You are viewing a single comment's thread from:
RE: Catching a hacker... how much does media play upon public ignorance?
As far as Tor goes, I don't think Tor is as anonymous as people think. I'll go on record and say I do not think Tor can protect a hacker from the capabilities of the NSA or from the FBI. Too much can go wrong in the hardware and software even if Tor were implemented perfect. By design Tor is also flawed because it is vulnerable to stings and other attacks.
It is not perfect. It can be compromised but you need to plan for it. That is why I say a sting. You have to catch them in the act.
It cannot be done AFTER THE FACT like would be the case with these so-called Russian hacks.
I suspect it is being monitored continuously by the NSA and many other agencies. I also suspect many hackers who even download Tor from the official website are under some kind of monitoring just based on that. Of course I cannot prove anything I say so take it with a grain of salt.
Also TOR was just an example. TOR is just one networking stack designed not to keep logs, and to strip identifying information if possible from packets (it may not even do that). It is totally possible to role your own stack and build your own anonymizer if you compromise a machine with root access. You'd have to know what you are doing, but it is doable. So TOR is the most common and well known, but it does not use specialized hardware, it just uses techniques developed by that community and working on THEIR agreed standard.
I am not saying this happened. I am merely expressing it as an option.
In reality if it were a Russian citizen hacker they would probably use TOR. If it was a Russian State hacker and they were good I doubt they would. That is total speculation. That is all we can really do without access to information.
Yet I also do not believe this should be pushed like it is in the news PUBLICLY if it is classified.
It is then stirring up hostility and conflict with the only thing backing it being "trust us because we say it is the case" by entities that have proven untrustworthy.
The way you counteract it is by monitoring packets at various points around the world. If you can find the same pattern at different points and monitor it traveling for a bit you can use that to eventually identify entry and exit points from TOR.
Then you have to go through the process of talking to server admins, getting access to logs, etc.
There is no simple TRACE THIS ACTIVITY back to its origin unless you have compromised every hop between point A and B and know to be looking for it.