It’s very, very rare that a technical flaw or fault in Tor is hacked to reveal someone, and when that happens the Tor Project, the foundation that maintains Tor, fixes the problem quickly.
Read Also: ‘Deadpool 3′ Writers Ease Fans’ Fears About Disneyfication Of R-Rated Franchise
Nearly all people on the dark web aren’t caught by hacking. There’s nobody sitting in front of a keyboard in a darkened room typing furiously whilst muttering “I’ve penetrated the first firewall, but he’s routing packets from the tachyon field emitter through the main deflector dish.”
Nearly all Tor users are caught in meat space. If you’re selling drugs or illegal guns or something, the transaction on Tor is very difficult to trace, but at some point you need to move the drugs or guns or whatever in the real world—you can’t just download them. And that’s the point of entry.
The owner of the Silk Road was caught after postal inspectors found a mail shipment of ecstasy tablets. They went to the post office where it was sent from, found surveillance footage, discovered that the suspect used that post office over and over again, so they set up surveillance and caught him.
When they interrogated him, he told them about this dark web marketplace called Silk Road.
So Federal agents set up accounts on Silk Road posing as buyers. They bought drugs, arrested the sellers when the sellers shipped the drugs, then seized their seller accounts and used them to catch more sellers. Eventually they caught a person who was a trusted, high-level seller, and used that account to get the owner of the site.
Even cases where Tor is hacked don’t work like Hollywood says.
Back in 2014, police arrested a pedophile and found a huge cache of child abuse pictures on his computer.
The arrest had nothing to do with hacking or the dark web. When they interrogated him about the pictures, he said he downloaded them from a dark web site called Playpen.
So police did the same thing: set up fake accounts posing as buyers, luring sellers into sting operations, seizing their accounts, using the seized accounts to talk to other sellers, setting up sting operations, arresting those sellers, seizing their accounts, until finally they arrested someone who knew and was trusted by the site owner.
That led them to Steven Chase, the owner and creator of the site.
Hacking only came into it after that.
Law enforcement identified a security flaw in Tor that would allow downloading of malware. When they busted the site owner, they kept the site online for almost two weeks, rigged to download malware to anyone who visited.
The malware sent the computer’s IP address and location to a server. Police were able to identify and arrest all the people who visited the site during the two weeks they left it up after they seized it.
The flaw in Tor was fixed soon after.
Law enforcement rarely-bordering-on-never “hacks” Tor. Almost all dark net busts happen first in the real world, away from computers, and then move online when police pose as buyers or other sellers and set up old-fashioned sting operations.
