swear.

    4. Re: OPSEC by tacarat · · Score: 1

      You think their internet connections aren't monitored by foreign interests already? Not just the installations, but the home connections? Maybe it's less of a concern for state side bases, but the ones overseas are a different issue. Besides, you're assuming they couldn't use a private version with known and trusted exits.

      --
      "Common sense will be the death of us all"
    5. Re: OPSEC by tacarat · · Score: 1

      Nothing to hide is different than something to share. Enjoy your burner phone.

      --
      "Common sense will be the death of us all"
  4. too late by Anonymous Coward · · Score: 1, Funny

    im 14 years ahead of this warning LOL
    and the idiots at torrent freak swore it was safe.....i knew better and ill never tell how i found out..oh and i even once sold a mug inside the usa that had root code of the fbi webserver a year after they illegally attacked my server cause i did not want a war game and give me compensation for businesses i was looking after.

    OH and all they cold do was the same knda DDoS that lolsec was famous for a tip that told me and my brothers and sisters to lay off and away from the anonymous movement...

    regards,
    one of the top hackers of this frakn planet,,,,oh and still have the image we made of that mug too...900+ got sold and shipped before it was ( not taken down) turned so 0 sec code could not be used....

    reason i post this btw..i note all the govt shiill posts of late are real thick ....

    p.s. paybacks are a bitch aren't they ....and yup the 15 year old hard drive stll works and can prove all i say....have a lovely day..

  5. Re:One branch of DOJ ... by Razed+By+TV · · Score: 1

    Christ, no. The judge remarked that Tor was not good for protecting data because he thinks the FBI can easily break it and identify users on it.

    The director for the Cybercrime Lab at the Department of Justice urged a roomful of 100 federal judges to use Tor to protect their computers

    The director suggested they all use it.
    Judge Bryan disagreed with the usefulness of it because the FBI could possibly compromise it.

  6. Why would judges need to use TOR? by BitterOak · · Score: 2

    I could understand recommending some sort of full disk encryption product to protect confidential information on their computers, but Tor was designed for something different: anonymous browsing. Why would judges need that as part of their professional duties?

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    1. Re:Why would judges need to use TOR? by BitterOak · · Score: 1

      They need TOR for when they are watching kiddie porn, in between cases.

      Yeah, that's why we all use TOR, but that isn't part of their professional duties. Since a DOJ official is recommending TOR to a room full of judges, I assume it is somehow tied to their work and I'm just curious why judges would need that.

      --
      If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    2. Re:Why would judges need to use TOR? by bluefoxlucid · · Score: 1

      It's probably the usual information decay. "TOR is for privacy and anonymity" becomes "TOR protects your privacy" becomes "TOR protects your data" becomes "TOR keeps hackers from looking at your secret data and using it to blackmail you and take over your computer" becomes "TOR is secure! You must have secure! Computers are so fucking dangerous hackers everywhere OMG we must all secure! We must all TOR!"

      It's like the Barack Obama thing where someone went asking random folks if Barack Obama was still a threat to America. People kept answering yes, "Because he's still out there, and he's a threat, and we haven't stopped him yet." Most people facepalm at idiots not differentiating Barack Obama from Osama bin Laden; and if you think about it long enough (Fridge Logic), you suddenly realize everyone was afraid of Osama bin Laden "because he's still out there." No reason, just I heard he was a bad dude.

      That's where we are with computer security. We need security, because hackers are out there, and security is important. What is security? What are hackers? I don't know, but I heard about it on the news, a man in New Hampshire had a security, and he got arrested, or someone got arrested because of what they did to his security, I don't remember. There's also identity theft, which can ruin your life somehow, I think people steal your Social Security?

      Tor is more security sauce like airport backscatter scanners are more Osama sauce.

      --
      Support my political activism on Patreon.
  7. TOR is more secure than most IT departments by JosephDoeden · · Score: 1

    Most business are hacked by hackers, not the government. They want to mitigate the risk they have, not a risk you made up to suite your own parnaioa. Until business see damages from Intelligence Agencies, it's not a point compared to hackers. Elon Musk is not protecting his networks primarily from the FBI. He is protecting it from prolific armies of Chinese hackers. China is not like the US, it's prioritizing science, technology and efficiency. To some degree their population forces those kinds of smarter solutions. The point is they have and will continue to have more coders. Asian has a lot of coders that we effectively need be American's are too lazy to get educations. Our high education rate is horrible.

  8. Those 100 judges under investigation? by fustakrakich · · Score: 1

    What could be more convenient than to have them funnel all their work to the FBI through Tor?

    --
    “He’s not deformed, he’s just drunk!”
  9. Use Tor to protect your computers by khz6955 · · Score: 1

    "The director for the Cybercrime Lab at the Department of Justice urged a roomful of 100 federal judges to use Tor to protect their computers"

    TOR will disguise the IP address of your computer. But there are a number of ways from compromised nodes to malicious dark sites that can be used to reveal your location, especially if you use the latest iteration of Microsoft Windows.

  10. Parallel Construction by Anonymous Coward · · Score: 2, Interesting

    DEA has already admitted it routinely receives spook information, it routinely covers up the source of that information with a parallel fake set of evidence.

    DEA was the lead agency against Silk Road. You claim 'IP' leaks, others have made vague 'informant' claims, but in reality none of that has been claimed or shown to a court. What was shown to the court was remarkably light on challengable information. Which is a strong indicator that it was a false Parallel Construction case:

    https://www.wired.com/2014/09/fbi-silk-road-hacking-question/

    "As bureau agent Christopher Tarbell describes it, he and another agent discovered the Silk Road’s IP address in June of 2013. According to Tarbell’s somewhat cryptic account, the two agents entered “miscellaneous” data into its login page and found that its CAPTCHA—the garbled collection of letters and numbers used to filter out spam bots—was loading from an address not connected to any Tor “node,” the computers that bounce data through the anonymity software’s network to hide its source. Instead, they say that a software misconfiguration meant the CAPTCHA data was coming directly from a data center in Iceland, the true location of the server hosting the Silk Road."

    "But that account of the discovery alone doesn’t add up, says Runa Sandvik, a privacy researcher who has closely followed the Silk Road and worked for the Tor project at the time of the FBI’s discovery. She says the Silk Road’s CAPTCHA was hosted on the same server as the rest of the Silk Road. And that would mean all of it was accessible only through Tor’s network of obfuscating bounced connections. "

    i.e. the story told to the court was a lie.