By Neil Harris
LAST YEAR a New Worker article exposed TOR (The Onion Router) as a US
Government “honey trap”, designed to support America’s friends and entrap its
enemies. Our interest developed further after some excellent research by “Cryptome.org”.
On the face of
it TOR appears to be a subversive hacktivist site, offering anonymity to anarchists,
political dissidents, leakers, internet activists and the underground criminal
world. In fact, the systems used on the site were developed by a unit of The US
Office of Naval Intelligence as part of US “Public Diplomacy”. Currently TOR’s
three biggest sources of funding are: The US Department of Defence, The US
State Department and The Board of Broadcasting – another propaganda arm of the
US Government.
While providing some
assistance to US intelligence, TOR’s main role has been to encourage the
destabilisation of regimes around the world that America does not approve of. It
does this by providing an anonymous internet hideaway and communications hub to
opposition groups it approves of. However to work properly, the site needs
thousands of innocent, idealistic people who allow their computers to become
part of the network (The Onion) which allows data to be “routed” between at
least three home computers, to hide its origins.
Our concerns
followed recent FBI arrests of activists from Lulzsec/Anonymous as well as those
involved in “The Farmers Market”, a criminal site offering a market in illegal
drugs. While the FBI highlighted its use of informants in securing those
arrests, the evidence they used to put together the cases appeared to come from
access to TOR, which both organisations had used and trusted.
Last week, the
FBI was busy again, this time in Ireland where Eric Marques was picked up on a
US arrest warrant for distributing and promoting child abuse material online. We
certainly wouldn’t want anything to do with a rat like Marques, a major supplier
of images of child abuse. His “Freedom Hosting” site also provided a home to many
other anonymous sites on TOR and in addition to paedophilia these include the
notorious “Silk Road” which matches customers to drug dealers as well as other sites
offering illegal weapons for sale or the services of hit men.
In response to
concern amongst its more legitimate users, TOR posted a detailed statement that
appeared to be for the benefit its US Government sponsors: "The persons
who run Freedom Hosting are in no way affiliated or connected to the Tor
Project Inc, the organisation co-ordinating the development of the Tor software
and research."
It went on: "Anyone
can run hidden services, and many do…organisations run hidden services to
protect dissidents, activists, and protect the anonymity of users trying to
find help for suicide prevention, domestic violence, and abuse recovery.”
All of which may
be true, but this should be a warning to those who still trust TOR and imagine
that their secrets are safe there: “Whistle-blowers and journalists use hidden
services to exchange information in a secure and anonymous way and publish
critical information in a way that is not easily traced back to them. The New Yorker's Strongbox is one public
example."
Every indication
is that the “secrets” on TOR are not hidden from the US Government. Another
example is Wikileaks which has made extensive use of TOR. During the recent trial
of Bradley Manning, evidence produced by the US Military included emails
allegedly sent between Manning and “pressassociation” who, allegedly, was
Julian Assange. Once again TOR appears to have been the anonymiser Manning was
encouraged to use.
Perhaps more
interestingly, as a result of the operation against Marques, we now know that the
TOR Browser appears to have been compromised by the insertion of JavaScript
malware, and that this was analysing and sending off information identifying
visitors to the sites on “Freedom Hosting”.
Not surprisingly this started a panic amongst users, one quoted on the Guardian’s website wrote: "The
situation is serious," said gmerni. "They got the owner of FH and now
they're going after all of us. Half the Onion sites were hosted on FH! Disable JavaScript
in your Tor browser for the sake of your own safety."
But this doesn’t
stop with the FBI – the information trail was followed by “Ars Technica”, a
more technical site which was looking for the ultimate destination of this
“secret” data:
“Initial
investigations traced the address to defence contractor SAIC, which provides a
wide range of information technology and C4ISR (Command, Control,
Communications, Computers, Intelligence, Surveillance, and Reconnaissance)
support to the Department of Defence. The geolocation of the IP address
corresponds to an SAIC facility in Arlington, Virginia. Further analysis using
a DNS record tool from Robtex found that the address was actually part of
several blocks of IP addresses allocated by SAIC to the NSA.”
Naturally The
National Security Agency (NSA) would always be an interested client of any
organisation with access to confidential information about political
dissidents, journalists, terrorists or criminals around the world.
As our original
article pointed out, TOR’s website even carries what appears to be a warning to
users: “Law enforcement uses Tor for visiting or surveilling web sites without
leaving government IP addresses in their web logs, and for security during
sting operations.” This looks very much like a legal warning, putting users on
notice that they are liable to arrest and is designed to avoid the use of the
defence of entrapment in the US courts.
You have been
warned.
No comments:
Post a Comment