Yes, The FBI Used Malware To Try To Reveal Tor Users

from the confirmed dept

While some reports had suggested that it was the NSA involved, it seemed much more likely (as we predicted) that the FBI was behind the attempt to control Freedom Hosting's servers and effectively insert a bit of malware designed to identify users of the Tor Browser, who thought they were anonymous. And, now the FBI has more or less admitted it as part of its effort to extradite Eric Eoin Marques, the owner of Freedom Hosting from Ireland. The FBI has been known to use malware like this, though it had repeatedly tried to keep it away from investigations involving more technically savvy folks, who might discover it and reveal it to the world. Too late for that now, of course.

Freedom Hosting clearly hosted some very bad stuff, and there's nothing wrong with law enforcement looking to find and arrest those who are involved in criminal activities -- but when it reaches the level of installing effective malware and re-identifiying a ton of people who chose to be anonymous, many of whom are not criminals at all, it begins to raise questions about how appropriate (or legal) the activity really is. Taking control over all Freedom Hosting servers and inserting some code really seems like an incredibly questionable move.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: doj, fbi, malware, privacy, tor
Companies: freedom hosting


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Pixelation, 13 Sep 2013 @ 5:45pm

    "...seems like an incredibly questionable move."

    Now standard practice for the US government.

    link to this | view in chronology ]

  • icon
    Arthur Moore (profile), 13 Sep 2013 @ 5:49pm

    Moral VS Legal

    The FBI needs to be careful when it comes to things like this. Even if it is legal, and I'm not saying it is, it certainly sets a double standard.

    Any time you have something along the lines of "Normal people can't do this, but the government can," you run into tricky balance of power issues. Even worse, if the government does something too often or particularly bad people start asking "Why can't I do this. If the government is doing it then it might be illegal, but it's probably not immoral."

    This doesn't even get into the abuse of power issues. Just compare the Lori Drew case to what the government has admitted to doing here. In the first they tried to twist a hacking law to apply to violating a websites Terms of Service. In the second, they deliberately hacked potentially innocent third party computers. This clear abuse of power is why many people don't trust the government, and are beginning to believe that laws have lost touch with their moral roots.

    link to this | view in chronology ]

    • identicon
      Pixelation, 13 Sep 2013 @ 6:01pm

      Re: Moral VS Legal

      "... laws have lost touch with their moral roots."

      It's a lot worse than just the laws losing touch with their moral roots but those making them losing touch. Feinstein is a prime example.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Sep 2013 @ 7:05am

      It wasn't exploitation of a users computer.
      It wasn't "malware" as usually defined.
      It used a javascript to locate an item from outside tor, then the real IP was logged.

      Yes you can say it's malware. But it's maliciousness is revealing an original IP. Not exactly real malware in my book.




      Also.. "normal people" can do this. It's not illegal.

      eg...
      Hosted image on your server.
      Use that image as your profile image on a forum.
      You log IP of anyone requesting that image.
      Hence... anyone that visits your profile on that forum. You will have their IP.


      Completely justified tactic imho. It's what they do with the ip addresses after they get them that is important.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 14 Sep 2013 @ 7:18am

        Re:

        to add...

        If it was illegal then all third party advertising is also illegal. They get your IP address from visiting an unrelated site. They even track cookies and other sites you have been to. They do a hell of a lot more than just log your IP.


        Not to say there are not double standards. There are plenty of occasions were the "power" can do whatever they want and the "powerless" would get punished for the same actions. This is not one of those cases though.

        link to this | view in chronology ]

      • identicon
        Anonymous, 14 Sep 2013 @ 7:59am

        Re:

        You'd think that by now people would be smart enough to disable javascript, cookies, etc..

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 14 Sep 2013 @ 8:42am

          Re: Re:

          yeah...

          I would disable JS when browsing hidden services on tor... which I rarely do (nothing there of interest to me). But when using tor just for anonymous signups etc.. on the clearnet, I just enable JS. JS is enabled everywhere else.

          Cookies/trackers/ads on the other hand. Disabled by default. only allow the needed ones.

          link to this | view in chronology ]

          • icon
            John Fenderson (profile), 16 Sep 2013 @ 12:59pm

            Re: Re: Re:

            There's no point in bothering with disabling cookies if you're leaving Javascript enabled. Why not just leave it disabled all the time?

