Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The FBI Is Infecting Tor Users With Malware With Drive-By Downloads

timothy posted about a month and a half ago | from the for-the-good-of-society dept.

Encryption 182

Advocatus Diaboli (1627651) writes For the last two years, the FBI has been quietly experimenting with drive-by hacks as a solution to one of law enforcement's knottiest Internet problems: how to identify and prosecute users of criminal websites hiding behind the powerful Tor anonymity system. The approach has borne fruit—over a dozen alleged users of Tor-based child porn sites are now headed for trial as a result. But it's also engendering controversy, with charges that the Justice Department has glossed over the bulk-hacking technique when describing it to judges, while concealing its use from defendants.

cancel ×

182 comments

Sorry! There are no comments related to the filter you selected.

LOL (-1)

Anonymous Coward | about a month and a half ago | (#47609099)

But the freetards tell us that Tor is so secure!! Open sores fails again.

Re: LOL (0)

Anonymous Coward | about a month and a half ago | (#47609123)

And the proprietary-tards are stupid enough to think software os supposed to be idiot-proof

Re: LOL (0)

Anonymous Coward | about a month and a half ago | (#47609131)

Edit : is* supposed

Re: LOL (-1)

Anonymous Coward | about a month and a half ago | (#47609133)

Not true. Apple's shit is built on open sores. That's why their software is such shit.

Re: LOL (-1)

Anonymous Coward | about a month and a half ago | (#47609157)

Or because they added properietary crap on robust *BSD base... Apple is far from Libre software...
Go play solitaire with your crappy windows, M$ fanboy

Re: LOL (4, Insightful)

meerling (1487879) | about a month and a half ago | (#47609253)

How the hell do you turn a discussion over the FBI compromising TOR into a fucking offtopic Apple/MS pissing contest?!
And "slashdot" is not a valid answer.

Re: LOL (1)

Anonymous Coward | about a month and a half ago | (#47609893)

Talent?

Re: LOL (1, Offtopic)

X0563511 (793323) | about a month and a half ago | (#47610013)

By replying to obvious trolls?

Libre? (-1)

Anonymous Coward | about a month and a half ago | (#47609259)

Free. The word is free, you hipster cunt.

Stop pretending you're a lawyer or Che T-shirtman. You're not fighting a good fight, you're fighting to keep cheetos from staining your beard.

Epic fail (-1)

Anonymous Coward | about a month and a half ago | (#47609273)

Weren't you supposed to yell at some sheeple to "fucking flame away" or to "waste their goddamned mod points" or to "slit their fucking wrists"?

Re: LOL (0)

Anonymous Coward | about a month and a half ago | (#47609229)

well it is if you're talking about M$ windoze, but not any of the *nix variants. any problem with windoze is M$' fault. any problem with *nix is the users fault.

Re:LOL (5, Informative)

MindPrison (864299) | about a month and a half ago | (#47609287)

But the freetards tell us that Tor is so secure!! Open sores fails again.

It's not TOR itself, sure...Tor isn't perfect, but today you really don't have many other options. In fact...I can't think of a single one. But it's the users that fails to understand that TOR really isn't the solution to all their anonymity wishes. I'd say 90% safety is up to the users themselves, I've written a little list a few posts below (look it up if you care), it's mostly about common sense. You don't walk into a dark alley with an open wallet telling everyone that you won big on the casino tonight, right? Same thing applies to Tor usage, don't reveal your name, use no-script religiously, don't use flash or any other app/software that can see your IP locally and forward it anywhere. Don't use your real name. Don't even use your nickname (unless it's anonymous coward of course), because everything that ties you as a user to a user on TOR...is bad for you.

Tor is actually pretty damn good, why do you think it's such a pain in the ass for the feds? Heck...it's even KNOWN to be a giant wart on NSA's butts simply because it's so good at WHAT it does. But it's not 100%, you need to apply common sense to the rest, and learn of it's flaws and the things TOR can not do for you. If you do...there really is no better alternative to freedom of speech out there.

Re:LOL (1)

Zelucifer (740431) | about a month and a half ago | (#47609479)

What about I2P and Freenet. I haven't followed either in years, but AFAIK they're still around and used. Of course I believe both of them are darknet only.

Re:LOL (5, Informative)

SuricouRaven (1897204) | about a month and a half ago | (#47609771)

Freenet uses a very different model - it's basically a very elaborate distributed key-value store. It's good for dissemination and publication, but by design it can't be used for real-time communication - there's a delay of minutes to days for a message to become available to all nodes. It's all compromise: The same design that prevents real-time communication also makes Freenet a lot more resilient.

Re:LOL (1)

SumDog (466607) | about a month and a half ago | (#47609721)

There was a lot of stuff on the TOR mailing listing about how there were two Washington, DC nodes that couldn't be removed from your list of peers.

Even if it's still somewhat anonymous, I wouldn't doubt the NSA has its hands in several of those exist nodes.

Freenet serves a different purpose entirely, but it's also pretty good at what it does.

Re:LOL (1)

BitZtream (692029) | about a month and a half ago | (#47609907)

Right, because they put data centers to handle Tor traffic ... in DC ...

Instead of somewhere that doesn't cost some ridiculous sum of money per square foot of land and just provide a connection to the data center back to DC.

Your theory is obviously stupid its makes you look silly for mentioning it.

And the best part 'couldn't be removed' ... explain that one without sounding like you know nothing about OSS.

Re:LOL (1)

currently_awake (1248758) | about a month and a half ago | (#47610851)

Those DC exit nodes probably connect directly to a secure government network, so CIA agents and spies can send reports and stuff without it ever going through insecure networks in plain.

Re:LOL (0)

Anonymous Coward | about a month and a half ago | (#47609799)

All of the above, but use a burner laptop and a random open/hacked wifi access point for even better safety.

Re:LOL (1)

Opportunist (166417) | about a month and a half ago | (#47609431)

Mmm... predictable, a hint too many words aimed at offending... 2/10 on the troll scale. Tops.

Re:LOL (0)

Anonymous Coward | about a month and a half ago | (#47609495)

Got you to respond. Winning!

Re:LOL (0)

Anonymous Coward | about a month and a half ago | (#47609641)

Modded you down. Loser!

Re:LOL (1)

Mister Liberty (769145) | about a month and a half ago | (#47609919)

Not to worry.
The Eff Bee Eye is just a giant set of Archie Bunkers, i.e. a conglomerate of fearful, nay paranoid
panty sniffers, trying to prove mainly to themselves their worthliness in modern society.
They prob. use buzzwords like 'terrorism' too.
Pathetic old men, leave them alone.

Re:LOL (1)

fisted (2295862) | about a month and a half ago | (#47610037)

Son, are you even trying?

Re: LOL (1)

slick7 (1703596) | about a month and a half ago | (#47610965)

Pathetic old men, hah! These are the same people who create the terrorist scenarios that they then bust. We have met the enemy and they are U.S..

Shit software (-1)

Anonymous Coward | about a month and a half ago | (#47609153)

Never trust open sores software written by amateurs.

Re: obvious M$-fan troll (0)

Anonymous Coward | about a month and a half ago | (#47609193)

Yeah, trust blackboxes made by Orwellian companies, where mediocrity is the norm, instead...

Re: obvious M$-fan troll (2)

meerling (1487879) | about a month and a half ago | (#47609257)

More to the point, never trust the FBI.

Re: obvious M$-fan troll (1)

Anonymous Coward | about a month and a half ago | (#47609807)

More to the point, never trust the FBI.

Yeah, because we know cyber criminals could do the same and already do hence the advice to NEVER run Java and Flash over Tor, and to even turn off Javascript.

Re:Shit software (2)

armanox (826486) | about a month and a half ago | (#47609213)

Never trust open sores software written by amateurs.

You have a few too many words in there.

Never trust software.

Re:Shit software (1)

king neckbeard (1801738) | about a month and a half ago | (#47609381)

As do you.
Never trust.

Re:Shit software (1)

BitZtream (692029) | about a month and a half ago | (#47609923)

And you

trustno1

--Mulder

Re:Shit software (0)

Anonymous Coward | about a month and a half ago | (#47609461)

Wow. The NSA got here quick. They're on top of things today.

Re:Shit software (2)

WillAffleckUW (858324) | about a month and a half ago | (#47609711)

Wow. The NSA got here quick. They're on top of things today.

Probably has to do with them realizing there are two leakers in the NSA.

I don't have the heart to tell them it's a Gang of Four.

Re: Shit software (1)

slick7 (1703596) | about a month and a half ago | (#47610991)

Where there is one cockroach, there are usually a hundred, go cockroaches!

This doesn't seem legit (1)

Anonymous Coward | about a month and a half ago | (#47609189)

What ever happened to not breaking the law to collect evidence?

Re:This doesn't seem legit (4, Insightful)

Austerity Empowers (669817) | about a month and a half ago | (#47609227)

The same thing as what happened to unicorns and leprechauns.

Re:This doesn't seem legit (0)

Anonymous Coward | about a month and a half ago | (#47610779)

The same thing as what happened to unicorns and leprechauns.

Ah, so they get ground up and used as the rainbow sprinkle sweetener on my breakfast cereal? Awesome!

Re:This doesn't seem legit (2)

Anonymous Coward | about a month and a half ago | (#47609247)

Government is above the law. You do as they say, not as they do.
Unless you're one of the elite, you're not allowed to participate in computer fraud, destruction of property, and accessing an electronic device with malicious intent.

Re:This doesn't seem legit (0)

Anonymous Coward | about a month and a half ago | (#47609249)

How are they breaking the law? Care to cite the statute?

Re:This doesn't seem legit (2)

Lazere (2809091) | about a month and a half ago | (#47609345)

That would be the CFAA and the Fourth Amendment (but who gives a shit about the Fourth anyway?)

Re:This doesn't seem legit (0)

Anonymous Coward | about a month and a half ago | (#47609361)

The CFAA doesn't apply to the FBI.

Re:This doesn't seem legit (1)

Opportunist (166417) | about a month and a half ago | (#47609445)

Nice distraction by omission, but how about the 4th?

Re: This doesn't seem legit (1)

bill_mcgonigle (4333) | about a month and a half ago | (#47609587)

Have you not been paying attention? It clearly doesn't bind the FBI, NSA, or CIA. In maybe one in a thousand cases you might catch them and you might get redress, but 999/1000 is the reality.

Re:This doesn't seem legit (1)

postbigbang (761081) | about a month and a half ago | (#47609299)

Hey- Google does this, and legally, and gets child porn emails!

The ends always justify the means. That's what the world has come to.

Sadly.

Rule of law? Holders of the gold filigreed rulers get the law, it would seem.

Re: This doesn't seem legit (-1)

Anonymous Coward | about a month and a half ago | (#47610429)

Feminist police state.
First thing the feminist did was to end child marriage of girls.

Re:This doesn't seem legit (1)

WillAffleckUW (858324) | about a month and a half ago | (#47609759)

What ever happened to not breaking the law to collect evidence?

Oh please. Only the rich and powerful have rights in East German America.

Hide behind todays popular hate-topic... (5, Informative)

MindPrison (864299) | about a month and a half ago | (#47609195)

...and that's how and WHY they get away with this. This is against any human rights, but shout "won't anyone PLEASE think of the Children", and these agencies can get away with murder.

So that said, to any whistleblower out there who doesn't have the tech savvy that we have, I'd offer a little bit of advice, read it - and don't forget it, you might just be next if you do:

