FBI's Exploit Against Tor
The Department of Justice is dropping all charges in a child-porn case rather than release the details of a hack against Tor.
Comments
M. Welinder • March 13, 2017 7:20 AM
They want to dismiss without prejudice, i.e., with the ability to charge him again later. That sounds like they would like to use whatever kind of hacking tool is in play some more. Or maybe try a bit of judge shopping elsewhere.
I imagine Mr. Michaud is looking into countries without extradition treaties.
Winter • March 13, 2017 7:22 AM
Until now, the “exploits” against Tor were all against the endpoints. Either infecting the onion servers in the same way you infect all other servers, or, by infecting the computers of the suspects by way of their browsers when accessing infected servers.
Is there any indication this is different?
Matthew Cotton • March 13, 2017 7:33 AM
AlexT, I would guess they are not only still exploiting it, but that they are using it to de-anonymize more important targets than people viewing child porn — after all, what would they stand to gain in dropping all child porn cases that ask for the exploit code if their objective was only to catch child porn viewers?
Their exploit will be discovered eventually, they could just wait to collect the biggest list of targets they can before the exploit is inevitably disclosed, maximising it’s effectiveness before tor patches it.
Snarki, child of Loki • March 13, 2017 7:52 AM
Hey, it takes time to gin up “evidence” using parallel construction! I’m sure the Feds will be back soon with some sorta plausible story that works with a suitably pliant judge.
Clive Robinson • March 13, 2017 8:05 AM
@ M. Welinder,
They want to dismiss without prejudice, i.e., with the ability to charge him again later.
This suggests that they will just look at what they have, and piece together another court action that does not involve the Tor bug.
Probably they will not use a parallel construction but a patchwork from the edges of the evidence they have.
It will be interesting to see what the defense do with regards the existing evidence not just that derived from their Tor bug.
Clive Robinson • March 13, 2017 8:26 AM
@ r, Winter,
They might not have used the same exploit for everyone. 😉
They might have used somebody elses exploit or data…
From time to time you get whispers about “we’ve collected it so lets use it” about the NSA “time machine”, by equating some crimes as equivalent to terrorism. If that works then a few more crimes untill selfies will be collected for simple loitering charges or sent to the fashion police etc.
The thing is they will probably use the same “voluntary” wording trick they are using for the “Emplouers get to see your DNA” amendment to the health care legislation.
Major • March 13, 2017 8:42 AM
A lot of forensic tools are not as accurate as the government likes to claim. How do you like this for a source: Adam Ruins Forensic Science?
http://www.trutv.com/shows/adam-ruins-everything/blog/adams-sources/adam-ruins-forensic-science.html
Adam Ruins Everything is actually a really interesting show.
I suspect that the details of the Tor hack show that the method has a high false positive rate and LE would rather drop it in one case than have it ruled inadmissible everywhere.
tomb • March 13, 2017 9:03 AM
@Major, Adam Ruins Everything struck me as moronic in the forensic science episode. They fail to account for the fact that each piece of forensic evidence points in a single direction. No single piece of evidence is enough to secure a conviction but multiple pieces of evidence that all point in one general direction can provide indications of guilt beyond a reasonable doubt. I don’t get why forensic science skeptics miss this.
Winter • March 13, 2017 9:15 AM
“AlexT, I would guess they are not only still exploiting it, but that they are using it to de-anonymize more important targets than people viewing child porn ”
People distributing and downloading child porn tend to be apprehended because they visit an onion server that has been hacked and infected by the police. An infected server can be used to upload drive-by attacks that can divulge the identity of the visitors. There are many such attacks available, besides plain user stupidity.
https://nakedsecurity.sophos.com/2015/09/04/3-ways-to-get-busted-on-the-dark-web/
This is worrying, but quite different from the police having new tools and being able to easily de-anonymize random Tor traffic (i.e., faster than by traffic analysis).
Tatütata • March 13, 2017 9:19 AM
Let’s recapitulate…
FBI has a hacking department
CIA has a hacking department
NSA has a hacking department
and military agencies probably have their own hacking department too.
Any possibility of duplicated work? Or are they’re all working and colluding together?
Neither possibility sounds good.
Major • March 13, 2017 9:49 AM
@tomb
What you say is certainly what one would hope for. I’m sure plenty of cases hinge on one piece of evidence though.
And then of course there is intentional malfeasance and gross error on the part of forensics investigators:
https://www.google.com/search?q=forensic+scientist+arrested&ie=utf-8&oe=utf-8
I am not saying that forensics are bad. I would certainly like to see actual murderers arrested. But unwillingness to address limitations or just waving them away as you seem to does not lead to justice. It is important that innocent people are not imprisoned, a lot more important than convicting every guilty person, because the former just creates more victims and the latter does little to restore victims.
The courts aren’t a game. People’s lives are at stake. The process should be dedicated to accuracy, not a conviction rate.
Clive Robinson • March 13, 2017 10:19 AM
@ Major,
A lot of forensic tools are not as accurate as the government likes to claim.
up it’s a point I make from time to time[1]
You might also want to look at the nonsense that is matching “gun shot resedue” and “bullet metals composition”. The argument that rounds from the same batch can be matched by them has now been shown unsuprisingly to be compleatly bogus.
[1] Search for my name and “effect to cause” with the likes of unscientific etc.
Anura • March 13, 2017 10:28 AM
@tomb
At least in the US, the word “DNA” tells jurors that the defendant is guilty by default. Not sure about countries where they don’t normally have jury trials. Allowing database searches for suspects, and partial matches has caused people to get convicted when there was no other link to the crime scene, besides the lack of an alibi and evidence they made false statements to the police.
Clive Robinson • March 13, 2017 10:33 AM
@ tomb,
I don’t get why forensic science skeptics miss this.
They don’t and as scientists they know that,
They fail to account for the fact that each piece of forensic evidence points in a single direction.
Is very much not true.
The problem is you cannot go from “effect to cause” it’s not just bad science it’s actually not possible as you can not reverse entropy.
People realy need to understand the implications of entropy and times arrow.
Even the fundemental “contact” rule of forensics follows times arrow and entropy, sadly most other forensic rules are at best “limited domain assumptions” they are not axiomatic in any way.
