FBI’s troll bait
Our buddy Laughing Wolf alerted us to the story and I found it at Wired. It looks like the FBI or some Federal Law Enforcement agency is trolling folks who use Tor, the system for hiding an internet user’s identity. Apparently they’ve developed malware that transmits a user’s actual identity to an IP address in Reston, Virginia.
“It just sends identifying information to some IP in Reston, Virginia,” says reverse-engineer Vlad Tsrklevich. “It’s pretty clear that it’s FBI or it’s some other law enforcement agency that’s U.S.-based.”
If Tsrklevich and other researchers are right, the code is likely the first sample captured in the wild of the FBI’s “computer and internet protocol address verifier,” or CIPAV, the law enforcement spyware first reported by WIRED in 2007.
Court documents and FBI files released under the FOIA have described the CIPAV as software the FBI can deliver through a browser exploit to gathers information from the target’s machine and send it to an FBI server in Virginia. The FBI has been using the CIPAV since 2002 against hackers, online sexual predator, extortionists and others, primarily to identify suspects who are disguising their location using proxy servers or anonymity services, like Tor.
The code has been used sparingly in the past, which kept it from leaking out and being analyzed or added to anti-virus databases.
I’m only interested in the story because some of our trolls have resorted to using Tor in order to avoid being blocked here and it would put a smile on my face to see some of them frog-marching on the evening news. Maybe this news will make them a little less willing to expose themselves to prosecution for the other things they do on the internet with their little toys, because we all know that military phonies are guilty of other things besides their uniform discrepancies.
Category: Crime
Phil D Monkress & Psul K Wickre and All Points Logistics.
NAILED IT.
They ARE Connected.
Anyone using TOR to hide from the government gets exactly what they deserve. I believe that TOR was developed in partnership with “The navy” ( ref. Hot Shots ! )
Originally sponsored by the U.S. Naval Research Laboratory[10] (which had been instrumental in the early development of onion routing under the aegis of DARPA),
per wikipedia….
How is this legal? Malware generally is not. If there’s some loophole at all making it more ‘legally okay’ for our government to do this, why aren’t are lawmakers closing that hole? Mind that I’m not a tor user, just somebody who doesn’t like dirty pool and being snooped on.
Thanks, Vlad, for clearly that up for us.
(need I add an “/dripping sarc” to that?)
Oh, I think it’s sweet!!! I suppose that one could argue ‘entrapment’ or some such thing, but is this any worse than the way J. Edgar Hoover put illegal wiretaps on the phone lines of people who objected to the Vietnam war?
I always thought that the DoJ should have sent those people a note that went something like ‘We know who you are and we know what you’re doing’.
Since I was hit by a nasty extortion virus that originated in Russia or Eastern Europe, back in January, that not only locked my computer but made my backup drive crash – which, by the way, will cost me $1500 to recover 10 years’ worth of work that I took off my hard drive — I have no problem with this.
None whatsoever.
@3 Exactly. What’s next, law enforcement using trojans?
I’m all for catching criminals, but this is shady as hell.
I’m not sure this fits the definition of ‘malware’ that precisely, Reaperman. It seems to blur the line between malware and a tracking cookie – the former generally does something bad to your system, and is illegal, and the latter just ‘tracks’ you. That’s what this does, though there might be a question of legality if they had to hack some of the Freedom Hosting servers in order to install it. I’m not a lawyer, so I don’t know, but in these sorts of things the law tends to lag behind technology, at least in my experience.
All that said, I came on to post -from Tor- that anonymity is only compromised for those who visit certain pages on the Onion network that were hosted by Freedom Hosting. Unless these cretins were also visiting some of the more dubious sites on the ‘dark’ web, they’re likely not going to be compromised by this. Then again, one can hope.
I should add, though, that there are countless other ways Tor can and is compromised, such as via specific monitored exit nodes, timing attacks, etc. It’s useful at times, though.
I know how stuff like this can be misused and exploited but my general feeling about things like this has always been “If you are not doing anything wrong then you’ve got nothing to worry about and it shouldn’t bother you”. It’s like all the hassle at the airports now a days. We had to give up some of our freedoms to ensure we’re safe. If it catches one child predator then it’s totally worth it.
Let the bashing begin!
I am having browser problems and lately when I post a comment, it appears I am, say, the 3rd or 4th commenter and I later find out I’m 14th or 15th. Refreshing the browser doesn’t help. What seems to work, sometimes, is going to a post I hadn’t lately visited. It’s a mess, really.
@10 Air – I have noticed the comments are behind unless you click “This ain’t hell” at the top of the page. It then refreshes the page and the comments are correct. That’s what I do anyway.
Valkyrie,
Give this article a spin.
http://reason.com/archives/2013/06/12/three-reasons-the-nothing-to-hide-crowd
@12 Motivator – Thank you!
I started coming to this website because of Stolen Valor but since I’ve been here I’ve learned a lot about myself and the world in general. I had different views on a lot of things as my comment in #11 shows. I said thank you to #12 before reading the link they posted (because I’m such a nice person) but I read it a learned a little. I am shocked at what all I’ve learned here, and a little mad at myself for having my head buried in the sand for so long.
I still think if the FBI were to have a look at my stuff the worst that could happen to me is they tell my Mom on me. That and they’d either have a good laugh or be bored to tears. But I do understand how it could be used for the wrong ways and punish good people.
Thanks for opening my eyes guys! I’ll be voting differently in future elections that’s for sure!
There’s been some stories of the DEA using the same technology that American businesses (Google, banks and others) and the NSA are using.
Ominously: http://www.reuters.com/article/2013/08/05/us-dea-sod-idUSBRE97409R20130805
Like the NSA using the tech to find terrorists (but can’t profile Muslims), the DEA is using the tech to dig up leads (but can’t figure out where all those guns went to during Fast & Furious).
Some of us, Valk, look at airport security as a complete and utter failure and that it being what it is handed a win to the bad guys. We lost more than just a bit of our personal freedom. We are now desensitized to having strangers laying hands on us, for instance. Beyond that, there is no indication that it has had any effect on terrorists or terrorism, but it has negatively impacted every air traveler in ways which are unacceptable. Like giving thieves more opportunities to steal. The idea of having people checking out your underwear used to be offensive, but now it is OK? Not to all of us.
The bad guys are seriously amused at what they did to us. They sit back and watch as veterans are humiliated and children are groped. All in view of the public.
Welcome to our world, Valkyrie!
The “what have you got to hide” crowd. Privacy isn’t a priveledge but a right against unreasonable searches. The government does not have a right to search me or my computer without warrant. The argument that if you have nothing to hide doesn’t cut it. I don’t but that doesn’t mean you should have carte Blanche to track my email without justifying it in court and the burden of proof must always be on the government, a government that has a pretty shitty track record of abusing just about every power and investigative tool available. I simply do not trust them. They seem to be much better at targeting supposed enemies than catching real ones.
Saw the reverse engineer of this dude, and while he nicely made an IDA Pro dump, it looks like it does a GET request (a simple web request) with the mac address of the machine, into the URL, this allows to check:
– Machine setup
– Machine brand
– User and privileges
Nicely enough, why would they know from the MAC address all that? easy because most ppl didn’t keep on reading where they put all that info in the Cookie field, is a really nice APT technique (Asian Pacific Threat for those not into the computer security scene) I just had a nice debrief on how one group over there works at blackhat and they used that same nice technique, malware is transmitted over the cookie encoded so it bypasses the antivirus (AV).
Most of high visible security is a simple placebo, why they won’t let me take a 500ml water bottle but nobody said anything about me taking my jumping rope into the plane? not to say those nice “freedom gropes” but there is nothing 100% secure anyway, anyway let’s hope our little “friends” don’t really want to go into a cyber warfare, could get nasty, just imagine them not being able to open any email, or link just for the fear of clicking that new IOS 0day, or that Office exploit, or that PDF infected, someone stealing your credentials … nobody can do anything … UGH :S
@10 it’s your browser cache, the web server might be configured to add the cache header to make it faster (Chrome is specially nasty in keeping the cache and ignoring the stuff sometimes)
All kinds of people have ‘nothing to hide.’ Not me, I’ve actually got ‘nothing to share.’ We don’t know what’s being done with the information collected, we don’t know if there are any rules about how long it is stored (doubtful), and we don’t know what happens when somebody decides to change those rules on a whim. (“but it would be worth it to save just one child!”) It wasn’t long ago that my expection of privacy was much higher. Now I’ve got cameras on every intersection tracking my license plate, machines that look at my pecker in every airport, centralized government systems that track large chunks of what I do online and with the phone without ever notifying me. Soon they’ll invent something that can see into my house so they can watch me screw. If the bill of rights allows for this, maybe its time we demand a few new rights.
Seems to me this is a cyber version of a fishing expedition. And while you might get a few bad guys in the process, you’ll scoop up a lot of shit you really don’t want/need/care about, but those people could be irrevocably be tainted.
@17 and 19. Clap, clap, clap. (That’s applause, not the STD.)
Sorry, Paul, no comments for you.
Awww, diddums twy to post a widdle message and got bumped?
(giggling)
3x
Heeeheeeheeeee….! 😉
Paul K. Wickre, aka MEGA CLASS PATHETIC LOSER; is such a pitiful mess. Apparently doesn’t have a friend to piss on. He is such a waste of human tissue. Awww,com’n Pauli Boi, get creative. With all that money and eliteiveness, one would think that you could find some way to bust in here. Why not call for a jump start for one of your Jags, drive to say, North Carolina, hit a Walmart and buy a computer, then find a liquor store with Wi-Fi that you can use from the parking lot. Grab a 40 or two, or some really inexpensive wine with a good date, (They tell me that October is usually a good date as that is right during the grape harvest.), and just have at it. with the windows up and that noisy assed Brit engine idling, most people won’t even hear you talking to yourself. Might look around for a surveillance camera though before you unzip and “get hold of yourself”. And don’t be a litterbug, take that nasty tissue home and toss it.
You think he uses tissues? What an optimist!
Yeah, psulie-o the uncoolie-o, looks like you done got yo’self grounded with all them there threats, boy.
Maybe if you apologize for being a complete asshole, and really mean it, you could come back here occasionally and post something — well, sensitive?
But we’re tired of you. You need a babysitter, and all the trannies in the world won’t help you out with that. They can at least walk upright and sort of think for themselves.
Phildo and Paul’s (of the Ballsack) super-turd aliases:
Egoman and the Blue Falcon.