Meet the new hackers: Johnny Law

Who just pwned the Tor anonymity network? All signs point to the hackers at the FBI

Page 2 of 2

Today it's Tor, tomorrow it's ... ?

I don't think any reasonable person can have a problem with the FBI going after a child porn merchant, especially if indeed it obtained court approval first. The problem is what else that software can be used for. What other seemingly anonymous Tor users could be outed? Like, say, any of the whistleblowers that have been filling the headlines lately? Remember, the New Yorker Magazine's Strongbox alternative to WikiLeaks also operates as a hidden service on Tor.

This is not a new problem, nor will technology alone make it go away. Just last week I had a conversation with the CEO of a company that sells communications encryption hardware. Plug one of this company's AES256 chips into your phone, put one in your recipient's handset, and you can have a conversation without worrying about whether the NSA, Chinese spies, or anyone else is squatting in between you with their finger on the Record button.

I asked him the obvious question: What's to keep the bad guys from using his technology to evade detection? His response was that his company always performs thorough background checks before it sells anything to anyone -- and certainly won't do business with anyone one hailing from the U.S. government's short list of verboten countries.

Since many of his clients are in the federal government -- he mentioned the DOD, but refused to confirm or deny any three-letter agencies -- his company has a keen interest in avoiding any suggestion of criminality. But background checks only go so far (remember, Ed Snowden and Bradley Manning both passed theirs), and there are certainly encryption companies with fewer scruples.

The other obvious question I asked: If one of the endpoint devices in the communication gets compromised, isn't that essentially game over? If the spooks can listen in on one end, doesn't that make encryption moot?

His response: No one in the security business will ever tell you any solution is 100 percent secure.

I guess the same now goes for the world of anonymity services.

Would you still trust Tor to mask your real identity? If not, what would you use? Post your secret solutions below or email me:

This article, "Meet the new hackers: Johnny Law," was originally published at Follow the crazy twists and turns of the tech industry with Robert X. Cringely's Notes from the Field blog, follow Cringely on Twitter, and subscribe to Cringely's Notes from the Underground newsletter.

| 1 2 Page 2