Debunking (Mostly) Torgate – Operation Onymous
The recent Operation Onymous raids, in which European law enforcement claimed to have taken down 400 darknet market sites, have turned a floodlight on Tor, the shorthand name for The Onion Router Project. The seeds of a conflict that were planted last summer have blossomed into all out war, with Pando writer Yasha Levine & friends on one side, and the Tor development team on the other.
The conflict began in a fairly innocuous fashion. Security researcher Jacob Applebaum (@ioerror) and others published a report on the effort of governments to track Tor users, with the underlying assumption that anyone using an anonymizing network must be a terrorist. Two weeks later Yasha Levine (@YashaLevine) published Almost everyone involved in developing Tor was (or is) funded by the US government, which contained this stinging indictment of the system and those who maintain it:
NSA? DoD? U.S. Navy? Police surveillance? What the hell is going on? How is it possible that a privacy tool was created by the same military and intelligence agencies that it’s supposed to guard us against? Is it a ruse? A sham? A honeytrap? Maybe I’m just being too paranoid …
Unfortunately, this is not a tinfoil hat conspiracy theory. It is cold hard fact.
Tor’s origins at the U.S. Naval Research Laboratory were not any secret. The Navy wanted a way to hide certain types of traffic and an application level proxy spread across three or more intermediate nodes fit the bill. Scratching your head as to what that actually means? Be patient, it’ll become a bit less unclear later.
And we are not ‘just’ removing these services from the open Internet; this time we have also hit services on the Darknet using Tor where, for a long time, criminals have considered themselves beyond reach. We can now show that they are neither invisible nor untouchable.
This was the first of many “sky is falling” pronouncements about Tor, which has been a horrible nuisance to law enforcement. The documents in the Snowden leak contain a presentation called “Tor Stinks”, so the sudden claim that it was completely broken by an agency with a fraction of the NSA’s resources just didn’t sound right.
One of the sites that went missing was doxbin. There was a public exchange between the site’s proprietor nachash (@loldoxbin) and Jacob Applebaum (@ioerror), then an interesting post appeared on the Tor developer’s list. Nachash is a keen observer of intrusion methods and doxbin lacked most of the attack vectors available on the darknet markets.
A few days went by and law enforcement’s grand victory was starting to look pretty shabby. A third of the 400 sites were old addresses, things that were idled the last time Tor published a major update and told hidden service operators to re-key their systems. A third of all of the sites were hosted in a single German facility that presumably had lax standards in identifying their customers. The takedown of Silk Road 2.0 itself happened due to internal betrayal, and there were whispers about the other missing sites. Tor vulnerability moved from being the centerpiece to a sideshow for the opsec failures of the darknet markets, and we knew that thanks to the observations from doxbin.
Nine days after Operation Onymous, Yasha Levine returned to the topic of Tor funding, responding to comments from the summer and fall, made by Tor developers Andrea Shepard (@puellavulnerata) and Jacob Applebaum, as well as First Look security guru Morgan Marquis-Boire (@headhntr), and ACLU privacy expert Chris Soghoian (@csoghoian). Some of the comments on Levine’s July article were a bit over the top, but Applebaum and Marquis-Boire remained reasonable.
December 9th – Diplomat Deployed
The internet before the web was created had a service called Usenet news, thousands upon thousands of discussion groups, and the flame war was the fundamental unit of dialog for contentious issues. The form is well established, and when things go as badly wrong as they did in this encounter, some neutral third party will show up to mediate. Quinn Norton (@quinnnorton) stepped into the breach with 2,500 well-reasoned words, commissioned by Pando editor Paul Carr (@paulcarr).
The computer security and net freedom community have come up in the abusive environment of contemporary social media, and this has created a culture of constant combat and defensiveness. They take criticism with flame throwers on full throttle. But I believe all sides of this debate can be settled through clearer, gentler, and more candid communication.
December 10th -Further Escalation
Pando’s Paul Carr came out with an article accusing the Tor Project of engaging in the same dirty tricks used by the spies they claim to hate, complete with a slide from an NSA presentation. This seems to have been triggered by an article in The Guardian accusing Pando of cyberbullying, without having bothered to contact them. The Guardian contributor who wrote the article had a good track record and his editor let this piece through without catching the problem.
December 11th – @YourAnonNews Beclown Themselves. Again.
