

FBI Admits It Controlled Tor Servers Behind Mass Malware Attack - floodcow
http://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/
&quot;It wasn’t ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors.&quot; ...
======
smtddr
I don't even know anymore. We're gonna have to raise the bar on what it means
to be a "tinfoil hatter"; the original definition has become reality.

 _" Trust no one! Suspect EVERYTHING!"_, I can say today without sounding
crazy.

Also, remember this? [http://www.linuxfoundation.org/news-
media/blogs/browse/2011/...](http://www.linuxfoundation.org/news-
media/blogs/browse/2011/08/cracking-kernelorg) ....hmm, I wonder if....

~~~
pnathan
> I don't even know anymore. We're gonna have to raise the bar on what it
> means to be a "tinfoil hatter"; the original definition has become reality.

That's sort of where I've gotten to this summer. It's really frustrating and
saddening.

Although mind-control waves still aren't, TO THE BEST OF MY KNOWLEDGE, a
thing.

~~~
zanny
Mainstream media bombardment and constant advertising harassment do a pretty
good job of mind control, though.

Also, culture is the best mind control. Raise people with a mind set the way
you want it and you never have to do anything directly, because they already
are siding with you even through cognative dissonance.

~~~
baddox
Public schools are far more significant than the media.

~~~
a3n
You could be right. Or it could be the exact opposite. Or something else. It
doesn't matter. Fundamentally we do it to ourselves, because we're
herd/pack/social animals. We _shun_ anyone too different from the tribe, it's
in our DNA. Because of that, we are highly evolved to fit in.

Yeah, we're self aware and all that, we have choices, but what we generally
choose to do is identify with some group and hate opposing groups. It's what
we do.

The chimpanzees are laughing at us.

~~~
001sky
_In England and Wales, truancy is a criminal offence for parents.[6] Since
1998, a police officer of or above the rank of superintendent may direct that
for a specified time in a specified area a police officer may remove a child
believed to be absent from a school without authority to that school or to
another designated place...._

~~~
mmavnn
It's not that widely known, but you can remove your child from state education
as a parent and teach them yourself. You just have to tell the local authority
you're doing so in writing.

------
belorn
The use of malware in police enforcement is truly a unique event in society.
At what other point in history has police distributed a completly illegal tool
onto unsuspected and non-targeted civilians? It feels like a total unexplored
area of liability laws, so I look with excitement to when the first lawsuit
starts.

Some people have compared malware with guns. This is to me a very bad
comparison, since guns actually have legal usage like hunting or self defense.

A better example would be a under cover cop, selling real drugs to real people
with the intent to impress a local drug cartel. It has to my knowledge never
happen, but it would be interesting to know if the cop could be held liable if
someone dies from a overdose from those drugs.

Let say that a police virus spreads out of control, and infects millions of
computers. What if this specific firefox exploit get copied by a botnet, and
is used to execute credit card stealing software on unsuspected users. How
liable can the police become when millions of people are effected? I really
have no clue.

~~~
pkinsky
The government poisoned alcohol during Prohibition.

~~~
MichaelGG
They still poison medicines. Hydrocodone, a Schedule II substance, drops to
Schedule III when sold with acetaminophen, a substance toxic to the liver.

~~~
polyfractal
This is ridiculous. Acetaminophen is Tylenol. Are you seriously trying to make
the argument that Tylenol is a poison?

Arsenic is a poison. Lead is a poison. Cyanide is a poison. Tylenol becomes
toxic at a certain threshold (like every other substance on the earth for that
matter).

Sure, it is toxic to your liver in large doses. That isn't why Tylenol 3 is
Schedule II while pure Codeine is Schedule II. The difference is in dosage.
Tylenol 3 tends to come in doses of around 5mg Codeine to 300-500mg Tylenol.
You get T3 when you have a tooth taken out, or maybe some minor stitches. You
are also only given a few pills.

You get pure Codeine when you break a bone or stick a pencil through your eye.
Or one of the stronger codeine-derivatives (oxycodeine, etc). These come in
larger doses and are more prone to abuse.

Hence Schedule III.

I'm no fan of the DEA or the schedule system...but the "Government" isn't
poisoning anyone. That's pure FUBAR and true tin-foil-hattery. Its a
classification system for the abuse potential of perfectly legal drugs.

~~~
josh2600
[http://www.medicinenet.com/tylenol_liver_damage/article.htm#...](http://www.medicinenet.com/tylenol_liver_damage/article.htm#do_the_recommended_doses_of_tylenol_cause_any_liver_damage)

Yes, but in rare cases. Acetaminophen is not the easiest thing in the world
for your body to deal with. But this is technically correct and in the 99
percent case you're correct so this is kind of belaboring the point.

Nevertheless, I thought it was worth mentioning.

~~~
polyfractal
Sure, but you can make that argument for virtually any substance. A particular
combination of genetics and <insert molecular compound> will equal a bad
reaction in some portion of the population. It's practically guaranteed due to
the nature of genetics and statistics.

------
tokenadult
"Freedom Hosting has long been notorious for allowing child porn to live on
its servers. In 2011, the hactivist collective Anonymous singled out the
service for denial-of-service attacks after allegedly finding the firm hosted
95 percent of the child porn hidden services on the Tor network. In the
hearing yesterday, Donahue said the service hosted at least 100 child porn
sites with thousands of users, and claimed Marques had visited some of the
sites himself."

So this paragraph of the news report suggests that sometimes Anonymous and the
FBI can be united in the goal of stopping child pornography, although not
united in how they try to deal with it.

~~~
sillysaurus2
The reason the FBI and Anonymous seemed to join forces is because the FBI
turned Anonymous's leader, Sabu. [http://gawker.com/5890847/revered-anonymous-
leader-rats-out-...](http://gawker.com/5890847/revered-anonymous-leader-rats-
out-his-pals-to-the-fbi)

~~~
tokenadult
Please tell me more background about that. (I recall mention of this before on
HN, but I'm not recalling many details.) What's our best information on how
leadership of Anonymous has changed over time?

AFTER EDIT: Thanks for your link, which I think came as an edit to your
comment. Here is a link to follow-up news:

[http://www.theguardian.com/technology/2013/feb/22/lulzsec-
sa...](http://www.theguardian.com/technology/2013/feb/22/lulzsec-sabu-
sentencing-monsegur-postponed)

~~~
sillysaurus2
Someone else should step up and give a comprehensive overview, because I can
only recount the timeline from memory, not provide sources. But iirc,
Anonymous was a loose coalition of random people on the internet, some of
which turned out to have some basic hacking skills. They weren't really taken
seriously until they embarrassed HBGary. At that point, the FBI began
investigating them. Anonymous changed their name to LulzSec (or possibly
AntiSec). The FBI used standard police techniques to infiltrate and eventually
dismantle the those groups. The technique was simply to 1) figure out who was
a member of Anonymous, 2) threaten them with prosecution unless they
cooperate, 3) repeat. This eventually led them to turn Sabu, Anonymous's
leader. I'm going to dig for an interesting HN comment I remember reading
about the relationship between FBI, Anonymous, and the takedown of Freedom
Hosting.

EDIT: Here it is:
[http://news.ycombinator.com/item?id=6154642](http://news.ycombinator.com/item?id=6154642)

In order to be friendly to mobile users, I'll copy-paste the comment here
(although the link is worth reading because of the informative replies):

\---

redthrowaway 40 days ago | link | parent | flag

Interesting. Freedom Hosting had been a target of Anonymous' Operation Darknet
from the beginning--they're well-known for refusing to take down exploitative
sites. Operation Darknet is, itself, a pretty interesting phenomenon:
Anonymous hacks onion sites, then hands over user information to the FBI for
investigation. Anonymous does what the FBI legally can't, and in exchange
they're not prosecuted for it. I can't find the article now, but I recall
reading an interview with an FBI agent in Wired or Ars or some such where he
described the anons as "Internet Superheroes". (sic)

That, in and of itself, is kind of curious. Curiouser? One of the original Op
Darknet principals was Sabu. You may remember him as the hacker the FBI rolled
and got to bust up LulzSec. Sabu was turned by the FBI on June 7th, 2011.[1]
Operation Darknet began several months later, in October, 2011.[2]

The obvious question, then, is this: Did the FBI use Sabu to entice Anons into
attacking child porn networks, thereby evading the laws against them doing it
themselves? Did they use the fact they turned a well-known hacktivist to help
them deal with criminals they lacked the legal tools to go after? Is this
arrest the culmination of those efforts?