            Or, if you're using one of those brain-dead sites that require Javascript to function, use NoScript so that you can allow just the specific JS code that's required to make the page work while still disallowing the code that's used for tracking and advertising.

            link to this | view in chronology ]

      • identicon
        Anonymous Coward, 14 Sep 2013 @ 8:57am

        Re:

        disregard... I was wrong



        The heart of the malicious Javascript was a tiny Windows executable hidden in a variable named “Magneto.” A traditional virus would use that executable to download and install a full-featured backdoor, so the hacker could come in later and steal passwords, enlist the computer in a DDoS botnet, and generally do all the other nasty things that happen to a hacked Windows box.

        But the Magneto code didn’t download anything. It looked up the victim’s MAC address — a unique hardware identifier for the computer’s network or Wi-Fi card — and the victim’s Windows hostname. Then it sent it to a server in Northern Virginia server, bypassing Tor, to expose the user’s real IP address, coding the transmission as a standard HTTP web request.


        It was malware in the classic sense. Ran code on windows box via exploitation.

        link to this | view in chronology ]

      • identicon
        Durban, 14 Sep 2013 @ 9:03am

        Re: follow the links dumbass...

        Not just the IP address, but also the victims MAC address and Windows hostname, bypassing tor over standard http which allowed anyone sniffing traffic to also snag this info.

        Additionally, it issued a serial number labeling said visit.

        link to this | view in chronology ]

    • icon
      Web_Rat (profile), 14 Sep 2013 @ 8:57am

      Re: Moral VS Legal

      Laws have no morals, they are just words. Rather it is the lawmakers and enforcers who have misplaced their moral compasses.......

      link to this | view in chronology ]

    • icon
      Bergman (profile), 20 Sep 2013 @ 11:48am

      Re: Moral VS Legal

      What would be absolutely hilarious, is if one of those hack-back bills eventually passes...without language making it clear you're not allowed to hack-back governments.

      FBI hacks someone, the next day the entire US .gov network goes down...and no crime has been committed.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Sep 2013 @ 5:58pm

    Damn Irish, why don't they just follow the laws Congress passes?

    link to this | view in chronology ]

  • identicon
    Anonymous, 13 Sep 2013 @ 7:05pm

    You'd think that if the government can do this, they could use this techinique against Silk Road, since it operates as a hidden service on the Tor network. But why would they, if they're the ones who run it?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Sep 2013 @ 8:35pm

    "Marques allegedly dove for his laptop when the police raided him, in an effort to shut it down."

    Sounds like someone was using full disk encryption, without wiring up a panic button.

    I use the 'clapper' as my panic button. Clap on (clap clap)... Clap off (clap clap)... the clapper :)

    I'm joking. I don't have a panic button.

    link to this | view in chronology ]

    • identicon
      Mr. Sliz, 14 Sep 2013 @ 9:12am

      Re:

      One would think a clapper commercial would also set it off. If anything James Clapper needs wired to a Clapper.

      link to this | view in chronology ]

      • identicon
        Anonymous, 14 Sep 2013 @ 10:05am

        Re: Re:

        All this talk of Clapper makes me want to go watch a few episodes of "Rags To Riches".

        link to this | view in chronology ]

  • identicon
    Rekrul, 13 Sep 2013 @ 9:59pm

    Why isn't Marques being prosecuted in Ireland? Isn't child porn illegal there?

    Sure, the FBI was the agency that found him, but why does he need to be extradited to the US to face punishment? Is the US afraid that Ireland won't give him a hefty enough sentence?

    As far as I can see, he has no ties to the US other than having used a US bank, so why is he going to be tried in the US? I know the US likes to think so, but is the US officially now the world's internet enforcer? All crimes involving the net must now be handled by the US?

    I just don't understand why all the evidence wasn't handed off to Ireland's authorities so that he could be arrested and tried there.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Sep 2013 @ 1:52am

    Everytime I wanted to unmask someone I at least had the courtesy of sending him a nude photo or something so only him/her would get infected.