Andrea Shepard was displaying signs of serious stress, despite having eliminated one of her tormentors with a precise and entirely warranted dox.
What The Heck Actually Happened?
Jacob Applebaum and another researcher published a study about the NSA’s hunt for terrorists. Merely visiting the Tor Project site, presumably to download their browser bundle so you can use the anonymizing network, is enough to make you a potential terrorist in their eyes.
Yasha Levine read that report, dug in and found that the Tor Project’s funding was mostly from government agencies, and this struck him as odd. “How is it possible that a privacy tool was created by the same military and intelligence agencies that it’s supposed to guard us against?”
Feeling stung by the Pando criticism, the Tor Project people responded, and a tit for tat escalation ensued. Now something that the intel agencies could not social engineered in their wildest dreams is happening: Anti-authoritarian Pando and a different flavor of anti-authoritarian, Tor Project, are engaged in an Internet extreme trolling cage match.
Whose Fault Is It?
Yasha Levine, obviously.
Levine facts are correct and his journalistic work was complete, he wasn’t cherry picking information, and it is highly unlikely he’s being paid to mess with Tor. Things are just not that simple; there are nuances that are hard to understand unless you’re a software developer and a keen watcher of issues associated with applied cryptography.
The work of the Tor development team does happen in the open under the watchful gaze of many people who have a real problem with the NSA’s surveillance dragnet. The idea that they are managing to pull a fast one on that entire group is a nonstarter. Where the NSA may have corrupted, Tor happens at a lower level, in the creation of cryptographic standards via NIST, the National Institute of Standards & Technology. There are periodic discussions about the possibility that some clever mathematician has left an intentional gap in a cipher that is headed for standardization & recommendation.
This is a terrible painful lesson for journalists, but none of them should touch a story like this one without having someone who understands open source development and a good bit about cryptography available to double check their assumptions.
But Is Tor Safe?
This is the question on everyone’s lips after Operation Onymous, and unfortunately there isn’t a simple yes/no answer. Hidden service operators are at risk right now, because the location of Silk Road 2.0 appears to have been accomplished in part with an 0day, a previously unknown resource exhaustion attack. It appears that investigators knocked out services including remote administration via Tor, inducing system owners to log in using actual IP addresses.
Users face fewer risks unless they are handling ‘radioactive’ content such as child pornography or something truly terror related. Users are safer if they conceal their location from the Tor network itself, which can be done by using a VPN prior to Tor. If the user chooses a Zero Customer Knowledge VPN they are adding another layer of protection that is essentially as good as Tor itself. The first provider to do ZCK VPN, Cryptostorm, has recently released Torstorm, an inline service that permits their users to access Tor hidden services without showing any signs that they are using Tor.
Does an application level proxy such as Tor, spread across multiple nodes, protect you? Does it protect you if you take the additional step of using a VPN first? The answer is a firm maybe. You really need a network engineer’s skill set to validate your approach, and that is an unreasonable expectation for a modicum of privacy in communications.
Stepping back, these things are not just technical problems; they’re legislative issues. Admitting we lost the war on drugs would free up law enforcement resources to deal with crimes that have both a perpetrator and a victim. Defunding the NSA dragnet, which causes more problems than it solves, would put law enforcement back where it’s supposed to be, tracking actual crimes. Both Pando and Tor Project can agree on this point.
Truth & Reconciliation
Quinn Norton’s 2,500 word peacekeeping essay was as fine a piece of statesmanship as we could wish for in the current circumstances. Everyone should take the time to read it, not just skim. Yasha Levine and the rest of the Pando crew should take her up on her offer to facilitate them understanding what Tor can and can not do.
The Tor developers also need to sheath their swords. This is an unfortunate episode for all parties involved, but the recent inappropriate statement from @YourAnonNews is representative of what will come if this breach is not healed. The psyops players who actually are connected to the government are no doubt delighted by this turn of events.
If @paulcarr, @YashaLevine, Jacob Applebaum (@ioerror) and Morgan Marquis-Biore (@headhntr) want to do the right thing, they should seek advice from @quinnnorton and @BiellaColeman. This conflict is harming not just those involved in it, but the wider community of those who use Tor for privacy and those who read Pando for its excellent journalism.
(Full Disclosure: This post’s author recommends both Tor and Cryptostorm, where appropriate, in the course of both privacy advocacy and consulting work.)