Slashdot Mirror
FBI Admits It Controlled Tor Servers Behind Mass Malware Attack
MikeatWired writes "It wasn't ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors. Freedom Hosting's operator, Eric Eoin Marques, had rented the servers from an unnamed commercial hosting provider in France, and paid for them from a bank account in Las Vegas. It's not clear how the FBI took over the servers in late July, but the bureau was temporarily thwarted when Marques somehow regained access and changed the passwords, briefly locking out the FBI until it gained back control. The new details emerged in local press reports from a Thursday bail hearing in Dublin, Ireland, where Marques, 28, is fighting extradition to America on charges that Freedom Hosting facilitated child pornography on a massive scale. He was denied bail today for the second time since his arrest in July. On August 4, all the sites hosted by Freedom Hosting — some with no connection to child porn — began serving an error message with hidden code embedded in the page. Security researchers dissected the code and found it exploited a security hole in Firefox to identify users of the Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia. The FBI was the obvious suspect, but declined to comment on the incident. The FBI also didn't respond to inquiries from WIRED today. But FBI Supervisory Special Agent Brooke Donahue was more forthcoming when he appeared in the Irish court yesterday to bolster the case for keeping Marque behind bars."
I have no strong feelings on this controversy.
Great, FBI...now if you would go ahead and put tormail back up, that'd be great...
Nope, the NSA controlled the servers, it led to an NSA controlled IP address and they have the hackers needed. The BIG FAT LIE was that this block could be used by other agencies. Since potentially NSA broke the law for USA domestic Tor users, we have the FBI stepping forward to take the blame.
But we know its the NSA that tracks and monitors TOR because it was in their leaked document as one of their many excuses for surveillance:
http://www.theguardian.com/world/interactive/2013/jun/20/exhibit-b-nsa-procedures-document
Also go read the first leaked warrant that let the NSA collect all the data (link below), it had the FBI's name on it. It was an FBI request to hand the data from Verizon's phone records to the NSA, a simple reacharound the domestic spying laws. The FBI acts as wing man for the NSA:
http://www.theguardian.com/world/interactive/2013/jun/06/verizon-telephone-data-court-order?guni=Article:in%20body%20link
FBI doesn't have the experts, or the IP address or the interest in Tor, it was NSA and it was timed just as the NSA was trying to prevent further leaks from its own analysts. At best the FBI simply provides the excuse, as it did with the Verizon incident.
Land where Freedom will not be tolerated.
I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
Remember when we used to think that U.S. LEOs still had some sense of ethics and would never actually send child porn to anyone to make a case? Now we know that, at least for a while, the FBI was running the servers. The FBI was responsible for serving up, by all accounts, half the *.onion-based child porn sites in the world.
Is this the first time they crossed this line? Or have they done so before?
Oh, I forgot. The internet is US soil, right?
From what I've read, they could have made the payload attack a lot more kinds of browsers to at least reveal their IP address, and the bug they used to run arbitrary code existed on a lot more versions than the single version they attacked.
So why was the attack so targeted? Were they looking for a single person and already knew what code they were running?
Naw the answer has to be more incompetent than that.
"all the sites hosted by Freedom Hosting — some with no connection to child porn"
Uh...huh... More than likely, 99.99% had nothing to do with child porn.
Hey. Americans. Your country FUCKING SUCKS.
How is any of this remotely legal? Every day we have a new article explaining how the feds have been pounding our apparently imagined liberties in the goat ass, they get 300-500 comments (a lot for ./ these days) and then nothing happens. I'm a healthy skeptic, but this is literally the paranoid conspiracy-theorist's worse nightmare incarnate. I'm flabbergasted. In all seriousness, do we need to just move to a different country at some point? Is this what the start of a pseudo-democracy looks like and we just can't believe the warning signs are real? Just crazy...
Buy your next Linux PC at eightvirtues.com
it appears that someone or some group is attempting to intimidate the writers of insightful comments.
it is possible this is an attempt at sardonically drawing attention to the process of intimidation.
eitherway, i believe ALL THESE virtually identical POSTS should not be modded down and hidden, but instead MODDED UP.
everyone should see the violence inherent in the system. help help im being repressed, you saw him didnt you ;)
The famous case of the UK hacker who got into US government computers looking for an alien cover up established that the US will seek to extradite people who do that even if they don't set foot in the US.
This is like saying a truck driver should be arrested and sentenced for mass murder due to the fumes coming from their exhaust -.- (Jakizak)
Without Windows OS, the kiddie fiddlers would not be able to view CP on a computer.
