[tor-talk] What's better than Tor for criminals?
griffin at cryptolab.net
Sun Jun 7 04:58:33 UTC 2015
Max Bond wrote:
> Organized criminals will probably achieve better operational security
> conducting themselves in the real world as much as possible. This is
> not an
> option available to a lone dissident in an oppressed country.
Indeed. There's a great quote from Eliot Spitzer, who used to be a
prosecutor working on mafia cases in New York. He said, "Never talk
when you can nod. And never nod when you can wink. And never write an
email because it's death. You're giving prosecutors all the evidence we
Much of crime relies on face-to-face trust networks to plan and
execute their projects (for lack of a better word). This reduces the
chance that there will be lasting evidence that investigators can use.
Tor doesn't log connections, but that doesn't mean that a criminal
wouldn't reveal themselves in other ways. This is why I always tell
activists and journalists that Tor can only be one part of their
With online crime, botnets are de rigueur, since you can rent them or
easily create them (or pay another criminal to create them). Criminals
use them as proxies to cast suspicion 1) away from themselves and 2)
onto someone who is completely innocent. Depending on how sophisticated
a criminal is, they can connect to compromised machines in sequence,
making their own pseudo-onion-routing-network. They can also remove
logs and most common botnet software can be configured to remove itself
(!) after a certain amount of time or if it can't connect to the command
& control platform. Botnet-based crimes are the ultimate
multi-jurisdictional problem, since known victims can be in dozens of
countries, with dozens of investigations ongoing and many many victims
trying to prove their innocence at once.
But yeah, there's a lot going on in the world of crime, but the vast
majority of it is offline.
> On Sat, Jun 6, 2015 at 11:50 AM, <torlove at ruggedinbox.com> wrote:
>> I'm an avid tor lover and user.
>> I'm trying to understand a statement I've heard a number of people on
>> Tor team and in the Tor community repeat over the years and was
>> if it could be explained.
>> The statement: Paraphrasing, it's been said several times, by Roger,
>> "Criminals have much better options available to them than Tor for
>> internet anonymity."
>> I'm trying to understand what these options are and why don't we
>> non-criminal tech savvy people have some of these better options?
>> Is this just talking about the option of using encrypted botnets, or
>> there other additional options that criminals use?
>> What are these criminal anonymity methods that are stronger than Tor?
>> Thanks all!
>> tor-talk mailing list - tor-talk at lists.torproject.org
>> To unsubscribe or change other settings go to
“Sometimes the questions are complicated and the answers are simple.”
― Dr. Seuss
More information about the tor-talk