[1]
[https://en.wikipedia.org/wiki/Sabu_(hacktivist)](https://en.wikipedia.org/wiki/Sabu_\(hacktivist\))

[2] [http://www.informationweek.com/security/attacks/anonymous-
at...](http://www.informationweek.com/security/attacks/anonymous-at..).

~~~
phaus
LulzSec was not Anonymous. While some of its membership may have overlapped,
that doesn't really mean anything, because anyone can be a part of Anonymous,
simply by carrying out acts in the group's name.

Sabu forgot to activate TOR before logging into IRC just a single time, and
the FBI was able to locate him. Sabu was the legal guardian of his siblings,
and was pretty much told that he would never see them again if he didn't
cooperate with the feds. And so Sabu became a mole for the FBI, spending the
next several months trying to elicit identifiable information from his own
crew. For the most part, it worked.

What's interesting is that at least one of his fellow hackers is already out
of prison, and the rest are going to be out in a few years. Sabu on the other
hand, being a United States citizen, faces much harsher penalties than his
European counterparts even though he was the only one with a deal. If I had to
guess, best case scenario he is going to be sentenced to 10 years. To be
honest though, I wouldn't be surprised if he got a few decades more.

Also, Sabu didn't have to manipulate Anonymous into attacking CP networks.
It's something that they do on a semi-regular basis. They did it before Sabu,
and they are doing it now.

~~~
sillysaurus2
_If I had to guess, best case scenario he is going to be sentenced to 10
years._

Ten years? Even with a deal? Really?

That's astonishing if accurate.

~~~
phaus
Like I said, that's just a guess based both on the severity of his crimes and
the tendency of the United States to overreact to anything that involves a
computer.

I could very well be wrong.

------
skwirl
The FBI was never going to ignore huge stockpiles of easily accessible child
pornography on the deep web, and Hacker News was never going to believe that
this wasn't about more than child pornography. Just another day.

~~~
alan_cx
Do you assume that the techniques used for something most would assume to be
reasonable will not ever be used in less desirable ways?

~~~
skwirl
Police "techniques" involve guns, tear gas, helicopters, etc. At any time the
police could in theory fly to your house, launch tear gas into your windows,
and shoot you in the head as you run out. And I don't know about you, but I'm
not exactly worried about that happening to the point where I want to take
guns, tear gas, and helicopters away from the police.

This is the FBI taking down criminals engaging in a clear criminal activity,
and it is silly to implicitly compare it to the NSA fishing for terrorists.
All the evidence gathered here will be presented in a court of law, all the
techniques used will have to be approved by judges as in accordance with laws
and the constitution or the gathered evidence will be thrown out. The suspect
and any other future suspects will get a trial if they want. It will be out in
the open.

If you are upset that the software you thought was secure and anonymous isn't
as secure and anonymous as you thought, that isn't the FBI's fault.

~~~
abk
IANAL, but I'd be surprised if the police was allowed to raid me, launch tear
gas through my window and shoot me in the head. Even with a warrant. I'm not
worried about this happening, because it doesn't. If it did, I'm sure it would
blow up into a huge scandal.

