FBI couldn't get my husband to decrypt his Tor node so he was jailed for 3 years
133 comments
·September 16, 2025tptacek
tptacek
OK, I think I found the original thing Rockenhaus was convicted of.
Back in 2014, Rockenhaus worked for a travel booking company. He was fired. He used stale VPN access to connect back to the company's infrastructure, and then detached a SCSI LUN from the server cluster, crashing it. The company, not knowing he was involved, retained him to help diagnose and fix the problem. During the investigation, the company figured out he caused the crash, and terminated him again. He then somehow gained access to their disaster recovery facility and physically fucked up a bunch of servers. They were down a total of about 30 days and incurred $500k in losses.
(He plead this case out, so these are I guess uncontested claims).
petcat
If all of that is true, then that is a very serious CFAA charge. It makes sense that they would want to downplay it as "minor" and "not relevant". It sounds like the parole violations came later? In any case, thank you for researching. There is always more to the story.
ajsnigrutin
Yep...
Ssutting down the server (you solely maintained) before leaving would be "minor" to me... intentionally causing damage, earning money from that, getting caught, and again causing physical damage.. that's pretty "major" to me.
segmondy
good find, there's often more than meets the eyes in these stories. folks forget that the court/case records will reveal hidden details.
ranger_danger
Yep, and people forget that news is often only news because it's not normal. Otherwise you simply wouldn't hear about it.
People take this to the extreme and think that their country is somehow a lawless hellscape where police are openly shooting innocent people, dragging them from cars for seemingly no reason etc... but those stories make the news precisely because it's not the norm.
tehwebguy
Oof. Any links to this one?
DharmaPolice
While I'm sure this is criminal behaviour it seems debatable that this dude is a danger to the public. But there may be more to it I guess.
crazypyro
He was also placed under electronic monitoring program and immediately went about installing a VM to allegedly circumvent the monitoring software along with searching for a very controversial website relating to pedophilia...
He also lied about using his computer, his wife told on him to his parole officer, according to the court documents.
He was on parole for DDOSing* a former employer...
*Ah, I see your update, guess it was less distributed and more direct denial of service with the physical destruction and all.
scoopertrooper
Yeah, I read that transcript supplied in the Reddit thread and I was thinking to myself “why would you include this as evidence to support your case”?
The wife makes a big deal about how one of the agents testified that Spice was an operating system, then she went on to falsely claim that it was merely a “graphic driver”. However, later in the in the transcript another agent corrected the error of the first agent and explained to the court that Spice was a means of accessing remote VMs, which could be used to circumvent monitoring software.
This combined with the fact that there was no internet activity subsequent to the software being downloaded is pretty damning evidence.
nelox
Yeah, but apart from that …
iLoveOncall
You forgot to mention that in the hearing linked on the Reddit post it is shown that he made a search about a pedophile association as well right before downloading Spice.
Page 28, lines 3 to 8 on https://rockenhaus.com/wp-content/uploads/2025/09/U.S.-v.-Ro...
slekker
This needs to be higher up, it is very damning
ivape
We have to consider that crime on the internet is as real as crime in real life. Funny to say it out loud. Criminals move a certain way and just because you are a nerdy tech dude doesn’t also mean you’re not a gangster.
Edit:
Reminds me a lot of the lives of people in this saga:
https://www.amazon.com/gp/aw/d/B01L8C4WBG/
The poor wife, “can you stop being a criminal for like, one month, please?”.
jMyles
This always happens though. Every time someone is thrown in a cage unjustly, the state tries to redirect us (yes, us, here in this forum and others like it) to look at other details of the situation, whether it's details of the person's political or personality or, in this case, details of this (also seemingly unjust) probation violation.
Who cares if he smoked weed or installed a VM or evaded a government keylogger? Those are all really shitty reasons to put someone in a cage, whether it's couched as "probation terms" or not.
RandomBacon
It seems like those are very easy terms to follow, that he agreed to.
If someone who did some serious stuff, couldn't follow easy terms, it is cause for concern.
gruez
> the state tries to redirect us (yes, us, here in this forum and others like it) to look at other details of the situation
Isn't the reddit post doing the same thing by trying to imply he was jailed for running a TOR node when he was officially jailed for breaking parole terms? Even if they think those were just excuse to jail him, the refusal to acknowledge those details makes the account at least deceptive.
pjc50
I'm reasonably anti-carcerial, but he did actually commit a crime, and one of the conditions of release from that crime was agreeing not to do those things - that's what probation means - an agreement he promptly broke.
There has to be some penalty for noncompliance or you get more of it.
iLoveOncall
You care if he was a pedo?
Go check page 28, lines 3 to 8 on https://rockenhaus.com/wp-content/uploads/2025/09/U.S.-v.-Ro...
