Half of Tor Sites Compromised, Including TORMail

First time accepted submitter elysiuan writes "The founder of Freedom Hosting has been arrested in Ireland and is awaiting extradition to USA. In a crackdown the FBI claims to be about hunting down pedophiles, half of the onion sites in the TOR network have been compromised, including the e-mail counterpart of TOR deep web, TORmail. The FBI has also embedded a 0-day Javascript attack against Firefox 17 on Freedom Hosting's server. It appears to install a tracking cookie and a payload that phones home to the FBI when the victim resumes non-TOR browsing. Interesting implications for The Silk Road and the value of Bitcoin stemming from this. The attack relies on two extremely unsafe practices when using TOR: Enabled Javascript, and using the same browser for TOR and non-TOR browsing. Any users accessing a Freedom Hosting hosted site since 8/2 with javascript enabled are potentially compromised."

This has to be illegal

[coder111]

I wonder about the legality of FBI's action here. Ok, I guess they have some kind of search order/wiretap order for "investigating pedophiles" against one specific site, but what about collateral damage? I mean they shut down an email service used by normal people as well. They did track and spy on activities on normal law abiding citizens. Did they effectively break into a big number of law abiding citizen's machines against whom no search or writetap orders were issued?

Or can FBI hack anyone at will without any legal oversight? I don't remember getting the memo where such behaviour from a government agency is legal.

Well I guess we can stop pretending we live in a law-abiding democratic world. It's an oligarchy run by the banks, the rich, lobyists and professional politicans, and scew everyone else...

--Coder

Re:We are living in interesting times

If anyone else used exploits to screw with people, it would be called hacking and they'd probably go to prison, but when the FBI does it, it's 'okay.'

Cybercrime: Legal, but only if you're The Law

[girlintraining]

So basically, if you're legally accessing a website while browsing with Tor, making use of legal services in a legal fashion... the FBI will install a wiretap on your computer, without a warrant, in order to monitor all your activities, on the off chance that you might be up to no good. This is rather like walking out into rush hour traffic, pointing at random cars, and saying "Search that car! We know terrorists use cars, so let's start searching them all."

Dear FBI,

Fuck you. That's a terrorist's mentality. You're worse than the lowly pieces of shit you hunt, because we expected you to uphold principles of integrity, honor, and those other words you got plastered on your slimy logo that used to mean something. You are, in fact, worse than a terrorist: You're a corrupt law enforcement organization with a bigger budget than any terrorist organization out there, and you are doing more harm to this country than catching a hundred Bin Ladens could accomplish.

-_- The internet is a global and international community and you need to show some restraint, otherwise you're going to create large amounts of resentment and anger throughout the world. No wait: You already have created this. You are endangering the infrastructure and the people you are oath-bound to protect with your actions. I don't give a flying fuck through a rolling doughnut what authority or law you think gives you the right to act in this fashion... you're a public menace. You're just giving everyone who doesn't like this country piles of ammunition and sympathy from the general public that can be used to attack MY country.

Knock it the fuck off. Now.

Re:Cybercrime: Legal, but only if you're The Law

[girlintraining]

I'm not saying this to disagree with OP's rant, just to point out an easily-correctable issue.

I'll give you that. I was really angry when I wrote that. Still am, actually. Tor was originally designed by the US Navy. To my knowledge, several organizations within the military still recommend its use, or variant technology, in order to obscure source IP addresses that could identify the person browsing as being part of the US military. Needless to say, installing malware onto a computer that belongs to someone with a high security clearance is a security problem in and of itself. But it gets even worse; Tor is also widely used by political activists in countries like Iran, China, North Korea (okay, maybe not as much, since their internet is next to non-existant...), etc. These people depend on this technology so that they can advocate democracy in their country and provide intelligence that we actually use in this country... like, for example, reporting someone who might be planning a terrorist attack, and who for obvious reasons wants to submit such a report anonymously. But all of that is topped by the fact that now people know where the vulnerability is, and that it can't be easily fixed... we've just handed a large number of criminals carte a loaded gun, all so we can go after a small number of criminals, most of whom aren't a threat to anyone but themselves (drug users).

The FBI's little war on drugs and pedophilia here will cause considerable collateral damage, and in fact poses a clear and present danger to actual national security. Any gains they could have made by catching a few druggies and kid-fuckers is and will be completely buried by the damage. Cyberwarfare should be the domain of the military, not a civilian law enforcement agency. And that's what this is: This isn't just surveillance, this is a military attack against sovereign interests both domestic and foreign, as defined by our own recently enacted laws on cyberwarfare and terrorism... and while I disagree with a lot of the language of those laws, I do agree that when we're talking about anything not tightly bracketed and targetted to domestic activities alone, authority should remain with the military.

The FBI has so completely screwed the pooch here I am giving serious consideration to printing this out, writing down some notes, and driving downtown to meet with my representatives. I really, truly feel that what the FBI is doing is harmful to national security, foreign relations, and is also overstepping its judicial boundaries severely. Anyone who has given serious thought to what the rules of engagement might or should be regarding cyberwarfare would recognize this is a cluster fuck; Not only because they're publicly admitting it, but because even if they didn't, they're endangering the lives of foreign nationals who may in fact be intelligence assets, if not cultural, abroad. Political activists fighting for democracy could be killed because of this -- this is a very real threat. Those people should have our country's support, not suspicion and derision.

This is weapons grade stupidity. Normally I give law enforcement the benefit of the doubt -- a lot of what I read (for example, an article just two days ago on slashdot about the FBI interviewing someone over their browser history), has a grey area, or is missing key facts. I try very hard not to judge people until all the data is in. But this time... there's ample evidence that this was deliberate and it was done with a complete disregard for not just civil liberties, but national security. I mean, it doesn't really matter which side of the debate you're on here: They fucked all of it up.

Re:Computer Intrusion

[RoknrolZombie]

Computer Intrusion is illegal, and the FBI knows that.

Yup...people have been clamoring for more transparency...perhaps this is that?

So is spying on someone without a warrant, and given that they can't know who they're spying on, I don't see how they could possibly have obtained a warrant for this action.

Agreed - the legislation that's in place has granted them far too much power, far more than most of us feel comfortable with.

I hope the TOR user community sues them. Very roughly. And with extreme prejudice.

That'd be nice, but I doubt it'll happen. It won't happen any faster than voting decency into office will :-/

The US has gotten way too fucking big for it's britches.

I agree - we need to get these douchebags outta office and get someone in office that does their f'ing job!

I used to think maybe there was justification for the anti-terrorism attitude that the US has.

I'm sure that at least some of the people involved believe that they're doing the right thing. Their belief doesn't make it "right" however...they need to stay the f out of my life. If I'm not breaking the law, they've got no business knowing a goddamned thing about me.

I've changed my mind.

My sympathies now lie with those who rise up against these goddamn born-again Nazis in their attempt at world domination.

YES! We need to protest, rise up as one mind, with one purpose, to effect change in our Government! Occupy Wall Street was only the beginning!

You go, Al Queda!

I'm sorry, WHAT?!?!?!

Woah, woah, woah, woah....where in the hell did that come from? Now, I fully agree that we need changes in our Government, and I'm even on board with listening to what revolutionaries have to say, but that's a far damn cry from supporting the murder of innocent citizens and the repression of (plenty) of basic human rights. No, I'm afraid your downmods were your own fault.

Re:I kind of want to be angry but..

[cheekyjohnson]

The "I don't like the government monitoring me" part of me objects to this, but the "Find every pedo and kill them slowly" part of me is currently winning out

You're part of the problem. Have fun getting groped at airports.

Re:Computer Intrusion

[msobkow]

Look, the bottom line is the US is out of control on a global scale, and has caused most of it's own problems and performed actions that resulted in the hatred of so many nations and societies against them.

Al Queda was trained and supported during the cold war, but as soon as it was no longer of interest to the US, they were abandoned to their fate at the hands of the Russian army. Add in the civilian casualties in Afghanistan, and it's no wonder they hate the US.

The US anti-drug war has literally cost hundreds of thousands of people their lives in Mexico, Columbia, and throughout south america.

You spy on the entire world as if it were perfectly acceptable, ignoring diplomatic ties, diplomatic relations, and even fundamental human rights that are enshrined in your own constitution, so long as it's not an american being targetted.

You produce an obscene amount of the carbon footprint of the planet, polluting the whole globe and doing a great deal to rush us all to oblivion.

You shove your laws down everyone's throats, even over trivial industries like entertainment (SOPA.)

Right now you whine like petty children because Russia won't return Snowden to your menacing clutches.

