Forgot your password?
typodupeerror
Government United States Your Rights Online

FBI Admits It Controlled Tor Servers Behind Mass Malware Attack 292

Posted by timothy
from the something-you'd-wish-was-hard-to-believe dept.
MikeatWired writes "It wasn't ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors. Freedom Hosting's operator, Eric Eoin Marques, had rented the servers from an unnamed commercial hosting provider in France, and paid for them from a bank account in Las Vegas. It's not clear how the FBI took over the servers in late July, but the bureau was temporarily thwarted when Marques somehow regained access and changed the passwords, briefly locking out the FBI until it gained back control. The new details emerged in local press reports from a Thursday bail hearing in Dublin, Ireland, where Marques, 28, is fighting extradition to America on charges that Freedom Hosting facilitated child pornography on a massive scale. He was denied bail today for the second time since his arrest in July. On August 4, all the sites hosted by Freedom Hosting — some with no connection to child porn — began serving an error message with hidden code embedded in the page. Security researchers dissected the code and found it exploited a security hole in Firefox to identify users of the Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia. The FBI was the obvious suspect, but declined to comment on the incident. The FBI also didn't respond to inquiries from WIRED today. But FBI Supervisory Special Agent Brooke Donahue was more forthcoming when he appeared in the Irish court yesterday to bolster the case for keeping Marque behind bars."
This discussion has been archived. No new comments can be posted.

FBI Admits It Controlled Tor Servers Behind Mass Malware Attack

Comments Filter:
  • by Anonymous Coward on Friday September 13, 2013 @09:13PM (#44846089)

    Nope, the NSA controlled the servers, it led to an NSA controlled IP address and they have the hackers needed. The BIG FAT LIE was that this block could be used by other agencies. Since potentially NSA broke the law for USA domestic Tor users, we have the FBI stepping forward to take the blame.

    But we know its the NSA that tracks and monitors TOR because it was in their leaked document as one of their many excuses for surveillance:
    http://www.theguardian.com/world/interactive/2013/jun/20/exhibit-b-nsa-procedures-document

    Also go read the first leaked warrant that let the NSA collect all the data (link below), it had the FBI's name on it. It was an FBI request to hand the data from Verizon's phone records to the NSA, a simple reacharound the domestic spying laws. The FBI acts as wing man for the NSA:

    http://www.theguardian.com/world/interactive/2013/jun/06/verizon-telephone-data-court-order?guni=Article:in%20body%20link

    FBI doesn't have the experts, or the IP address or the interest in Tor, it was NSA and it was timed just as the NSA was trying to prevent further leaks from its own analysts. At best the FBI simply provides the excuse, as it did with the Verizon incident.

    • by russotto (537200) on Friday September 13, 2013 @09:21PM (#44846135) Journal

      Nope, the NSA controlled the servers, it led to an NSA controlled IP address and they have the hackers needed.

      Don't be ridiculous. The NSA hackers were probably laughing and pointing at the FBI and snickering about how they were amateurs. Remember the NSA has only gotten caught when they've been betrayed, not because their technical means were discovered.

      • by Jah-Wren Ryel (80510) on Friday September 13, 2013 @09:26PM (#44846171)

        Remember the NSA has only gotten caught when they've been betrayed, not because their technical means were discovered.

        Only for very specific definitions of "caught" - back in 2007 we were pretty sure [wired.com] they had fucked with Dual_EC_DRBG.

      • by Burz (138833)

        Nope, the NSA controlled the servers, it led to an NSA controlled IP address and they have the hackers needed.

        Don't be ridiculous. The NSA hackers were probably laughing and pointing at the FBI and snickering about how they were amateurs. Remember the NSA has only gotten caught when they've been betrayed, not because their technical means were discovered.

        Uh... why would the FBI care about being caught? They are a domestic, (supposedly) civil police organization, while the NSA are military and international.

        • by AHuxley (892839)
          The FBI would be facing a US court or a non trivial extradition hearing. Real US lawyers and open foreign courts do like to see some evidence and some aspects surrounding a real warrant.
          Would the NSA with its military and international background and constant Russian interest really like to hint at vast long term databases in court? Any FBI investigation could use it to make 'hidden' connections and get warrants?
          Sooner or later crime and countries under FBI watch would wonder about the near perfect dig
        • by AK Marc (707885)
          The FBI isn't "domestic". The only organizations with rules on operations are the CIA and military, who have rules against domestic operations. The FBI is the international investigations point for international kidnapping of US citizens. Though, in practice, that consists almost solely of representing one US citizen parent against another US citizen parent when one has fled the country with a child. International domestic disturbances is most of the FBI's international activity, but not the only intern
        • by rtb61 (674572) on Saturday September 14, 2013 @01:01AM (#44846973) Homepage

          You seem to have forgotten that the FBI has to broken computer laws in 'other' countries. The mind boggles as this FBI agent turning up in a foreign court after breaking computer laws, claiming evidence obtained by hacking computers. The judge in that Irish court has to be the biggest lame duck in history. As soon as the FBI agent admitted what they did, the judge should have ordered the agent arrested and held for trial. The law is the law and US law is not law in Ireland and the FBI has zero right to break Ireland's computer laws. Any evidence obtained, well, might as well be fantasy father than fact as there is no way for a court to tell what was real and what was fabricated on an 'illegally' hacked computer.

        • by Jane Q. Public (1010737) on Saturday September 14, 2013 @01:06AM (#44846983)

          "Uh... why would the FBI care about being caught?"

          Because they illegally interrupted service of hundreds if not thousands of other customers of the hosting service.

          See 18 USC 242, "Deprivation of Rights Under Color of Law" [justice.gov]

          When there is danger of infringing on the rights (which includes contracts) of innocent parties, law enforcement is, at the very least, required to use "narrowly tailored" means to effect their business.

          They used pretty much the opposite of "narrowly tailored" means. They just took over the whole hosting company and surveilled ALL the users.

          Definitely a no-no. Definitely illegal.

          No reasonable person is in favor of child pornography. But law enforcement is not allowed to break the law in order to enforce the law.

      • by AHuxley (892839)
        Re technical means and what was Operation Fairplay back in ~2005~2008:
        Senator: Let's monitor P2P for illegal files
        http://news.cnet.com/8301-10784_3-9920665-7.html [cnet.com]
        "for purposes of longer-term tracking, the software captures "unique serial numbers" from the person's computer "
        Tor seemed to be the next step or was on the list with irc and any other method of moving files?
    • by innocent_white_lamb (151825) on Friday September 13, 2013 @10:49PM (#44846517)

      TFA sez "The official IP allocation records maintained by the American Registry for Internet Numbers show the two Magneto-related IP addresses were part of a ghost block of eight addresses that have no organization listed. Those addresses trace no further than the Verizon Business data center in Ashburn, Virginia, 20 miles northwest of the Capital Beltway."
       
      So it's not clear if those addresses belong to the FBI, the CIA, NSA, or anyone else.
       
      Is this even "legal" on the Internet? Perhaps those IP addresses should be reclaimed and reassigned by ARIN since "nobody" is using them and IPV4 addresses are now in short (nonexistent) supply.

      • Get Linus to perm block NSA IP addresses in the linux kernel.

        Get every one at home and at all levels of business etc... and android phones/tablets to block all those IP addresses too in all firewalls/modems.

        Infact we could probably black list dozens of A classes by default, and not one would notice.

        We need a distributed ipchains black list that includes all governments of all countries.

  • by Zemran (3101) on Friday September 13, 2013 @09:16PM (#44846107) Homepage Journal

    Land where Freedom will not be tolerated.

    • XXXX, XXXX, it's all XXXX, I tell ya.

  • by BenEnglishAtHome (449670) on Friday September 13, 2013 @09:18PM (#44846113)

    Remember when we used to think that U.S. LEOs still had some sense of ethics and would never actually send child porn to anyone to make a case? Now we know that, at least for a while, the FBI was running the servers. The FBI was responsible for serving up, by all accounts, half the *.onion-based child porn sites in the world.

    Is this the first time they crossed this line? Or have they done so before?

    • Re: (Score:3, Informative)

      by Anonymous Coward

      According to the summary: On August 4, all the sites hosted by Freedom Hosting — some with no connection to child porn — began serving an error message with hidden code embedded in the page.

      The FBI didn't serve any child porn. While they had control of the servers, the sites served nothing but an error page with their trojan.

    • by sribe (304414)

      Is this the first time they crossed this line? Or have they done so before?

      IIRC, the USPS did this as long ago as the 80s...

      • by nbauman (624611)

        IIRC, the USPS did this as long ago as the 80s...

        Jacobson v. United States
        https://en.wikipedia.org/wiki/Jacobson_v._United_States [wikipedia.org]

        The bad news is that it was a 5-4 decision.

        The current Supreme Court probably wouldn't vote that way again today.

        It's almost impossible to win an entrapment defense today.

    • US authorities have a long history of peddling pornography through the mail, whatever kind was most offensive to society at the time. Nowadays it's kiddie porn, but that wasn't always the case.

      Goes back a hundred years at least.

    • Remember when we used to think that U.S. LEOs still had some sense of ethics and would never actually send child porn to anyone to make a case? Now we know that, at least for a while, the FBI was running the servers. The FBI was responsible for serving up, by all accounts, half the *.onion-based child porn sites in the world.

      Are you trying to claim that the FBI pushed child porn to people that weren't looking for it? Or are you complaining that they seized an existing child porn distribution network and ran a sting against people that came looking for it?

