FBI Allegedly Using Custom Malware To Peel Back Tor's Veil of Anonymity - HotHardware
FBI Allegedly Using Custom Malware To Peel Back Tor's Veil of Anonymity

FBI Allegedly Using Custom Malware To Peel Back Tor's Veil of Anonymity

More details have surfaced on how the FBI uses its own custom malware to penetrate the Tor network's anonymizing service -- and while those tools have been deployed in some important investigations, it's sure to raise hackles in the post-Snowden era.

Several years ago, the FBI launched a major sting operation against the operator of a Tor-anonymized website dubbed Pedoboard. They eventually traced the account back to one Aaron McGrath, discovered he was hosting three separate child pornography distribution hubs, and smashed all three of them. Hosting child pornography via Tor is a flagrant violation of the ToS, national, and international law, and few tears have been shed over the outcome.



What is disquieting, however, is what the FBI did next. It uploaded purpose-built malware to the websites to ensure that it would automatically be able to track anyone that touched the URL. It delayed notifying its targets for 30 days, and it worked -- the FBI eventually snagged and raided 25 visitors and is prosecuting 14 cases. Lawyers for the defendants are arguing that the evidence should be thrown out because in some cases, users weren't told they'd been bugged and hacked for over a year.

The concern many lawyers and privacy advocates have raised is that this is a first step towards the use of wider, more pervasive dragnets to monitor websites in a manner that could curtail freedom of speech. While few would argue that the government should monitor extremist websites, using malware to automatically spy on every visitor to such a website is a fundamental shift to the status quo. Instead of monitoring specific individuals, the government would be flinging wide a dragnet and watching entire groups of people that hadn't been previously suspected of a crime.

It doesn't help that the FBI's follow-up investigations into services like Freedom Hosting have again relied on malware injection techniques to grab MAC addresses and real IP addresses off anyone who visited Freedom Hosting sites. While FH had a reputation for tolerating illegal content, that wasn't the only use of the service -- far from it. Programs like Tormail where taken offline as well -- and in some cases, the users of those services may have been compromised by government malware, despite never doing anything to directly trigger such a dragnet.

With the FBI already fighting to scale up its use of the drive-by download service, it's clear that the organization envisions using the technology with fewer restrictions and in pursuit of a broader number of people. Wired notes that attempts to spur a conversation over the way this technology could be used are already behind the curve given that the government has begun deploying it. 
0
+ -

This is the first time I've ever been solidly on the fence over matters pertaining to free Internet, free speech and post-Snowden discussion. I usually sit decisively on the no snooping side, but this is some serious gray area.

I have zero disagreement with the FBI locating, raiding and compromising the servers of someone like McGrath. His offenses were blatantly illegal as are the intentions of anyone visiting his content. Now, if the FBI were allowed to wield this type of wiretapping on ANY website simply because they can, then I would have a problem and concede the /potential/ for abuse. In this case it seems fully justified however and the line black. Just saying that makes me feel like I'm making concessions, but this is the kind of work I DO want to see happening online.

My hopes aren't high that checks are in place which would prevent abuse, so there is some concern. However, freedom of speech & privacy and freedom to exploit minors (or murder or do anything else deemed unacceptable by the worlds free societies) are most certainly not comparable. Online or in real life, I would want this sort of offense eradicated. I would challenge anyone who admits to wanting that much "freedom" in real life.

I think it's important to point out that ToR is not the vulnerability here either. The websites you visit are. This is no different than your unsecure Internet. Perhaps ToR can take steps to make this type of vulnerability impossible, but its not like the FBI can just flip a switch and do this with any website right now (or so I'm led to understand by this article).

0
+ -

I am truly bugged by this FBI matter but I am also ok with it. In this instance they got some really low lives of the street and they will be know to the police. What bugs me is did they have to go to court to all this, if not it sets every law that was created to protect against police abuse back 10 years. Also the police have lately  been very loose with their interpretation of the Constitution.

Login or Register to Comment
Post a Comment
Username:   Password: