Yes, The FBI Used Malware To Try To Reveal Tor Users
from the confirmed dept
While some reports had suggested that it was the NSA involved, it seemed much more likely (as we predicted) that the FBI was behind the attempt to control Freedom Hosting's servers and effectively insert a bit of malware designed to identify users of the Tor Browser, who thought they were anonymous. And, now the FBI has more or less admitted it as part of its effort to extradite Eric Eoin Marques, the owner of Freedom Hosting from Ireland. The FBI has been known to use malware like this, though it had repeatedly tried to keep it away from investigations involving more technically savvy folks, who might discover it and reveal it to the world. Too late for that now, of course.Freedom Hosting clearly hosted some very bad stuff, and there's nothing wrong with law enforcement looking to find and arrest those who are involved in criminal activities -- but when it reaches the level of installing effective malware and re-identifiying a ton of people who chose to be anonymous, many of whom are not criminals at all, it begins to raise questions about how appropriate (or legal) the activity really is. Taking control over all Freedom Hosting servers and inserting some code really seems like an incredibly questionable move.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: doj, fbi, malware, privacy, tor
Companies: freedom hosting
Reader Comments
Subscribe: RSS
View by: Time | Thread
Now standard practice for the US government.
[ link to this | view in chronology ]
Moral VS Legal
Any time you have something along the lines of "Normal people can't do this, but the government can," you run into tricky balance of power issues. Even worse, if the government does something too often or particularly bad people start asking "Why can't I do this. If the government is doing it then it might be illegal, but it's probably not immoral."
This doesn't even get into the abuse of power issues. Just compare the Lori Drew case to what the government has admitted to doing here. In the first they tried to twist a hacking law to apply to violating a websites Terms of Service. In the second, they deliberately hacked potentially innocent third party computers. This clear abuse of power is why many people don't trust the government, and are beginning to believe that laws have lost touch with their moral roots.
[ link to this | view in chronology ]
Re: Moral VS Legal
It's a lot worse than just the laws losing touch with their moral roots but those making them losing touch. Feinstein is a prime example.
[ link to this | view in chronology ]
It wasn't "malware" as usually defined.
It used a javascript to locate an item from outside tor, then the real IP was logged.
Yes you can say it's malware. But it's maliciousness is revealing an original IP. Not exactly real malware in my book.
Also.. "normal people" can do this. It's not illegal.
eg...
Hosted image on your server.
Use that image as your profile image on a forum.
You log IP of anyone requesting that image.
Hence... anyone that visits your profile on that forum. You will have their IP.
Completely justified tactic imho. It's what they do with the ip addresses after they get them that is important.
[ link to this | view in chronology ]
Re:
If it was illegal then all third party advertising is also illegal. They get your IP address from visiting an unrelated site. They even track cookies and other sites you have been to. They do a hell of a lot more than just log your IP.
Not to say there are not double standards. There are plenty of occasions were the "power" can do whatever they want and the "powerless" would get punished for the same actions. This is not one of those cases though.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
I would disable JS when browsing hidden services on tor... which I rarely do (nothing there of interest to me). But when using tor just for anonymous signups etc.. on the clearnet, I just enable JS. JS is enabled everywhere else.
Cookies/trackers/ads on the other hand. Disabled by default. only allow the needed ones.
[ link to this | view in chronology ]
Re: Re: Re:
Or, if you're using one of those brain-dead sites that require Javascript to function, use NoScript so that you can allow just the specific JS code that's required to make the page work while still disallowing the code that's used for tracking and advertising.
[ link to this | view in chronology ]
Re:
It was malware in the classic sense. Ran code on windows box via exploitation.
[ link to this | view in chronology ]
Re: follow the links dumbass...
Additionally, it issued a serial number labeling said visit.
[ link to this | view in chronology ]
Re: Re: follow the links dumbass...
[ link to this | view in chronology ]
Re: Moral VS Legal
[ link to this | view in chronology ]
Re: Moral VS Legal
FBI hacks someone, the next day the entire US .gov network goes down...and no crime has been committed.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Sounds like someone was using full disk encryption, without wiring up a panic button.
I use the 'clapper' as my panic button. Clap on (clap clap)... Clap off (clap clap)... the clapper :)
I'm joking. I don't have a panic button.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Sure, the FBI was the agency that found him, but why does he need to be extradited to the US to face punishment? Is the US afraid that Ireland won't give him a hefty enough sentence?
As far as I can see, he has no ties to the US other than having used a US bank, so why is he going to be tried in the US? I know the US likes to think so, but is the US officially now the world's internet enforcer? All crimes involving the net must now be handled by the US?
I just don't understand why all the evidence wasn't handed off to Ireland's authorities so that he could be arrested and tried there.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
What they did there was the napalm option, instead of the cruise missile.
[ link to this | view in chronology ]
oh well
[ link to this | view in chronology ]
Re: oh well
So go on praising the government's actions, John. Just remember it when they render the places YOU think should be private no longer so. Maybe you won't feel quite so smug then.
[ link to this | view in chronology ]
Re: oh well
You calling tor a "psycho net" is not only intellectually unjustifiable, but in addition, using Tor does not "associate" one with other Tor users any more than YOU using a telephone associates YOU with some goddamned psycho who also used a telephone.
[ link to this | view in chronology ]
Re: oh well
But who's going to protect the public from the sociopathic FBI?
[ link to this | view in chronology ]
Oh Well
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
targeted Windows machines... for now.
Lamers.
[ link to this | view in chronology ]
Schmucks
Any stupid fuck who thinks law enforcement should these means to find pedaphiles to reevaluate reality
[ link to this | view in chronology ]
re: Schmucks
Everything I've read says it targeted the entirety of sites hosted on freedom hosting, including Tormail.
Please site your source on these legal documents, I'm sure I wouldn't be the only one interested. I think most anyone would agree there's a huge difference between targeting pedo's, and targeting everyone.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]