Therefore ARREST BILL GATES! MS have a major HQ in Ireland, so DO IT.
The claim is 500% bullshit.
There's no "right" to teach your child creationism. And it's as demonstrably harmful to the psyche of the child to teach them christianity as to fondle their hairless bits.
So shall we arrest parents who indoctrinate their kids?
There is also the right to a fair trial.
Or is that not possible for people who are accused of paedophilia, you paedo scumbag?
(NOTE: There is no need for me to prove my case, all I have to do is accuse it. And, being an accused paedo scumbag, you cannot defend yourself, since there's no "right" to molest children, you paed shitstain).
Time to start null routing all address blocks known to be used by the FBI?
Get Linus to perm block NSA IP addresses in the linux kernel.
Get every one at home and at all levels of business etc... and android phones/tablets to block all those IP addresses too in all firewalls/modems.
Infact we could probably black list dozens of A classes by default, and not one would notice.
We need a distributed ipchains black list that includes all governments of all countries.
Liberty freedom are no1, not dicks in suits.
There already is such a thing.
http://en.wikipedia.org/wiki/PeerGuardian
It's been around for years and there is a "Government IP blocklist"
The problems with these lists are they are overly broad. You end up blocking a lot of ranges that really aren't what you think they are.
And the NSA/FBI/CIA can just get new IP's at a whim. They likely have compromised equipment in nearly every company out there as well so they could make it look like they were coming from just about anywhere.
The anonymity of the internet is one of their greatest weapons despite the fact it's what they're trying to destroy.
I can't wait until China drops the big, fat bomb that it has rooted every corporate, private and government server in the entire US, probably like circa 2002.
So. has TOR now been permanently compromised?
Route all United States Government IP addresses to 127.0.0.1. Update /etc/host files as necessary.
I have to wonder how much longer the people in this country are going to sit back and shake their heads whenever the government breaks the law for convenience, or the congress hacks off another chunk of the bill of rights, or middle class America is handed the bill for another round of horrible investments made by professional investors in banks, , before they begin standing up over such events and making a big noise about it. Apathy may have already led us too far, I'm not sure. My crystal ball sees middle class America continuing to lose their rights, ultimately their right to vote. Those in control think the country would run better if decisions were made by knowledgeable people of their chosing, and put a stop to too many uninformed Joe Blows throwing wrenches in the works. Get rid of most of the government and remove restrictions on business. The middle class will come to serve corporations, who will control most everything anyway. These same corporations will continue to treat their employees as they do now, or it will get worse. Social Security will be cut--after all, old people aren't productive and contribute little to the economy, so why help them to live longer? Besides, they can't complain as well as younger people, so what they have is like a reserve asset to be raided when necessary.
Until US citizens stand up and in no uncertain terms let the politicians know that we're not going to tolerate it any more, things are going to get progressively worse, I'm afraid.
NR
Someone needs to write this generations 1984 or uncle toms cabin. that is what
We put a virus in your virus. So we could pwn your computer while it was being pwned.
Have gnu, will travel.
"9/11 couldn't have been an inside job. The ability to keep it secret would be impossible."
For 6 years the US government has been running the worlds largest spying network. Many billions spent. Nobody knew until someone at the center revealed the truth.
9/11 would have been trivial to pull off by comparison.
"Eric Eoin Marques, had rented the servers from an unnamed commercial hosting provider in France, and paid for them from a bank account in Las Vegas. It's not clear how the FBI took over the servers in late July, but the bureau was temporarily thwarted when Marques somehow regained access and changed the passwords, briefly locking out the FBI until it gained back control"
...
I figure that's why they subsequently flung the kiddy porn charge at him, no one is going to go to the trouble of defending a paedophile
"Investigators have not commented on the case but local press accounts reported that FBI Supervisory Special Agent Brooke Donahue testified in court that Marques dove for his laptop when agents raided his home this summer. A forged passport was found in Marques’ possession and" ..
a. No FBI agents were present when they raided his home.
b. Marques did not 'dove for his laptop`.
c. Marques did not possess a forged passport.
c. The FBI uploaded the porn that was subsequently used to arrest Marques.
No kidding. If I was a governmental agency trying to act all secretive, I'd probably start with a comcast or fios account that leads to a storage unit or something. It would be mind bogglingly stupid to engage in surveillance that can be traced back to the IP block of the agency.
...are you suggesting that people "stand up" for pedophiles and drug dealers?
Can't we punish those who are abusing children while ignoring those who are merely trading copies of the evidence? Those exceptions to free speech make a convenient excuse for the government to crush anything that allows speech that they cannot monitor.