FBI Allegedly Using Custom Malware To Peel Back Tor's Veil of Anonymity

More details have surfaced on how the FBI uses its own custom malware to penetrate the Tor network's anonymizing service -- and while those tools have been deployed in some important investigations, it's sure to raise hackles in the post-Snowden era.

Several years ago, the FBI launched a major sting operation against the operator of a Tor-anonymized website dubbed Pedoboard. They eventually traced the account back to one Aaron McGrath, discovered he was hosting three separate child pornography distribution hubs, and smashed all three of them. Hosting child pornography via Tor is a flagrant violation of the ToS, national, and international law, and few tears have been shed over the outcome.



What is disquieting, however, is what the FBI did next. It uploaded purpose-built malware to the websites to ensure that it would automatically be able to track anyone that touched the URL. It delayed notifying its targets for 30 days, and it worked -- the FBI eventually snagged and raided 25 visitors and is prosecuting 14 cases. Lawyers for the defendants are arguing that the evidence should be thrown out because in some cases, users weren't told they'd been bugged and hacked for over a year.

The concern many lawyers and privacy advocates have raised is that this is a first step towards the use of wider, more pervasive dragnets to monitor websites in a manner that could curtail freedom of speech. While few would argue that the government should monitor extremist websites, using malware to automatically spy on every visitor to such a website is a fundamental shift to the status quo. Instead of monitoring specific individuals, the government would be flinging wide a dragnet and watching entire groups of people that hadn't been previously suspected of a crime.

It doesn't help that the FBI's follow-up investigations into services like Freedom Hosting have again relied on malware injection techniques to grab MAC addresses and real IP addresses off anyone who visited Freedom Hosting sites. While FH had a reputation for tolerating illegal content, that wasn't the only use of the service -- far from it. Programs like Tormail where taken offline as well -- and in some cases, the users of those services may have been compromised by government malware, despite never doing anything to directly trigger such a dragnet.

With the FBI already fighting to scale up its use of the drive-by download service, it's clear that the organization envisions using the technology with fewer restrictions and in pursuit of a broader number of people. Wired notes that attempts to spur a conversation over the way this technology could be used are already behind the curve given that the government has begun deploying it.