

FBI Exploits Tor Browser Bundle to Target Child Pornographers - dpeck
http://www.wired.com/2014/08/operation_torpedo/

======
jedanbik
FBI exploits vulnerabilities in old versions of TorBrowser. Solution: only run
latest version of TorBrowser.

Did I parse the article correctly?

~~~
comex
FBI has, in one case where the exploit was spotted and made public (and they
probably knew it would be, since it was deployed so widely), exploited an out-
of-date version of TorBrowser. No guarantee that they don't use zero-days
elsewhere or won't in the future.

This is why I think TorBrowser should switch to Chromium. Whatever you have to
say about Google, Chromium is unambiguously more secure than Firefox.

~~~
wtallis
If you actually care about security and privacy, then there are plenty of
Firefox extensions that go far beyond what can be done with Chromium. Even
just adding NoScript to Firefox closes whatever gap still exists.

(Aside from the process-per-tab model, what's Chromium got out of the box that
Firefox still lacks?)

~~~
debux
NoScript equivalent for Chrome is "HTTP Switchboard"

~~~
wtallis
Only superficially, and even then, they're not really equivalent. HTTP
Switchboard has some blocking features that NoScript users need to use things
like AdBlock Plus and RequestPolicy to get. NoScript's features aside from
script and plugin blocking are completely beyond the scope of HTTP
Switchboard, and some of them are completely unique to NoScript.

------
fiatmoney
"all computers that access the website" seems the polar opposite of
"particularly describing the place to be searched, and the persons or things
to be seized".

~~~
rudimentary
Except, these agencies are quick to retroactively redefine terms. Maybe data
isn't "seized" until you classify it as evidence.

And if all else fails, "think of the children" usually works.

~~~
higherpurpose
That argument should never hold in a Court. I'm still hoping one of these
surveillance cases goes to the Supreme Court.

~~~
fnordfnordfnord
The trick is to shop around for the most loathsome defendants you can find
until you get a precedent established, then you can expand the technique's use
more broadly.

------
AlyssaRowan
That's not all exactly true.

Let me name it: the name of that exploit is EGOTISTICALGIRAFFE.

Sound familiar?

They actually infected everything on that service provider, including Tormail.
That was deliberate and part of an NSA op. They didn't hack the server, the
hosting provider gave them root. Data seized is being secretly used in various
Tormail operations (not covered by warrant), and in "parallel construction" in
several drug-bust cases and one related to another leaker. I'm not saying this
is a cover, but it is awfully convenient.

------
GrinningFool
What's with editorialized title?

The targets are those who downloaded the porn, those who hosted the porn, but
- as far as the article discussed - not the pornographers producing the
content [1]

[1]Pornographer - one who produces pornography -- [http://www.merriam-
webster.com/dictionary/pornographer](http://www.merriam-
webster.com/dictionary/pornographer)

~~~
_archon_
Interesting... I would tend to think that the highest priority target is the
one creating such material and harming minors in the process.

------
gabriel34
Regardless of the legality issue, a privacy bundle subject to these
vulnerabilities is not really a privacy bundle.

TOR should stand on its own. If its security is dependent on legal framework
than it's insecure.

In my opinion, nothing can ever be considered completely safe. All you can do
is make sure the attacker's effort is bigger than the value of what you are
protecting is in his view.

------
EliRivers
_But hidden services are also a mainstay of the nefarious activities carried
out on the so-called Dark Net: the home of drug markets, child porn, murder
for hire, and a site that does nothing but stream pirated My Little Pony
episodes._

My God. Those pony-pirating monsters.

------
peterkelly
So let me get this straight: Breaking into other's computer systems to gain
unauthorised access is only illegal/unethical for the little people - is that
right?

~~~
devindotcom
Not exactly... it's kind of like asking whether peeping into someone else's
home at night is only illegal for the little people. For you and me, it's
stalking. For a police force that has presented probable cause, evidence, etc
to a judge and been awarded a search warrant or wiretap, it's normal
investigative technique.

~~~
peterkelly
The problem I have with this technique specifically is that it takes advantage
of software vulnerabilities that arguably should be reported to the vendor and
fixed.

If we accept that it's just fine for government agencies (and remember, it
might not be a government in your own country) to find exploits, not report
them in order to protect people who use that software, and keep those to
themselves for their own benefit, then I have a problem with that. It leaves
people at risk of being infiltrated not just by (some government agency) but
by criminals e.g. looking for their credit card information.

Put another way, let's suppose you find a vulnerability in Chrome. Do you:

1) Report it to Google, wait until a patch is available, and then discuss it
publicly (aka responsible disclosure)

2) Keep it for yourself, or sell to a government agency (possibly that of a
country not friendly to your own) to take advantage of

The thing I really have a major beef with is that so many people think that
option 2 is just fine. Software should be secure - everyone in the industry
has a responsibility to protect users, not leave them vulnerable.

~~~
mike_hearn
I would agree, but then consider what happens after that - the FBI and similar
in other countries have no other options left, and the path of least
resistance for them is now to go to politicians and ask for Tor itself to be
banned.

Though I hate to say it, a system that (accidentally) allows police forces to
deanonymise select individuals whilst other actors cannot do so, and even the
police cannot do so in bulk all the time, is not a terrible tradeoff. Snowden
has made similar remarks, I believe. Of course the supply of zero-days is
presumably not infinite. As pointed out, if Tor had more manpower they'd maybe
switch to Chrome which is much harder to exploit. So this situation whilst it
may not seem ideal is perhaps the frying pan, and as endpoint security
improves we may find ourselves in the fire.

I recently proposed on tor-dev that individual relays be able to stop acting
as introduction points for specific hidden services, with exactly this
scenario in mind. They ignored me of course. They seem to feel invincible.

~~~
hollerith
Great comment.

Can you give a brief explanation about why Chrome would be harder to exploit
than Firefox is when used with Tor?