I am worried about government agencies intercepting my traffic /
communications because it does happen, it's really hard to find out unless you
know what you're looking for, and they don't have a warrant on every American
citizen that happens to get caught.

~~~
a3n
> Even with a warrant. I'm not worried about this happening, because it
> doesn't.

Spend a little time in here:
[https://duckduckgo.com/?q=warrant+no+knock+raid+mistake&t=ca...](https://duckduckgo.com/?q=warrant+no+knock+raid+mistake&t=canonical)

Or here:
[https://duckduckgo.com/?q=warrant++raid+mistake+death&t=cano...](https://duckduckgo.com/?q=warrant++raid+mistake+death&t=canonical)

Or here:
[http://www.newyorker.com/online/blogs/comment/2013/08/swat-t...](http://www.newyorker.com/online/blogs/comment/2013/08/swat-
team-nation.html)

I'm still waiting for the scandal.

~~~
sigkill
Is there a difference between ddg and startpage.com principles? Because I find
startpage to be more in-line with the results I want to see.

~~~
a3n
startpage serves you google results, anonymized. It's sort of like scroogle
was, I suppose.

ddg, I _think_ , does their own spidering and also serves bing and other
results (but not google), but that's from dusty memory and it could be wrong
or changed. ddg will however forward your request to google if you want, and
you'll get a results page from google itself. In fact I use ddg as a front end
for google when I want to use google.

startpage is Dutch/American, ddg is American.

[https://startpage.com/eng/company-
background.html](https://startpage.com/eng/company-background.html)

[https://duckduckgo.com/about](https://duckduckgo.com/about)
[http://dontbubble.us/](http://dontbubble.us/)

ddg's Gabriel Weinberg posts here on HN.
[https://news.ycombinator.com/user?id=epi0Bauqu](https://news.ycombinator.com/user?id=epi0Bauqu)

------
DanBC
So, uh, that's a criminal offence in many jurisdictions.

Are we going to see international arrest warrants and extradition and trials?

~~~
noonespecial
Horray. A new growth industry for the us-ians. We'll export prison sentences!
Just in time too. I hear we're running low on minorities with dime-bags of pot
to incarcerate.

------
powertower
> The apparent FBI-malware attack was first noticed on August 4, when all of
> the hidden service sites hosted by Freedom Hosting began displaying a “Down
> for Maintenance” message.

The underlining reason for this has been the notion that the FBI was
attempting to catch people engaged in CP related activities...

This maybe a little tin-foil here, but...

If you deliver a 404-type of a page on all requests, no website is traversed,
no CP is viewed, transferred, replicated, or distributed. Meaning there is
nothing here to charge the person with.

Does this article get the facts wrong, or was the purpose of this exploit
something entirely different. Because if the article is true (this exploit was
only in "Down for Maintenance" pages, which were the only pages served), all
they did was get a bunch of useless IP to MAC to host-name correlation/mapping
data for that moment in time.

There is also the 'Fruit of a poisonous tree' argument here. Would this
untargeted hacking even stand up in court if this data is used to prosecute
someone?

This sounds more like flexing of the muscles - the FBI saying we can get you
if we want to. Or something else was going on. It also seems like a waist of a
good exploit that they would probably use towards terrorist or national
security related issues (ex: if they knew the MAC or host-name of a bad guy
using TOR that day, but did not know his IP / so they put this out).

~~~
sillysaurus2
The way Tor works is that anyone can set up something called a "hidden
service". It's basically a website that can only be visited by using Tor.

These websites have a unique URL. For example, Bitcoin Fog's URL is
[http://fogcore5n3ov3tui.onion/](http://fogcore5n3ov3tui.onion/) If you try to
visit that using a standard web browser, it won't work. But if you use Tor
browser, then it takes you to the Bitcoin Fog hidden service.

Some of those websites were devoted specifically to delivering CP. Now the
FBI's reasoning goes like this: anyone who was visiting those websites were
very likely visiting them for the purpose of looking at CP.

The FBI delivered an exploit designed to identify as many of those people as
possible. So even though no CP was being served, people were still accessing
the URL. The malware collected the MAC address and hostname of the computer,
then submitted that info to an FBI server. So those people were apparently
added to a centralized FBI database.

One way that database might be powerful is if e.g. a politician (or any other
government worker) were was identified as a visitor of one of these websites,
because whoever controls that database now controls them.

------
jrockway
This is actually a pretty good attack. The only problem I see is the
usefulness of the evidence that the attack gathers. Visiting an FBI warning
over Tor isn't illegal, so appearing in some child-porn-user database because
you were curious about how the exploit worked is a little disturbing, given
the stigma child porn has.

I'd also like to see the legal theory they used to seize control of someone's
computer. Did a judge sign off on this attack strategy?

But ultimately, I think they used some pretty good software engineering to
solve a problem they wanted to solve.