1970-01-01
It's very important to get the official source on this one. Husband was legally restricted and being monitored by the FBI, so he decided to go install a VM to bypass the monitoring. It's not so much bravery against authority as it is hubris that got him 3 years.
https://rockenhaus.com/wp-content/uploads/2025/09/U.S.-v.-Ro...
yellow_lead
I've seen this other cases like this.
1. The fbi asks you to be an informant or "cooperate" with an investigation in some way.
2. If you refuse, they investigate you, and basically throw the book at you.
potato3732842
Every government agency works this way to the extent that they are able to.
Your local building commissioner or whatever just has a lot less money and muscle on tap and much more circuitous access to court judgements in their favor than the FBI does. Differences in their strategic and tactical approach is a reflection of this.
juujian
Well, it's punching down. If you are a big corporation or otherwise have the means to fight back, you don't have much to fear.
bryanrasmussen
people talk a lot about how much they're against punching down, but I don't actually see that many people itching to take on Dwayne Johnson. The fact is for humans and organizations who are punching, punching down is generally their preferred method.
exikyut
This was posted only a month ago: https://thereader.mitpress.mit.edu/the-secret-history-of-tor... (https://news.ycombinator.com/item?id=44838378)
The article provides a good foundation for opposing arguments.
Excerpting:
> The researchers wanted to find a way to do the seemingly impossible — to give the military the benefits of a global, high-speed communications network without exposing them to the vulnerabilities of the metadata that the network relied on to operate.
> ...
> There are other implications, as well. For a CIA agent to use Tor without suspicion in non-U.S. nations, for example, there would need to be plenty of citizens in these nations using Tor for everyday internet browsing. Similarly, if the only users in a particular country are whistleblowers, civil rights activists and protesters, the government may well simply arrest anyone connecting to your anonymity network. As a result, an onion routing system had to be open to as wide a range of users and maintainers as possible, so that the mere fact that someone was using the system wouldn’t reveal anything about their identity or their affiliations.
> ...
> Anonymity loves company — so Tor needed to be sold to the general public. That necessity led to an unlikely alliance between cypherpunks and the U.S. Navy.
> The NRL researchers behind Onion routing knew it wouldn’t work unless everyday people used it, so they reached out to the cypherpunks and invited them into conversations about design and strategy to reach the masses.
a2tech
I don’t know if you watched those videos but even if he did commit a crime the marshals are way way over the line when they arrest him.
pluc
That's par for the course in America
StopDisinfo910
Based on the 2019 court transcript linked in the post, the reason for keeping him in jail during the pretrial are a lot more reasonable than how this is framed in his wife's post.
The FBI said he downloaded a client, here Spice, which can be used to access a VM and visited the tor project website to look into how he could download a Tor client. That happened in the 24h which followed him agreeing to electronic monitoring and voluntarily installing a spyware. The CFAA charge seems to be sealed but I'm far from convince it's a minor work related issue.
If you read the website, they keep firing their attorneys and pretending they are colluding with the government to keep him in jail. Parts of the description are frankly bizarre. It seems they are actually suffering for paranoia.
I would read the post with a huge grain of salt.
thrownawayfbi
I can attest as a personal experience in the past that this kind of behavior is not uncommon with feds, and has happened even before the current administration. I've had a five years probation in the past for what the FBI argued that I "hacked" some company from changing the URL in specific ways, not to mention the "clear hacking tools" I had installed in my computer, e.g CCleaner. You know something is wrong when you literally have 98% chance of losing in court against the FBI. They are corrupt and incompetent.
rdtsc
> I can attest as a personal experience in the past that this kind of behavior is not uncommon with feds, and has happened even before the current administration
One the first comments on reddit was actually:
> … in trump's america lmao
Someone had to awkwardly point out it was biden’s america. Which makes it easier and saves keystrokes: it’s just “america, lmao”. Then other countries can be even worse so it’s “lmao”. And soon enough they are just laughing their asses off while the person stuck in jail.
> "clear hacking tools" I had installed in my computer, e.g CCleaner
I have always wondered if they are primarily that stupid or just evil and pretending to be stupid. I am leaning towards evil.
ksynwa
In my land of the free? No way.
podgorniy
Some are free. Some are not. __Like in good old times__
NoImmatureAdHom
The guy did bad things and got caught. The ridiculous wife's perspective doesn't include that he e.g. DDOS'd an employer.
null
lotsofpulp
And home of the brave.
alberth
I know this won’t be popular to say, but “guilt by association” is a real thing.
Unfortunately, Tor often carries a connotation tied to criminal activity.
And if you're operating (like this individual) something that is perceived to be criminal in nature, you're bound to be a target by law enforcement.
Note: I'm not stating whether or not what happened to this individual is right/wrong. But this should be a cautionary warning of what might also happen to anyone if you associate with things that are perceived as criminal in nature.
