The most popular anonymity network the Internet has ever seen has one glaring weakness: You.
Over the past several years, the decade-old Tor software has gained worldwide fame for enabling privacy-savvy citizens, political activists, smart journalists, and enterprising criminals to do their work without anyone spying on their Internet usage
Over the last year, however, several Tor users have been caught in high profile arrests, leaving some to wonder if the tool has a fatal flaw. According to a new report in the Wall Street Journal, there's one common denominator in many of these arrests: the user, and not the technology.
"There's not a magic way to trace people [through Tor], so we typically capitalize on human error, looking for whatever clues people leave in their wake," James Kilpatrick, a Homeland Security Investigations agent, told the paper.
Kilpatrick recently took part in Operation Round Table, a child pornography sting that has resulted in 25 arrests and the identification of over 250 underage victims.
The owner of the child porn site was first identified and eventually arrested because postal inspectors saw that he was “sending sex objects through the mail to juveniles,” Kilpatrick said. The owner pleaded guilty last week to charges that carry a minimum sentence of 20 years in prison.
Then there's Ross Ulbricht, the man allegedly behind Silk Road, who was arrested in October last year. It's not clear how he was first identified, but the FBI claims that a big break came from utter carelessness on Ulbricht’s part: He once used an email address linked to his real name: “rossulbricht at gmail dot com.” There’s nothing a tool like Tor can do to protect a user who hands his full name out to the world.
Numerous Silk Road staff members were arrested in the wake of the October 2013 shutdown. One big reason the FBI was able to identify so many of them is that they were required to provide proof of identity to Ulbricht himself, which built a house of cards that fell apart once the mastermind was arrested.
Jason W. Hagen, a 39-year-old Canadian accused of selling meth on Silk Road, apparently never paid taxes in his life despite making hundreds of thousands of dollars in the drug trade. That’s one easy way to attract the attention of authorities.
Olivia Bolles, an OBGYN who allegedly sold prescription pills on Silk Road with her husband, used the same nickname for Silk Road-related accounts and a separate eBay account connected directly to her identity.
The list of human error goes on and on. Meanwhile, leaked NSA documents suggest that intelligence agencies and law enforcement around the globe still cannot technologically defeat the increasingly popular anonymity software.
H/T Wall Street Journal | Photo via Jason Reed