Thursday, August 15, 2013

TOR: The Trap closes





By Neil Harris

LAST YEAR a New Worker article exposed TOR (The Onion Router) as a US Government “honey trap”, designed to support America’s friends and entrap its enemies. Our interest developed further after some excellent research by “Cryptome.org”.
On the face of it TOR appears to be a subversive hacktivist site, offering anonymity to anarchists, political dissidents, leakers, internet activists and the underground criminal world. In fact, the systems used on the site were developed by a unit of The US Office of Naval Intelligence as part of US “Public Diplomacy”. Currently TOR’s three biggest sources of funding are: The US Department of Defence, The US State Department and The Board of Broadcasting – another propaganda arm of the US Government.
While providing some assistance to US intelligence, TOR’s main role has been to encourage the destabilisation of regimes around the world that America does not approve of. It does this by providing an anonymous internet hideaway and communications hub to opposition groups it approves of. However to work properly, the site needs thousands of innocent, idealistic people who allow their computers to become part of the network (The Onion) which allows data to be “routed” between at least three home computers, to hide its origins.
Our concerns followed recent FBI arrests of activists from Lulzsec/Anonymous as well as those involved in “The Farmers Market”, a criminal site offering a market in illegal drugs. While the FBI highlighted its use of informants in securing those arrests, the evidence they used to put together the cases appeared to come from access to TOR, which both organisations had used and trusted.
Last week, the FBI was busy again, this time in Ireland where Eric Marques was picked up on a US arrest warrant for distributing and promoting child abuse material online. We certainly wouldn’t want anything to do with a rat like Marques, a major supplier of images of child abuse. His “Freedom Hosting” site also provided a home to many other anonymous sites on TOR and in addition to paedophilia these include the notorious “Silk Road” which matches customers to drug dealers as well as other sites offering illegal weapons for sale or the services of hit men.
In response to concern amongst its more legitimate users, TOR posted a detailed statement that appeared to be for the benefit its US Government sponsors: "The persons who run Freedom Hosting are in no way affiliated or connected to the Tor Project Inc, the organisation co-ordinating the development of the Tor software and research."
It went on: "Anyone can run hidden services, and many do…organisations run hidden services to protect dissidents, activists, and protect the anonymity of users trying to find help for suicide prevention, domestic violence, and abuse recovery.”
All of which may be true, but this should be a warning to those who still trust TOR and imagine that their secrets are safe there: “Whistle-blowers and journalists use hidden services to exchange information in a secure and anonymous way and publish critical information in a way that is not easily traced back to them. The New Yorker's Strongbox is one public example."
Every indication is that the “secrets” on TOR are not hidden from the US Government. Another example is Wikileaks which has made extensive use of TOR. During the recent trial of Bradley Manning, evidence produced by the US Military included emails allegedly sent between Manning and “pressassociation” who, allegedly, was Julian Assange. Once again TOR appears to have been the anonymiser Manning was encouraged to use.
Perhaps more interestingly, as a result of the operation against Marques, we now know that the TOR Browser appears to have been compromised by the insertion of JavaScript malware, and that this was analysing and sending off information identifying visitors to the sites on “Freedom Hosting”.  Not surprisingly this started a panic amongst users, one quoted on the Guardian’s website wrote: "The situation is serious," said gmerni. "They got the owner of FH and now they're going after all of us. Half the Onion sites were hosted on FH! Disable JavaScript in your Tor browser for the sake of your own safety."
But this doesn’t stop with the FBI – the information trail was followed by “Ars Technica”, a more technical site which was looking for the ultimate destination of this “secret” data:
“Initial investigations traced the address to defence contractor SAIC, which provides a wide range of information technology and C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance) support to the Department of Defence. The geolocation of the IP address corresponds to an SAIC facility in Arlington, Virginia. Further analysis using a DNS record tool from Robtex found that the address was actually part of several blocks of IP addresses allocated by SAIC to the NSA.”
Naturally The National Security Agency (NSA) would always be an interested client of any organisation with access to confidential information about political dissidents, journalists, terrorists or criminals around the world.
As our original article pointed out, TOR’s website even carries what appears to be a warning to users: “Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.” This looks very much like a legal warning, putting users on notice that they are liable to arrest and is designed to avoid the use of the defence of entrapment in the US courts.
You have been warned.

No comments: