Here's What Happened When The Dutch Secret Service Tried To Recruit A Tor Admin
from the true-or-false? dept
Law enforcement keeps bumping into Tor, as Techdirt has reported many times over the years. So it’s understandable that the authorities are always looking for ways to subvert and circumvent the extra protection that Tor can offer its users when used properly. For obvious reasons, we don’t often get to hear exactly how they are doing that, but a fascinating post on the Dutch site Buro Jansen & Janssen purports to give some details of what happened when the country’s secret service tried to recruit a Tor admin. First, a caveat. The site says:
We received this story from a person who wants to remain anonymous. We conducted an investigation to the existence of this person and confirmed their existence.
However, that still raises the question of whether the site itself is reliable. It describes itself as follows:
A land-rights collective which has been publishing for 30 years on the expansion of repressive legislation, public-private partnerships, authorities, governmental actions and other state affairs.
Some might argue that means it has an axe to grind against the authorities and secret services, making its report less credible. That said, the site seems to contain a wide variety of solid information, and the post itself is plausible enough. It recounts how the Dutch secret service in the form of an older man and younger woman contacted the unnamed Tor admin:
They approached me and identified themselves with a badge of the Ministry of Internal Affairs and said they were working for the AIVD (Dutch secret service). They asked me to hear them out. I was in a state of shock and thought I had committed a crime but they immediately started to talk about on my studies. They made it clear they’ve read my thesis on IT security and showered me with compliments before they were firing a round of job offers at me.
Here’s what they offered and what they wanted:
They asked me if I was interested in traveling for a couple of years and for example work in Germany at a technology company while visiting the Chaos Computer Club’s hacker spaces to see what’s going on and report back to them. All my expenditures would be covered.
…
They also mentioned that occasionally there are hacker parties in Italy, Austria, Spain, and other countries, and they said I could see that as paid holidays. They were very honest about the fact that they were looking for foreign talent but mostly interested in keeping tabs on Dutch IT-professionals and hackers abroad. They emphasized on monitoring Dutch people abroad at least 3 times.
That’s pretty conventional stuff. But you obviously don’t try to recruit a Tor admin unless you are also interested in keeping an eye on Tor itself:
The old man who showered me with compliments suddenly said: “look, we know about your Tor-exit nodes, if you run them with us you will be able to make a living out of it, but if you don’t and something illegal happens, we can’t help you if the police visits your home and seizes your equipment.”
That threat was accompanied with a further warning not to speak to anybody about the conversation that had just taken place. Let’s hope that nothing has happened, or will happen, to the person involved for disobeying that instruction. Assuming, of course, that the post is genuine — something that Techdirt readers will doubtless have their own views about.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: aivd, law enforcement, netherlands, recruitment, tor admin
Comments on “Here's What Happened When The Dutch Secret Service Tried To Recruit A Tor Admin”
Little Dutch boy
Even if true the little Dutch boy (Dutch Secret Services) has their finger the dike.
dutch cake
really is dry isn’t it….
Ya think after all the spying anyone is gonna volinteer to be your stooges ….oh my you fools ….you have done your selves over.
Re: dutch cake
First principal of intelligence: Never, not ever, do you shut down a leak you know about.
Just make damned sure that the only information it gets is what you want it to get.
Some might argue...
“Some might argue that means it has an axe to grind against the authorities and secret services, making its report less credible”
Some might argue that if you’re a reporter reporting on facts you should state those facts, not attempt to slide them into a “some might argue” statement without saying which way YOU argue.
Some might argue that “has an axe to grind” is passing a judgment on an entire site. If done prior to reading the material that constitutes pre-judgment or in simple words prejudice.
Some might argue that “making its report less credible” is an attempt to claim exactly that lack of credibility without saying so.
Stop pussy-footing around. If there’s no issue why would you say these things? If there is an issue why would you not?
Innuendo and implied nonspecifics is the hallmark of the disparagement lawyer letters. Some might argue that if you have an axe to grind you should step away from the article and let someone without one write it. That would make the report more credible.
E
Re: Some might argue...
Techdirt has made no secret of its opposition to surveillance states and secret government agencies in general, and the Dutch are not exempt from that. However, Techdirt lacks the resources to confirm that the claims posted by that other site are true, since verification would mean not only that the site is legitimate, but also that the claims made by the self-identified anonymous Tor administrator to that site are true. We do not know if the person who made these claims is a Tor administrator, nor whether they experienced anything like the article describes. If Techdirt had not included some sort of acknowledgment that the claims are unverified, someone would have raised a fuss in the comments. Perhaps Techdirt should have used different phrasing to disclaim the verifiability. Perhaps not. I found the existing disclaimer clear enough. Techdirt’s author was caught between not reporting potentially true and interesting information or reporting information that was unverifiable. This attempts to split the difference by reporting it, but with a clear caveat that its truth is undetermined.
