• DPMC Moderators: thegreenhand | tryptakid
  • Drug Policy & Media Coverage Welcome Guest
    View threads about
    Posting Rules Bluelight Rules
    Drug Busts Megathread Video Megathread

Is the FBI hacking TOR?

23536

23536

Bluelight Crew
Joined
Dec 16, 2010
Messages
7,725
Feds Are Suspects in New Malware That Attacks Tor Anonymity

http://www.wired.com/threatlevel/2013/08/freedom-hosting/

Security researchers tonight are poring over a piece of malicious software that takes advantage of a Firefox security vulnerability to identify some users of the privacy-protecting Tor anonymity network.

The malware showed up Sunday morning on multiple websites hosted by the anonymous hosting company Freedom Hosting. That would normally be considered a blatantly criminal “drive-by” hack attack, but nobody’s calling in the FBI this time. The FBI is the prime suspect.

“It just sends identifying information to some IP in Reston, Virginia,” says reverse-engineer Vlad Tsyrklevich. “It’s pretty clear that it’s FBI or it’s some other law enforcement agency that’s U.S.-based.”

If Tsrklevich and other researchers are right, the code is likely the first sample captured in the wild of the FBI’s “computer and internet protocol address verifier,” or CIPAV, the law enforcement spyware first reported by WIRED in 2007.

Court documents and FBI files released under the FOIA have described the CIPAV as software the FBI can deliver through a browser exploit to gather information from the target’s machine and send it to an FBI server in Virginia. The FBI has been using the CIPAV since 2002 against hackers, online sexual predators, extortionists, and others, primarily to identify suspects who are disguising their location using proxy servers or anonymity services, like Tor.

The code has been used sparingly in the past, which kept it from leaking out and being analyzed or added to anti-virus databases.

story continues: http://www.wired.com/threatlevel/2013/08/freedom-hosting/
 
Well shoot, anyone having trouble getting the link to the article to open?

Its not illegal to use TOR.. (right)..and so now it is ok to break the law as long as its LE doing it?

Privacy no longer exists right?
 
The FBI felt left out, so they decided to attack.
I would have too, if I were them.
Then again, I would never be them.
 
I am sure some enterprising computer nerd will come up with tor 2.0 and the game will continue right along.
 
Wasn't it only a problem if you used windows, left java scripts on, and used TOR for your legitimate as well as the shady stuff?
 
Other than pulling shady stuff, WTF is TOR good for? I know it's used in some countries to circumvent censorship, but when I tried using it (here in the US), I found no news that I couldn't find via standard Googling. Is our news not being censored?

I say let the FBI or whomever have it. Maybe they'll catch some real criminals (and hopefully leave the drug users alone!).
 
Our media is censored by the media.

People have a right to privacy. TOR helps that (although obviously in no way guarantees it)

You not been keeping up with the news? :p
 
yea if its being sent to reston im sure it has some affiliation with langley. nothing the gov does anymore is very surprising. like someone else said in another thread it they can do it they will, the only limitation is the technology existing, there is no more morrality, its like they feel its the right to invade everyones privacy.
 
I see a short documentary (can't remember what it was called) where the guy was saying the government will put spyware or something hidden in things like itunes updates to put it on everyones comp..
 
rickolasnice said:
People have a right to privacy. TOR helps that (although obviously in no way guarantees it)
Click to expand...

Well it would help keep the feds off when talking drug shit and buying drugs via TSR, but other than that I really can't conceive of why I'd need it! I don't buy illegal drugs online, and I'm not selling anything.

You not been keeping up with the news? :p
Click to expand...

Well I have, to the best of my abilities anyway. That German protest against gov. spying didn't even show up on Google's news aggregator; I had to look for it specifically. Alex Jones' InfoWars turns up stuff you wouldn't normally see, but his writer's and affiliates go off on paranoid rants sometimes. Or maybe they're not so paranoid...

Just kind of pissed that I wasted so much time downloading TOR, and I couldn't find any uncensored news with it. I tried! But all the links took me to places I'd rather not go. TOR seems like a quick ticket into shady doings.

Maybe TOR used to be the place to foment rebellions, but not anymore. Not with constant rumors about its breached security.
 
Maybe using a project developed by the CIA and NSA isn't a good idea for ensuring "security".

Also, this sort of sidechannel attack has been warned against over and over by the people who run TOR...
 
This attack targeted a very, very specific subset of the TOR-using population and only obtained the IPs of those who were not following standard accepted TOR security guidelines. Whether most people have the interest to actually investigate it vs defer to the cynical/paranoid view and assume that it isn't, properly-used TOR is actually very effective at obscuring and anonymizing online activity, even against government entities.

This isn't to say that it makes one immune to a more traditional investigation. TOR users committing illegal acts have been caught and prosecuted for the activities they did on TOR, but in almost every incidence of this, they were caught in some sort of real-life activity and the TOR activity was found after-the-fact. The stories of people actually being caught directly due to their activity on TOR...well, those stories are very few and far between. I challenge some of the nay-sayers to go and find some, besides this freedom-hosting thing.
 
scureto1 said:
This attack targeted a very, very specific subset of the TOR-using population and only obtained the IPs of those who were not following standard accepted TOR security guidelines. Whether most people have the interest to actually investigate it vs defer to the cynical/paranoid view and assume that it isn't, properly-used TOR is actually very effective at obscuring and anonymizing online activity, even against government entities.

This isn't to say that it makes one immune to a more traditional investigation. TOR users committing illegal acts have been caught and prosecuted for the activities they did on TOR, but in almost every incidence of this, they were caught in some sort of real-life activity and the TOR activity was found after-the-fact. The stories of people actually being caught directly due to their activity on TOR...well, those stories are very few and far between. I challenge some of the nay-sayers to go and find some, besides this freedom-hosting thing.
Click to expand...

Again, have patience, this is coming from someone who is a little old (and slow) and not quite up to speed but. I have a lot of interest and curiousity..

I thought thay everyone who had been caught, for example using online drug marketplaces, were caught due to things IRL such as shipping etc rather than because of the actual activities on TOR. Has there been examples of some caught because of the actual activities online? Can you lead me to the stories/info?

Also, so correct me if I'm wrong, the IPs that have been found has been of people who weren't using TOR in the way that TOR advises to in order to have better security?
 
TOR itself is or perhaps was pretty secure, however that doesn't mean that you can't expose yourself through other means whilst using TOR and accessing sites such as SR i.e not using PGP encryption for communications, using traceable payments such as PayPal or credit cards etc.

Most likely there won't be a few isolated cases of people being arrested using drug markets through online snooping, once it's actually compromised LE will likely bide their time gathering as much info as possible and afterwards try to net as many folks as they can.

Personally I think buying drugs online and getting them sent to your house is retarded, but if you're going to use TOR or SR the more you educate yourself and the more effort you put into setting things up the more secure you will be.
 
I understand you could expose yourself in that way (surely you wouldn't use those types of payment methods, wouldn't that defeat the whole purpose of TOR...SR and such uses bitcoins). And I understand about PGP. But I guess that is what I was asking, is TOR itself still pretty secure?

And I was referring to cases of people being caght up til now before all of this..as scureto1 was talking about.
 
Well I think the whole farmers market bust was due to using non-bitcoin traceable currency transactions so yeah it happens.

I don't think anyone except a network security expert at the FBI could say at this stage. "pretty" is a relative term, could they know your IP and certain TOR sites you've visited, possibly. Do they know the details of your activities most likely no.
That's the difference between being spotted going to a dodgy area and being filmed buying a rock from dave the crackhead.


http://www.tomsguide.com/us/FBI-Tor-Browser-Bundle-Anonymous-Magneto-Freedom-Hosting,news-17277.html

According to this article only windows users on versions earlier than Firefox 17.0.7 were susceptible to the attack.

and if your computer
 
http://arstechnica.com/tech-policy/2013/08/researchers-say-tor-targeted-malware-phoned-home-to-nsa/

Apparently someone jacked the Freedom Hosting server(s) after the owner was apprehended in Ireland on a warrant from the U.S. and modified the site JS to include the malware. It's nothing sophisticated but yeah, it would have required you allow scripts to run in the first place. Apparently the main target for this was people using an outdated version of the Tor Bundle that comes with the vulnerable version of FF and with NoScript set to automatically allow sites instead of disallow. That is... bad, very bad. The mere existence of JavaScript on any Tor hidden service site should be enough to set off major warning bells.
 
missmeyet? said:
I understand you could expose yourself in that way (surely you wouldn't use those types of payment methods, wouldn't that defeat the whole purpose of TOR...SR and such uses bitcoins). And I understand about PGP. But I guess that is what I was asking, is TOR itself still pretty secure?

And I was referring to cases of people being caght up til now before all of this..as scureto1 was talking about.
Click to expand...

No, I was saying that there _aren't_ cases of people being caught like that. I have actually not been able to find a single case of a Silk Road vendor being tracked down through the internet. Only ones who have been caught while shipping or who have been snitched on or who were buying and then re-selling getting caught on the buying end. Packages DO sometimes get intercepted and then the receiver risks a controlled delivery, but I have never heard of a seller being caught due to their Silk Road activity.

Also, so correct me if I'm wrong, the IPs that have been found has been of people who weren't using TOR in the way that TOR advises to in order to have better security?
Click to expand...

Yes, that's mostly right. There had been a TOR update about four weeks before this JS exploit went live and any users who had this update were not vulnerable to the exploit. However, TOR did recently change the default settings of its browser bundle to allow JavaScript. Although it is common practice among those who want top security to disable this, some users may not have realized that the default setting was changed and thus did not reset it.
 
You must log in or register to reply here.
Top