Doug • March 13, 2017 10:35 AM
They do the same thing any time the particulars of the Stingray device come up in court proceedings: they drop the case rather than reveal the exploit/technology being used.
Special Agent Thomas Thurman • March 13, 2017 10:38 AM
We know the US justice system fakes evidence on an industrial scale.
FBI’s core competence is faking evidence for high-profile political persecutions. The limitless potential of secret software for evidence fabrication is going to make every FBI weasel a cybernetic Kamalkant Shah. Any judge who accepts secret software ‘evidence’ at trial is an ass-kissing chickenshit or a blackmailed pedophile himself.
tomb • March 13, 2017 10:48 AM
Forensic science skeptics are rarely scientists. Forensic scientists know the weaknesses of their tools and limits of their art. What’s important is to recognize that without forensic science tools, justice is less likely to be served. The Federal Rules of Evidence and Frye Standard exclude pseudo science from being admissible in courtrooms. The probability of error must be clearly specified to the jury during trials. Where the science tends to fail is when first responders contaminate evidence, investigators botch collection or analysis protocols, or judges and juries fail to do their duties as prescribed by law.
It’s somewhat naive to suggest that entropy is sufficient to erase all useful traces when body fluids and hairs and fibers cling very tenaciously to certain surfaces.
Mark • March 13, 2017 11:10 AM
Have they really got an exploit or have they just deployed hundreds of their own exit points that they own manage and monitor?
oliver • March 13, 2017 11:27 AM
Science…. you keep using that word, but that’s not what it means!!!
There is nothing scientific in “forensics” (remember the scare quotes).
It is bullshit piled upon bullshit.
Peter S. Shenkin • March 13, 2017 11:43 AM
@Clive Robonson
I think you need to understand entropy yourself. Entropy has a very specific physical definition that has nothing whatsoever to do with any issue in this case, except possibly whether chemical reactions in the forensic lab proceeded as presumed.
Use of the term in a context like this is metaphorical at best and misleading at worst, which is nearly always. You are using it to sugar-coat human fallibility and even just plain disagreement with an aura of scientific respectability.
Alex • March 13, 2017 12:19 PM
My guess is that they either A) don’t have evidence which would stand up in court, or B) Seriously broke the law in pursuit of said evidence. From experience, there’s no ‘harm’ in obtaining evidence through illicit means, knowing that you won’t be able to use it in the case. This just means you have to find an alternative (legal) way obtain and introduce that evidence into the case. BUT you better make damn sure you have a legal way to prove it.
Regarding “science”, I learned in undergrad for my medical degree just how flawed “science” is. Science builds upon science. This can be good, but it also means errors build more errors. Unfortunately, much science research isn’t worth the paper it’s printed on. So, subsequent research which cites the shaky research just gets worse. If you want fun, go look up the original studies which said cholesterol is bad for you and causes hardening of the arteries.
As an undergrad I forced a retraction of a major article in a major US medical journal. I forget the details now, but it was a cardiac-related article which seemed to go 180 degrees opposite of my understanding and against what I saw with my own body. I questioned the principal investigator hoping to get insight and learn where I got it wrong. Instead, I received a phone call several days later, from the PI, apologizing about the incorrect info and lesson on how research works at the university level, including its dishonest side. We talked about the Publish or Perish mentality, and that there’s no money in telling people everything’s fine. Probably about a 90 minute conversation in all. His graduate students completely bulls**tted the research and even did a little “source plagiarism.” That is, they copied & pasted sources used by other papers, without even reading the sources. If they had, they might have noticed their conclusions were 180 degrees out of phase from what their sources said. A retraction was published in the next month’s journal. This was a major peer-reviewed journal, not some random musings on Reddit.
@Tatütata: From my dealings with some of those agencies, they don’t seem to talk to one another. If anything, some petty pissing contests happen between their hacking departments and they completely refuse to share information and techniques, even if working on the same case!
ab praeceptis • March 13, 2017 12:22 PM
Peter S. Shenkin
Entropy is a well defined and commonly used term in cryptology and related fields.
It would be helpful if you detailed your criticism somewhat, for instance by telling us which of the multiple uses in the top 100 comments (by Clive) you specifically refer to and why you consider that use as wrong.
Also keep in mind that this blog is not strictly scientific but addressing a somewhat wider audience ranging from well established mathematician to loosely interested in security people. So, unless clear terminology is essential (say when describing some mechanism) it can actually be helpful to formulate somewhat loosely. Using the word “entropy”, for instance, is much more handy and understandable for many than to hunt down randomness properties to the quantum level.
Or was your point more the “science community way” of telling Clive Robinson that you don’t like him?
Shachar • March 13, 2017 12:32 PM
@Winter,
Not exactly. Look up the CMU exploit. The NSA paid CMU researchers a sum that is estimated to be $1M (which does not sound like a lot) to attack the network. They injected a lot of rogue servers in the middle, and injected bits into the circuits metadata. The result was that, at least probabilisticly, some deanonymizing was possible through the network.
I don’t know the precise details of the attack, and the Tor maintainers claim that they have learned their lessons (one of which was: do not trust anyone, including well respected security researchers).
Basically, part of the attack was successful due to red flags being raised and then ignored.
Many of the actual end points attacks (i.e. – taking over a CP hidden service and then using exploits to infect the clients) were possible due to this attack allowing the FBI to locate and take over the servers in first place.
Shachar
Major • March 13, 2017 12:35 PM
Since everybody’s machine is pretty easily hacked by various parties, how can planted evidence be distinguished from real evidence?
Jonathan • March 13, 2017 1:18 PM
It seems to me this leads to a question: what good is the attack on Tor, if garnering evidence from it leads to charges being dropped?
Why keep it a secret?
Babau • March 13, 2017 1:20 PM
Tor is compromised anyway. The feds took control of some keys servers some time last year when the main guy running left.
cphinx • March 13, 2017 1:21 PM
Although recognizably advanced, sometimes in cases like this, State level actions get more credit than is warranted.
1) This type of “exploit” on the Tor network has been known for some time now: USA Today – FBI Take’s Down Silk Road
Although differentiating in the description of how the exploit de-anonomizes end users, the principal is the same: exploit the server and then exploit the traffic. And in some cases, compromise the source and installer package and deploy.