~~~
skwirl
It most likely falls under the FBI's legal wiretapping abilities.

~~~
belorn
wiretapping normally require a specific target, with a specific reason. Going
after the tor email service, is like wiretapping the US postal service for a
fishing expedition.

It sounds to me as being outside the FBI's legal wiretapping abilities.

~~~
skwirl
This is just wrong.

First, you are implying that Tor has an official Tor e-mail service, which it
does not. Tormail is/was just a basic e-mail service someone not associated
with the Tor project was hosting on the deep web. For all anyone knows,
Tormail itself could have been run by the FBI or NSA or whatever all along.
Anyone who thought Tormail guaranteed them anonymity was a fool, much like
anyone who kept Javascript enabled while browsing the deep web was a fool.

Second, Tormail wasn't itself targeted. What was targeted was the hosting
provider that was hosting 95% of child pornography in the deep web, and that
hosting provider also happened to host Tormail and a bunch of other non child
pornography websites.

Conspiracy theories will abound, of course, but keep in mind that the NSA's MO
is not to disrupt communication but to intercept it. If the government's real
concern here was with Tormail, they would have simply kept it around and
tapped it, since they had clearly compromised the hosting provider's boxes and
could have done so. They wouldn't have shut it down and just sent people
fleeing to the dozens of other supposedly anonymous and secure e-mail services
out there, including ones that perhaps they haven't yet compromised.

~~~
IsThisObvious
> What was targeted was the hosting provider that was hosting 95% of child
> pornography in the deep web, and that hosting provider also happened to host
> Tormail and a bunch of other non child pornography websites.

What the government did was the equivalent of show up at the houses of
everyone who used a particular post office and forcibly finger print them
because that post office routed 95% of the child porn magazines in the US
(regardless of what percentage of their traffic that actually was, which you
don't even mention besides 'there were other sites, too').

That would be a clear abuse of powers, as is this.

------
Tloewald
This would make the FBI guilty of a whole bunch of felonies, would it not?
(Independent of whether what they were doing is morally right or wrong, isn't
this exactly what they imprison hackers for?)

~~~
unreal37
You cannot arrest the U.S. government for felonies.

~~~
tlrobinson
Huh? Surely if they started killing innocent people you could arrest them.

The question is what gives them the authority to use these tactics?
Wiretapping laws?

~~~
baddox
They started killing innocent people very early in the government's history
and have yet to stop.

~~~
tlrobinson
_Sigh,_ I should have expected this response. You know what I mean.

~~~
baddox
White innocent people?

------
yapcguy
_> "Mozilla confirmed the code exploited a critical memory management
vulnerability in Firefox that was publicly reported on June 25, and is fixed
in the latest version of the browser."_

Will Rust help eliminate the problem of buffer overflows and other memory
related hacks?

~~~
olsonjeffery
IIRC the original attack was a JS heap spray (using JavaScript Typed Arrays,
no less), so not only would the browser have to be written in rust, but also
the JavaScript engine which, AFAIK, isn't on Mozilla's roadmap (but I don't
speak for them).

~~~
khuey
Uh, no. A heap spray is not an attack. It's a method of exploiting a
vulnerability, but it's a) trivial to do and b) useless without said vuln.
Also rewriting the JS engine in Rust doesn't change the ability to heap spray.

------
DigitalSea
What is happening to this world? The Government and it's so-called agencies
vested with protecting America and its allies are treating everyone like
criminals, privately harvesting our information via any means possible.