Bjartr
Guilt by association is much more a social construct, than a legal one.
The bar for legal consequences is expected to be much higher than mere association.
It has never been perfect, nor uniformly applied in all circumstances, but it is and should remain a nominal goal of the justice system. For that to no longer be considered the case, even in a casual conversation like this, is a devastating shift of the Overton window towards authoritarianism as the norm.
coffeecantcode
From my understanding, guilt by association is quite valid legally when it comes to Tor exit nodes, due to the fact that other people’s traffic appears as your traffic.
It may not literally be guilt by association, but they’re two parts of the same whole in this case, right or wrong.
nashashmi
Guilt by association: if a group of three approaches another in a confrontation, and one person punches another then would all three be seen as violent?
maz1b
By this logic, anyone who has had a Google Pixel and or is running GrapheneOS is guilty by association, right?
Just wanted to understand your point.
IlikeKitties
> By this logic, anyone who has had a Google Pixel and or is running GrapheneOS is guilty by association, right?
Yup. https://www.androidauthority.com/google-pixel-organized-crim...
Aurornis
The source for that article was a single cop in a single country (Spain) making an off-handed comment. The way it’s been spun as a universal concept in Europe by all of the Android blogs is misleading.
null
potato3732842
The part that should really enrage you is the way people will selectively understand this based on whether they agree or disagree with the context.
If some electronics repair guy repairing vehicle ECUs in bulk who doesn't ask questions but has an inkling that they're gonna get used for emissions laws violations got rolled up on by the feds for refusing to go out of his way to help them out HN would find all sorts of ways to cheer and justify it.
But when they do it to a tor node it's bad.
therealpygon
Pretty sure the questions start and end with “was it illegal”.
ToucanLoucan
As someone who works in this industry: we do ECU modification and repair and as such, have regular contact with the EPA. Our products all align with all required emissions regulation and testing, which is why we're allowed to continue selling them. If the EPA says jump, we ask how high.
I say this because this cultural vibe of government agencies kicking in your door for doing innocuous shit needs to die already, that is simply not how this happens. We get letters, we get calls, VERY occasionally we get visits and said visits are scheduled weeks, sometimes months in advance. We always cooperate and the relationship, therefore, is not adversarial.
Honestly we have way more fucking problems with huckster vendors trying to fuck us out of a few extra dollars on parts than anything to do with the big scary government.
While we're at it, fuck coal rollers with a cactus.
potato3732842
You, you are an instance of the problem.
For any given issue, subject, industry or niche there is always a you. And you are the enablers. Multiply by every equivalent idiot and niche and that's how you get the world in which some guy gets whacked for running a tor node.
If not that it would be some other niche, maybe some guy importing gray market power equipment to the chagrin of the branded dealers would be getting whacked. If not that then it's the amish farmers getting whacked over one of their many "in letter but not spirit" compliance measures.
Yeah, in every case the letters of the law are broad enough to nail these sorts of people but that's not an outcome the general public wants except for the occasional zealot on any given subject. And the equivalent enablers would be endorsing it just as you are now.
And at the end of the day your behavior (you plural) undermines the legitimacy of these institutions and the government they serve because these are outcomes that nobody wants, but single industry enforcement enough of a back burner issue that elections mostly don't get won and lost over them so the fire just keeps smoldering year after year (fed by our tax dollars, of course).
>As someone who works in this industry
Perfect illustrative example for one of HN's favorite quotes:
"It is difficult to get a man to understand something, when his salary depends on his not understanding it"
>Our products all align with all required emissions regulation...the relationship, therefore, is not adversarial.
You might as well compare a medium company with an encrypted file share service to some 1-man package maintainer for software that does the same. Who is law enforcement gonna try and abuse?
>While we're at it, fuck coal rollers with a cactus.
A bunch of reactionary yokels are a symptom of the degree to which your ilk has undermined the legitimacy of the laws they violate and enforcement agencies they thumb their nose at, not the root cause. If society solves people like you the yokels will mostly go away on their own. That is what I seek.
atmosx
Context plays a crucial role, especially within the Judeo-Christian tradition. So much so that it serves as a foundation for the design of the modern legal system.
s5300
>> But this should be a cautionary warning of what might also happen anyone if you associate with things that are perceived as criminal in nature.
Opioid painkillers are associated with “things that are criminal in nature” because a certain segment of every society does and will suck, nearly no matter what. Does this mean that everybody in pain should just suffer and let their education, career, and family be taken from them before their time?
null
s_dev
>But this should be a cautionary warning of what might also happen to anyone if you associate with things that are perceived as criminal in nature.
This would come off lot more legit if the current elected US president wasn't a convicted rapist and constantly promoting crypto along with his acolytes like Elon Musk.
ahmeneeroe-v2
> current elected US president wasn't a convicted rapist
Wow did this just happen today? I can't find anything about it online
/s
rich_sasha
I certainly sympathise, but actually don't find it at all surprising.
