The FBI Is Infecting Tor Users With Malware With Drive-By Downloads

Advocatus Diaboli (1627651) writes For the last two years, the FBI has been quietly experimenting with drive-by hacks as a solution to one of law enforcement's knottiest Internet problems: how to identify and prosecute users of criminal websites hiding behind the powerful Tor anonymity system. The approach has borne fruit—over a dozen alleged users of Tor-based child porn sites are now headed for trial as a result. But it's also engendering controversy, with charges that the Justice Department has glossed over the bulk-hacking technique when describing it to judges, while concealing its use from defendants.

This doesn't seem legit

[Anonymous Coward]

What ever happened to not breaking the law to collect evidence?

Re:This doesn't seem legit

[Austerity Empowers]

The same thing as what happened to unicorns and leprechauns.

Re:

[Sir Foxx]

Okay I understand what your saying but can you tell me what the ratio of Unicorns to Leprechauns are to ShruteBucks to StanleyNickels?

Re:

[Anonymous Coward]

Government is above the law. You do as they say, not as they do.
Unless you're one of the elite, you're not allowed to participate in computer fraud, destruction of property, and accessing an electronic device with malicious intent.

Re:

[postbigbang]

Hey- Google does this, and legally, and gets child porn emails!

The ends always justify the means. That's what the world has come to.

Sadly.

Rule of law? Holders of the gold filigreed rulers get the law, it would seem.

Re:

[WillAffleckUW]

What ever happened to not breaking the law to collect evidence?

Oh please. Only the rich and powerful have rights in East German America.

Re:

[Lazere]

That would be the CFAA and the Fourth Amendment (but who gives a shit about the Fourth anyway?)

Re: This doesn't seem legit

[slick7]

May the fourth be with you.

Re:

[omnichad]

They should have had a warrant before infecting them. But a drive-by download can hit anyone, so it's almost certainly breaking 4th Amendment protection.

Re:

[Opportunist]

Nice distraction by omission, but how about the 4th?

Re: This doesn't seem legit

[bill_mcgonigle]

Have you not been paying attention? It clearly doesn't bind the FBI, NSA, or CIA. In maybe one in a thousand cases you might catch them and you might get redress, but 999/1000 is the reality.

Hide behind todays popular hate-topic...

[MindPrison]

...and that's how and WHY they get away with this. This is against any human rights, but shout "won't anyone PLEASE think of the Children", and these agencies can get away with murder.

So that said, to any whistleblower out there who doesn't have the tech savvy that we have, I'd offer a little bit of advice, read it - and don't forget it, you might just be next if you do:

1) Download Tails. Install it preferably on a CD.
2) Remove your hard disk connection (removing the power is enough) when you intend to boot from Tails.
3) Shut down your WiFi. And only use WIRED connections.
4) Boot tails, and when you start Iceweasel - make sure to turn NoScript ON for ALL sites. It's not on by default, when the SHIELD shows...it's on!
5) Never - ever use an acronym you'd use with your normal ISP (IP address), this WILL unmask you.
6) Do NOT use FLASH or JAVASCRIPT.
7) Do NOT do any banking business or anything that would identify the real you using TOR. Tor is like walking into an underworld of the worst place you could imagine in a bad movie (except Darknet is very real, and can be a VERY dark place, it has freedom...but freedom is precious there, and there's someone waiting on every corner to con you, and remember - this threat is VERY REAL!), so don't be a fool. Do what you have to, but stay safe.
8) Do NOT brag to friends that you're safe with Tor. As far as you know, you don't even know what Tor is.
9) If you can, use Tor with a laptop that has never been used on a wired or wireless KNOWN network with you, but only used for TOR ...without a harddisk! Use it to connect with TOR on a different network, preferably in a different city than where you live. You can't get much safer than that....IF...you apply the other 8 rules above.
10) Don't SURF TOO LONG AT ONCE - People are working to unmask TOR users all the time with Injection attacts, and they succeed often! Notice that when the chain of relays break (refreshes)...always keep looking at the NETWORK MAP...ALWAYS, DISCONNECT LIKE THE WIND and find another time to connect short sessions. Keep things brief, and as many clusters as you can.
11) Always make sure that the TAILS CHECKSUM IS MATCHING! I've downloaded TAILS TWICE from their so called official server and had CHECKSUM MISMATCH, this could be as simple as a faulty packet...but it could also be much more serious than that, imagine the rest yourself - BE PARANOID! It's your life!