They don't even have to hide it any more. They can admit things like this and
nobody can do anything about it. We've passed the point of being able to
defend ourselves against actions like this. Every step we take to protect our
privacy, the Government is presumably two-steps ahead.

We just can't win...

~~~
anigbrowl
Pff. That's like saying the government is spying on you because you saw a
police officer look at you when you walked past a police car. Personally, I am
just fine with the FBI harvesting the details of anyone who visits a CP site.
So this puts strain on the network and causes loss of functionality for non-
illegal uses of Tor - inconvenient, but then it's also inconvenient when you
can't park because a police car, fire truck, or ambulance is taking up the
space you hoped to park in. On a scale of 1 to 10, the harm suffered by non-
criminal Tor users during this sting operation looks to me to be about a 1 or
a 2.

------
tete
From my point of view there appears to be a huge campaign to discredit Tor or
short FUD going on.

Okay, lately there appears the be a huge campaign to discredit Tor going on.
The botnet, the Freedom Hosting thing.

We should fight back on that. Tor is still the best took we have and maybe
these attacks are the best sign of it.

If you consider switching to a VPN like many do..

That's a bad idea. VPNs are no technology for anonymity. There are various
reasons. They don't defend against various attacks, but more importantly they
are owned by private entities. Did you hear of this PRISM thing? [rhetoric
question] Well, guess what a private company.. even outside of the US would do
if any government would ask for a backdoor, maybe even offering money.

A reason why there are these great releases about attacks on Tor is the fact
that it is the best tool we have. There are attacks on it, but way less than
on any comparable technology. Numerous institutions, universities, etc. work
on both finding attacks and improving Tor. The Tor community is attracting the
smartest people in the world, just like the NSA is. There is no other
anonymity software with so many scientific papers written about it. There are
attacks, none of them reaching beyond what can be done to VPNs, etc. and there
are tons of improvements that are outlined, that only need a tiny bit more
research or only the actual implementation. If you want to work on a real
quality product for the greater good there probably is no better place than
the Tor Project.

If you wanna help right now (meaning in seconds to minutes) here are some
places to go.

If you want to host a Tor Bridge on the cloud for free or really cheaply:
[https://cloud.torproject.org/](https://cloud.torproject.org/)

If you are using Firefox: [https://addons.mozilla.org/en-
US/firefox/](https://addons.mozilla.org/en-US/firefox/)

If you are using Chrome/Chromium:
[https://chrome.google.com/webstore/detail/cupcake/dajjbehmbn...](https://chrome.google.com/webstore/detail/cupcake/dajjbehmbnbppjkcnpdkaniapgdppdnc)

If you have a website/blog:
[http://crypto.stanford.edu/flashproxy/](http://crypto.stanford.edu/flashproxy/)

If you have more than just a few minutes:
[https://www.torproject.org/getinvolved/volunteer.html.en](https://www.torproject.org/getinvolved/volunteer.html.en)

~~~
Blahah
Flashproxy seems pretty dark unless I've misunderstood it - automatically
opting website visitors in to becoming a transient TOR node is deeply
unethical.

------
mindcrime
Looks like it's all out war between the government and people who value their
privacy...

Really, it always was, but it was a sort of "undeclared war". Now there's
really no question about what's going on, so it's time for the gloves to come
off.

------
dthunt
Why are MAC's persistent?

They're totally insecure, so you can't make sensible security decisions off of
them. Why aren't they randomly assigned on power-up?

~~~
mynameisme
drivebyacct2, you're hell banned

------
jpmonette
This is crazy, but really interesting at the same time. I always thought that
this was the way to break anonymity on the Tor network.

FBI basically generated a shit-load of Tor nodes
([https://blog.torproject.org/blog/how-to-handle-millions-
new-...](https://blog.torproject.org/blog/how-to-handle-millions-new-tor-
clients)) for some while to increase their chances of intercepting traffic.
Following the data collection and using statistic, they were able to pin-point
the origin of most Freedom-hosting request/response, and then raided the
place.

Think about it: if you own 9/10 of the node of the Tor network (and they did
for a while) and simply analyze all the traffic, it's just a matter of time
before you can find what you are looking for.

The second interesting thing is how they planned everything using the Firefox
exploit to find out who was going on each Website. I'm pretty sure they got
what they were looking for.

Even thought this is highly scary in term of government control, I think we
can all learn a lot about it. Also, I'm wondering how much this attack cost.

