Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Admits It Controlled Tor Servers Behind Mass Malware Attack

Posted by timothy on from the something-you'd-wish-was-hard-to-believe dept.

MikeatWired writes "It wasn't ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors. Freedom Hosting's operator, Eric Eoin Marques, had rented the servers from an unnamed commercial hosting provider in France, and paid for them from a bank account in Las Vegas. It's not clear how the FBI took over the servers in late July, but the bureau was temporarily thwarted when Marques somehow regained access and changed the passwords, briefly locking out the FBI until it gained back control. The new details emerged in local press reports from a Thursday bail hearing in Dublin, Ireland, where Marques, 28, is fighting extradition to America on charges that Freedom Hosting facilitated child pornography on a massive scale. He was denied bail today for the second time since his arrest in July. On August 4, all the sites hosted by Freedom Hosting — some with no connection to child porn — began serving an error message with hidden code embedded in the page. Security researchers dissected the code and found it exploited a security hole in Firefox to identify users of the Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia. The FBI was the obvious suspect, but declined to comment on the incident. The FBI also didn't respond to inquiries from WIRED today. But FBI Supervisory Special Agent Brooke Donahue was more forthcoming when he appeared in the Irish court yesterday to bolster the case for keeping Marque behind bars."

11 of 292 comments (clear)

  1. Takeaway: The FBI Served Up Child Porn by BenEnglishAtHome · · Score: 5, Insightful

    Remember when we used to think that U.S. LEOs still had some sense of ethics and would never actually send child porn to anyone to make a case? Now we know that, at least for a while, the FBI was running the servers. The FBI was responsible for serving up, by all accounts, half the *.onion-based child porn sites in the world.

    Is this the first time they crossed this line? Or have they done so before?

  2. Re:Tormail... by Anonymous Coward · · Score: 5, Insightful

    You're a fool if you actually believe their attack was against pedophiles.

    Lets just face it already. Our government is out of control and it won't be easy to stop now that things are so far in motion.

  3. Re:So the FBI hacked servers to find pedos? by return+42 · · Score: 5, Insightful

    First they came for the pedophiles on Freedom Hosting, and I said nothing because pedophiles are scum.

    Then they came for the drug dealers on Silk Road, and I said nothing because drug dealers are scum too.

    Then they came for the leakers on {Wiki|Live|you pick one}Leaks, and I said nothing because I don't have time to read that stuff anyway.

    Then they passed a law against using privacy tools such as Tor, Mixmaster, proxies, and crypto, because terrorists 9/11 OMG, and I said nothing because I have nothing to hide.

    Then I tried to fly to my Dad's funeral and found out that I'm on the no-fly list. I still am. No one will tell me why, and there's nothing I can do to change it.

    Then the police broke down my door because I had set up my wireless router wrong and someone had done something illegal over my connection, and it took me three years to get the charges dropped, and I lost my job and had to file bankruptcy, and I never did get my computer back. And what happened to the government agents who had wrongly prosecuted me? Nothing whatsoever. And what compensation did I get? The court ruled that the government had not violated its rules and therefore I was not owed anything. Have a nice day.

  4. Re:So the FBI hacked servers to find pedos? by Anonymous Coward · · Score: 5, Insightful

    Uhh ... given that he who was the gold makes the rules, if there was a court order allowing it, or a clause in some law allowing it, it was authorized, just not by the owners of the computers.

    Sorry, but I'm failing to follow your point here. Since when is an electronic device a waiver to standard privacy and due process?

    Perhaps if the FBI were trying to break into my car I would understand this analogy better, but my point still stands. A "computer" is not automatic grounds for illegal wiretaps (and when I use the term "illegal", I'm referring to my Constitutionally protected Rights, not some secret court horseshit that "authorized" a waiver around said Rights, which remains illegal no matter who granted it.)

  5. Re:So the FBI hacked servers to find pedos? by Anonymous Coward · · Score: 5, Insightful

    yes! stand up for rights and freedom regardless.

  6. Re:So the FBI hacked servers to find pedos? by Anonymous Coward · · Score: 5, Insightful

    "The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all." -- H. L. Mencken

  7. Re:So the FBI hacked servers to find pedos? by cheater512 · · Score: 5, Insightful

    A US court order might as well be toilet paper in France or anywhere else in the world. No US court has the authority to authorise that.

    In fact many countries would take that as an act of war.

  8. Re:What the fuck is going on? by Anonymous Coward · · Score: 5, Insightful

    Is there any example of the FBI or NSA misusing any of the data they are supposed to collecting?

    Yes, there is. The Special Operations Division of the DEA used NSA intercepts to target people for arrest. "After an arrest was made, agents then pretended that their investigation began with the traffic stop, not with the SOD tip, the former agent said. The training document reviewed by Reuters refers to this process as 'parallel construction.'"

  9. Re:So the FBI hacked servers to find pedos? by LandDolphin · · Score: 5, Insightful

    This is why the ACLU gets so much bad press. They tend to protect the rights of everyone by protecting he rights of the worst of us.

    --
    Spelling and Grammar errors have been added to this post for your enjoyment
  10. Re:The NSA controlled the servers by Jane+Q.+Public · · Score: 5, Insightful

    "Uh... why would the FBI care about being caught?"

    Because they illegally interrupted service of hundreds if not thousands of other customers of the hosting service.

    See 18 USC 242, "Deprivation of Rights Under Color of Law"

    When there is danger of infringing on the rights (which includes contracts) of innocent parties, law enforcement is, at the very least, required to use "narrowly tailored" means to effect their business.

    They used pretty much the opposite of "narrowly tailored" means. They just took over the whole hosting company and surveilled ALL the users.

    Definitely a no-no. Definitely illegal.

    No reasonable person is in favor of child pornography. But law enforcement is not allowed to break the law in order to enforce the law.

  11. Re:So the FBI hacked servers to find pedos? by Anonymous Coward · · Score: 5, Insightful

    Now you touch the point the FBI relies on... Yell childporn and most people shy away. Defending rights and such is nice and well, but who want to be seen as defending childporn. And so people happily ignore the rights of other users being ignored. It works equally well with terrorism. The RIAA screaming how illegal downloading supports terrorists. By now any bittorrent traffic is seen as something illegal.