2) At least publicly, there hasn’t been much evidence produced on the ability to unquestionably verify de-anonomizations within the Tor network once an exploit has been ran. My bet is that IP addresses are collected and then a number of cross referencing techniques are conducted to add more integrity to the case. Then again – maybe not.
3) Although I don’t believe this claim myself, and in no way, shape, or form am endorsing the conspiracy theory side of this… but the there is the simple fact that we do not know if there are agreements between [some] agencies and Tor. The possibility could easily exist for this to be the case. Although unlikely, it can’t be counted out. Especially for uses such as this article talks about.
Just as Tor says, in a different context, “don’t trust the word ‘privacy’ on the internet”.
My Info • March 13, 2017 1:26 PM
@AlexT
I guess the only rationale is that they are still exploiting this vulnerability?
Correct. Now why are they exploiting it if not to prosecute actual cases? The Mob is in the FBI, and cases are intentionally getting screwed up.
You can’t “unknow” this stuff. If you know by some secret means that a certain suspect or individual is into CP, you are going to be looking for probable cause by some other means, and that is going to be called “parallel construction.”
At the same time you can’t give the suspect blanket immunity for life from CP charges.
So what is the real rationale?
Bob Dylan's Leering Grin • March 13, 2017 3:25 PM
tomb writes, The Federal Rules of Evidence and Frye Standard exclude pseudo science from being admissible in courtrooms. </>
This is one of the funniest troll comments ever on this blog.
(1) US Courts do not use the Frye standard anymore. It was overruled in Daubert.
(2) The idea that judges acting as the gatekeepers of the evidence keep pseudoscience out of the courtroom is jaw-dropping. No they don’t. They don’t even bother to try.
http://www.dispatch.com/content/stories/national_world/2014/06/23/arson-science-discredited.html
Bob Dylan's nasal whine • March 13, 2017 4:37 PM
@myinfo ‘Now why are they exploiting it if not to prosecute actual cases?”
http://www.wnd.com/files/2017/03/emergency-motion-3.8.17-851.pdf
FBI is using it to illegally surveil and attack the honor or reputation of dissenters, and to control influential political and judicial functionaries through Soviet-style kompromat, extortion, and blackmail. Dennis Montgomery has submitted a terabyte of documentation for the public record and FBI is frantically struggling to bury it.
Tune in next week for the next episode of Obvious Answers to Rhetorical Questions.
CallMeLateForSupper • March 13, 2017 4:39 PM
A friend of mine, Trump supporter, piped up during lunch the other day and spat, “Did you read about the child molester that the government is letting go? They don’t want to reveal how they got their evidence. That’s bull___t! The press should write stories on that instead of spending their time bashing Trump!”
Hmmm… sounds bad. First I’ve heard of it. Where did you hear this?
“In the paper.”
Tah-DUM!
Clive Robinson • March 13, 2017 4:49 PM
@ tomb,
It’s somewhat naive to suggest that entropy is sufficient to erase all useful traces when body fluids and hairs and fibers cling very tenaciously to certain surfaces.
Did you actually read what I wrote?
I’ll repeat the salient point so you don’t miss it,
- Even the fundemental “contact” rule of forensics follows times arrow and entropy, sadly most other forensic rules are at best “limited domain assumptions” they are not axiomatic in any way.
Your “when body fluids and hairs and fibers cling” comment is what the “contact” rule is all about…
As for entropy and times arrow, entropy is about the statistics of going from an ordered to a disordered state. In the process it’s increase in disordered state allows for an increasing information content but also a disipation of energy. As in thermo dynamics it’s a one way process as far as the information content is concerned, you can not go back. The reason is that to go back to the ordered state it was before requires you to reverse the energy dispation back to it’s original more cohearant state and that can only be done if you put more energy in, which creates more ibyeractions thus information.
That is if you take a lump of coal and some how manage to map the position and state of every atom, then oxidize the coal to carbon dioxide, sulfer dioxide etc you get energy out. But to put each and every atom back in it’s place and state requires considerably more energy, the information signiture of which is impressed onto the atoms state. .
The reason for this is that at the quantum level the state of a particle or quanta is based on it’s initial state and any interaction it has had with other quanta. In effect it’s state is unkown or uncertain to an observer. However at any interaction the quantum uncertainty gives rise to entanglement and the combined state is shared. This has been known for quite some time, but it’s only in the last decade that scientists have started to work out the implications of Seth Loyds 1988 doctral thesis ( http://arxiv.org/abs/1307.0378 ) and generalise it in a way that accounts for times arrow.
Jonathan Wilson • March 13, 2017 5:12 PM
A bunch of possibilities here:
1.The FBI have done something illegal enough that revealing the exploit would allow the defense lawyers for the people in question to get the case dismissed.
2.The exploit the FBI are using and the methods used to collect data from the compromised systems are not 100% verifiable and the defense lawyers could argue that its generating false positives or that its been faked/tampered with.
3.The exploit is not what the FBI claims it is and in reality they have hooks deeper into the TOR network (e.g. control over enough servers in the network to expose people) and revealing the details would cause the bad guys to stop using TOR and start using something the FBI cant get into.
4.The exploit is still being used (by the FBI or some other agency) to go after higher value targets than pedophiles (terrorists, foreign spies, foreign agents, national security threats, something like that) and revealing the exploit would compromise those ongoing investigations.
5.The FBI doesn’t actually know how the exploit works because they bought an off-the-shelf exploit from somewhere and didn’t get the details.
Anura • March 13, 2017 5:23 PM
@Jonathan Wilson
Most likely, whatever methods they used would likely constitute an illegal search, or risk being declared one, which could open up a huge can of worms, and thus it’s better just to drop it. Parallel construction would likely be obvious, and they may contradict affidavits from an arrest warrant.
My Info • March 13, 2017 5:48 PM
@Clive Robinson
This has been known for quite some time, but it’s only in the last decade that scientists have started to work out the implications of Seth Loyds 1988 doctral thesis ( http://arxiv.org/abs/1307.0378 ) and generalise it in a way that accounts for times arrow.
There is no end of pseudoscientific blather about entropy and time’s arrow and all that ( http://timecube.2enp.com/ ).
