Govt kinda admits to controlling TOR servers and distributing malware snooping hack

This has been bubbling around geek-space for a few days now, expect it to go mainstream in the next week or two now that geeks have figured out all the particulars and know exactly how the malware works.

On August 4, all the sites hosted by Freedom Hosting — some with no connection to child porn — began serving an error message with hidden code embedded in the page. Security researchers dissected the code and found it exploited a security hole in Firefox to identify users of the Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia. The FBI was the obvious suspect, but declined to comment on the incident. The FBI also didn’t respond to inquiries from WIRED today.

...the malware only targeted Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle – the easiest, most user-friendly package for using the Tor anonymity network. That made it clear early on that the attack was focused specifically on de-anonymizing Tor users....

Prior to the Freedom Hosting attack, the code had been used sparingly, which kept it from leaking out and being analyzed.

The child porn angle makes it a lot harder to criticize, particularly since there seems to be genuine malefactors involved rather than a generic fishing expedition. However, the notion of shotgunning active malware out onto the general public's computers and hoping to snag a known culprit in that wide net is something that needs discussing. I'm not sure where I am on this one yet.

To the FBI's credit, the hack code is quite limited in scope and reasonably well crafted from my cursory examination. Basically its circumventing annonymization by sending your hostname and unique LAN card ID's (MAC address) to the FBI. With the MAC address, subsequent standard router packet sniffs could trace your internet traffic anywhere it goes.

Even though child porn was involved, in this instance, this practice leaves me with a queasy feeling. Is there ever an end to this shit?, lines that won't be crossed? Its looking like the answer is no.

Some of the tech and Michael's sidebar commentary were wildly inaccurate, impossible and/or flat out crazy wrong in real life, but some was spot on too. Initially I found that annoying, but it became part of the schtick and I accepted it, like some of the ridiculous science defying tech in Leverage or Nikita. It was only annoying until you'd bought into the fakey "reality" of that universe and decided you wanted to like the show then it was OK.

posted by Purp at 01:57 AM

| Access Comments