Information is the only power we have left!

Re:Hide behind todays popular hate-topic...

[anthroboy]

5) Never - ever use an acronym you'd use with your normal ISP (IP address), this WILL unmask you.

ASAP, scuba, laser, Nabisco, Esso, ISP, HTTP, USB, PDF, CYA... Who knew acronyms were so dangerous?

Re:

[f3rret]

5) Never - ever use an acronym you'd use with your normal ISP (IP address), this WILL unmask you.

ASAP, scuba, laser, Nabisco, Esso, ISP, HTTP, USB, PDF, CYA... Who knew acronyms were so dangerous?

Most of those are initialisms though.

Re:

[CreatureComfort]

9) If you can, use Tor with a laptop that has never been used on a wired or wireless KNOWN network with you, but only used for TOR ...without a harddisk! Use it to connect with TOR on a different network, preferably in a different city than where you live. You can't get much safer than that....IF...you apply the other 8 rules above.

While this sounds ludicrous on its face, (Really? Driving to different cities just to surf anonymously?), I would have suggested connecting via a VPN, or chained VPNs depending on your paranoia and tolerance for network delay. If every time you connect you set your opposite end point to a different country each time. Especially if reconnecting frequently as noted in 10).

12) If you have to go through this much trouble to function on the Internet, seriously reconsider your life and lifestyle. Is it rea

Re:

[Anonymous Coward]

Let's turn that last question on its head.

What, exactly, does my lifestyle have to do with wanting to be able to anonymously browse the internet? The short answer is absolutely nothing. I shouldn't have to fear being spied upon, and let's be honest here this is spying in every sense of that word, because I choose to try to be anonymous. Being anonymous isn't a flag of anything, anywhere, anytime. We keep trying to make boogeymen out of anonymity when in fact, the biggest monsters we've seen in all-too-human

Re:

[Jane Q. Public]

Your item 12 is the whole point here. In a free country you should not have to go through all these steps just to keep your communications private. You don't have to be a criminal in order to have legitimate reasons for private conversations and business deals.

Re:

[triclipse]

Be that as it may, we will never have a free country again. Ever. So I thank those of you who can educate us on how to keep our communications private for legitimate reasons.

Re:

[godel_56]

...and that's how and WHY they get away with this. This is against any human rights, but shout "won't anyone PLEASE think of the Children", and these agencies can get away with murder.

So that said, to any whistleblower out there who doesn't have the tech savvy that we have, I'd offer a little bit of advice, read it - and don't forget it, you might just be next if you do:

1) Download Tails. Install it preferably on a CD.
2) Remove your hard disk connection (removing the power is enough) when you intend to boot from Tails.
3) Shut down your WiFi. And only use WIRED connections.
4) Boot tails, and when you start Iceweasel - make sure to turn NoScript ON for ALL sites. It's not on by default, when the SHIELD shows...it's on!

Stuff deleted

If you really need to be anonymous, use a computer that you bought for cash, that is ONLY used for communicating over Tor with Tails, preferably using somebody else's Wi-Fi. Even if the Feds do manage to plant a beacon on this computer, it will only show up when you are communicating anonymously. Your secure computer should be air gapped from your main work/internet computer.

Re:

[lister king of smeg]

I would also change my mac address regularly just to make it harder to track your physical location You could always just use a random mac or if you want to be a real pain in the ass you could start mac cloning and find other people mac and copy them so when you go browse porn ^H^H^H^H the darkwebs it looks like the hipster with his macbook pro that just finished his mocha and left the coffee shop you happen to be sitting in.

Re:

[MindPrison]

> this could be as simple as a faulty packet..

Unlikely given that TCP is fully check-summed and if you used SSL then its even less likely given that a single flipped bit would have triggered a problem with the decryption as well.

Even a check-sum can be wrong, albeit not very likely. Give the following scenario a thought. The number 255 becomes 200 at address $0002. At Address $0004 the number contained is 00 but becomes 55, the check-sum total will still be the same (unless I missed something, which is possible...I don't know everything).

Re:

[sconeu]

Download checksum are usually one or more of MD5SUM, SHA1SUM and SHA256SUM.

A simple transposition of bytes will not generate identical hashes.

Re:

[Anonymous Coward]

I suppose the topic was TCP checksums, not download checksums. Download checksums placed on pages served over http could probably be compromised with just 's/original checksum/infected checksum/' or equivalent, in a MITM scenario.

Re:

[sconeu]

That's why most sites also PGP sign their checksums.

Re:

[Sigma 7]

Download checksum are usually one or more of MD5SUM, SHA1SUM and SHA256SUM.

A simple transposition of bytes will not generate identical hashes.

From RFC793 [ietf.org]:

The checksum field is the 16 bit one's complement of the one's complement sum of all 16 bit words in the header and text. If a segment contains an odd number of header and text octets to be checksummed, the last octet is padded on the right with zeros to form a 16 bit word for checksum purposes. The pad is not transmitted as part of the segment. While c

Re:

[sconeu]

Ah, I misunderstood. I thought you were referring to published file checksums, not TCP/IP checksumming.

Re:

[jeIIomizer]

Except this time actual pedophiles were caught, their sites brought down and houses searched.

The ends justify the means, huh? One of you people always pop out. I'd rather have freedom and privacy than your 'safety.'

There isn't some big system that is supposed to "save the children" that actually doesn't help the children at all.

Yes, there is. Going after people who look at porn is just a waste of time and saves no one.

the CP sites is one thing, Freedom Hosting another

[raymorris]

From the article, it sounds like we know they used it to identify computers browsing child porn sites. They had warrants. Okay, I'm not too upset about that. MAYBE they also did it to all sites hosted by Freedom Hosting. THAT would be a problem.

Re:

[Carnildo]

They did it to all sites hosted by Freedom Hosting. Most notably, they did it to Tormail -- not a kiddie porn site, a webmail provider.

Fourth Amendment?

[Anonymous Coward]

In the article, they mention that one of the drive by malware installations by the FBI hit the servers of a webmail service called Tormail in the process of going after a site that was believed to be hosting child porn. Presumably, they used the malware to search PCs, including those of Tormail users who had committed no crime. Wouldn't this be a massive violation of the fourth amendment?

The problem here isn't the FBI.

[BitterOak]

I know this won't be a popular position here, but the problem here isn't with what the FBI is doing, but rather the fact that they can do it. The problem is with the technology: it just isn't as secure as it's supposed to be. When a hacker finds a vulnerability in a security system, most people on Slashdot say don't blame the hacker, but rather fix the underlying vulnerabilities in the system. Instead of pointing the finger at the FBI for using vulnerabilities in TOR, web browsers, and/or operating systems, we should be glad that they're making this public, so the vulnerabilities can be fixed. After all, if the FBI can do this, so can criminals, governments hostile to free speech, and many other malicious parties. Let's learn from what the FBI is doing and harden the systems, to make legitimate users of Tor and similar services safer.

Re:The problem here isn't the FBI.

[Anonymous Coward]

> we should be glad that they're making this public

That's the problem, they are working as hard as possible to prevent the information from becoming public.

While this is the FBI we are talking about here, I would be sooooo onboard with the NSA if they amended their charter to simply shoring up vulnerabilities rather than exploiting them for their own opaque purposes.

Absolutely wrong

[s.petry]

On the surface this sounds valid, but you completely miss the obvious. The FBI, as well as other 3 letter agencies, are _creating_ software for the purpose of hacking into people's computers _illegally_. The FBI is not taking over some criminal botnet to harvest data, they are not intercepting malware C&C data to find things, they are creating their own malware for the purposes of performing illegal activities.

That fact alone should exemplify how wrong this is, since they are not only breaking laws regarding Constitutional issues. They are also breaking US and International law covering hacking, wire tapping, and computer espionage. You know, the same shit they were trying to slap Aran Schwarts with 70 years in prison for laws.

To use a drug analogy, the FBI can not start producing cocaine to find and arrest buyers. That is illegal, and repeatedly been reinforced as illegal.

Computer vulnerabilities don't exist by nature, people must create methods of making computers vulnerable. A program with a buffer overflow exploit would not be vulnerable without the code to exploit the program deficiency. If you truly believe computers should be fair game, then you should also believe that it's perfectly fine for someone to steal your car because locks are imperfect and can be bypassed. (Had to throw in the tried and tested car analogy also..)

Re:

[jeIIomizer]

but the problem here isn't with what the FBI is doing, but rather the fact that they can do it.

The problem is both.

Smart

[TheCarp]

I hate to say it, but this is pretty smart. They seem to have realized that using their new techniques against child porn is the best way forward for them because the issue has stigma to spare that can help quell dissent, then, once the practice is firmly established, they can quietly expand it to everything else they desire.

Re:

[Opportunist]

It would be smart if it was a new idea. But in fact it's just a rather old practice, just that it's "on the internet" this time.

Re:

[mrchaotica]

Quick! Somebody patent it and force them to stop!

Re:

[AHuxley]

It seems what was tracked in the past has now moved to a drift net system.
From 2007 "....a tracking system capable of pinpointing specific workstations that searched for and downloaded....."
http://www.zdnet.com/blog/secu... [zdnet.com]

Re:

[Innominandum]

They've been passing laws in Canada using this technique for at least a decade. More recently there was the 'With us or with the child pornographers' comment by Vic Toews which pretty much ended his career. People are getting a bit more savvy to this type of bullshit.

Re:

[TheCarp]

> lol Hackers have been doing this for a very long time, but this is nothing new or smart a script kiddie could do it

Sure but it isn't so much about the technology being used as that they are now using it and legitimizing their use of it by targeting a group that is so reviled as to taint any discussion of how they were targeted.

Looks like a fairly simple hack they did.

[jcochran]

In a nutshell, they simply had any computer that contacted the web site send back the computer's real IP address and its MAC address. The actual security of the Tor wasn't affected. Just that compromising information was sent through the Tor network. Just as any other data would be sent through the Tor network.

Now I suspect the MAC address was sent so that they could identify the actual computer when they seized it via a warrant. That way the suspect couldn't claim that it wasn't their computer since the IP address was on the other side of a NAT and there were multiple computers using NAT. And the IP address was simply to make identifying the physical location easier.

Which raises an interesting question....
What if someone alters their MAC address and then enters the Tor network via a public wifi hotspot?
The connection is encrypted so the fact that the hotspot is publicly accessible shouldn't be a problem.
And when the computer is turned off, the MAC spoofing goes away so even if the computer is seized, they don't have a matching MAC address to prove it's the computer they hacked. And of course, since access was via an open hot spot, there's plenty of computers that could have been connected. Proving which one would be rather ... difficult ... without that MAC address.

Re:

[BitterOak]

In a nutshell, they simply had any computer that contacted the web site send back the computer's real IP address and its MAC address. The actual security of the Tor wasn't affected.

Ummm, the whole purpose of Tor is to make it impossible for the web host to determine your real IP address, so if it is so easy to get the browser to send that information back to the server then they've COMPLETELY disabled the security of the Tor network, so I really don't understand your statement that the "security of Tor wasn't affected."

Re:

[SuricouRaven]

TOR just anonymises transport. What goes over that transport is not part of the TOR system, it's just blind bytes being carried by it. So the attack, targetting the browser at the endpoint, didn't actually involve TOR - it just circumvented the need to break TOR by attacking another component instead.

Re:

[gweihir]

When the Tor Browser Bundle runs on your system, it does not take over your system. It just establishes a canal over the Tor network, ordinary network access is still possible. So, what was affected is endpoint security, but not Tor security. The people not understanding Tor, that may sound the same, bit it is an important distinction. Security is not something you get if you do not understand the mechanisms used.

Re:

[sjames]

Because it's not Tor that failed, it was the browser that got exploited allowing an injected Windows program to bypass the Tor proxy.

Re:

[fisted]

TOR doesn't operate at the MAC level, your MAC address doesn't make it past your gateway.
So the only way to leak your MAC address is actually transmitting it as whatever kind of application layer payload, or if your TOR entry node happens to be right on your local network...

Re:

[Bite The Pillow]

They only need the MAC address to confirm it was your computer in the event you use something like TAILS and profess to not have done anything wrong.

Meanwhile, they have an IP address, a subscriber to John Doe, a correlated subscriber provided by the ISP, a commercial location to surveil, a video showing your vehicle, a warrant, and a full car/house search. And if they don't find anything, they start taking apart furniture and walls looking for the stuff they are convinced you have.

If you saved anything, M

Re:

[will_die]

So what happens with those that change MAC address? I do that every few times a year with my wireless router, messes up some sites because for a few months sites that use MAC address for location through I was coming from Africa.

Re:

[gweihir]

Tails routinely alters the computer's MAC address. At least the Freedom-Hosting malware was not able to detect that.

Re:

[linuxrocks123]

The way around this is Whonix. You can't be totally sure there are no zero-days in your web browser, so you browse in a VM that's only connected to the Internet through ANOTHER VM and THAT VM is running Tor. So, the VM the web browser is running in doesn't know your MAC address and doesn't know your IP and has no way to get it.

Then, when you're done, you reset the entire VM to a known state ("snapshot") so that any virus they managed to installed can't stick around and probe for ways out of the VM jail.

Th

Re:

[allo]

You can change the MAC, so you cannot see the real one in your ethernet frames. But a software can read the real MAC from your NIC without any problem.

Low standards

[king neckbeard]

They consider finding out about a dozen alleged USERS of child porn sites a big win?

Re:

[Anonymous Coward]

Yes. More specifically, a big PR win.

Re:

[gweihir]

Well, in comparison to the completely unimportant detail that they probably attacked millions of people with malware, sure these dozen users justify anything and everything!

Seriously, they probably know what they are doing is deeply unethical, but it gets them more power, brings the surveillance and police state that they crave and the average person stops being rational when this type of material is mentioned. Most even think CP automatically means that children have been abused, completely ignoring drawin

The FBI program sounds alot like this one at NSA

[sasparillascott]

I wouldn't be surprised a bit to learn they are related:

https://firstlook.org/theinter... [firstlook.org]

Snowden docs, exceptional description of the Turbine program that seeds malware to non-targeted individuals - goal by the NSA (then) was millions of infections.

The logical extension of this is, in the end, to compromise all personal and business computer systems - so anything is available when needed.

Be a shame if drive by hacks of autopilot cars

[WillAffleckUW]

It would be a shame if hackers retaliated with drive by hacks of autopiloted cars using small RC vehicles mounting range extended telecom connectors.

But, those who live by the unconstitutional spying on their own citizens deserve what blowback they get.

If you don't have anything to hide, you don't understand what metadata is.

Are any non Child Porn users using Tor?

[mtthwbrnd]

Are there any statistics about the usage or contents on TOR? It seems from all of the press that I have read that it is mainly a Child Porn network.

Who else is actually using the technology? Please do not reply with "theoretical uses" such as "somebody in China *could* use it to communicate information which the government does not want to be transmitted", unless you can actually back it up with an actual occurrence of it.

What I want is not really individual cases but to know if anybody has done a statistic

Re:

[Bite The Pillow]

How would you conduct such a survey?

And how can you gather statistics about usage when your source will never report anything about legit usage?

"Utah man found using Tor to do his banking, film at 11."

"Chinese dissident found using Tor, interview at.. oh wait he died mysteriously."

"EFF representative uses TOR so he knows what he is talking about, film never because that's pretty damned boring"

I suppose you could ask the NSA. Go ahead and file a FOIA request, we'll wait.

Re:

[Fjandr]

Tor does not host content, it simply disguises the source request for otherwise normal Internet content accessible by a normal browser.

Re:

[omnichad]

You've really never heard of the Silk Road? It's been in the news quite a lot.

But yes, there are actually people using it to circumvent government firewalls.

the real enemy

[ruir]

Come again, what was that political propaganda posts about cyber attacks coming from China and the Middle east?

Tor and social networks

[ruir]

It does not has any advantage to run Tor or Linux with Tor enabled if you then use it to access your personalised gmail or facebook account. No need for "hacking" by the FBI at ALL.

Not Bad?

[LifesABeach]

This could only be Intrapment?

Re:

[armanox]

Never trust open sores software written by amateurs.

