[tor-talk] potential leak on Torpedo

Neuman1812 neuman1812 at gmail.com
Mon Jul 21 17:07:05 UTC 2014

I read this on Reddit,  but I have to say.  Did he say anything new?  
Most of what was stated was already known or at least most guessed at it.

On 07/21/2014 10:31 AM, Eugen Leitl wrote:
> https://pay.reddit.com/r/TOR/comments/2b8oq3/please_read_if_you_usedepend_on_tor_never_before/
> Please read if you use/depend on Tor. Never before seen FH information.
> (self.TOR)
> submitted 16 hours ago * by Deepthroat2 [+1]
> Hello everyone, I have some information that I have been dying to share for
> months, but due to the circumstances, and to avoid detection, I had to wait
> for some time before I was able to safely make this post. My goal here is to
> provide information that I know is credible and for the Tor community to use
> it as they see fit, due to the nature of my work, and the severe penalties
> associated with breaking the rules and giving out information you aren't
> supposed too, I have no way of verifying or proving anything to you that I
> say here, I understand if find me less than credible, however, this is
> essentially a PSA, and you can take it for what it's worth to you.
> Just about one year ago, the Tor community was shaken by a Firefox exploit
> which utilized a javascript exploit and an old vulnerbility in the Tor
> Browser Bundle to unmask some users of Freedom Hosting. There has been
> rampant misinformation, and speculation to the point that I felt like pulling
> my hair out, or just simply bursting out into laughter when reading some of
> the outlandish claims made by people who have little to no idea what they are
> talking about. Today, I will set the record straight.
> The FH exploit was a government engineered, and deployed exploit that was
> designed in response to former Director Mueller's fustration at an earlier
> child pornography case in which the FBI was ridiculed for being unable to
> ascertain the source of child pornography, for those who aren't familiar with
> this case, it involved a man who had accessed child pornography by accident
> on a Tor hidden service, and then brought his desktop computer to the office,
> explaining what had happened and that he subsequently preformed a "Full wipe"
> on the disk.
> The agent who took the report had limited knowledge about Tor, however, at
> the time he knew that any directed effort to identify a specific Tor user was
> hopeless, and in the report he indicated that "There is currently no known
> way to ascertain the location of a Tor user, thus, no investigative leads
> exsist." This got leaked to the press, and they had a field day, hinting at
> the incompetency of the Bureau. Needless to say, the FBI had it's ego hurt
> quite badly by this public display of incompetency.
> Then Director Mueller directed the CEOS (Child exploitation and obscenity
> section) to find a way to penetrate the layers of protection provided by Tor,
> and to come up with a fesible way to conduct a sting operation in order to
> bring these people to justice. The FBI had previously conducted a sting on
> viewers of child pornography in a case out of Nebraska, that resulted in the
> arrest of about 25 people. This was the first successful take down of CP
> consumers that were utilizing a Tor hidden service.
> One of the errors that I see alot on these forums and others was that the
> Nebraska take down was done in a similar fashion to the FH exploit, with the
> code being deployed onto the pages of the boards, however, this is not the
> case. From my understanding, the Nebraska field office was able to find the
> actual server, take it over covertly, then upload a series of files that
> purported to be child pornography, but actually contained nothing but
> encrypted gibberish. They were video files that were embedded with code that
> called back to a computer that recorded the IP address of the requestor, date
> and time similar to the way windows media player attempts to recall album
> information and cover art for music cds and such. These were files that the
> user actually had to download and attempt to open. This is why the service
> was run for weeks, and only 25 people were identified as users. This method
> was described by the techs who deployed it as a "NIT" or "Network
> Investigational Tool".
> Now for Freedom Hosting....
> The javascript exploit could not be deployed directly on the servers which
> Mr. Marques was using due to either technical reasons, or legal requirements
> by the AUSA in Maryland. So the decision was made to clone the services
> exactly, and transport then to the home of the FBI CEOS in the Greenbelt
> division of Maryland. This location was picked specifically because
> sentencing in this district for Child Pornography crimes is more severe. It
> was July 31st of 2013 when the exploit actually went live, and tried to
> identify criminals. It was installed previously, however, there were
> technical problems early on and the code had to be revised 3 times before it
> was running as intended, it ran for about 11 days before being shut down.
> The amount of people identified by this exploit is still a closely gaurded
> secret, with only agents having a direct "Need to know" being privy to this
> information. Howver, the victory dance was short lived as news started
> flowing around that the evidence may not be admissible in court, due to the
> manner in which it was collected, among other reasons. Although proper
> warrants were issued, it would take atleast 4-7 years to comb through the
> list of suspects, and question, arrest each one. The major problem is that
> after about 12 months, the courts start to presume your evidence is
> prejudicial to the defendant because you're supposed to have an indictment
> and serve it on the defendant within 30 days, and that just wasn't possible.
> You can request an extension of this time, however you must present a new,
> fresh reason for doing so..."We still aren't ready" doesn't cut it. There is
> no statue of limitations for the crime of "Accessing with intent to view
> child pornography" so barring any other limitations, the FBI can come after
> someone 10-15 years later.
> The AUSA became uncomfortable with the prospects of his legal case against
> the exploitees of FH and went to the US Attorney. There was disagreement as
> to whether or not the evidence would be viable, however, the operation went
> on anyways. One of the victims of the FH exploit was a man by the name of
> Grant Klein from Vermont. The Bureau had made arrangements with the local
> police for assistance with the raid (This is pretty much standard operation
> procedure, and is done for the saftey of the agents, as well as to maintain
> professional courtesy. Local cops get butt hurt when you arrest people on
> their turf without them knowing).
> The FBI had provided the local police with court documents and the affidavit
> of arrest regarding the cirsumstances of Mr. Klein's warrant, which they
> promptly posted onto their press release against the wishes of the FBI. This
> resulted in the termination of atleast one employee from local PD.
> He was raided and before even being asked a question ,he began spewing a
> confession. His home was searched, and a desktop computer with no hard disk
> was found, as well a laptop computer belonging to his wife Susan. There was
> no illegal materials found on these, however, he had a smartphone in the
> drawer of a nightstand which contained illegal images of minors. He was
> arrested and charged with 3 seperate crimes.
> To make a long story short, the FH related charges were dropped because the
> FBI had crossed a legal line by offering up child pornography de novo, by
> shutting down the server, then bringing it back online hosting real CP. They
> were uncomfortable with the prospects of this case, and were able to use a
> leon good faith exception to admit the evidence they found on his phone to
> make a single possession charge stick, however, he agreed to plead guilty.
> The rest of the leads which lead to foreign nationals were then distributed
> accordingly to the various LEA's.
> Also, earlier this wekk, the UK police arrested 660 people as part of
> Operation Notarise.
> The operation name of the FBI takedown in Nebraska was "Operation Torpedo"
> This was a cute poke at both the method they used, and the users they
> targeted
> Torpedo - Navy missile
> Tor Pedo - Tor Pedophile.
> -DT
> moar comments on Reddit

More information about the tor-talk mailing list