The FBI Identified a Tor User
No details, though:
According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts “unofficial propaganda and photographs related to ISIS” multiple times on May 14, 2019. In virtue of being a dark web site—that is, one hosted on the Tor anonymity network—it should have been difficult for the site owner’s or a third party to determine the real IP address of any of the site’s visitors.
Yet, that’s exactly what the FBI did. It found Al-Azhari allegedly visited the site from an IP address associated with Al-Azhari’s grandmother’s house in Riverside, California. The FBI also found what specific pages Al-Azhari visited, including a section on donating Bitcoin; another focused on military operations conducted by ISIS fighters in Iraq, Syria, and Nigeria; and another page that provided links to material from ISIS’s media arm. Without the FBI deploying some form of surveillance technique, or Al-Azhari using another method to visit the site which exposed their IP address, this should not have been possible.
There are lots of ways to de-anonymize Tor users. Someone at the NSA gave a presentation on this ten years ago. (I wrote about it for the Guardian in 2013, an essay that reads so dated in light of what we’ve learned since then.) It’s unlikely that the FBI uses the same sorts of broad surveillance techniques that the NSA does, but it’s certainly possible that the NSA did the surveillance and passed the information to the FBI.
thorvold • January 17, 2023 8:27 AM
The filing mentions that it is referencing a purported Top Secret document “Exhibit 2” from the timeframe of 2013. Based on that info, I am assuming this is a document purportedly from the Edward Snowden leak. The current policy of the government is that a classified document that is leaked is still classified until officially de-classified at a later date. Public access != Unclassified. The government is not going to acknowledge that the document is indeed classified in an open context because that would then confirm that the information contained in the document is likely true. Potentially the “fact of” information that the lawyer obtained in that document and then references in his motion may also be classified.
This would make the motion a derivatively classified document based on the inclusion of classified information in it. If the government managed to convince the judge that the information was still classified, then that would show the need required to seal the motion, without actually stating in open writing that the document was indeed true.