You have a few too many words in there.

Never trust software.

Re:

[king neckbeard]

As do you.
Never trust.

Re:

[BitZtream]

And you

trustno1

--Mulder

Re:

[meerling]

More to the point, never trust the FBI.

Re:

[Anonymous Coward]

More to the point, never trust the FBI.

Yeah, because we know cyber criminals could do the same and already do hence the advice to NEVER run Java and Flash over Tor, and to even turn off Javascript.

Re:

[WillAffleckUW]

Wow. The NSA got here quick. They're on top of things today.

Probably has to do with them realizing there are two leakers in the NSA.

I don't have the heart to tell them it's a Gang of Four.

Re: Shit software

[slick7]

Where there is one cockroach, there are usually a hundred, go cockroaches!

Re:

[Reziac]

"When three men sit down to discuss conspiracy, two are government agents and the third is a fool."
-- Soviet proverb

Re:LOL

[MindPrison]

But the freetards tell us that Tor is so secure!! Open sores fails again.

It's not TOR itself, sure...Tor isn't perfect, but today you really don't have many other options. In fact...I can't think of a single one. But it's the users that fails to understand that TOR really isn't the solution to all their anonymity wishes. I'd say 90% safety is up to the users themselves, I've written a little list a few posts below (look it up if you care), it's mostly about common sense. You don't walk into a dark alley with an open wallet telling everyone that you won big on the casino tonight, right? Same thing applies to Tor usage, don't reveal your name, use no-script religiously, don't use flash or any other app/software that can see your IP locally and forward it anywhere. Don't use your real name. Don't even use your nickname (unless it's anonymous coward of course), because everything that ties you as a user to a user on TOR...is bad for you.

Tor is actually pretty damn good, why do you think it's such a pain in the ass for the feds? Heck...it's even KNOWN to be a giant wart on NSA's butts simply because it's so good at WHAT it does. But it's not 100%, you need to apply common sense to the rest, and learn of it's flaws and the things TOR can not do for you. If you do...there really is no better alternative to freedom of speech out there.

Re:

[Zelucifer]

What about I2P and Freenet. I haven't followed either in years, but AFAIK they're still around and used. Of course I believe both of them are darknet only.

Re:LOL

[SuricouRaven]

Freenet uses a very different model - it's basically a very elaborate distributed key-value store. It's good for dissemination and publication, but by design it can't be used for real-time communication - there's a delay of minutes to days for a message to become available to all nodes. It's all compromise: The same design that prevents real-time communication also makes Freenet a lot more resilient.

Re:

[Brad Eleven]

The same design that prevents real-time communication also makes Freenet a lot more resilient.

... and durable.

Re:

[SuricouRaven]

There is a distinction - durable defines an ability to resist damage, resilient defines an ability to recover quickly from damage. Freenet posesses both.

Re:

[Rich0]

One of the big advantages of freenet from this standpoint is that it doesn't support bidirectional communication. There are no "servers" on freenet. That means no search engines, or storefronts, or anything like that. You publish information, and you retrieve information.

So, implementing something like silk road on freenet would be tricky. On the other hand, it would be harder to interfere with if you did.

Re:

[SumDog]

There was a lot of stuff on the TOR mailing listing about how there were two Washington, DC nodes that couldn't be removed from your list of peers.

Even if it's still somewhat anonymous, I wouldn't doubt the NSA has its hands in several of those exist nodes.

Freenet serves a different purpose entirely, but it's also pretty good at what it does.

Re:

[BitZtream]

Right, because they put data centers to handle Tor traffic ... in DC ...

Instead of somewhere that doesn't cost some ridiculous sum of money per square foot of land and just provide a connection to the data center back to DC.

Your theory is obviously stupid its makes you look silly for mentioning it.

And the best part 'couldn't be removed' ... explain that one without sounding like you know nothing about OSS.

Re:

[currently_awake]

Those DC exit nodes probably connect directly to a secure government network, so CIA agents and spies can send reports and stuff without it ever going through insecure networks in plain.

Re:

[Anonymous Coward]

exit node, secure govt network, "reports and stuff", "insecure networks" "plain"

This is a list of words I don't think you understand.