    What they did there was the napalm option, instead of the cruise missile.

    link to this | view in chronology ]

  • identicon
    john, 14 Sep 2013 @ 4:57am

    oh well

    You should have and can presume privacy in your bathroom and bedroom. When you step into public, outside your home, browse through the mall, drive a car (the law rightfully classifies a car as a dangerous instrumentality), you should have NO presumption of privacy. You didn't construct the net, rocket satellites into space, develop tactical satellites and craft to defend those satellites, maintain the spectra by which the communications are sent, etc., etc., - In fact the government does much of that. If you go outside your bathroom and bedroom and decide to conduct your life/lives in public: You have NO presumption of privacy - Period. When are some folks going to grow up out of their distorted fantasies and GET this? If you think joining some double-SSL-encrypted pscho-net to practice pedaphilia, or associating with like browsers will leave you unscathed, think again. Yeah!! Someone's willing to protect the public from socio-paths. GO FBI! !

    link to this | view in chronology ]

    • identicon
      Paulc, 14 Sep 2013 @ 5:56am

      Re: oh well

      You're missing the point entirely. The laws and morals be damned mentality much of the government today operates under is indicative of an organization that simply has no respect for the people it supposedly exists to represent. And when you have a powerful organization that self-justifies it's every action, not even your bathroom or bedroom is safe anymore. If this government could remotely activate cameras and/or microphones in your house and record your life 24/7, THEY WOULD. Consider the number of Web cams, video game systems and now cable boxes coming with cameras.

      So go on praising the government's actions, John. Just remember it when they render the places YOU think should be private no longer so. Maybe you won't feel quite so smug then.

      link to this | view in chronology ]

    • identicon
      Krinkle, 14 Sep 2013 @ 8:50am

      Re: oh well

      Nice try... as if "somehow" one should not expect privacy in ones kitchen, living room, basement, hallway, foyer, garage, etc. - only in one's "bathroom and bedroom"...

      You calling tor a "psycho net" is not only intellectually unjustifiable, but in addition, using Tor does not "associate" one with other Tor users any more than YOU using a telephone associates YOU with some goddamned psycho who also used a telephone.

      link to this | view in chronology ]

    • icon
      John Fenderson (profile), 16 Sep 2013 @ 1:05pm

      Re: oh well

      So I can't expect privacy in my yard, my living room, my kitchen, when at a friend's house, etc? I can't expect privacy with my encrypted data? Methinks your analysis is far, far too simplified.

      Someone's willing to protect the public from socio-paths. GO FBI! !


      But who's going to protect the public from the sociopathic FBI?

      link to this | view in chronology ]

  • identicon
    wec, 14 Sep 2013 @ 5:45am

    Oh Well

    Maybe we didn't do all those things but we did pay for much of it(taxes).

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Sep 2013 @ 6:16am

    and i dont suppose anyone in charge of these so-called 'security agencies' can see anything wrong with what has happened? if it had of been an ordinary person that did this, even if just to prove that it could be done, not for any malicious reason, they would have been banged up straight away, just like others have been in the USA who have discovered, then reported flaws in software. what the hell has happened to the simple 'thanks for telling us about that. you have saved a lot of ****whatever? why is it now so much worse to make a government, company, person feel embarrassed because of something that has failed, than to be grateful??

    link to this | view in chronology ]

  • identicon
    Shon Gale, 14 Sep 2013 @ 7:32am

    Our government at work. Welcome to the Police State of America where the only real revenue comes from locking people up. There is no more parole. Why would a private prison company let you go when they can make money from you? Prisoners are huge business. So lock up everyone that even smells wrong.

    link to this | view in chronology ]

  • identicon
    Dave, 14 Sep 2013 @ 10:15pm

    targeted Windows machines... for now.

    Another example of why you shouldn't use Windows.

    Lamers.

    link to this | view in chronology ]

  • identicon
    Mpllll, 15 Sep 2013 @ 3:37pm

    Schmucks

    Read the legal docs, the custom code only targeted the end users looking for child porn and those particular sites hosting it.

    Any stupid fuck who thinks law enforcement should these means to find pedaphiles to reevaluate reality

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Sep 2013 @ 7:48pm

    re: Schmucks

    should= shouldn't, and your missing a 'needs'?

    Everything I've read says it targeted the entirety of sites hosted on freedom hosting, including Tormail.

    Please site your source on these legal documents, I'm sure I wouldn't be the only one interested. I think most anyone would agree there's a huge difference between targeting pedo's, and targeting everyone.

    link to this | view in chronology ]

  • icon
    Ninja (profile), 16 Sep 2013 @ 4:29am

    The means justify the ends. We need to find one criminal (fair, noble goal that should be pursued) but to do so we are gonna spy on 3 billion people. Sounds fair.

    link to this | view in chronology ]

  • identicon
    Shon Gale, 16 Sep 2013 @ 5:57am

    The tighter your grip! The more star systems will slip through your fingers.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.