Tor is totally used for criminal activity. That doesn't mean it is inherently a bad thing, or that it is this guy's fault, but he can't completely wash his hands off it. If bad guys use the postal service, it's not the postman's fault, but he has to cooperate with law enforcement if they demand that.
I don't know about the US, but contempt of court is a thing in the UK at least. You can't refuse to submit evidence to court, including things like encryption keys or things only stored in your head - or face penalties including unlimited jail time.
Now, I get that this is the US so the arrest was dialled up to 11 and it seems all of this is extra-judicial - no court warrant etc. This is all very disappointing. But, to my non-expert eye running a Tor exit node is in the legal grey zone, and I guess you can't be too surprised when things like this happen.
mapontosevenths
> You can't refuse to submit evidence to court, including things like encryption keys or things only stored in your head - or face penalties including unlimited jail time.
This is a bit more complex in the US. We have the fifth amendment to our Constitution which says "nor shall [a person] be compelled in any criminal case to be a witness against himself."
So, we can't be made to testify against ourselves. This has sometimes been interpreted to mean that they can't compel cryptography keys that are stored in our brains, and sometimes has been interpreted the other way.
I'm unaware of any definitive decision that applies universally. I've heard some suggest that passphrases that are themselves an admission of crime are a workaround that ensures you can't be compelled to provide them.
jrecyclebin
Idk the punishment just doesn't match the crime. Can't they just confiscate the computer? Or pressure the ISP to cancel his account? Tbh I get that the Feds are going route around and through anything that stands in their way.
Instead we're left up to state thuggery.
NoImmatureAdHom
In the U.S. and much of the rest of the civilized world, you have rights. This includes the right to not self-incriminate (in the U.S. that's the 5th amendment). In general, except for very specific and limited circumstances, U.S. state and federal government actors cannot compel speech (telling your encryption keys is compelled speech).
The U.K. is fast sliding down the slope to being a dystopian police state. The idea that you can be jailed for refusing to provide encryption keys (except for really specific, narrowly-defined circumstances) is something that should induce nausea. I feel for you and your country, you accomplished such great things.
jansper39
I just saw that president Trump is thinking about prescribing 'Antifa' as a terrorist organisation and saying that he's 'not sure' their 1st amendment rights should apply.
I'd be a little more concerned about the state of US at this point.
doublerabbit
If you read above, he was wanted for IT sabotage, avoiding FBI monitoring and other disgusting acts such as browsing for underage pornography.
dvrj101
they are trying to set precedent. This can kill TOR or other privacy related services in USA easily in current environment.
antonymoose
Several years prior I had a coworker get arrested on CSAM charges because, you guessed it, he ran an Tor exit node.
Of course there was no reporting on the Tor aspect, just “local man arrested for CSAM” in the local papers. He eventually had the charges dropped after years of court battles, but his name is forever tarnished as a result.
This particular job we had a lot of idealist folks, two of whom ran relays - they immediately ceased to do so in the aftermath of the coworker’s arrest.
Aurornis
> This particular job we had a lot of idealist folks, two of whom ran relays - they immediately ceased to do so in the aftermath of the coworker’s arrest
Even from the early days of Tor I remember all of the warnings to not run an exit node in a country where internet activity was likely to lead to prosecution.
Running any sort of proxy (including Tor exit nodes) allows other people’s traffic to appear as your traffic. That’s the entire purpose of the software. You’d have to be willing and able to handle the consequences of any traffic any other person decides to send through the system.
Anonyneko
Reminds me of a similar case against Dmitry Bogatov in Russia in 2017, it was a big deal back in the day (though of course times have drastically changed and now something like this wouldn't even appear in the news over there).
nikanj
That's not the key precedent they are setting. They are working on a much more important case: Making the population understand that disobedience will result in punishment
lenwood
I know very little about cybersecurity, but my understand of TOR is that a node host wouldn't be able to offer much about the traffic coming across their server(s). The packages are encrypted and there is no entry or destination info, so he may be able to say how much traffic was coming across, but what else could he possibly know? Info on other nodes?
For whatever it's worth, the Reddit story here says that the federal courts used "fraudulent warrants to jail my husband again". Maybe! The other side of that story, via PACER, is a detailed parole violation warrant (you can hear the marshal refer to it in the video); the violations in that warrant:
1. Admitting to using cannabis during supervised release
2. Failing to make scheduled restitution payments and to cooperate with the financial investigation that sets restitution payment amounts.
3. Falling out of contact with his probation officer, who attempted home visits to find him.
4. Opening several new lines of credit.
5. Using an unauthorized iPhone (all his Internet devices apparently have keyloggers as a condition of his release).
These read like kind of standard parole terms? I don't know what the hell happened to get him into this situation in the first place, though.