Re:

[ArcadeMan]

It's like some people who use TOR do this analogy: they wrap themselves in a full-body suit that can prevent face recognition, tracking, etc. But they walk around shouting their name, age, address,etc so that anyone within range can hear it.

In other words, you can't fix stupid.

Re:

[Opportunist]

Mmm... predictable, a hint too many words aimed at offending... 2/10 on the troll scale. Tops.

Re:

[Mister Liberty]

Not to worry.
The Eff Bee Eye is just a giant set of Archie Bunkers, i.e. a conglomerate of fearful, nay paranoid
panty sniffers, trying to prove mainly to themselves their worthliness in modern society.
They prob. use buzzwords like 'terrorism' too.
Pathetic old men, leave them alone.

Re:

[fisted]

Son, are you even trying?

Re: LOL

[slick7]

Pathetic old men, hah! These are the same people who create the terrorist scenarios that they then bust. We have met the enemy and they are U.S..

Re:

[fustakrakich]

Why is this being modded down, aside from the overused "open sores" remark? More power to the FBI and all the other authorities to provide incentive to circumvent them in any way possible. There is no security in any electronic communication. That we must accept (Thank you, Mr. Smith). So let's do our best to deal with it and use it against them.

And of course, it would be best for all if we can neutralize the weapons.

Peace!

Re:

[lister king of smeg]

But the freetards tell us that Tor is so secure!! Open sores fails again.

Good thing that the proprietary vendor like Apple Microsoft don't just give TLA's back-door access to their products... oh wait they do just that. I would rather have bug that can be patched in a open project than backdoor in a product I can't patch and pay for.

Re: LOL

[meerling]

How the hell do you turn a discussion over the FBI compromising TOR into a fucking offtopic Apple/MS pissing contest?!
And "slashdot" is not a valid answer.

Re:

[Anonymous Coward]

Talent?

Re:

[X0563511]

By replying to obvious trolls?

Re:

[ArcadeMan]

It's a discussion about the FBI compromising TOR that turned into a flamewar between AAPL, MSFT and OSS fanboys because we all assume the malware probably only involved Microsoft's Windows OS.

P.S.: I use Linux and OSS software for the server-side, I use OS X as my desktop with a mix of commercial and OSS software and I use Windows for both commercial and indie games. I'm a fanboy of using what I think works best for the task.

Re:

[Opportunist]

If "breaking the law" matters in that case, I think we should not run those TOR exit nodes for people trying to circumvent the filters of their country...

Re:

[Bite The Pillow]

Because full disk encryption is a get out of jail free card?

I don't see any Supreme Court rulings that support you. Depending on which circuit court you fall under, it may be an automatic jail sentence if you don't reveal the password.

Assuming that, since you mentioned the FBI, you fall under US law, of course, and it would be silly to pretend otherwise at this point.

It's a crap shoot basically, and if you go all the way to the Supremes, do you trust the current court to be on the side of privacy?

Re:

[Sabriel]

"What's the point?" Ironically, your question holds the answer - in pedophilia, the brain's sex drive is missing the point. An error in the genetic code, a bad evolutionary adaptation to population overpressure, excess or deficiency of required chemicals, damage due to stressful environment... whatever the actual cause, the end result is a human being placed in the nightmarish position of having a sex drive that finds children attractive.

The trouble with biology is that it doesn't care, not about us having

Re:

[LainTouko]

Would you be able to answer the same question about your own personal porn preferences? I know I wouldn't be able to answer it about mine.

Re:

[gweihir]

You must be really sick to enjoy watching something like that. Seeing a human being destroyed is never anything to celebrate or even enjoy, unless you are a sadist and not one that has the urges under control. Are you jerking off to this? It sounds very much like you do.

Re:

[gweihir]

That is extreme Sadeism. Deep in the pathological spectrum and far worse than a psychopath. This, incidentally, makes you far, far worse than the person that got caught.

Re:

[gweihir]

You share 99.9% of the genetic markup with this person. He still is human. The only thing your demonization of this person actually does show that you are very well aware of that and possibly are far closer to him than you want to admit. It seems pretty likely that you are a closet pedo.

Re:

[omnichad]

The former polygamists known for taking underage brides? Do explain.