1) Download Tails. Install it preferably on a CD.
2) Remove your hard disk connection (removing the power is enough) when you intend to boot from Tails.
3) Shut down your WiFi. And only use WIRED connections.
4) Boot tails, and when you start Iceweasel - make sure to turn NoScript ON for ALL sites. It's not on by default, when the SHIELD shows...it's on!
5) Never - ever use an acronym you'd use with your normal ISP (IP address), this WILL unmask you.
6) Do NOT use FLASH or JAVASCRIPT.
7) Do NOT do any banking business or anything that would identify the real you using TOR. Tor is like walking into an underworld of the worst place you could imagine in a bad movie (except Darknet is very real, and can be a VERY dark place, it has freedom...but freedom is precious there, and there's someone waiting on every corner to con you, and remember - this threat is VERY REAL!), so don't be a fool. Do what you have to, but stay safe.
8) Do NOT brag to friends that you're safe with Tor. As far as you know, you don't even know what Tor is.
9) If you can, use Tor with a laptop that has never been used on a wired or wireless KNOWN network with you, but only used for TOR ...without a harddisk! Use it to connect with TOR on a different network, preferably in a different city than where you live. You can't get much safer than that....IF...you apply the other 8 rules above.
10) Don't SURF TOO LONG AT ONCE - People are working to unmask TOR users all the time with Injection attacts, and they succeed often! Notice that when the chain of relays break (refreshes)...always keep looking at the NETWORK MAP...ALWAYS, DISCONNECT LIKE THE WIND and find another time to connect short sessions. Keep things brief, and as many clusters as you can.
11) Always make sure that the TAILS CHECKSUM IS MATCHING! I've downloaded TAILS TWICE from their so called official server and had CHECKSUM MISMATCH, this could be as simple as a faulty packet...but it could also be much more serious than that, imagine the rest yourself - BE PARANOID! It's your life!

Information is the only power we have left!

Re:Hide behind todays popular hate-topic... (0)

Anonymous Coward | about a month and a half ago | (#47609321)

> this could be as simple as a faulty packet..

Unlikely given that TCP is fully check-summed and if you used SSL then its even less likely given that a single flipped bit would have triggered a problem with the decryption as well.

Re:Hide behind todays popular hate-topic... (1)

MindPrison (864299) | about a month and a half ago | (#47609367)

> this could be as simple as a faulty packet..

Unlikely given that TCP is fully check-summed and if you used SSL then its even less likely given that a single flipped bit would have triggered a problem with the decryption as well.

Even a check-sum can be wrong, albeit not very likely. Give the following scenario a thought. The number 255 becomes 200 at address $0002. At Address $0004 the number contained is 00 but becomes 55, the check-sum total will still be the same (unless I missed something, which is possible...I don't know everything).

Re:Hide behind todays popular hate-topic... (1)

sconeu (64226) | about a month and a half ago | (#47609399)

Download checksum are usually one or more of MD5SUM, SHA1SUM and SHA256SUM.

A simple transposition of bytes will not generate identical hashes.

Re:Hide behind todays popular hate-topic... (1)

Anonymous Coward | about a month and a half ago | (#47609715)

I suppose the topic was TCP checksums, not download checksums. Download checksums placed on pages served over http could probably be compromised with just 's/original checksum/infected checksum/' or equivalent, in a MITM scenario.

Re:Hide behind todays popular hate-topic... (0)

Anonymous Coward | about a month and a half ago | (#47609491)

TCP checksum is indeed trivial to foil

Re:Hide behind todays popular hate-topic... (0)

Anonymous Coward | about a month and a half ago | (#47609415)

TCP only uses checksums on the headers. It's doubtful he was using SSL to download Tails, but if he were, the data could've been corrupted before the SSL encapsulation.

But what is he doing that's so secret he needs a separate laptop? I smell trolling, or mental health issues.

Re:Hide behind todays popular hate-topic... (5, Funny)

anthroboy (663415) | about a month and a half ago | (#47609405)

5) Never - ever use an acronym you'd use with your normal ISP (IP address), this WILL unmask you.

ASAP, scuba, laser, Nabisco, Esso, ISP, HTTP, USB, PDF, CYA... Who knew acronyms were so dangerous?

Re:Hide behind todays popular hate-topic... (1)

CreatureComfort (741652) | about a month and a half ago | (#47609485)

9) If you can, use Tor with a laptop that has never been used on a wired or wireless KNOWN network with you, but only used for TOR ...without a harddisk! Use it to connect with TOR on a different network, preferably in a different city than where you live. You can't get much safer than that....IF...you apply the other 8 rules above.

While this sounds ludicrous on its face, (Really? Driving to different cities just to surf anonymously?), I would have suggested connecting via a VPN, or chained VPNs depending on your paranoia and tolerance for network delay. If every time you connect you set your opposite end point to a different country each time. Especially if reconnecting frequently as noted in 10).

