Max Bond wrote:
Organized criminals will probably achieve better operational security by conducting themselves in the real world as much as possible. This is not anoption available to a lone dissident in an oppressed country.
Indeed. There's a great quote from Eliot Spitzer, who used to be a prosecutor working on mafia cases in New York. He said, "Never talk when you can nod. And never nod when you can wink. And never write an email because it's death. You're giving prosecutors all the evidence we need."
Much of crime relies on face-to-face trust networks to plan and execute their projects (for lack of a better word). This reduces the chance that there will be lasting evidence that investigators can use. Tor doesn't log connections, but that doesn't mean that a criminal wouldn't reveal themselves in other ways. This is why I always tell activists and journalists that Tor can only be one part of their security plan.
With online crime, botnets are de rigueur, since you can rent them or easily create them (or pay another criminal to create them). Criminals use them as proxies to cast suspicion 1) away from themselves and 2) onto someone who is completely innocent. Depending on how sophisticated a criminal is, they can connect to compromised machines in sequence, making their own pseudo-onion-routing-network. They can also remove logs and most common botnet software can be configured to remove itself (!) after a certain amount of time or if it can't connect to the command & control platform. Botnet-based crimes are the ultimate multi-jurisdictional problem, since known victims can be in dozens of countries, with dozens of investigations ongoing and many many victims trying to prove their innocence at once.
But yeah, there's a lot going on in the world of crime, but the vast majority of it is offline.
best, Griffin
On Sat, Jun 6, 2015 at 11:50 AM, <torlove@xxxxxxxxxxxxxxx> wrote:Hello... I'm an avid tor lover and user.I'm trying to understand a statement I've heard a number of people on the Tor team and in the Tor community repeat over the years and was wonderingif it could be explained.The statement: Paraphrasing, it's been said several times, by Roger, etc,that..."Criminals have much better options available to them than Tor for stronginternet anonymity." I'm trying to understand what these options are and why don't we non-criminal tech savvy people have some of these better options?Is this just talking about the option of using encrypted botnets, or arethere other additional options that criminals use? What are these criminal anonymity methods that are stronger than Tor? Thanks all! -- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- âSometimes the questions are complicated and the answers are simple.â â Dr. Seuss -- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk