FBI suspected in hacking anonymity software Tor to arrest child porn suspect

Security experts have accused US law enforcement of taking advantage of a flaw in the Firefox Internet browser then exploiting it to identify and potentially monitor subscribers to Tor, which shields an individual’s online activity from privacy threats.

A piece of malicious software was launched Sunday morning and
appeared to target Firefox users who use a Tor add-on that allows
them to browse the Internet without putting their location,
communication, and other activities at risk. The malware was also
reported on multiple websites affiliated with Freedom Hosting, a
web-hosting company favored by customers who wish to remain
anonymous. 

The exact origin of the malware attack remains unknown, although
the Federal Bureau of Investigation and the National Security
Agency are among the chief suspects. When the malware was
analyzed, its source was identified as a Virginia server
belonging to SAIC, a contractor known to work with multiple
government agencies, according to TechDirt. 

It just sends identifying information to some IP in Reston,
Virginia
,” reverse-engineer Vlad Tsyrklevich told Wired.
It’s pretty clear that it’s the FBI or it’s some other law
enforcement agency that’s US-based
.” 

Users who visited Freedom Hosting’s websites while cloaked by the
Tor Browsing Bundle were targeted for identification, possibly
because of Freedom Hosting’s known willingness to look the other
way when nefarious activity sprouted on company-protected
networks.

The malware and site outages come just days after the arrest of
Eric Eoin Marques in Ireland. The 28-year-old is expected to be
extradited from Dublin to Washington DC after the FBI claims he
used Freedom Hosting to become “the largest facilitator of
child porn on the planet
.” Marques is alleged to be behind
Freedom Hosting, which first made headlines in 2011 when the
Anonymous hacker collective launched a
distributed-denial-of-service (DDoS) attack against sites
depicting child porn. 

Tor — an acronym for “The Onion Router” — was quick to distance
itself from Freedom Hosting after Marques’ arrest, issuing a
statement on its official blog saying “the persons who run
Freedom Hosting are in no way affiliated or connected to the Tor
Project Inc, the organizations coordinating the development of
the Tor software and research
.”  

Anyone can run hidden services, and many do,” the
statement read. “Organizations run hidden services to protect
dissidents, activists, and protect the anonymity of users trying
to find help for suicide prevention, domestic violence, and abuse
recovery
.”

The Tor blog post went on to warn that, while the script was a
threat to Firefox users, the malware only targeted users with an
old version of the browser. 

The malware payload could be trying to exploit potential bugs
in Firefox 17 ESR, on which our Tor Browser is based. We’re
investigating these bugs and will fix them if we can
.” 

While the FBI reportedly sought Marques for more than a year, the
Bureau is known to have drastically increased its use of malware
in recent years. Agents first began using a computer and Internet
protocol address verifier, known as CIPAV, in 2007 to infiltrate
a suspect’s computer, capture the data, and send that information
back to FBI servers in Virginia. 

Seven years ago Wired reported that CIPAV gathered information
including “the computer’s IP address; MAC address; open ports;
a list of running programs; the operating system type, version
and serial number; preferred internet browser and version; the
computer’s registered owner and registered company name; the
current logged-in user name and the last-visited URL
.”

Since then, the FBI has hired former hackers to monitor users’
key-logs, even capable of turning on a mobile phone’s microphone
from Virginia. They have also requested court permission to
override an individual’s phone or computer camera in order to
snap pictures of a suspect. Judges have consistently denied such
requests by citing the possibility innocent people would be
snared in an all-encompassing dragnet, a situation with an eerie
similarity to what could happen on anonymous Tor networks.

Republished from: RT