This is a post series on cyber crime. For more posts click here or the cybercrime tag below.
Maybe the bigger question is why don’t seem to get that they have a real problem. Look the real world is having a real problem with TOR based crime from malware and ransomware crooks. The reason that these people are able to get away with what they do is that they can hide behind the anonymity that TOR provides. Which lowers the risk side of the risk/reward equation. Which is leading to more individuals and institutions being hit. Look, the people being hit now aren’t big corporations, they are frequently people like the woman in the local senior center that got hit with the child porn ransomware recently. Or just people who accidently click on the wrong link in an email.
The fact is that these people need to be shut down, hard. I’m going to reiterate the fact that these people are encrypting medical data in hospitals. There’s also the fact that the reasonable user shouldn’t have to be constantly afraid that merely using the internet will allow some clown to wreck their lives. In the long term, everybody has an interest in keeping the internet safe for users. That’s especially true for those who want to keep government intrusion to a minimum.
Consider this, this woman developer at TOR can’t understand why the FBI might just want to talk to her. She obviously doesn’t pay too much attention to the news in her own profession, let alone the news in general. Let me put it this way, hitting hospitals is a great way to attract law enforcement attention.
She claims that there have been many phone calls from FBI to her parents’ home requesting Isis to contact them.
In response, Isis has asked her lawyer to get in touch with the FBI agent who contacted her.
Recently,the Tor developer has published a blog accusing the FBI of harassing her for the last six months.
The Tor Developer and the FBI
It started when an FBI agent Mark Burnett turned up at Isis’ parents’ home last November.
On finding no one at home, he left behind a card (with an additional phone number) asking the Tor developer to contact him.
Given the fact that FBI is interested in anything that is related to Tor, Isis quickly involved her lawyer who requested that FBI should direct all questions to Isis and her family through him.
The FBI agent on the other end of the line quickly agreed and informed the lawyer that he would call back in five minutes’ time.
However, in the call made by Mark Burnett five minutes later, he expressed the opinion that he did not believe that the lawyer represented Isis.
He also added that though a phone call from the Tor developer would suffice, the FBI would be only too glad to meet her in person.
Burnett had also warned the lawyer that they would ask her questions directly in case they ran into her on the street.
The Tor developer and her lawyer discussed the range of topics that FBI would want to know about, including the Carnegie Mellon University attacks on Tor, request for backdoor entry into a software package, issuance of a subpoena to someone else, etc., but are clueless.
It was around the same time that Isis was making arrangements to move into Germany permanently.
At this point it looks like Ms. Lovecruft should be served with a subpoena and possibly be extradited back to the US. She’s already got an attorney, good, but at some point she needs to talk to these people. Look, real people are getting hurt here. There’s a limit to pointless moralizing when others are losing their rights as a result of your work.
It looks like the government it trying to do things the hard way. Which is good, because sometime the hard way is the only way to get the job done. The thing is though is that the government shouldn’t have to. The TOR people seemed to have no trouble finding, doxxing and expelling the Carnegie Mellon people from the network, they can’t police the bad actors themselves?
TOR seemed so proud that they stopped the “intrusion” from the government. Yet the extortion schemes, drug dealing to kids and the rest are allowed to go on under the protection of some unknown right to privacy. But what about other people’s right. Don’t I have a certain right to my data that was encrypted? I didn’t ask for somebody to encrypt my data and then demand ransom. How was MY privacy and security rights maintained by TOR’s desire to maintain anonymity.
Here’s an open question to TOR. How are you people NOT responsible for allowing the kind of thing that happened to me to continue for years? And going forward, are you willing to turn the bad apples in to maintain the anonymity of the network? Because if you cannot police the network, it’s going to be destroyed. How long does TOR continue to enable bad behavior before they become bad actors themselves? It seems to me as if they are dangerously close to that line already.
Here’s a proposal. Tor puts up a complaint forum where people can report things like the ransomware that I got. TOR goes to the node in the message and kills it, then sends a message that they have 24 hours to turn cease and desist and turn over the keys to the files they encrypted or they get doxxed and turned over to law enforcement. That way the anonymity of the network can be maintained. Look I just want my pictures back, no harm, no foul. But this can’t continue or there is going to be real consequences.