Landauer’s principle, “Irreversibility and heat generation in the computing process,” is legitimate ( http://worrydream.com/refs/Landauer%20-%20Irreversibility%20and%20Heat%20Generation%20in%20the%20Computing%20Process.pdf ).
The more recent “critiques,” which I don’t even care to cite, are not.
I am curious about the Fluctuation theorem ( https://en.wikipedia.org/wiki/Fluctuation_theorem ). It seem legitimate, too.
BlueLightMemory • March 13, 2017 5:56 PM
Betcha Java script is involved.
Clive Robinson • March 13, 2017 6:17 PM
@ Major,
Since everybody’s machine is pretty easily hacked by various parties, how can planted evidence be distinguished from real evidence?
It’s an inyeresting question with several interesting answers, but I’ll only give one as it’s relatively short and simple to explain.
Most of the credit for this is given to Dan Farmer and Brian Carrier due to his 2005 book “File System Forensic Analysis”. However as Dan has been known to chearfully comment there were others before him.
Your hard disk is an interesting thing due to the way the OS handles it. Essentially under more modern OS’s it realy is a “time machine” in terms of the fact you can unwined the hard disk back in time to see if their are any time line anomolies, especially if there are bitwise backups.
Without going into details the way an OS uses a hard disks sectors and cylinders has several layers of interlocking chatecteristics a good computer forensics guy should be able to walk a hard drive backwards in time, acounting for every bit of change and where and why it changes. When they can not account for a given hard disk file anomalie then there is good reason to accept that the file system could potential have been tampered with thus it’s best to clear out/up back to the bare metal.
@Snarki,
What? Like “The previous prosecutor en place since Obama didn’t have a half a clue, we’ve replaced him and considering the CIA disclosures the evidence looks fine; mightily so.”
?
I hear you loud and clear about the return of the jedi thought, may the fuzz be with you.
With what’s already going around there’s hardly any reason to hold back at all at this point.
Not anything I can imagine anyways, it’s not like the FBI actually represents “national security”.
Let the FBI stop playing games, get them back in the action of actual prosecutions instead of their CIA-like infomaddicts.
Major • March 13, 2017 7:12 PM
@My Info
“There is no end of pseudoscientific blather about entropy and time’s arrow and all that ( http://timecube.2enp.com/ ).”
This is another twist on @ab praeceptis: Calling something pseudoscience is just a mock-scientific way of saying you don’t like it. Do you realize that just calling something a name (“pseudoscience”, or it might as well be “pee-pee caa-caa”) to discredit it does not even rise to the level of pseudoscience?
Pseudoscience clearly is something that you don’t like that you have no argument against.
@Clive
Thanks for the explanation. Do you think such an examination in depth is done very often? I suspect the authorities have little motivation to question a convenient result.
Maybe it is paranoid. People were framed pre-digitally but I haven’t seen any reason to think it was common. Physically framing someone forces one to move about in the physical world leaving evidence and exposing oneself. What concerns me is that a digital crime need not have any physical evidence and therefore the evidence can be manufactured much more easily and with less risk of exposure and less opportunity to apply counter evidence such as an alibi.
WhiskersInMenlo • March 13, 2017 9:31 PM
Interesting….
In this case should it be refiled the “classified” bits would have to be part of the case.
They have effectively stated that there is insufficient proof without this information.
The methods might be inadmissible if the incursion into the defendant’s machine allowed sufficient
access over time to plant evidence.
The method might be illegal if there was less than warrant qualifying knowledge at the time
of the evidence discovery. i.e. is this 1 of 1 machine or 1 or 10,000 machines infected and searched.
This bit is interesting.
Once the critical bug is fixed the exploit will have a short life and might then be disclosed.
Kids fix them bugs…
other • March 14, 2017 3:50 AM
Let’s be optimistic. This is an fortifying evolution since the 50’s and the Rosenberg case. In 1951, Julius and Ethel Rosenberg were sentenced to death for spying for USSR, apparently without concrete evidences. There were, in fact, some evidences (against the husband, not his wife) but these evidences were classified since they were obtained through the secret VENONA project, something technically similar to current governmental hacking activities. The judge got secret access to those evidences and sentenced the Rosenberg (the two of them!). The public was not aware of the evidences, creating the apparent worst injustice, leading to protest demonstrations all around the globe.
At least, today, if you refuse to reveal your sources, the case is dropped.
OK, there are some limitations to this comparison. VENONA explicitly targeted USSR while hacking TOR targets everyone. Passing atomic bomb secrets to USSR cannot be compared to child porn.
Clive Robinson • March 14, 2017 5:10 AM
@ Jonathan,
Why keep it a secret?
Most likely is it’s not their secret to keep, and have a restriction on revealing technical details for one of a couple of reasons.
1) As I said above it might well have come from another US agency, who have had their fingers burnt by a whistleblower etc.
2) It’s “in commercial confidence” think of NDA’s on the likes of stingray kit.
It’s this second option people might want to speculate on for a few moments. That is what is so attractive about a piece of technology that the FBI would buy it but keep their mouths shut about it?
On reason might be that the technology was designed for a “no holds barred” FFF usage, such as from a defence contractor that designed the system primarily for high price paying military organisations.
There of course may be a “Golden Goose” issue. From time to time people find attack vectors that have been in software etc for a decade or more. Which some think may have been put in by a national SigInt agency. In all probability the Tor code is large enough to have such a “bug” go unnoticed. It might be trivial to exploit and not easily fixable, which would make every Tor user world wide vulnerable, which would make it a NOBUS “front door” issue. James Comey has had his political “finger in the pie” scalded over the idea of “Golden Key” “front doors”, because he misjudged the political temprature in industry/academia, thus he might not want to get it stung as well by shoving it in the hornets nest that information would stir up.
Let’s be honest Tor is a honeypot for all sorts of activity one of it’s original designs was to in effect give political actavists a degree of safety, which might well have in turn given a degree of cover for high position “agents” and NOCs in various non US friendly countries… The history and funding of Tor suggests that it probably has a “guardian angel” or two who even the deity “In god we trust” would not want to upset 😉
@All,
Clive makes a good point about NDAs, maybe we can still stop partial misuse with them?
