Yes, The FBI Used Malware To Try To Reveal Tor Users

from the confirmed dept

While some reports had suggested that it was the NSA involved, it seemed much more likely (as we predicted) that the FBI was behind the attempt to control Freedom Hosting's servers and effectively insert a bit of malware designed to identify users of the Tor Browser, who thought they were anonymous. And, now the FBI has more or less admitted it as part of its effort to extradite Eric Eoin Marques, the owner of Freedom Hosting from Ireland. The FBI has been known to use malware like this, though it had repeatedly tried to keep it away from investigations involving more technically savvy folks, who might discover it and reveal it to the world. Too late for that now, of course.

Freedom Hosting clearly hosted some very bad stuff, and there's nothing wrong with law enforcement looking to find and arrest those who are involved in criminal activities -- but when it reaches the level of installing effective malware and re-identifiying a ton of people who chose to be anonymous, many of whom are not criminals at all, it begins to raise questions about how appropriate (or legal) the activity really is. Taking control over all Freedom Hosting servers and inserting some code really seems like an incredibly questionable move.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Pixelation, Sep 13th, 2013 @ 5:45pm

    "...seems like an incredibly questionable move."

    Now standard practice for the US government.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Arthur Moore (profile), Sep 13th, 2013 @ 5:49pm

    Moral VS Legal

    The FBI needs to be careful when it comes to things like this. Even if it is legal, and I'm not saying it is, it certainly sets a double standard.

    Any time you have something along the lines of "Normal people can't do this, but the government can," you run into tricky balance of power issues. Even worse, if the government does something too often or particularly bad people start asking "Why can't I do this. If the government is doing it then it might be illegal, but it's probably not immoral."

    This doesn't even get into the abuse of power issues. Just compare the Lori Drew case to what the government has admitted to doing here. In the first they tried to twist a hacking law to apply to violating a websites Terms of Service. In the second, they deliberately hacked potentially innocent third party computers. This clear abuse of power is why many people don't trust the government, and are beginning to believe that laws have lost touch with their moral roots.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Sep 13th, 2013 @ 5:58pm

    Damn Irish, why don't they just follow the laws Congress passes?

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Pixelation, Sep 13th, 2013 @ 6:01pm

    Re: Moral VS Legal

    "... laws have lost touch with their moral roots."

    It's a lot worse than just the laws losing touch with their moral roots but those making them losing touch. Feinstein is a prime example.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous, Sep 13th, 2013 @ 7:05pm

    You'd think that if the government can do this, they could use this techinique against Silk Road, since it operates as a hidden service on the Tor network. But why would they, if they're the ones who run it?

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Sep 13th, 2013 @ 8:35pm

    "Marques allegedly dove for his laptop when the police raided him, in an effort to shut it down."

    Sounds like someone was using full disk encryption, without wiring up a panic button.

    I use the 'clapper' as my panic button. Clap on (clap clap)... Clap off (clap clap)... the clapper :)

    I'm joking. I don't have a panic button.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Rekrul, Sep 13th, 2013 @ 9:59pm

    Why isn't Marques being prosecuted in Ireland? Isn't child porn illegal there?

    Sure, the FBI was the agency that found him, but why does he need to be extradited to the US to face punishment? Is the US afraid that Ireland won't give him a hefty enough sentence?

    As far as I can see, he has no ties to the US other than having used a US bank, so why is he going to be tried in the US? I know the US likes to think so, but is the US officially now the world's internet enforcer? All crimes involving the net must now be handled by the US?

    I just don't understand why all the evidence wasn't handed off to Ireland's authorities so that he could be arrested and tried there.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Sep 14th, 2013 @ 1:52am

    Everytime I wanted to unmask someone I at least had the courtesy of sending him a nude photo or something so only him/her would get infected.

    What they did there was the napalm option, instead of the cruise missile.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    john, Sep 14th, 2013 @ 4:57am

    oh well

    You should have and can presume privacy in your bathroom and bedroom. When you step into public, outside your home, browse through the mall, drive a car (the law rightfully classifies a car as a dangerous instrumentality), you should have NO presumption of privacy. You didn't construct the net, rocket satellites into space, develop tactical satellites and craft to defend those satellites, maintain the spectra by which the communications are sent, etc., etc., - In fact the government does much of that. If you go outside your bathroom and bedroom and decide to conduct your life/lives in public: You have NO presumption of privacy - Period. When are some folks going to grow up out of their distorted fantasies and GET this? If you think joining some double-SSL-encrypted pscho-net to practice pedaphilia, or associating with like browsers will leave you unscathed, think again. Yeah!! Someone's willing to protect the public from socio-paths. GO FBI! !