You bomb women and children with little regard using remote drones, and don't even have the decency to put your own lives at risk while doing so.

Your country is bankrupt, both financially and morally. Your cities are cesspools of crime, corruption, and gun/drug violence. Detroit is but the first of many who will be declaring bankruptcy thanks to years of mismanagement and abuse for the sake of short term votes.

You threaten the entire globe with a nuclear arsenal that dwarfs anyone else's save Russia's, who haven't threatened an invasion of anybody in a couple of decades.

You support the abuse of the Palestinians by your Israeli "allies", turning a blind eye to decades of human and civil rights abuses and blatant flouting of international law.

I'm sick of the US on the global stage.

I swear, you deserve to have your asses handed to you by a conglomeration of the nations you've abused and mistreated these many years.

And don't give me that "Well, I didn't vote for them" bullshit. You know as well as I do that it's the left and right heads of the same two-headed hydra in power down there. Where are the protests in the street? Where are all the so-called second amendment gun nuts when it matters? Where's the revolution that is so badly needed?

But no, you've got your TV pap and your shitty beer and something that claims to be a hamburger in your hand, so you sit idly by and watch it all unfold without saying a word except on slashdot and facebook.

Hell, even your so-called "justice" system condoned the murder of a 17 year old kid because some gun-toting putz started a fight and ended up losing.

Only sort of offtopic

[wjcofkc]

Yesterday I made a posting on CNN regarding the story about the heightened terrorist threat alert. While it covers a different subject, I could re-write it to fit this situation, but I think the slashdot crowd will get my drift, here is a direct copy\paste:

I do not know who to trust or what to think anymore. If this threat is real or not, I imagine we are intended to suppose that it was the US governments blanket surveillance of the world, including domestic spying that tipped them off. On the other hand, the timing is such (Snowden/Manning) that for all I know they made the whole thing up to better justify government wrongdoing in the eyes of the people. Or perhaps al Qaeda made the whole thing up just to see if they can manipulate the movements of our government by taking advantage of info gathering with a campaign of false intel. I don't know who to trust or what to think anymore, with the exception that I know I don't trust my own government. They have proven themselves manipulative liars.

Re:I kind of want to be angry but..

[achbed]

I love hearing cases where the law makes no sense. A 16-year-old and his 16-year-old girlfriend have sex. Statutory rape charges are brought against the boyfriend, but are dismissed because the laws state that you have to be 18 to be charged. The girlfriend records it on her phone, and send a copy to the boyfriend. She gets charged with production of child porn, and he gets charged with having it. Welcome to the new world order.

Re:We are living in interesting times

[JaredOfEuropa]

Seriously, you think this is about pedophiles? Whenever some politician or law enforcement officer tells you he's after kiddie porn, he is really saying "I can and will do whatever the hell I want to you, your family and your dog, because I have a great excuse to do so". It's also a great way to attack and discredit political opponents or undesirables, as has happened a few times here in Europe: "Well, we couldn't find any offence to pin on him after we arrested him, except for the kiddie porn we found on his computer".

Our rights and freedoms are getting reamed so badly in the name of fighting child pornography, that I sometimes think that legalizing transmission and posession of kiddie porn would be the lesser evil. Think about that for a moment.

Re:We are living in interesting times

[Will.Woodhull]

This is all handled under one of the new secret courts, where the new secret laws are applied.

So don't expect to see any due process.

The laws and Constitution of the USA have been thoroughly corrupted by the worst enemies of the country: the faceless professional patriots who run the Federal Agencies and Bureaus. As Pogo said during the Vietnam peace-keeping thing we did once: "We have met the enemy, and he is us".

Re:We are living in interesting times

[Joce640k]

Actually, a judge has yet to find whether it's OK or not. The admissibility of the evidence in these cases is going to hinge on whether or not it was collected through legal means. And no matter which way the judge finds, the loser is going to appeal. As far as I know, this is all untested legal ground.

You're forgetting something: They said 'pedophile' in the press release.

Re:We are living in interesting times

[slashmon]

It shouldn't be illegal, anymore than stuff on sites like rotten.com is illegal. Information should be free. It's distasteful, yes. But that's why most people wouldn't want to look at it. Anymore than most people would want to look at rotten.com or beheading videos or a video of an adult getting raped. It's creepy stuff. Go after the people that actually hurt the children. All this emphasis on bad pictures gives the government endless opportunities to erode freedoms.