Clive Robinson • March 14, 2017 6:22 AM
@ My Info,
I am curious about the Fluctuation theorem
I actually started writting about it in my above with the “lump of coal” but got disturbed mid flow…
The two usuall arguments are “the broken glass lept back whole into the hand with not a drop a drop of drink missing” and “the jet engine turning exhaust back into fuel and clean air”. Neither of which is helpful due to the value of probability involved, which is why the first argument is often used to say “impossible” thus “nonsense” or “a conjuring trick”.
It’s the reason I use a lump of coal with adults (but lego bricks with those of more tender years such as undergraduates ;-). Importantly I say “lump” so I do not initially say the size of it, thst wayvI can freely change it’s size as I go through the argument (unlike a jet engine). Because if my lump of coal is just two carbon atoms, it’s easy to see that a not very high probability is required, but as it gets bigger the probability rises exponentially.
I also show that the reason you can not go from “effect to cause” is that there are many probabilities open and thus possible. One probability you will get not coal but graphite, another diamond, and as many for each as there is atoms and their combinations. That is there are vastly more possabilities as a starting point to produce the same combustion gases, it’s only your previously recorded map of position and state that alows the original lump to be reformed.
Thus you enter into the idea of “information” and the fact that without it you can not go from effect (combustion gases) to cause (lump of coal and oxygen). Telling it to undergrads from five years old and upwards, also gives a “Serious Reason” to use the Lego and any fun you might have doing it is purely coincidental 😉
As I’ve mentioned before my son quite quickly got the idea of the duality of entropy and information from Lego at a very tender age, the trouble is MineCraft has made him forget :@
Clive Robinson • March 14, 2017 6:55 AM
@ r,
Let the FBI stop playing games, get them back in the action of actual prosecutions instead of their CIA-like infomaddicts.
That’s not going to happen. When Hover sat in power at the FBI he in effect published a two track blueprint to staying there.
1, Track one FUD and Show Trials to the people.
2, Get a firm grip around the vitals of anyone in power so they nod yes whatever you ask.
The only “fly in the ointment” to this simple plan is “the crazed psychos at the DoJ” who care not how hard their vitals get squeezed, as they have their own way to gouge the eyeballs out faster than you can ask them a question.
Thus no oversight committee or appropriations committee is going to say no except as show.
Clive Robinson • March 14, 2017 7:46 AM
@ Major,
Do you think such an examination in depth is done very often? I suspect the authorities have little motivation to question a convenient result.
An examination in depth generaly only happens when a third party to the court and experts gets sufficiently motivated. The most obvious being when experts have pushed their luck way to far and other practitioners in the domain who follow the scientific method feel that their reputations are getting tarnished.
As for “convenient result”, it’s actually worse than you may think. You need to consider “confirmation bias” and “financial incentive” of forensic laboratories.
As you may know there is a “chain of custody” for evidence, which basically means that there is a log of names and signitures going all the way pack to the hand in the glove at the scene of the crime. Which the lab staff see, not only that they may often get to see one of the investigators in person when they sign for the evidence. Thus information about who the investigators think is the criminal gets across to the lab staff. Intentionaly or not this has been found to bias the likes of fingerprint matching.
Finance also plays a part, even the most basic of tests without checks or safe guards is expensive. Thus the checks and sage guards get treated as expensive add ons. Even basic cleaning of equipment has been ommited to reduce price in a competitive market, thus cross contamination has happened, and any attempt at faking evidence will likewise get through.
But there is the “movable feast” issue at the scene of the crime. Frequently only a small part of the available evidence is collected at the time, if at all. If the crime becomes “more important” for one of many reasons further evidence might be collected. In the case of much evidence it’s only the “movable items” that go to the lab… What frequently does not get asked is the “How, When and Why” of those movable items turning up at the scene of a crime with their attached evidence. That is much play is made on the investigation of the item, whilst the important “negative finding” questions are not…
I am aware of a case where somebody was “glassed in the face” at a licenenced premises open to the public. The only clear fingerprint on the glass with the blood on it was from a person who claimed they were not their but had no real alibi… You can imagine what the investigators thought of that…
Eventually somebody from the defence side did investigate the How, When and Why” questions. It turned out that the person had visited the establishment months before for a “Christmas drink”, the night of the attack was also very busy, and the establishment used a particular kind of “bar washer” that the bar staff “dipped the glass in” thus it did not clean the whole of the glass, in particular the outside bottom of the glass.
In essence the defendent had held the glass at some point with both hands (realised by the fact the print was from their non dominant hand) the glass had been dip cleaned by staff and put back on a shelf of “overflow glasses” used only at busy times, where it just sat. On the night of the attack being busy the overflow glasses were used, the actual attacker did not touch the bottom of the glass nor did it appear did others. Although there were partial prints on the side of the glass that were recorded these were not investigated at the time… When some of the partials were investigated they were found to belong to the actuall attacker.
How often this sort of thing happens I have no idea, but the one thing that is clear is at some point in all investigations evidence is examined and treated in a way to “find conviction” of an individual and not to “remove from suspects list”.
Clive Robinson • March 14, 2017 8:12 AM
@ WhiskersInMenlo,
Kids fix them bugs…
I’d rather they tore up Tor and dump it in the appropriate container. Then started a new design that solved many of Tor’s fundemental faults.
But it’s not going to happen any time soon, as the US “center of the web” gives it advantages to uncloak Tor that few others have, and I can not see the US IC or politicos giving the power that comes from the advantage up any time soon. In fact I would expect them to actively try to kill off any such competitors fairly quickly one way or another.
Sean • March 14, 2017 11:17 AM
I don’t understand what avoids any researcher outside the US (say, from Russia, by any chance…) to make his honey pots get trapped by this exploit on the Tor Network in order to eventually use it for his own profit ?
Major • March 14, 2017 11:47 AM
@Clive
Thank you again for your kind explanation. You give a great example in the bar glass story.
I am not sure why as a culture we are much more excited about seeing someone ANYONE punished for a crime than ensuring that it is the right person. Likewise, even in academia (especially in academia), it seems like partisanship, the struggle for power, and the desire for confirmation of existing beliefs dwarfs any strong interest in truth. This is only worsened by the increasing dependence of researchers on funding from parties that are only interested in funding results that meet their needs.
I suspect that our evolutionary inheritance leaves us driven much more by primal impulses of survival, dominance, anger and vengeance than we would like to admit, while our facade of reason, open mindedness, truth-seeking and empathy is quite thin.
Dirk Praet • March 14, 2017 1:56 PM
@ Clive
I’d rather they tore up Tor and dump it in the appropriate container. Then started a new design that solved many of Tor’s fundemental faults.
Tor developers have already made it clear they have no intention of addressing its fundamental flaws for the simple reason that doing so would make it so slow and bandwidth-intensive that users would just run away from it. I2P and Freenet, which are equally low-latency networks, suffer from the same as soon as you revert to trusted node-mode only. You can, of course, always combine Tor with I2P using either TAILS, Whonix or Ipredia, which kinda ups the ante but still doesn’t solve Tor’s intrinsic vulnerabilities.
There are some emerging alternatives like GNUNet (medium-latency mesh network), Netsukuku (physical ad-hoc network annex dynamic routing system), RIFFLE (mixnet with onion encryption) and HORNET (High-speed Onion Routing at the Network Layer), but they all seem stuck in either conceptual or alpha stage. It would actually make sense for the folks behind Tor to look into these and team up with the most promising candidate for a Tor 2.0 . I can’t help but wonder why that’s not happening.
@ab praeceptis
Don’t bother looking into GNUNet. It’s entirely C-based.
@ Sean
I don’t understand what avoids any researcher outside the US … to make his honey pots get trapped by this exploit on the Tor Network in order to eventually use it for his own profit ?
Nothing does. Everyone is feeding off everyone, and which is just one of the reasons that makes attribution so hard.
WhiskersInMenlo • March 14, 2017 2:21 PM
@Clive
I’d rather they tore up Tor and dump it in the appropriate container. Then started a new design that solved many of Tor’s fundemental faults.
Fixing Tor is independant of this issue.
If you build a better system it should get traction rather quickly once
folk give it a look and the user interface issues are worked out.
If Tor goes away promptly the secrecy issue of Tor exploits vanish.
If Tor persists the secrecy issues will not go away.
Opinion…
Today the most important bits for the courts to wrestle with must include
*) planted evidence, one judge has ruled all current systems hackable.
Geek squad folk have been co-opted to place illegal content on machines.
*) International law -- agents of the FBI are not free to hack machines in Germany for example.
*) US law makes strong distinction between inside the US (FBI) and outside the US (CIA).
*) Employing foreign agents to attack national systems inside the US is treasonous. Those agents
need not be agents of the foreign government.
*) Employing foreign agents to attack private systems inside the US is still illegal. The international
payment does not wash the hands and absolve the US national from an illegal action.
Anura • March 14, 2017 2:42 PM
@WhiskersInMenlo
If you build a better system it should get traction rather quickly once folk give it a look and the user interface issues are worked out.
User interface is meaningless; you need a new protocol, and the catch 22 is that until it gets enough users that it becomes too difficult to track someone, people will not use it.
ab praeceptis • March 14, 2017 3:13 PM
Dirk Praet
“Don’t bother looking into GNUNet. It’s entirely C-based.” – No need to worry; I’m very rarely looking at anything gnu.
As for tor and friends …
Way too much mucking around to disguise ones videntity.
Way too much weight given to social and political aspects.
Way too much – to be expected – criminal activity (as intentionally designed).
Way too vague and to many goals to properly work.
Way too much soros, cia & co funded influence in project leadership.
And, of course, ridiculously bad track record. Plus, of course, lousy code.
So as far as I’m concerned, tors disadvantages and negative sides by far outweigh the (rather little and mostly hope rather than fact) positive ones.
I’ll look again at any such project once they have understood that “disguise my videntity”, “disguise my target urls”, and “let me transfer information securely” are quite different tasks. Or, for that matter, that confidentiality, identity, and secure communication are not “basically the same”.
Dirk Praet • March 14, 2017 4:38 PM
@ ab praeceptis
So as far as I’m concerned, tors disadvantages and negative sides by far outweigh the (rather little and mostly hope rather than fact) positive ones.
We meanwhile know where you stand on Tor, Signal, C, everything GNU etc. but what is still not entirely clear to me is what you would then recommend to, for example, a group of lo-tech LGTB’s in Bahrain, the Dakota pipeline activists or a bunch of Iranian youngsters planning a secret techno party in a Tehran suburb? To just forget about it, use OpenBSD/XFCE live CD’s only or wing it with whatever their favourite commercial stock OS supplies as there really is nothing useful out there that will even marginally increase their digital privacy and security?
ab praeceptis • March 14, 2017 4:54 PM
Dirk Praet
For a start I would highly recommend ssl (any old version) on windows xp to the example groups you mentioned, hehe.
Kindly do not paint me as someone who has a personal unsubstantiated private war with tor, etc. That’s not the case. I have laid out quite well quite some (mostly technical) reasons for my position.
What would I recommend? Well that’s the part where I call Bruce Schneiers “call to arms” laudable: I would recommend those lgbts in bahrein, etc. to LEARN about and to begin understanding their problem as well as available means. And btw also to think about whether they shouldn’t change location.
tor, ssl, etc. being not perfectly secure (look, how diplomatic I can be!) is just part of the problem. The other and probably more important part is that “just use tor!” just doesn’t cut it. Provably.
Probably the most important step towards security for all those people is to understand their situation, the potential threats, the means available as well as how to use them properly.
Btw., I do not think that “use OpenBSD w/XFCE from a CD” is in some way a “golden rule” to follow. That was said in a certain well specified context and as an example – not as “do that and you’ll be perfectly secure”. So kindly stop abusing that against me.
ab praeceptis • March 14, 2017 5:15 PM
Dirk Praet
P.S. Yes, there is NOTHING I would have to give them right away, no golden magic tool.
Are there any possibities at all? Yes, there are. But they are way too complicated for low- or no-tech audiences.
Let me give you dirty example first: One COULD make ssl/tls considerably more secure right away and in minutes – by configuring it properly.
Strangely, however, that is rarely done. It’s just minutes yet it’s rarely done. Why? Two reasons: a) One needs not minutes but days or months of studying to have a level of knowledge that allows one to do that simple and quite useful (as in “more secure”) step. b) 90+% simply son ot care a rats ass. Including administrators.
