|
|
|
|
|
|
by mike_hearn
4245 days ago
|
|
|
Knowing that Tor traffic comes and goes through a server isn't enough. Most data centers would not just hand over disk images just because a server is running Tor and a hidden service. You would need good evidence that the particular hidden service you seek is hosted at that particular data center. They can just enumerate every hidden service, figure out which ones are doing something obviously illegal, then once they locate a datacenter that is likely to be hosting hidden services e.g. accepts payment in Bitcoin, get netflow data and pump traffic at each hidden service in turn. When a synchronised block of encrypted traffic turns up at a host, there's your probable cause to go image the server: it's practically bulletproof evidence that the hidden service corresponding to some black market is running on that machine. The only bottleneck to this approach is finding the datacenters, but there aren't that many which accept Bitcoin for payment, and I bet intelligence agencies can easily provide a list of every colocation facility that is running long term connections to the Tor network. Heck they can probably identify the precise machines by doing traffic correlation automatically - it's the sort of task they'd be good at, and they have the infrastructure. |
|
|
FTFY