[tor-talk] What's better than Tor for criminals?

Griffin Boyce griffin at cryptolab.net
Sun Jun 7 04:58:33 UTC 2015


Max Bond wrote:
> Organized criminals will probably achieve better operational security 
> by
> conducting themselves in the real world as much as possible. This is 
> not an
> option available to a lone dissident in an oppressed country.

   Indeed. There's a great quote from Eliot Spitzer, who used to be a 
prosecutor working on mafia cases in New York.  He said, "Never talk 
when you can nod.  And never nod when you can wink.  And never write an 
email because it's death.  You're giving prosecutors all the evidence we 
need."

   Much of crime relies on face-to-face trust networks to plan and 
execute their projects (for lack of a better word).  This reduces the 
chance that there will be lasting evidence that investigators can use.  
Tor doesn't log connections, but that doesn't mean that a criminal 
wouldn't reveal themselves in other ways.  This is why I always tell 
activists and journalists that Tor can only be one part of their 
security plan.

   With online crime, botnets are de rigueur, since you can rent them or 
easily create them (or pay another criminal to create them).  Criminals 
use them as proxies to cast suspicion 1) away from themselves and 2) 
onto someone who is completely innocent.  Depending on how sophisticated 
a criminal is, they can connect to compromised machines in sequence, 
making their own pseudo-onion-routing-network.  They can also remove 
logs and most common botnet software can be configured to remove itself 
(!) after a certain amount of time or if it can't connect to the command 
& control platform.  Botnet-based crimes are the ultimate 
multi-jurisdictional problem, since known victims can be in dozens of 
countries, with dozens of investigations ongoing and many many victims 
trying to prove their innocence at once.

   But yeah, there's a lot going on in the world of crime, but the vast 
majority of it is offline.

best,
Griffin


> On Sat, Jun 6, 2015 at 11:50 AM, <torlove at ruggedinbox.com> wrote:
> 
>> Hello...
>> 
>> I'm an avid tor lover and user.
>> 
>> I'm trying to understand a statement I've heard a number of people on 
>> the
>> Tor team and in the Tor community repeat over the years and was 
>> wondering
>> if it could be explained.
>> 
>> The statement: Paraphrasing, it's been said several times, by Roger, 
>> etc,
>> that...
>> 
>> "Criminals have much better options available to them than Tor for 
>> strong
>> internet anonymity."
>> 
>> I'm trying to understand what these options are and why don't we
>> non-criminal tech savvy people have some of these better options?
>> 
>> Is this just talking about the option of using encrypted botnets, or 
>> are
>> there other additional options that criminals use?
>> 
>> What are these criminal anonymity methods that are stronger than Tor?
>> 
>> Thanks all!
>> 
>> --
>> tor-talk mailing list - tor-talk at lists.torproject.org
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>> 

-- 
“Sometimes the questions are complicated and the answers are simple.”
― Dr. Seuss


More information about the tor-talk mailing list