Re: Re: Some might argue...
So in other words, this is about as reliable as the Buzzfeed report on the Russian dossier on Trump.
Re: Some might argue...
So much hatred! It seems to me that Glynn stumbled upon this piece of info and did some of the fact checking but could not determine everything to be 100% trusted but given what he could check it could be reported on with caveats (that he thoroughly explained).
Which brings us to one healthy discussion: how many are running compromised exit nodes in the TOR network? What prevents someone to set up a node to let law enforcement spy on the traffic of said node? How do we know it isn’t a wide spread tactic already?
Instead of bashing Glyn we could be discussing the implications of the information if we assume it true. Shall we?
Re: Re: Some might argue...
As far as compromised exit nodes… a healthy chunk of TOR exit nodes are run by the NSA or Germany’s equivalent. Are they compromised? Depends on what you mean; every exit node will be run for a reason; libraries are starting to run them to provide more freedom of information from tracking, but right from the start, a large number of nodes were for research purposes. Carnegie Mellon’s research program showed how exit nodes could be “weaponized” by actors looking for specific behaviour, to tie it back to the original users. China has begun getting interested in exit node hosting so they can keep tabs on what sort of information people globally are trying to hide from their governments.
A Chinese exit node could care less if you were using the mdoe to illegally access copyrighted information; the German and US government exit nodes could care less if you were wanting to look up information on the Falun Gong or Tienanmen Square. The ALA doesn’t really care what you’re accessing as long as it’s not illegal, and some guy running a bunch to add legitimacy to his bulletproof server company in Belarus is going to be happy knowing that the above activities are going on, but masking his own enterprises.
"Some might argue that means it has an axe to grind against the authorities and secret services, making its report less credible."
yes people that have not paid any attention to … reality might find them credible
put it another way
the hippy(your implication) collective techdirt
which has been publishing for 15 years on the expansion of repressive legislation, public-private partnerships, authorities, governmental actions and other state affairs.
sorry Glyn you don’t get to play favorites if you want to be credible just cause you don’t think these hippy shits are more than liberals(in the phil ochs way) doesn’t make your sideways slap legitimate
I see my post has been killed because I critisized Glyn
Good jorb on free speach there say of
Re: I see my post has been killed because I critisized Glyn
I doubt your speach[sic] was chilled because you critisized[sic] Glyn.
More likely you were too wasted to hit “Submit”.
E
or it might just be me :(!
Apologizes everyone and glyn
not very patient at the moment
Post Hole Digger
What if Glyn isn’t real and this is a fake post about a fake post?
Re: Post Hole Digger
Fake inception! That must be a form of high level terrorism.
Re: Re: Post Hole Digger
Ah; but TechDirt doesn’t really have accounts does it? I thought that anything from someone with a profile was just a bot?
😀
Re: Post Hole Digger
You mean like a bunch of lying copycats with no original? Like some sort of Stand Alone Complex?
Carrot, Carrot, Carrot...
…STICK!!!
BuribJan
Maybe the leak is intentional
Just letting the hackers know that there needs to be more scrutiny about whom is let in to the party.
“A land-rights collective which has been publishing for 30 years on the expansion of repressive legislation, public-private partnerships, authorities, governmental actions and other state affairs.”
A copyright website which has been publishing for 20 years on the expansion of repressive legislation, public-private partnerships, authorities, governmental actions and other state affairs.
“making its report less credible.”
Does the above make TD any less credible?
Some will actually read the article and make an informed decision as to who is shoveling the bovine fecal matter.
“Techdirt readers will doubtless have their own views about.”
Sometimes when the “fake” news seems credible.
I dont think it is real though. The way he is approached doesn’t seem legit. You would think spy agencies would have profiled him better to see if he was a likely person to be a snitch.
They go from cupcakes and unicorns to “we can’t help you if the police visits your home and seizes your equipment.”
Re: Re:
That seems pretty standard to me; that approach probably works for 20% of those they approach. Most of the rest will be too worried to go public about it. Which is why this guy felt safe telling the story (likely with a few changes to protect his identity) as he’s likely not the only one they approached, and so isn’t singled out by going public.
Re: Re: Re:
I was about to comment on your view on just how many Dutch exit nodes there could possibly be (thinking it would be a very low number) when I thought I’d better check.
Turns out there are hundreds…
http://torstatus.blutmagie.de/