Security IS hard and complex. No amount of good will of even very capable people like Bruce Schneier will change that anytime soon. It’s hard because one needs to know quite a lot just to be able to reasonably assess one situation. Next one need to reasonably assess potential threats as well as ones system and technical situation. And then comes what I sometimes call the “big void”, because putting aside the usual “golden tools” (which are often more of a problem than a solution) there is only one way left: Learn even more, get a reasonably reliable set of tools, very carefully choose the crypto you use and build a solution yourself.
One important reason is this: Wars cost money and carry risks. Every war comes down to a cost/risk/success ratio. Same in the cyber world. nsa, cia, etc. have budgets, hence they will focus on the usual and wide spread tools. The formula is simple: Very attractive cost/success ratio.
Kindly note that knowing_your_enemy (TM) often is more valuable than any tool and usually makes any tools used much more powerful.
Concrete example: If the bahrein lgbt group came up with a reasonable tool they build themselves chances are they’d be almost perfectly secure. Simply because of the above mentioned ratio. The same group using tor, however, would be cheap game.
That’s important to understand. By making any tool, even if very good, widely available is rapidly devaluates due to being attractive for the goons and being easy to justify the expenses needed.
So unless anyone here comes up with a truly_perfect_tool that is simple to use there are not and will not be reasonable recommendation for “just use xyz and be secure”. And even if that existed it would be cracked quickly when running on 99,9% of all widely available platform.
The way to such a tool, btw, inevitably leads through proper spec/model/design/implement verify.
So sorry to be boring again.
@Dirk,
There is no golden rule, as per @ab & @nick%20p.
The CIA disclosure states this backwards and forwards, the only golden rule are the recommendations you see there and those that are absent but reserving space: eg. the whole ‘encryption works’ thing you see rising out of the assembly.
If you build it, they will try to exploit it.
If they know you have it, they will try to infiltrate it.
If they know you’re going to get it, they will try to interdict.
Think of the SS’s DDD as the energizer bunny…
What you, I, we should realize is that there is no silver bullet right now.
You don’t fit into my shoes and I don’t fit into yours, anonymity is likely easier to purpose than security is to any end, relative maybe not complete anyways.
There’s too many layers to try and secure in the meantime, so resisting the confinement of a database through random pipes is far more achievable than confining the data you’re shipping through a couple of pipes to just your end points.
Secure code would be nice, but we still need secure hardware, then you need a secure environment.
It’s an economic wall, I’m not sure there’s an end to it’s various pitfalls.
I can stick a large qr code on the inside of my microwave, put the battery into my phone and then lock my phone in there to do what thy qr code commandeth. We could double insulate and drop a pi inside one of those wallet-protectors inside of a microwave.
You can get ultra crazy, there’s nothing really stopping someone like me from sourcing 20lbs of peanut butter and instead of making ammunition I could sandcast lead boxes for oil cooling stuff…
Crazy crazy, but does it solve anything?
@ab,
Low tech audience precludes direct assembler?
Would LISP be better in such cases of hardware suspicion to attempt to put distance between the coder and a cpu?
ab praeceptis • March 14, 2017 5:39 PM
r
“If you build it, they will try to exploit it.”
I’m glad to state that you are wrong with that, at least in many, many cases.
Reasons:
a) first they must find out that you have your own solution – which can be made quite hard.
b) As explained above: They have a budget. Maybe an insanely high one but there is one. And there is another implicit but more strangling budget: capable, intelligent, well educated human resources.
So, unless you are, say, the chinese military or another target of very high value, chances are that they will fail to crack or exploit your solution and often even to notice, let alone, analyse it.
The example groups provided by Dirk Praet are good examples for what I try to explain here. Sure, some police officers or goons would probably love to listen in on their communications but they are worth just rather little effort.
Btw: I think that one of our most grace problems is that most of us are believing too much in (seemingly) intelligent dogmata. An excellent example is “obscurity is not security”. Almost everyone blabbers it, yet it’s plain wrong and hinders us big time.
Oh no, you and I aligned on the BSD license and GNU issues completely.
Not to mention the low tech v high tech v low tech or asym v sym v asym arguments.
I whole heartedly agree, but without knowing who is who to who we all stand in the shadow of risk2 [ https://en.wikipedia.org/wiki/Risk_(game) ]
You do bring up valid points as a response, I missed that and omitted them too I guess.
So I thank you for putting another fork in my perspective there, truly.
Dirk Praet • March 14, 2017 6:41 PM
@ ab praeceptis
Probably the most important step towards security for all those people is to understand their situation, the potential threats, the means available as well as how to use them properly.
My apologies if you somehow interpreted my question as suggesting you’re on some sort of personal crusade against Tor or shilling for Theo. That’s certainly not the way I intended it, and you should know by now that I fully concur with most – if not all – of the arguments generally used against Tor here both by yourself and others.
I guess each of the groups I mentioned understands quite well its situation and the risks they’re taking. If they’re smart, they will also enquire or seek assistance about private and anonymous communications. Hence my question what you would recommend them.
Are there any possibities at all? Yes, there are. But they are way too complicated for low- or no-tech audiences.
That’s a clear and straight-forward answer indeed. The issue I have with it is that it’s a very black and white approach that in essence conveys a message that all adversaries are equal and omnipotent, discovery swift and resistance for all practical purposes futile. I believe that’s just as incorrect an assessment as its converse claim that you can make all your communications secure by just using Tor and Signal.
Concrete example: If the bahrein lgbt group came up with a reasonable tool they build themselves chances are they’d be almost perfectly secure.
Despite agreeing with pretty much everything else you said, my gut feeling is telling me that a bunch of lo-techs building their own tool would probably be a recipe for instant disaster, unless it comes right out of an old OPSEC field manual. Think Mujahideen Secrets and the like.
Clive Robinson • March 14, 2017 6:46 PM
@ ab praeceptis, Dirk Praet,
That’s important to understand. By making any tool, even if very good, widely available is rapidly devaluates due to being attractive for the goons and being easy to justify the expenses needed.
That is only part of the story, that many want to believe or want you to believe.
The reason is that you don’t have to break a tool if you can go around it. Thus from a SigInt agencies point of view for persons of interest, attacking the platform they use removes the problem of having to bteak what tool they use.
Thus we have end-run attacks that use I/O shims between the keyboard and the tool and between the tool and the screen.