12) If you have to go through this much trouble to function on the Internet, seriously reconsider your life and lifestyle. Is it really worth it?

Re:Hide behind todays popular hate-topic... (1)

Anonymous Coward | about a month and a half ago | (#47610133)

Let's turn that last question on its head.

What, exactly, does my lifestyle have to do with wanting to be able to anonymously browse the internet? The short answer is absolutely nothing. I shouldn't have to fear being spied upon, and let's be honest here this is spying in every sense of that word, because I choose to try to be anonymous. Being anonymous isn't a flag of anything, anywhere, anytime. We keep trying to make boogeymen out of anonymity when in fact, the biggest monsters we've seen in all-too-human context have always been right in front of us. You can name them, you can even see how their rise to power has been charted by the news of the day.

So your #12 there does not have one iota of reason to it. And yes, it is worth it.

Re:Hide behind todays popular hate-topic... (2)

Jane Q. Public (1010737) | about a month and a half ago | (#47610877)

Your item 12 is the whole point here. In a free country you should not have to go through all these steps just to keep your communications private. You don't have to be a criminal in order to have legitimate reasons for private conversations and business deals.

Re:Hide behind todays popular hate-topic... (0)

Anonymous Coward | about a month and a half ago | (#47609741)

...and that's how and WHY they get away with this. This is against any human rights, but shout "won't anyone PLEASE think of the Children", and these agencies can get away with murder.

Except this time actual pedophiles were caught, their sites brought down and houses searched.

There isn't some big system that is supposed to "save the children" that actually doesn't help the children at all. There still are child porn blocking filters in Europe, that just "block bad material" and AFAIK don't actually incriminate anyone, just block.

Re:Hide behind todays popular hate-topic... (1)

godel_56 (1287256) | about a month and a half ago | (#47609973)

...and that's how and WHY they get away with this. This is against any human rights, but shout "won't anyone PLEASE think of the Children", and these agencies can get away with murder.

So that said, to any whistleblower out there who doesn't have the tech savvy that we have, I'd offer a little bit of advice, read it - and don't forget it, you might just be next if you do:

1) Download Tails. Install it preferably on a CD.
2) Remove your hard disk connection (removing the power is enough) when you intend to boot from Tails.
3) Shut down your WiFi. And only use WIRED connections.
4) Boot tails, and when you start Iceweasel - make sure to turn NoScript ON for ALL sites. It's not on by default, when the SHIELD shows...it's on!

Stuff deleted

If you really need to be anonymous, use a computer that you bought for cash, that is ONLY used for communicating over Tor with Tails, preferably using somebody else's Wi-Fi. Even if the Feds do manage to plant a beacon on this computer, it will only show up when you are communicating anonymously. Your secure computer should be air gapped from your main work/internet computer.

Re:Hide behind todays popular hate-topic... (0)

Anonymous Coward | about a month and a half ago | (#47610103)

"Install it preferably on a CD."
But if I do that, how do I keep TOR up to date? Can it download the latest and keep it in the RAM for the time of run? Or should I write a new CD after every release?

Of course this depends on who you're hiding from (0)

Anonymous Coward | about a month and a half ago | (#47610999)

If just the MPAA/RIAA, you probably need much less - since those that can track tor traffic probably won't expose their hacks for movie piracy.

Fuck the children (0)

Anonymous Coward | about a month and a half ago | (#47609211)

- George Carlin

Re:Fuck the children (0)

Anonymous Coward | about a month and a half ago | (#47609519)

That's what the Feds are trying to keep from happening. A noble goal, although it's being implemented in a misguided and probably illegal manner.

the CP sites is one thing, Freedom Hosting another (1)

raymorris (2726007) | about a month and a half ago | (#47609233)

From the article, it sounds like we know they used it to identify computers browsing child porn sites. They had warrants. Okay, I'm not too upset about that. MAYBE they also did it to all sites hosted by Freedom Hosting. THAT would be a problem.

the CP sites is one thing, Freedom Hosting another (0)

Anonymous Coward | about a month and a half ago | (#47609343)

They also did it to all sites hosted by Freedom Hosting THAT would is a problem.
FTFY

Re:the CP sites is one thing, Freedom Hosting anot (2)

Carnildo (712617) | about a month and a half ago | (#47609895)

They did it to all sites hosted by Freedom Hosting. Most notably, they did it to Tormail -- not a kiddie porn site, a webmail provider.

