Uncovering Tor users: where anonymity ends in the Darknet

[kenjoe41]

Unlike conventional World Wide Web technologies, the Tor Darknet onion routing technologies give users a real chance to remain anonymous. Many users have jumped at this chance – some did so to protect themselves or out of curiosity, while others developed a false sense of impunity, and saw an opportunity to do clandestine business anonymously: selling banned goods, distributing illegal content, etc. However, further developments, such as the detention of the maker of the Silk Road site, have conclusively demonstrated that these businesses were less anonymous than most assumed.

Intelligence services have not disclosed any technical details of how they detained cybercriminals who created Tor sites to distribute illegal goods; in particular, they are not giving any clues how they identify cybercriminals who act anonymously. This may mean that the implementation of the Tor Darknet contains some vulnerabilities and/or configuration defects that make it possible to unmask any Tor user. In this research, we will present practical examples to demonstrate how Tor users may lose their anonymity and will draw conclusions from those examples.
How are Tor users pinned down?

The history of the Tor Darknet has seen many attempts – theoretical and practical – to identify anonymous users. All of them can be conditionally divided into two groups: attacks on the client’s side (the browser), and attacks on the connection.

Source: https://securelist.com/analysis/publications/70673/uncovering-tor-users-where-anonymity-ends-in-the-darknet/

[jimg]

It wasnt due to any vulnerabilities Ross Ulbricht  aka  Dread pirate Roberts was caught and silk road closed it was due to the DEA starting a task force to begin closing dark markets starting with the biggest one, it took Carl Force aka Nob the DEA agent two years to get close enough to Ulbricht to start doing damage but he got too greedy and lured in by thinking Btc was totally anonymous and instead of taking Ulbricht down how he was meant to he offered him a load of fake d.l's he had taken from a police store and offered him info on how they were investigating him, he got greedy and crossed the line setting up two extra accounts the DEA knew nothing about and said he would give the info to Ulbricht for 925 btc then worth $100,000 which was paid and paid again a second time when he gave him more info he was also told to investigate a btc account being used to launder money which had $337,000 btc in but he doctored the papers to say there was only $37,000 and took the $300,000 and put it into an account he'd opened, he began by pretending he was running a Mexican cartel and wanted to buy silk road thats how he first got close to D.P.R but the lure of the btc was too much ha ha he done a few other things to steal btc it came to $500.000 in total by the time it all came out and he got seven years he had repayed $150,000 but the real killer for me is how a DEA agent becomes corrupt and steals $500.000 (what they know about,it may be more) and compromises an investigation and gets seven years and Ulbricht was sentenced to LIFE !  Hows that for one law for them and another law for everyone else, to give the fella a life sentance is over the top in its highest form i think its disgusting using him as an example and hitting him with life is way overboard, ive got the transcript of most of the investigation by the DEA (obviously there'll be parts removed) but there was over $21 million btc in the silk road main account and whats crazy to me is a lot of the top vendors on silk road lost amounts ranging from $50,000 to a quarter mill of btc cos they left their btc in their silk road accounts instead of removing it to one of their own so when the DEA swooped all the vendors lost their btc also.

[proxx]

Source: https://securelist.com/analysis/publications/70673/uncovering-tor-users-where-anonymity-ends-in-the-darknet/

Pretty sure this is another client exploit , like the one we have seen that originated from the feds.
Funny because TOR so far has not shown any major identification leaks, pretty much all of them faggots got fucked client side by a browser for example, TOR itself gotten quite a bad name for it.
Not saying it is ever so secure but not as bad as many toss around (just repeating after others.)

[jimg]

Now theres a statement been put out by the admin of agora (wether it is from them or not i've no idea) saying they've been hearing things about a so called new vulnerability to deanonymise tor users (which supposedly needs big resources to do) which i dont know if thats a veiled comment suggesting DEA etc but anyway they've been seeing signs of so called attempts against them so they're letting everyone know they're closing for a while to move to new servers so anyone with any cash in their account should remove it as they dont know how long they'll be gone for, but you don't know if the statement is actually from them and if it is are they going for good but don't want to say so ? And why not give more info to everyone about this supposed new found vulnerability, cos if it is a real threat why not let the admin of other sites know about it and at least give them a fighting chance instead of a sudden deluge of closed markets, arrests and crappy signs put up by the feds telling everyone how the site is now closed and they're all walking round with smug grins  (and hidden btc accounts full of skimmed btc ha ha)

[douglas.quaid]

Again, tor doesn't protect endpts, so if someone put up personal info, that's too bad. On the other hand, someone did raise a very good questions that most relays are quite powerful for 'volunteers' to run. If an org can control A,B and C relays then how does it maintains anoymous?