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    wec, Sep 14th, 2013 @ 5:45am

    Oh Well

    Maybe we didn't do all those things but we did pay for much of it(taxes).

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Paulc, Sep 14th, 2013 @ 5:56am

    Re: oh well

    You're missing the point entirely. The laws and morals be damned mentality much of the government today operates under is indicative of an organization that simply has no respect for the people it supposedly exists to represent. And when you have a powerful organization that self-justifies it's every action, not even your bathroom or bedroom is safe anymore. If this government could remotely activate cameras and/or microphones in your house and record your life 24/7, THEY WOULD. Consider the number of Web cams, video game systems and now cable boxes coming with cameras.

    So go on praising the government's actions, John. Just remember it when they render the places YOU think should be private no longer so. Maybe you won't feel quite so smug then.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Sep 14th, 2013 @ 6:16am

    and i dont suppose anyone in charge of these so-called 'security agencies' can see anything wrong with what has happened? if it had of been an ordinary person that did this, even if just to prove that it could be done, not for any malicious reason, they would have been banged up straight away, just like others have been in the USA who have discovered, then reported flaws in software. what the hell has happened to the simple 'thanks for telling us about that. you have saved a lot of ****whatever? why is it now so much worse to make a government, company, person feel embarrassed because of something that has failed, than to be grateful??

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Sep 14th, 2013 @ 7:05am

    It wasn't exploitation of a users computer.
    It wasn't "malware" as usually defined.
    It used a javascript to locate an item from outside tor, then the real IP was logged.

    Yes you can say it's malware. But it's maliciousness is revealing an original IP. Not exactly real malware in my book.




    Also.. "normal people" can do this. It's not illegal.

    eg...
    Hosted image on your server.
    Use that image as your profile image on a forum.
    You log IP of anyone requesting that image.
    Hence... anyone that visits your profile on that forum. You will have their IP.


    Completely justified tactic imho. It's what they do with the ip addresses after they get them that is important.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Sep 14th, 2013 @ 7:18am

    Re:

    to add...

    If it was illegal then all third party advertising is also illegal. They get your IP address from visiting an unrelated site. They even track cookies and other sites you have been to. They do a hell of a lot more than just log your IP.


    Not to say there are not double standards. There are plenty of occasions were the "power" can do whatever they want and the "powerless" would get punished for the same actions. This is not one of those cases though.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Shon Gale, Sep 14th, 2013 @ 7:32am

    Our government at work. Welcome to the Police State of America where the only real revenue comes from locking people up. There is no more parole. Why would a private prison company let you go when they can make money from you? Prisoners are huge business. So lock up everyone that even smells wrong.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous, Sep 14th, 2013 @ 7:44am

    Re:

    Because the US government owns the world!

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous, Sep 14th, 2013 @ 7:59am

    Re:

    You'd think that by now people would be smart enough to disable javascript, cookies, etc..

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Sep 14th, 2013 @ 8:42am

    Re: Re:

    yeah...

    I would disable JS when browsing hidden services on tor... which I rarely do (nothing there of interest to me). But when using tor just for anonymous signups etc.. on the clearnet, I just enable JS. JS is enabled everywhere else.

    Cookies/trackers/ads on the other hand. Disabled by default. only allow the needed ones.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Krinkle, Sep 14th, 2013 @ 8:50am

    Re: oh well

    Nice try... as if "somehow" one should not expect privacy in ones kitchen, living room, basement, hallway, foyer, garage, etc. - only in one's "bathroom and bedroom"...

    You calling tor a "psycho net" is not only intellectually unjustifiable, but in addition, using Tor does not "associate" one with other Tor users any more than YOU using a telephone associates YOU with some goddamned psycho who also used a telephone.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Sep 14th, 2013 @ 8:57am

    Re:

    disregard... I was wrong



    The heart of the malicious Javascript was a tiny Windows executable hidden in a variable named “Magneto.” A traditional virus would use that executable to download and install a full-featured backdoor, so the hacker could come in later and steal passwords, enlist the computer in a DDoS botnet, and generally do all the other nasty things that happen to a hacked Windows box.

