Yes, The FBI Used Malware To Try To Reveal Tor Users

from the confirmed dept

While some reports had suggested that it was the NSA involved, it seemed much more likely (as we predicted) that the FBI was behind the attempt to control Freedom Hosting’s servers and effectively insert a bit of malware designed to identify users of the Tor Browser, who thought they were anonymous. And, now the FBI has more or less admitted it as part of its effort to extradite Eric Eoin Marques, the owner of Freedom Hosting from Ireland. The FBI has been known to use malware like this, though it had repeatedly tried to keep it away from investigations involving more technically savvy folks, who might discover it and reveal it to the world. Too late for that now, of course.

Freedom Hosting clearly hosted some very bad stuff, and there’s nothing wrong with law enforcement looking to find and arrest those who are involved in criminal activities — but when it reaches the level of installing effective malware and re-identifiying a ton of people who chose to be anonymous, many of whom are not criminals at all, it begins to raise questions about how appropriate (or legal) the activity really is. Taking control over all Freedom Hosting servers and inserting some code really seems like an incredibly questionable move.

Filed Under: , , , ,
Companies: freedom hosting

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Yes, The FBI Used Malware To Try To Reveal Tor Users”

Subscribe: RSS Leave a comment
Arthur Moore (profile) says:

Moral VS Legal

The FBI needs to be careful when it comes to things like this. Even if it is legal, and I’m not saying it is, it certainly sets a double standard.

Any time you have something along the lines of “Normal people can’t do this, but the government can,” you run into tricky balance of power issues. Even worse, if the government does something too often or particularly bad people start asking “Why can’t I do this. If the government is doing it then it might be illegal, but it’s probably not immoral.”

This doesn’t even get into the abuse of power issues. Just compare the Lori Drew case to what the government has admitted to doing here. In the first they tried to twist a hacking law to apply to violating a websites Terms of Service. In the second, they deliberately hacked potentially innocent third party computers. This clear abuse of power is why many people don’t trust the government, and are beginning to believe that laws have lost touch with their moral roots.

Anonymous Coward says:


It wasn’t exploitation of a users computer.
It wasn’t “malware” as usually defined.
It used a javascript to locate an item from outside tor, then the real IP was logged.

Yes you can say it’s malware. But it’s maliciousness is revealing an original IP. Not exactly real malware in my book.

Also.. “normal people” can do this. It’s not illegal.

Hosted image on your server.
Use that image as your profile image on a forum.
You log IP of anyone requesting that image.
Hence… anyone that visits your profile on that forum. You will have their IP.

Completely justified tactic imho. It’s what they do with the ip addresses after they get them that is important.

Anonymous Coward says:

Re: Re: Re:

to add…

If it was illegal then all third party advertising is also illegal. They get your IP address from visiting an unrelated site. They even track cookies and other sites you have been to. They do a hell of a lot more than just log your IP.

Not to say there are not double standards. There are plenty of occasions were the “power” can do whatever they want and the “powerless” would get punished for the same actions. This is not one of those cases though.

Anonymous Coward says:

Re: Re: Re: Re:


I would disable JS when browsing hidden services on tor… which I rarely do (nothing there of interest to me). But when using tor just for anonymous signups etc.. on the clearnet, I just enable JS. JS is enabled everywhere else.

Cookies/trackers/ads on the other hand. Disabled by default. only allow the needed ones.

John Fenderson (profile) says:

Re: Re: Re:2 Re:

There’s no point in bothering with disabling cookies if you’re leaving Javascript enabled. Why not just leave it disabled all the time?

Or, if you’re using one of those brain-dead sites that require Javascript to function, use NoScript so that you can allow just the specific JS code that’s required to make the page work while still disallowing the code that’s used for tracking and advertising.

Anonymous Coward says:

Re: Re: Re:

disregard… I was wrong

The heart of the malicious Javascript was a tiny Windows executable hidden in a variable named ?Magneto.? A traditional virus would use that executable to download and install a full-featured backdoor, so the hacker could come in later and steal passwords, enlist the computer in a DDoS botnet, and generally do all the other nasty things that happen to a hacked Windows box.

But the Magneto code didn?t download anything. It looked up the victim?s MAC address ? a unique hardware identifier for the computer?s network or Wi-Fi card ? and the victim?s Windows hostname. Then it sent it to a server in Northern Virginia server, bypassing Tor, to expose the user?s real IP address, coding the transmission as a standard HTTP web request.

It was malware in the classic sense. Ran code on windows box via exploitation.

Anonymous Coward says:

“Marques allegedly dove for his laptop when the police raided him, in an effort to shut it down.”

Sounds like someone was using full disk encryption, without wiring up a panic button.

I use the ‘clapper’ as my panic button. Clap on (clap clap)… Clap off (clap clap)… the clapper 🙂

I’m joking. I don’t have a panic button.

Rekrul says:

Why isn’t Marques being prosecuted in Ireland? Isn’t child porn illegal there?

Sure, the FBI was the agency that found him, but why does he need to be extradited to the US to face punishment? Is the US afraid that Ireland won’t give him a hefty enough sentence?

As far as I can see, he has no ties to the US other than having used a US bank, so why is he going to be tried in the US? I know the US likes to think so, but is the US officially now the world’s internet enforcer? All crimes involving the net must now be handled by the US?

I just don’t understand why all the evidence wasn’t handed off to Ireland’s authorities so that he could be arrested and tried there.

john (profile) says:

oh well

You should have and can presume privacy in your bathroom and bedroom. When you step into public, outside your home, browse through the mall, drive a car (the law rightfully classifies a car as a dangerous instrumentality), you should have NO presumption of privacy. You didn’t construct the net, rocket satellites into space, develop tactical satellites and craft to defend those satellites, maintain the spectra by which the communications are sent, etc., etc., – In fact the government does much of that. If you go outside your bathroom and bedroom and decide to conduct your life/lives in public: You have NO presumption of privacy – Period. When are some folks going to grow up out of their distorted fantasies and GET this? If you think joining some double-SSL-encrypted pscho-net to practice pedaphilia, or associating with like browsers will leave you unscathed, think again. Yeah!! Someone’s willing to protect the public from socio-paths. GO FBI! !

Paulc says:

Re: oh well

You’re missing the point entirely. The laws and morals be damned mentality much of the government today operates under is indicative of an organization that simply has no respect for the people it supposedly exists to represent. And when you have a powerful organization that self-justifies it’s every action, not even your bathroom or bedroom is safe anymore. If this government could remotely activate cameras and/or microphones in your house and record your life 24/7, THEY WOULD. Consider the number of Web cams, video game systems and now cable boxes coming with cameras.

So go on praising the government’s actions, John. Just remember it when they render the places YOU think should be private no longer so. Maybe you won’t feel quite so smug then.

Krinkle says:

Re: oh well

Nice try… as if “somehow” one should not expect privacy in ones kitchen, living room, basement, hallway, foyer, garage, etc. – only in one’s “bathroom and bedroom”…

You calling tor a “psycho net” is not only intellectually unjustifiable, but in addition, using Tor does not “associate” one with other Tor users any more than YOU using a telephone associates YOU with some goddamned psycho who also used a telephone.

John Fenderson (profile) says:

Re: oh well

So I can’t expect privacy in my yard, my living room, my kitchen, when at a friend’s house, etc? I can’t expect privacy with my encrypted data? Methinks your analysis is far, far too simplified.

Someone’s willing to protect the public from socio-paths. GO FBI! !

But who’s going to protect the public from the sociopathic FBI?

Anonymous Coward says:

and i dont suppose anyone in charge of these so-called ‘security agencies’ can see anything wrong with what has happened? if it had of been an ordinary person that did this, even if just to prove that it could be done, not for any malicious reason, they would have been banged up straight away, just like others have been in the USA who have discovered, then reported flaws in software. what the hell has happened to the simple ‘thanks for telling us about that. you have saved a lot of ****whatever? why is it now so much worse to make a government, company, person feel embarrassed because of something that has failed, than to be grateful??

Anonymous Coward says:

re: Schmucks

should= shouldn’t, and your missing a ‘needs’?

Everything I’ve read says it targeted the entirety of sites hosted on freedom hosting, including Tormail.

Please site your source on these legal documents, I’m sure I wouldn’t be the only one interested. I think most anyone would agree there’s a huge difference between targeting pedo’s, and targeting everyone.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...