[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: "Practical onion hacking: finding the real address of Tor clients"

Maybe a different approach, but how about this scenario. Real life practise, far beyond regulations and bureaukracy... 

Somebody contact his old fellow (out on a walk whit no bug mics around) saying: 
Howdoyoudo my friend, hear you was in some company with access to a storage of very secret certificates, huh? 

His buddy answer: 
Yeah! That´s top secret, peoples bank business would crash if that gets out, but sadly it also protect alot of criminals with secure connections, such as the Tor network. 

Yes, it´s terrible with all this internet criminality going on. Hey, you know what! I´m nowaday running my own ISP and many of my customers are in fact using that Tor so I can´t spy on them. 

Oh shit! How diguisting! Is there anything I can do to help you? 

Ehm... let´s think... we agree about this terrible Tor network, so if you please just give me a copy of the secure certificate of the Tor "cached-directory" server, then I´m gonna set up a fake spoofed virtual bogus copy of that server for my customers, but with the real certificate, to make them download my very special version of a "cached-directory" file. 

Wow, that´s great! Then when your customers try start Tor circuits, they get only your very special Tor nodes. It´s all in your computer. To fool them, you are connected to the real Tor network on the outside, but eavesdrops everything between it and your customers. How do you want it delivered? 

Well, i´ve finally decided you may borrow my yacht for your holliday vacation, and just by coincidence you take some work with you and by accident you drop a disk behind, when you leave. 

You are a genius! Thank you, thank you, I´ve allways wanna borrow your yacht, that´s fantastic! 

Later on, all between friends, more and more copys get out and finally somebody on the embassy of some very anti-freedom country get one, hand it over to their computer police, saying: Splendid, now we can execute internet users in millions every day! 

Now, what you think, fact or fantasy? 

http://www.fastmail.fm - Send your email first class