    But the Magneto code didn’t download anything. It looked up the victim’s MAC address — a unique hardware identifier for the computer’s network or Wi-Fi card — and the victim’s Windows hostname. Then it sent it to a server in Northern Virginia server, bypassing Tor, to expose the user’s real IP address, coding the transmission as a standard HTTP web request.


    It was malware in the classic sense. Ran code on windows box via exploitation.

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    Web_Rat (profile), Sep 14th, 2013 @ 8:57am

    Re: Moral VS Legal

    Laws have no morals, they are just words. Rather it is the lawmakers and enforcers who have misplaced their moral compasses.......

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Durban, Sep 14th, 2013 @ 9:03am

    Re: follow the links dumbass...

    Not just the IP address, but also the victims MAC address and Windows hostname, bypassing tor over standard http which allowed anyone sniffing traffic to also snag this info.

    Additionally, it issued a serial number labeling said visit.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Durban, Sep 14th, 2013 @ 9:06am

    Re: Re: follow the links dumbass...

    I see you recanted. My apologies.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Mr. Sliz, Sep 14th, 2013 @ 9:12am

    Re:

    One would think a clapper commercial would also set it off. If anything James Clapper needs wired to a Clapper.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous, Sep 14th, 2013 @ 10:05am

    Re: Re:

    All this talk of Clapper makes me want to go watch a few episodes of "Rags To Riches".

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Dave, Sep 14th, 2013 @ 10:15pm

    targeted Windows machines... for now.

    Another example of why you shouldn't use Windows.

    Lamers.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Mpllll, Sep 15th, 2013 @ 3:37pm

    Schmucks

    Read the legal docs, the custom code only targeted the end users looking for child porn and those particular sites hosting it.

    Any stupid fuck who thinks law enforcement should these means to find pedaphiles to reevaluate reality

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Anonymous Coward, Sep 15th, 2013 @ 7:48pm

    re: Schmucks

    should= shouldn't, and your missing a 'needs'?

    Everything I've read says it targeted the entirety of sites hosted on freedom hosting, including Tormail.

    Please site your source on these legal documents, I'm sure I wouldn't be the only one interested. I think most anyone would agree there's a huge difference between targeting pedo's, and targeting everyone.

     

    reply to this | link to this | view in thread ]

  29.  
    icon
    Ninja (profile), Sep 16th, 2013 @ 4:29am

    The means justify the ends. We need to find one criminal (fair, noble goal that should be pursued) but to do so we are gonna spy on 3 billion people. Sounds fair.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Shon Gale, Sep 16th, 2013 @ 5:57am

    The tighter your grip! The more star systems will slip through your fingers.

     

    reply to this | link to this | view in thread ]

  31.  
    icon
    John Fenderson (profile), Sep 16th, 2013 @ 12:59pm

    Re: Re: Re:

    There's no point in bothering with disabling cookies if you're leaving Javascript enabled. Why not just leave it disabled all the time?

    Or, if you're using one of those brain-dead sites that require Javascript to function, use NoScript so that you can allow just the specific JS code that's required to make the page work while still disallowing the code that's used for tracking and advertising.

     

    reply to this | link to this | view in thread ]

  32.  
    icon
    John Fenderson (profile), Sep 16th, 2013 @ 1:05pm

    Re: oh well

    So I can't expect privacy in my yard, my living room, my kitchen, when at a friend's house, etc? I can't expect privacy with my encrypted data? Methinks your analysis is far, far too simplified.

    Someone's willing to protect the public from socio-paths. GO FBI! !


    But who's going to protect the public from the sociopathic FBI?

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    Anonymous, Sep 16th, 2013 @ 2:32pm

    Re:

    The tighter your grip, the darker the head will turn.

     

    reply to this | link to this | view in thread ]

  34.  
    icon
    Bergman (profile), Sep 20th, 2013 @ 11:48am

    Re: Moral VS Legal

    What would be absolutely hilarious, is if one of those hack-back bills eventually passes...without language making it clear you're not allowed to hack-back governments.

    FBI hacks someone, the next day the entire US .gov network goes down...and no crime has been committed.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This