Re: the CP sites is one thing, Freedom Hosting ano (0)

Anonymous Coward | about a month and a half ago | (#47610453)

Old Testament allows men to marry female children. America is a feminist police state. A woman's country. Men should not be loyal.

(p7us one Informative) (-1)

Anonymous Coward | about a month and a half ago | (#47609243)

Problem5 with [goat.cx]

Malware? (0)

Anonymous Coward | about a month and a half ago | (#47609255)

So these people are so concerned about online privacy that they use Tor...on a proprietary OS!
Facepalm.

Fourth Amendment? (1)

Anonymous Coward | about a month and a half ago | (#47609277)

In the article, they mention that one of the drive by malware installations by the FBI hit the servers of a webmail service called Tormail in the process of going after a site that was believed to be hosting child porn. Presumably, they used the malware to search PCs, including those of Tormail users who had committed no crime. Wouldn't this be a massive violation of the fourth amendment?

The problem here isn't the FBI. (4, Insightful)

BitterOak (537666) | about a month and a half ago | (#47609279)

I know this won't be a popular position here, but the problem here isn't with what the FBI is doing, but rather the fact that they can do it. The problem is with the technology: it just isn't as secure as it's supposed to be. When a hacker finds a vulnerability in a security system, most people on Slashdot say don't blame the hacker, but rather fix the underlying vulnerabilities in the system. Instead of pointing the finger at the FBI for using vulnerabilities in TOR, web browsers, and/or operating systems, we should be glad that they're making this public, so the vulnerabilities can be fixed. After all, if the FBI can do this, so can criminals, governments hostile to free speech, and many other malicious parties. Let's learn from what the FBI is doing and harden the systems, to make legitimate users of Tor and similar services safer.

Re:The problem here isn't the FBI. (4, Informative)

Anonymous Coward | about a month and a half ago | (#47609347)

> we should be glad that they're making this public

That's the problem, they are working as hard as possible to prevent the information from becoming public.

While this is the FBI we are talking about here, I would be sooooo onboard with the NSA if they amended their charter to simply shoring up vulnerabilities rather than exploiting them for their own opaque purposes.

Re:The problem here isn't the FBI. (0)

Anonymous Coward | about a month and a half ago | (#47609941)

... the problem here isn't with what the FBI is doing, but rather the fact that they can do it.

Well, it is a problem if what they're doing is in violation of the 4th amendment, because then an organization that is supposed to help safeguard our rights is violating them. That's the theme of this article - should the FBI be allowed to do this? Not whether it's surprising they can.

(AC to preserve mods)

Simply put... (0)

Anonymous Coward | about a month and a half ago | (#47609293)

We are one slippery slide away from specifically targeting all users of TOR regardless of what services and sites they use.

At least this was a targeted attack against people actually breaking a law. Not as bad as the general fishing that the article explains. Still it is scary to think that thought crimes are being so focus'd on when we have more pressing issues as a society to deal with.

Re:Simply put... (1)

Opportunist (166417) | about a month and a half ago | (#47609499)

If "breaking the law" matters in that case, I think we should not run those TOR exit nodes for people trying to circumvent the filters of their country...

Smart (4, Insightful)

TheCarp (96830) | about a month and a half ago | (#47609383)

I hate to say it, but this is pretty smart. They seem to have realized that using their new techniques against child porn is the best way forward for them because the issue has stigma to spare that can help quell dissent, then, once the practice is firmly established, they can quietly expand it to everything else they desire.

Re:Smart (1)

Opportunist (166417) | about a month and a half ago | (#47609509)

It would be smart if it was a new idea. But in fact it's just a rather old practice, just that it's "on the internet" this time.

Re:Smart (2)

mrchaotica (681592) | about a month and a half ago | (#47609883)

Quick! Somebody patent it and force them to stop!

Re:Smart (1)

AHuxley (892839) | about a month and a half ago | (#47610027)

It seems what was tracked in the past has now moved to a drift net system.
From 2007 "....a tracking system capable of pinpointing specific workstations that searched for and downloaded....."
http://www.zdnet.com/blog/secu... [zdnet.com]

Re:Smart (2)

Innominandum (453982) | about a month and a half ago | (#47610595)

They've been passing laws in Canada using this technique for at least a decade. More recently there was the 'With us or with the child pornographers' comment by Vic Toews which pretty much ended his career. People are getting a bit more savvy to this type of bullshit.

Looks like a fairly simple hack they did. (3, Interesting)

jcochran (309950) | about a month and a half ago | (#47609437)

In a nutshell, they simply had any computer that contacted the web site send back the computer's real IP address and its MAC address. The actual security of the Tor wasn't affected. Just that compromising information was sent through the Tor network. Just as any other data would be sent through the Tor network.

Now I suspect the MAC address was sent so that they could identify the actual computer when they seized it via a warrant. That way the suspect couldn't claim that it wasn't their computer since the IP address was on the other side of a NAT and there were multiple computers using NAT. And the IP address was simply to make identifying the physical location easier.

Which raises an interesting question....
What if someone alters their MAC address and then enters the Tor network via a public wifi hotspot?
The connection is encrypted so the fact that the hotspot is publicly accessible shouldn't be a problem.
And when the computer is turned off, the MAC spoofing goes away so even if the computer is seized, they don't have a matching MAC address to prove it's the computer they hacked. And of course, since access was via an open hot spot, there's plenty of computers that could have been connected. Proving which one would be rather ... difficult ... without that MAC address.

Re:Looks like a fairly simple hack they did. (1)

BitterOak (537666) | about a month and a half ago | (#47609561)

In a nutshell, they simply had any computer that contacted the web site send back the computer's real IP address and its MAC address. The actual security of the Tor wasn't affected.

Ummm, the whole purpose of Tor is to make it impossible for the web host to determine your real IP address, so if it is so easy to get the browser to send that information back to the server then they've COMPLETELY disabled the security of the Tor network, so I really don't understand your statement that the "security of Tor wasn't affected."

Re:Looks like a fairly simple hack they did. (1)

SuricouRaven (1897204) | about a month and a half ago | (#47609809)

TOR just anonymises transport. What goes over that transport is not part of the TOR system, it's just blind bytes being carried by it. So the attack, targetting the browser at the endpoint, didn't actually involve TOR - it just circumvented the need to break TOR by attacking another component instead.

Re:Looks like a fairly simple hack they did. (1)

fisted (2295862) | about a month and a half ago | (#47610175)

TOR doesn't operate at the MAC level, your MAC address doesn't make it past your gateway.
So the only way to leak your MAC address is actually transmitting it as whatever kind of application layer payload, or if your TOR entry node happens to be right on your local network...

Low standards (2, Insightful)

king neckbeard (1801738) | about a month and a half ago | (#47609441)

They consider finding out about a dozen alleged USERS of child porn sites a big win?

Re: Low standards (-1)

Anonymous Coward | about a month and a half ago | (#47610467)

It matters to women. The first thing they banned was men marrying female children. This is a woman's country in a woman's world.

Re:Low standards (1)

Anonymous Coward | about a month and a half ago | (#47610867)

Yes. More specifically, a big PR win.

The FBI program sounds alot like this one at NSA (4, Interesting)

sasparillascott (1267058) | about a month and a half ago | (#47609453)

I wouldn't be surprised a bit to learn they are related:

https://firstlook.org/theinter... [firstlook.org]

Snowden docs, exceptional description of the Turbine program that seeds malware to non-targeted individuals - goal by the NSA (then) was millions of infections.

The logical extension of this is, in the end, to compromise all personal and business computer systems - so anything is available when needed.