      • by AK Marc (707885)
        They seized a hosting service and then served child porn. You are presuming too much when you assume the porn was there before they seized it. It's also possible (or probable) that the FBI seized it, then uploaded to catch anyone who came looking for a Rhianna song.
      • by rtb61 (674572)

        Sorry not a sting, straight up breaking of computer laws by the FBI. I have ended up upon hundreds of thousands of internet pages I never intended to, some by misrepresentation on search results, some by redirects, some by stumble upon, some by other random web site selectors, some by bad web page adds, some by simple eye hand coordination between mouse pointer and mouse clicks (overall the worst has been re-directs, ending up going from one place to another without ever getting to the place intended until

    • by Burz (138833)

      Remember when we used to think that U.S. LEOs still had some sense of ethics and would never actually send child porn to anyone to make a case? Now we know that, at least for a while, the FBI was running the servers. The FBI was responsible for serving up, by all accounts, half the *.onion-based child porn sites in the world.

      Is this the first time they crossed this line? Or have they done so before?

      Yes, and they also browbeat poor and indigent people (sometimes a hundred times or more) into acts of "terrorism". And they do it within the environs of leftist political movements. Making the population unnecessarily afraid of death/dismemberment from otherwise peaceful political groups is terrorist activism in a class of its own.

    • Is this the first time they crossed this line? Or have they done so before?

      First time? The *entire premise* of the government model is to do some wrong in order to do (some other) right. "The ends justify the means" is baked in the cake.

    • by nbauman (624611)

      Is this the first time they crossed this line?

      No.

      https://en.wikipedia.org/wiki/Jacobson_v._United_States [wikipedia.org]

    • by Kjella (173770)

      It has long been a court approved policy that if the cops find a running server they don't have to take it down, they can keep the lights on and record all the people accessing it. As far as I know that has been the case since FTP servers in the 80s if not before. However, it's the first time I've heard of them serving trojans, that means actively breaking the law in all other countries of the world by compromising clients that aren't under US jurisdiction. In particular if this happened on sites that weren

  • by Kevin Fishburne (1296859) <kevinfishburne AT eightvirtues DOT com> on Friday September 13, 2013 @10:26PM (#44846429) Homepage
    How is any of this remotely legal? Every day we have a new article explaining how the feds have been pounding our apparently imagined liberties in the goat ass, they get 300-500 comments (a lot for ./ these days) and then nothing happens. I'm a healthy skeptic, but this is literally the paranoid conspiracy-theorist's worse nightmare incarnate. I'm flabbergasted. In all seriousness, do we need to just move to a different country at some point? Is this what the start of a pseudo-democracy looks like and we just can't believe the warning signs are real? Just crazy...
    • by Martin Blank (154261) on Friday September 13, 2013 @11:00PM (#44846565) Journal

      You can't win by moving to another country. As much as Germany got up in arms about the NSA spying on it, German intelligence agencies have also been found to be skirting their own laws regarding monitoring people. If you want to move you have to find a country that is:
      * Not part of UKUSA (knocking out United States, Canada, Australia, New Zealand, and the UK)
      * Not part of NATO (knocking from the list Albania, Belgium, Bulgaria, Croatia, Czech Republic, Denmark, Estonia, France, Germany, Greece, Hungary, Iceland, Italy, Latvia, Lithuania, Luxembourg, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Turkey)
      * Not extremely friendly to or reliant on US intelligence assets (removing Japan, Thailand, the Philippines, Israel, and much of South America)
      * Not part of the former Soviet Union (even Ukraine is working closely with Moscow these days)
      * Not making a public point of monitoring its residents (China, India, and others)
      * Still reasonably democratic and not horribly corrupt (seriously, US corruption has nothing on most of the world)

      The list gets very small at this point. You have Finland and Sweden, but they're not trivial places to move to weather-wise unless you've lived in, say, Alaska or Maine, and Sweden may have been working with the NSA and/or monitoring its residents. Switzerland is also a possibility. But these require some very significant personal choices, involve massive lifestyle changes, and may not be possible as even the short list of nations that do fit the bill don't make immigration easy.

      • by he-sk (103163)

        Sweden cooperates closely with Five Eyes. Apparently, their intelligence service is out of control as well. Sorry, no links, but you can google it yourself. Incidentally, that brings a few incidents of the past into a new light, e.g., the raid on the pirate bay servers as well as the charges against Assange.

    • I'm a healthy skeptic, but this is literally the paranoid conspiracy-theorist's worse nightmare incarnate.

      and the most troubling part is that the reality hasn't changed - it's just become apparent. The "tinfoil crowd" has been right all along.

      I'm flabbergasted. In all seriousness, do we need to just move to a different country at some point?

      A less drastic step is to join others who feel this way in the same country [freestateproject.org]. There is strength in numbers, which is causing them to gather. Be careful of selection

  • by plazman30 (531348) on Saturday September 14, 2013 @09:13AM (#44848457) Homepage
    So. has TOR now been permanently compromised?

The biggest mistake you can make is to believe that you are working for someone else.

Working...