It’s why I keep shouting into the abyss to move the security end point off of the platform you have no real control over that you use to communicate, and put the security end point onto another device which you fully control and only communicates through a channel you fully control.
Put simply there is no other way of having security when you are a person of interest. This has been known for longer than computers have been in existance.
Sancho_P • March 14, 2017 7:24 PM
Me too thinks blindly dismissing everything doesn’t help to make progress.
We shouldn’t start from top (highest security and privacy and anonymity and convenience and plug’n play and foolproof against highest state level actor omnipotent cracker) down to plain text email, but the other way, from simple to complex.
To me the referenced project (@Bruce) seems to be obscure, didn’t get the point.
I’d rather prefer a practical approach.
A forum is impracticable.
@Dirk’s case examples are good, there are dozens (at least now) for us legal activities where society needs protection.
ab praeceptis • March 14, 2017 7:25 PM
Dirk Praet, Clive Robinson
“The issue I have with it is that it’s a very black and white approach that in essence conveys a message that all adversaries are equal and omnipotent, discovery swift and resistance for all practical purposes futile.”
No. I had reasons to put “understand and learn” first. I put it down somewhat simplified in an internal paper to a client, naming three classes of opponents: script kiddies and low level criminals or local police, mid to high level criminals and most “high-end” law enforcement and spooks, and high-end. Moreover, I associated a know-how bracket, a budget and equipment bracket, a damage bracket, and an interest focus with each (because those are the major criteria).
If I had to make an educated guess, I’d say, pretty much everyone can and sooner or later will be a target for the lowest group, about 1% to 5% will be a target for mid level groups, and hardly one promille will ever be a target of nsa tao or the likes.
Plus utterly unfocussed grab_anything_you_get fishing by nsa and the like, which are however of almost no concern to anyone but a few.
The groups Dirk Praet used as an example would typically fall into the middle category, i.e. somewhere between noisy regional police and an average (~ quite impotent) federal cyber police or spy agency.
One very important advice I have for those groups would be “hide well!”. Which typically means to seemingly swim with the stupid mainstream (e.g. https) but use that only as a channel for your custom solution.
“Despite agreeing with pretty much everything else you said, my gut feeling is telling me that a bunch of lo-techs building their own tool would probably be a recipe for instant disaster”
Absolutely! And that is unfair, not nice, and whatnot – but the bloody reality. And: Using ssl/tls, tor, signal doesn’t make it any better.
You want me to spell it out? Here you go: “Unless a given group has a very considerable level of know-how and engineering capability it will be pretty much doomed”. Ugly, I know, but I’m not in the business of telling pleasant lies.
“…you don’t have to break a tool if you can go around it. Thus from a SigInt agencies point of view for persons of interest, attacking the platform they use removes the problem of having to bteak what tool they use.”
Absolutely. It is, in fact, well known, that even lousy crypto (say, old des) is attacked but usually one simply goes around it.
So, Clive Robinson and Thoth are damn right when they preach to NOT do the sensitive part on the usual 99,9% of platforms.
The problem is that this makes the whole issue even harder, much more harder. To Clive or myself that’s no big thing; we had plenty experience with TTLs and the like. To the average Joe or Jane (incl. Joe or Jane software developer) however, this is a major hurdle and the difficulty starts as early as at the question which hardware to trust at all, e.g. “is one of them (really not at all) ‘simple’ arm based toy boards a good solution?” (hint: No, it isn’t).
And there is yet another, often not noticed enemy: Business and standards processes utterly rotten by business interests.
It’s not that we couldn’t offer something MUCH better than ssl/tls. We could. But we can’t because for anything to be used widely it would have to go through standards processes and or have considerable financial and PR clout behind it – which translates to being tainted and brutally watered down and weakened or being a cia or nsa op in the first place.
But I have at least some good news, too: Look at the cia papers. They cook with rather common water. Far, far below what hollywood makes people assume.
@ab,
In all fairness, assuming any leak is a complete leak is a mistake in and of itself #1.
#2, This smells of humint leak not sigint link. While sigint would still be vulnerable to encryption not being digestible they have far more capabilities than just what we’ve seen from the NSA already. It would be dangerous to discredit this leak as a complete offering or full frontal nudity.
I, like you am not impressed – but is it safe to assume that this isn’t just the low hanging fruit to be used before they bring in the big[ger] guns?
Signals leak, even if they’re encrypted – that overlaps your comments about lowtech’s offering up ‘complete’ solutions.
It’s not an easy problem.
stine • March 17, 2017 12:53 AM
Major • March 13, 2017 12:35 PM
Since everybody’s machine is pretty easily hacked by various parties, how can planted evidence be distinguished from real evidence?
That’s an excellent question.
Clive Robinson • March 17, 2017 7:57 AM
@ Stine,
That’s an excellent question.
Which I’ve partly answered above,
https://www.schneier.com/blog/archives/2017/03/fbis_exploit_ag.html#c6747965
If you want to discuss it further you know where to ask 😉
D. Alexander • August 27, 2017 8:18 PM
I am no expert on security, but I think I know how they did it. They set up a bunch of Tor nodes and sniffed the traffic using some sort of ARP poisoning; creating fake hubs between the nodes to capture the data streams. Then they probably used Rainbow Tables to hash out and crack the encryption on the data streams and read everything in plain text, and then got whatever they wanted. Another way is to set up fake websites on the nodes after you have got sniffers on all of the connections, and then use a meta-data analyzer to see what nodes spike more than others, and follow them around, get the data streams and crack the encryption same way as above. The way like what was said above, is not to crack the tool, but find vulnerabilities in the Net Architecture. Tor is not a good standalone tool. Unfortunately tools like Foxy Proxy that make proxy servers more random use Legacy Technology, that is full of all kinds of security holes. Tor is better than nothing, but it is hardly a panacea.
I wrote an article on this stuff below:
Subscribe to comments on this entry
Leave a comment
← Friday Squid Blogging: Squid Cooking Techniques The CIA's "Development Tradecraft DOs and DON'Ts" →
Sidebar photo of Bruce Schneier by Joe MacInnis.
AlexT • March 13, 2017 6:49 AM
Hmm rather puzzling. I guess the only rationale is that they are still exploiting this vulnerability?