

Feds are Suspects in New Malware That Attacks Tor Anonymity - magikarp
http://www.wired.com/threatlevel/2013/08/freedom-hosting/

======
wahsd
We really need to come to the internalized understanding that our government
is increasingly becoming a threat to its people and a danger from within; a
saboteur, a spy, a traitor to it's own people.

As Peter Swire has pointed out in a PBS Frontline interview: "General warrants
was part of the reason for the American Revolution. It was that the king's
agent could go in and search a house everywhere, search a whole neighborhood
with one warrant. And the Boston people said: 'We don't like that. [...] We'll
fight you.' We said no." (redaction to avoid erroneous similarity)

~~~
chakalakasp
Is this really that bad? They used a clever exploit to reveal the identity of
people attempting to be anonymous on a server that hosted a boatload of
illegal content.

~~~
reflectiv
They used a clever exploit to blatantly infect and gain unauthorized access to
a blanket set of machines...which may or may not have been doing something
illegal.

The FBI hacked PC's technically, and with no inkling of due process...they
should be held liable for it.

~~~
AsymetricCom
Pretty sure this action runs afoul of DMCA..

------
derrida
Here is Mozilla on the vulnerability: [1]
[https://blog.mozilla.org/security/2013/08/04/investigating-s...](https://blog.mozilla.org/security/2013/08/04/investigating-
security-vulnerability-report/) It would seem that Tor released Tor Browser
Bundle (TBB) with 17.0.7 on the 26th of June: [2]
[https://blog.torproject.org/blog/new-tor-browser-bundles-
and...](https://blog.torproject.org/blog/new-tor-browser-bundles-and-
tor-02414-alpha-packages) (note: lack of an Obfsproxy bundle!) 17.0.7 is the
Firefox with the patch for the JS bug that was exploited, assuming [1] is
correct.

 _IF_ this was what is exploited, then it would seem that the _latest_ non-
obfsproxy Tor Broswer Bundle [2] will be ok. It seems that Tor released a new
TBB the day after upstream Firefox vulnerability was patched.

Double check though.

Here's what seems to be the original security advisory [3]
[http://www.mozilla.org/security/announce/2013/mfsa2013-53.ht...](http://www.mozilla.org/security/announce/2013/mfsa2013-53.html)

Also, Tor have responded here: [4] [https://blog.torproject.org/blog/hidden-
services-current-eve...](https://blog.torproject.org/blog/hidden-services-
current-events-and-freedom-hosting)

~~~
derrida
Update: Tor have issued a security advisory (TL;DR: anything "Vanilla" post
July 8th is ok, everybody else upgrade)
[https://lists.torproject.org/pipermail/tor-
talk/2013-August/...](https://lists.torproject.org/pipermail/tor-
talk/2013-August/029218.html)

------
aphyr
Might be worth keeping in mind that the State Department has a significant
interest in TOR's continued existence, contributing roughly 60% of the TOR
Foundation's annual income. Unsurprising, because TOR is a powerful tool for
activists, journalists, and intelligence sources in the Middle East.

Doesn't mean the US doesn't want to weaken TOR, but it might not be that
simple.

[https://www.torproject.org/about/financials.html.en](https://www.torproject.org/about/financials.html.en)

~~~
khuey
The ideal outcome for the USG is that TOR provides anonymity to its users from
everyone on the planet except the USG. Then people who do things they like can
be protected while people who do things they don't like can be punished.

~~~
ds9
Right, then if the non-US find out, they change their practices, and the
surveillance may become useless. I think this is what the GP meant by saying
it is complex.

------
6cxs2hd6
> FBI special agent describing Marques as “the largest facilitator of child
> porn on the planet.”

Is it just me or is "facilitator" a PR weasel word?

They would have said "distributor" or "seller" if they could.

Does "facilitator" mean in the same sense that BitTorrent "facilitates"
illegal MP3 downloads? Or in the sense that Verizon and Comcast do? Or in the
sense that HTTP does?

i.e. Is this RIAA/MPAA style spin, or is their more substance to it?

(Not rhetorical questions. Although cynical and suspicious, I genuinely don't
know.)

~~~
AsymetricCom
It's quite obvious that the child porn aspect of the case is just an excuse to
take down/tap what was probably a communication hub for all sorts of fun stuff
the NSA would like to hear about.

------
mtgx
This is illegal right? Can we use the CFAA against them? Give them a taste of
their own medicine for once.

~~~
delinka
It's not illegal when you're above the law. Law enforcement in the US (well,
the entire executive branch of the federal government) seems to think the law
doesn't apply to them. "When the President does it, that means it is not
illegal..." In the present climate, it's "When the President does it, or
authorizes someone to do it..."

~~~
Centigonal
This atmosphere of apathy is a major cause of said present climate. LE isn't
meeting much material resistance, even now. There's lots of media coverage,
but nobody does anything. Insisting that nothing can be done is worse than
saying nothing, because it inspires the attitude of inaction that has brought
us to this state.

I think mtgx has got the right idea. Challenging the government in the courts,
even if ultimately unsuccessful, sends a much more powerful message than the
censures that have, time and time again, caused no change. Surely there are
some lawyers browsing this site who can evaluate mtgx's idea.

~~~
kunai
To be honest, I've found that the ones most apathetic are the ones complaining
about apathy. If you don't like it, DO SOMETHING.

Campaign for increased privacy. Give solid, concrete examples of how the USG
needs definite barriers after tearing the ones constructed during the
inception of the Constitution. Spread the word, organize rallies, and do
whatever you can.

Don't stick your nose in the sand and complain about apathy.

------
tankenmate
The article is a bit light around the details of how it works; is it true that
it only targets Windows machines?

~~~
barrkel
From
[http://tsyrklevich.net/tbb_payload.txt](http://tsyrklevich.net/tbb_payload.txt)
\- yes. It uses Winsock routines and WinAPI stdcall calling conventions.

~~~
SageRaven
What does the code actually deliver in the HTTP request, and what path does
the request travel?

Is the exploit that the request is made _outside_ of the TOR proxy (thus
revealing the true origin IP) or that it gathers information about the host
and sends that via TOR to some machine?

~~~
Guvante
The code is described as grabbing the MAC and hostname and sending them via a
raw HTTP request to Virginia.

Since it is a Windows executable, this is done outside of TOR.

------
aet
Should read "suspected" \-- suspects seems to mean they are being investigated
for criminal activity. I'd be interested to hear what an editor as to say.

------
lettergram
Yet another reason to use linux.

~~~
Kabacaru
It'd be trivial to change the payload to work with Linux.

~~~
pigscantfly
So logically, someone probably has.