~~~
quasque
> FBI basically generated a shit-load of Tor nodes
> ([https://blog.torproject.org/blog/how-to-handle-millions-
> new-...](https://blog.torproject.org/blog/how-to-handle-millions-new-...))
> for some while to increase their chances of intercepting traffic.

The blog post you link to was about a recent massive increase in Tor clients,
not Tor nodes.

From what I've read I was under the impression that Freedom Hosting itself was
hacked to disclose its IP addresses, rather than the FBI taking over the Tor
network.

------
sillysaurus2
What's worrisome is that if they were willing to burn this Firefox JavaScript
exploit, then that probably means they know of at least one more.

~~~
anonymous
Keep in mind that this was a known and fixed vulnerability, not an 0day.
'Burning' is a bit misleading in this context.

------
smutticus
It's like the government isn't even pretending anymore that they don't
constantly break the law.

------
aclevernickname
this is fantastic. now I know who I can sue for destroying the tormail
accounts I was using for (legal) business purposes. Probably the best news
I've had since Tormail went down.

------
jacquesm
In a proper judicial system any evidence gained resulting from infecting
computers with malware by law enforcement would automatically be inadmissible
because the owners of those computers were no longer the only ones with
access.

------
aspensmonster
If this is the only manner that the FBI --or any law enforcement for that
matter-- has for identifying TOR users, then wouldn't the best operational
security just be to firewall yourself off completely except for Tor
connections? Better yet, you could monitor what applications are trying to
broadcast out even if they are designed or intended not to leak. Isn't this
what the TAILS live-CD does? For this case, even if your software was out of
date and vulnerable to the initial attack on the browser, the attempt to
broadcast out would hit a firewall and fail (and ideally be logged and
alerted).

~~~
a1a
..or just adhere to common sense and disable javascript.

~~~
hack_edu
... at the packet level.

------
d4n3ws
My two cents about the "french hosting provider" : The 22 of july, the french
hosting provider OVH suffered an APT attack from intruders looking for the
database of european clients. The 29 of july, OVH announce new rules about
using Tor on their network... In august Marques is arrested.

[http://d4n3ws.polux-hosting.com/2013/09/14/freedom-
hosting-l...](http://d4n3ws.polux-hosting.com/2013/09/14/freedom-hosting-
lattaque-de-de-anonymisation-sur-tor-est-bien-a-linitiative-du-fbi/)

------
anonymous
Oh, the malware!

What do they do about users who do not turn on Javascript?

Or users who do not use the popular browsers?

It seems like the malware authors here, government employees or contractors,
are just like all the others that form the underbelly of the internet... they
only focus on the least sophisticated users or the users who always follow the
herd (not the Hurd): Windows and OSX/iOS users.

Assumptions, assumptions, ...

~~~
thefreeman
They were specifically targetting the version of firefox bundled with the Tor
Browser Bundle.

------
sidcool
This is about child pornography. I support this action by FBI for a change.
The deep web is rotten in some respects. Child pornography cannot be allowed
anywhere. If I were in the FBI, I would do anything to stop child abuse.

------
mariuolo
I don't understand why he isn't being prosecuted in Ireland.

------
hubble87
So the more you try to hide your ass, the more you get targeted

------
jumby
It's sad everyone on here is amazed the good guys have good tools. Sure it
probably cost them $1M USD to have some server record an incoming ip from an
http request, but still.

"Oh noes, we aren't 3 steps ahead of them, they are 3 steps ahead of us."
Fuckin-a they are and I'm glad.

Getting rid of scumbag terrorists, child porn shitbirds and spying on foreign
adversaries is fine by me.

