All the recent dark net arrests seem to be pretty vague on how the big bad was caught (except the IM admin’s silly opsec errors) In the article they say he clicked on a honeypot link, but how was his ip or any other identifier identified, why didnt tor protect him.
Obviously this guy in question was a pedophile and an active danger, but recently in my country a state passed a law that can get you arrested if you post anything the government doesnt like, so these tools are important and need to be bulletproof.
Tor was always comrpomised, the point has never been to be uncrackable, the point is that tracking down an induvidual user is enough effort that it can’t just be done on mass like with normal internet traffic. If you draw direct attention to yourself then it isn’t going to save you.
Exactly. Tor was originally created so that people in repressive countries could access otherwise blocked content in a way it couldn’t be easily traced back to them.
It wasn’t designed to protect the illegal activities of people in first world countries that have teams of computer forensics experts at dozens of law enforcement agencies that have demonstrated experience in tracking down users of services like Tor, bitcoin, etc.
Welp repressive countries have more stringent teams of computer forensics experts now. Though compared to our neighbours i wouldn’t call my country repressive(yet)
Why wouldn’t tor be compromised?
I would assume that because it is a popular open source software relied upon by millions that it theoretically shouldn’t?
It’s just that if I were the FBI, or the CIA, or a large criminal organisation, why wouldn’t I be putting a lot of money and the best people I could find on sneaking backdoors for tor into the onion somehow. What a treasure trove of the most potent information there is there! If you can crack tor, you own the keys to the underworld and enough blackmail fodder to get you almost anything you want.
Let’s see here…
Potato Chat - This is the first I’ve heard of it so I can’t speak to it one way or another. A cursory glance suggests that it’s had no security reviews.
Enigma - Same. The privacy policy talks about cloud storage, so there’s that. The following is also in their privacy policy:
A super group can hold up to 100,000 people, and it is not technically suitable for end-to-end encryption. You will get this prompt when you set up a group chat. Our global communication with the server is based on TLS encryption, which prevents your chat data from being eavesdropped or tampered with by others… The server will index the chat data of the super large group so that you can use the complete message search function when the local message is incomplete, and it is only valid for chat participants… we will record the ID, mobile phone number, IP location information, login time and other information of the users we have processed.
So, plaintext abounds. Definite OPSEC problem.
nandbox - No idea, but the service offers a webapp client as a first class citizen to users. This makes me wonder about their security profile.
Telegram - Lol. And I really wish they hadn’t mentioned that hidden API…
Tor - No reason to re-litigate this argument that happens once a year, every year ever since the very beginning. Suffice it to say that it has a threat model that defines what it can and cannot defend against, and attacks that deanonymize users are well known, documented, and uses by law enforcement.
mega.nz - I don’t use it, I haven’t looked into it, so I’m not going to run my mouth (fingers? keyboard?) about it.
Web-based generative AI tools/chatbots - Depending on which ones, there might be checks and traps for stuff like this that could have twigged him.
This bit is doing a lot of heavy lifting in the article: “…created his own public Telegram group to store his CSAM.”
Stop and think about that for a second.
I haven’t been following the DNM seen much. Are there any good sources on the recent busts?
Mental Outlaw and seytonic on YouTube usually provide pretty good coverage.