Mostly harmless (-1, Flamebait)

Anonymous Coward | about a month and a half ago | (#47609463)

If you had Javascript disabled, you were safe. Even though TOR has it enabled by default, almost all pedo sites has a javascript pop-up to tell you that you're not surfing safe and to turn it off. Also you had to turn TOR off and use the same browser on the regular web to deliver the data to the FBI, also not recommended. And if you'd set it to not store cache, history, cookies etc. as recommended you'd also be immune. They caught what, two dozen? There's literally thousands of active members on TLZ and *lol*IB, which is where everybody went after OPVA and Lolita City (both hosted on Freedom Hosting) went down. And smart people don't rely on TOR alone, always have at least two layers of defense. Well, three if you count my full disk crypto as a last resort if the police do knock down my door - there'll still be no proof to find here.

Re: Mostly harmless (0)

Anonymous Coward | about a month and a half ago | (#47609705)

And you know this detailed information how?

Re: Mostly harmless (0)

Anonymous Coward | about a month and a half ago | (#47609803)

Give me your gmail address and I'll email you a clue

Re: Mostly harmless (0)

Anonymous Coward | about a month and a half ago | (#47609967)

And you know this detailed information how?

He... umm... heard it from a friend.

Re:Mostly harmless (0)

Anonymous Coward | about a month and a half ago | (#47610151)

Hey Roger . . . I see what you did.

Re:Mostly harmless (0)

Anonymous Coward | about a month and a half ago | (#47610167)

I have to say I'm a more than a little incredulous. This is the first time I've ever encountered someone like you. May I just simply ask what is it about pictures of exploited children you find so much more appealing than the plethora of normal legal smut the rest of us enjoy? I simply don't get it. What's the point?

Be a shame if drive by hacks of autopilot cars (2)

WillAffleckUW (858324) | about a month and a half ago | (#47609557)

It would be a shame if hackers retaliated with drive by hacks of autopiloted cars using small RC vehicles mounting range extended telecom connectors.

But, those who live by the unconstitutional spying on their own citizens deserve what blowback they get.

If you don't have anything to hide, you don't understand what metadata is.

Did you know? (0)

Anonymous Coward | about a month and a half ago | (#47610033)

Did you know the FBI is primarily a mormon organization, ran by the mormons?

I bet you didn't know that.

Old stuff (0)

Anonymous Coward | about a month and a half ago | (#47610487)

This is nothing new. I was with AnonOps where they posted a fake firefox TOR button which actually connected to a VPS and then to TOR while the VPS logged every connection, many many people downloaded it and many users of a certain large porn site were unmasked, sadly as well as users of TSR.

It just shocks me the FBI uses such primitive and crude methods.

With FBIs like these... (1)

hsthompson69 (1674722) | about a month and a half ago | (#47610685)

...who needs FSBs?

We seem to have this quaint notion that government abuses only happen in soviet bloc, or communist countries...the fact of the matter is that our oversized, powerful, and power hungry federal government has the same tendencies towards corruption and abuse. Hell, we seem to take for granted that oversized, powerful, and power hungry *companies* are corrupt and abusive, but never seem to apply the same strict scrutiny to our unaccountable government bureaucrats.

Are any non Child Porn users using Tor? (1)

mtthwbrnd (1608651) | about a month and a half ago | (#47610823)

Are there any statistics about the usage or contents on TOR? It seems from all of the press that I have read that it is mainly a Child Porn network.

Who else is actually using the technology? Please do not reply with "theoretical uses" such as "somebody in China *could* use it to communicate information which the government does not want to be transmitted", unless you can actually back it up with an actual occurrence of it.

What I want is not really individual cases but to know if anybody has done a statistical analysis of the actual content types and usage.

Catching a pedo (-1, Troll)

mtthwbrnd (1608651) | about a month and a half ago | (#47610901)

There is a fantastic US TV show where the crew pose as children on the internet in order to catch pedo animals. So many of these sick animals are out there. They get them to meet up and when the animals enter the house they are greeted by a 6 foot Male who tells them to sit down and proceeds interrogates them about what the f*ck they think they are doing.

The police arrest them as they leave the house.

https://www.youtube.com/result... [youtube.com]

Of course, every one of them, upon being caught red handed, say: "I have never done this before, this is my first time".

Unfortunately some of them are repeat offenders because the libtards have argued that pedo animals should be allowed to roam the streets even after they have been convicted of raping children. Personally I think we should just shoot them in the head and throw their bodies in a land fill.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>