And yes, I already know the comments will be "what if they designate you a
terrorist some day". I suppose I will cross that bridge when that happens.

~~~
enneff
What are you talking about?

Nobody is amazed that the "good guys" (btw, whose good guys?) have good tools.
It's been known for decades that the USA has some of the best signals
intelligence people and systems.

But that's not even relevant here. This particular attack exploits a known
issue of Tor, which has existed by design since day one. Hacking machines
isn't rocket science, and the particular vulnerability in Firefox was public
before the attack.

What people _are_ surprised by is the brazen and open use of an illegal hack
by law enforcement officials. We have laws for a reason and lawmen to uphold
those laws. When the lawmen are breaking the laws we're pretty much fucked.
I'm sorry that you can't see that.

~~~
kropotkin
_This particular attack exploits a known issue of Tor, which has existed by
design since day one._

Just so everyone's clear, this was not a "known issue of Tor". It was a
javascript based Firefox exploit.

~~~
enneff
The known issue of Tor that I refer to (and sorry for not being more specific)
is that a buggy client can leak your identity. The Firefox exploit leverages
this design weakness.

------
pekk
Misleading title - the FBI did not conduct a 'mass malware attack'

~~~
dictum
The FBI didn't conduct a 'mass malware attack' on the open web. It did,
however, inject malicious code in Tor hidden services that were hosted in
Freedom Hosting.

How is that not a 'mass malware attack'?

------
tinalumfoil
So, don't trust spy agencies?

------
bsullivan01
WTF? Can we even trust the water we get from the government? Maybe they put
some meds in there to make us dumb and complaint. Is that too far fetched now
after what we've reading?

 _> > Donahue also said Marque had been researching the possibility of moving
his hosting, and his residence, to Russia._

Nice try FBI, but I have a feeling that Puttin's Russia will have him a gulag
after a 5 minute "trial," appeal included.

~~~
krapp
_WTF? Can we even trust the water we get from the government? Maybe they put
some meds in there to make us dumb and complaint._

Funny you should mention that -- I believe that water fluoridation was once
suspected of being a communist plot to more or less the same effect.

~~~
mistercow
Not just "once". Many conspiracy theorists still believe that it is some form
of government plot or another. The theories range from it being a toxic waste
disposal scheme that is poisoning people (and as far as I know, there is some
basis for the claim that fluoridation came about as a way to cheaply get rid
of a relatively toxic byproduct; that doesn't validate any other part of it
though), to fluoride being used as a mind control chemical (usually pointing
to drugs like Prozac that include fluoride as "evidence").

Of course, none of these "theories" manage to address the fact that there is
fairly strong evidence that water fluoridation does in fact reduce tooth
decay.

~~~
coldtea
> _Of course, none of these "theories" manage to address the fact that there
> is fairly strong evidence that water fluoridation does in fact reduce tooth
> decay._

Not agreeing with those theories, but this argument is flawed.

Even if it does "reduce tooth decay", so what, in the context of their
argument? Who said a substance can't do two things at one time?

~~~
sliverstorm
It isn't proof, it's supporting evidence.

~~~
coldtea
It's only "supporting evidence" if they said that it doesn't also help with
teeth.

------
eulerphi
Let the dark wars begin.

~~~
jauer
The hilarity here is that Anonymous and the FBI had the same target this go-
round.

~~~
marshray
In case you hadn't heard, much of "Anonymous" has been FBI-sponsored activity.

~~~
codyb
Source?

~~~
marshray
E.g., [http://www.theguardian.com/technology/2012/mar/06/lulzsec-
sa...](http://www.theguardian.com/technology/2012/mar/06/lulzsec-sabu-working-
for-us-fbi)

Check the timelines. Some of Lulzsec's most dramatic attacks were carried out
with an FBI agent literally looking over Sabu's shoulder.

'Opdarknet' in particular seemed quite a bit different from the rest, in the
MO (basically the same as the FBI used against Freedom Hosting) and the
wording of their release.

~~~
codyb
I forgot about the whole Sabu thing. Thanks.

