Slashdot Mirror
FBI Admits It Controlled Tor Servers Behind Mass Malware Attack
MikeatWired writes "It wasn't ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors. Freedom Hosting's operator, Eric Eoin Marques, had rented the servers from an unnamed commercial hosting provider in France, and paid for them from a bank account in Las Vegas. It's not clear how the FBI took over the servers in late July, but the bureau was temporarily thwarted when Marques somehow regained access and changed the passwords, briefly locking out the FBI until it gained back control. The new details emerged in local press reports from a Thursday bail hearing in Dublin, Ireland, where Marques, 28, is fighting extradition to America on charges that Freedom Hosting facilitated child pornography on a massive scale. He was denied bail today for the second time since his arrest in July. On August 4, all the sites hosted by Freedom Hosting — some with no connection to child porn — began serving an error message with hidden code embedded in the page. Security researchers dissected the code and found it exploited a security hole in Firefox to identify users of the Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia. The FBI was the obvious suspect, but declined to comment on the incident. The FBI also didn't respond to inquiries from WIRED today. But FBI Supervisory Special Agent Brooke Donahue was more forthcoming when he appeared in the Irish court yesterday to bolster the case for keeping Marque behind bars."
Nope, the NSA controlled the servers, it led to an NSA controlled IP address and they have the hackers needed. The BIG FAT LIE was that this block could be used by other agencies. Since potentially NSA broke the law for USA domestic Tor users, we have the FBI stepping forward to take the blame.
But we know its the NSA that tracks and monitors TOR because it was in their leaked document as one of their many excuses for surveillance:
http://www.theguardian.com/world/interactive/2013/jun/20/exhibit-b-nsa-procedures-document
Also go read the first leaked warrant that let the NSA collect all the data (link below), it had the FBI's name on it. It was an FBI request to hand the data from Verizon's phone records to the NSA, a simple reacharound the domestic spying laws. The FBI acts as wing man for the NSA:
http://www.theguardian.com/world/interactive/2013/jun/06/verizon-telephone-data-court-order?guni=Article:in%20body%20link
FBI doesn't have the experts, or the IP address or the interest in Tor, it was NSA and it was timed just as the NSA was trying to prevent further leaks from its own analysts. At best the FBI simply provides the excuse, as it did with the Verizon incident.
Remember when we used to think that U.S. LEOs still had some sense of ethics and would never actually send child porn to anyone to make a case? Now we know that, at least for a while, the FBI was running the servers. The FBI was responsible for serving up, by all accounts, half the *.onion-based child porn sites in the world.
Is this the first time they crossed this line? Or have they done so before?
You're a fool if you actually believe their attack was against pedophiles.
Lets just face it already. Our government is out of control and it won't be easy to stop now that things are so far in motion.
First they came for the pedophiles on Freedom Hosting, and I said nothing because pedophiles are scum.
Then they came for the drug dealers on Silk Road, and I said nothing because drug dealers are scum too.
Then they came for the leakers on {Wiki|Live|you pick one}Leaks, and I said nothing because I don't have time to read that stuff anyway.
Then they passed a law against using privacy tools such as Tor, Mixmaster, proxies, and crypto, because terrorists 9/11 OMG, and I said nothing because I have nothing to hide.
Then I tried to fly to my Dad's funeral and found out that I'm on the no-fly list. I still am. No one will tell me why, and there's nothing I can do to change it.
Then the police broke down my door because I had set up my wireless router wrong and someone had done something illegal over my connection, and it took me three years to get the charges dropped, and I lost my job and had to file bankruptcy, and I never did get my computer back. And what happened to the government agents who had wrongly prosecuted me? Nothing whatsoever. And what compensation did I get? The court ruled that the government had not violated its rules and therefore I was not owed anything. Have a nice day.
You joke about that but the county next to mine just had the sheriff arrested for that very thing. He would find his opponents or others who made him angry, arrest them for child porn, plant the child porn, and then splash their name all over the news to ruin their reputation. He finally got caught when he arrested the wrong person. This guy called the FBI and the County District Attorney, who both pressed charges against him. I think the total charge count is around 30 felony counts of evidence tampering, witness tampering, intimidation, and other corruption issues. This stuff is too good to be made up sometimes.
Uhh ... given that he who was the gold makes the rules, if there was a court order allowing it, or a clause in some law allowing it, it was authorized, just not by the owners of the computers.
Sorry, but I'm failing to follow your point here. Since when is an electronic device a waiver to standard privacy and due process?
Perhaps if the FBI were trying to break into my car I would understand this analogy better, but my point still stands. A "computer" is not automatic grounds for illegal wiretaps (and when I use the term "illegal", I'm referring to my Constitutionally protected Rights, not some secret court horseshit that "authorized" a waiver around said Rights, which remains illegal no matter who granted it.)
How is any of this remotely legal? Every day we have a new article explaining how the feds have been pounding our apparently imagined liberties in the goat ass, they get 300-500 comments (a lot for ./ these days) and then nothing happens. I'm a healthy skeptic, but this is literally the paranoid conspiracy-theorist's worse nightmare incarnate. I'm flabbergasted. In all seriousness, do we need to just move to a different country at some point? Is this what the start of a pseudo-democracy looks like and we just can't believe the warning signs are real? Just crazy...
Buy your next Linux PC at eightvirtues.com
If there's a court order behind this, it's less problematic in my mind. Not all court orders are publicized even by normal courts; search warrants aren't provided to the targets to challenge before execution precisely so they can't hide or destroy evidence.
The problem I have with this operation is that it was conducted on servers located in France, which means that either French law enforcement was also involved (very possible) or the FBI is hacking servers across international boundaries. That puts at risk any agents involved as they could be tried under French law for such trespass, though given that it was to deal with child pornography, the political result is that it probably wouldn't result in much more than a warning.
You can never go home again... but I guess you can shop there.
The bank account in Las Vegas means that he was paying for (and perhaps profiting from) the servers. That provides US jurisdiction no matter where the data was being stored. The same thing happens around the world: if part of an action happens within a given country and it's illegal in that country, jurisdiction applies. They may have to work through extradition, but in this case, France may also look to get a piece of him, especially if he's not convicted in the US. France may then go through extradition to get him into their courts for storing child porn on French soil.
You can never go home again... but I guess you can shop there.
yes! stand up for rights and freedom regardless.
"The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all." -- H. L. Mencken
A US court order might as well be toilet paper in France or anywhere else in the world. No US court has the authority to authorise that.
In fact many countries would take that as an act of war.
This is why the ACLU gets so much bad press. They tend to protect the rights of everyone by protecting he rights of the worst of us.
Spelling and Grammar errors have been added to this post for your enjoyment
Now you touch the point the FBI relies on... Yell childporn and most people shy away. Defending rights and such is nice and well, but who want to be seen as defending childporn. And so people happily ignore the rights of other users being ignored. It works equally well with terrorism. The RIAA screaming how illegal downloading supports terrorists. By now any bittorrent traffic is seen as something illegal.
That's a common argument that is told to conservatives to convince them that the ACLU is an evil liberal organization who should be hated. It was, as you point out, originally created to defend Communists from unconstitutional harassment, but that had a lot to do with the fact that Communists and people with communist ideas were unconstitutionally targeted by the US government from about 1880 until about 1990.
Some examples of causes the ACLU has helped protect their civil rights:
- National Socialist Party of America.
- Westboro Baptist Church
- atheist Michael Newdow
- NAMBLA
- Anyone who drives
- Anyone who wants to be able to view adult images on the Internet
- Senator Mitch McConnell (R-KT)
- An ISP that didn't want to spy for the government
I am officially gone from