Slashdot Mirror

← Back to Stories (view on slashdot.org)

The FBI Is Infecting Tor Users With Malware With Drive-By Downloads

Posted by timothy on from the for-the-good-of-society dept.

Advocatus Diaboli (1627651) writes For the last two years, the FBI has been quietly experimenting with drive-by hacks as a solution to one of law enforcement's knottiest Internet problems: how to identify and prosecute users of criminal websites hiding behind the powerful Tor anonymity system. The approach has borne fruit—over a dozen alleged users of Tor-based child porn sites are now headed for trial as a result. But it's also engendering controversy, with charges that the Justice Department has glossed over the bulk-hacking technique when describing it to judges, while concealing its use from defendants.

4 of 182 comments (clear)

  1. Hide behind todays popular hate-topic... by MindPrison · · Score: 5, Informative

    ...and that's how and WHY they get away with this. This is against any human rights, but shout "won't anyone PLEASE think of the Children", and these agencies can get away with murder.

    So that said, to any whistleblower out there who doesn't have the tech savvy that we have, I'd offer a little bit of advice, read it - and don't forget it, you might just be next if you do:

    1) Download Tails. Install it preferably on a CD.
    2) Remove your hard disk connection (removing the power is enough) when you intend to boot from Tails.
    3) Shut down your WiFi. And only use WIRED connections.
    4) Boot tails, and when you start Iceweasel - make sure to turn NoScript ON for ALL sites. It's not on by default, when the SHIELD shows...it's on!
    5) Never - ever use an acronym you'd use with your normal ISP (IP address), this WILL unmask you.
    6) Do NOT use FLASH or JAVASCRIPT.
    7) Do NOT do any banking business or anything that would identify the real you using TOR. Tor is like walking into an underworld of the worst place you could imagine in a bad movie (except Darknet is very real, and can be a VERY dark place, it has freedom...but freedom is precious there, and there's someone waiting on every corner to con you, and remember - this threat is VERY REAL!), so don't be a fool. Do what you have to, but stay safe.
    8) Do NOT brag to friends that you're safe with Tor. As far as you know, you don't even know what Tor is.
    9) If you can, use Tor with a laptop that has never been used on a wired or wireless KNOWN network with you, but only used for TOR ...without a harddisk! Use it to connect with TOR on a different network, preferably in a different city than where you live. You can't get much safer than that....IF...you apply the other 8 rules above.
    10) Don't SURF TOO LONG AT ONCE - People are working to unmask TOR users all the time with Injection attacts, and they succeed often! Notice that when the chain of relays break (refreshes)...always keep looking at the NETWORK MAP...ALWAYS, DISCONNECT LIKE THE WIND and find another time to connect short sessions. Keep things brief, and as many clusters as you can.
    11) Always make sure that the TAILS CHECKSUM IS MATCHING! I've downloaded TAILS TWICE from their so called official server and had CHECKSUM MISMATCH, this could be as simple as a faulty packet...but it could also be much more serious than that, imagine the rest yourself - BE PARANOID! It's your life!

    Information is the only power we have left!

    --
    What this world is coming to - is for you and me to decide.
  2. Re:LOL by MindPrison · · Score: 5, Informative

    But the freetards tell us that Tor is so secure!! Open sores fails again.

    It's not TOR itself, sure...Tor isn't perfect, but today you really don't have many other options. In fact...I can't think of a single one. But it's the users that fails to understand that TOR really isn't the solution to all their anonymity wishes. I'd say 90% safety is up to the users themselves, I've written a little list a few posts below (look it up if you care), it's mostly about common sense. You don't walk into a dark alley with an open wallet telling everyone that you won big on the casino tonight, right? Same thing applies to Tor usage, don't reveal your name, use no-script religiously, don't use flash or any other app/software that can see your IP locally and forward it anywhere. Don't use your real name. Don't even use your nickname (unless it's anonymous coward of course), because everything that ties you as a user to a user on TOR...is bad for you.

    Tor is actually pretty damn good, why do you think it's such a pain in the ass for the feds? Heck...it's even KNOWN to be a giant wart on NSA's butts simply because it's so good at WHAT it does. But it's not 100%, you need to apply common sense to the rest, and learn of it's flaws and the things TOR can not do for you. If you do...there really is no better alternative to freedom of speech out there.

    --
    What this world is coming to - is for you and me to decide.
  3. Re:The problem here isn't the FBI. by Anonymous Coward · · Score: 4, Informative

    > we should be glad that they're making this public

    That's the problem, they are working as hard as possible to prevent the information from becoming public.

    While this is the FBI we are talking about here, I would be sooooo onboard with the NSA if they amended their charter to simply shoring up vulnerabilities rather than exploiting them for their own opaque purposes.

  4. Re:LOL by SuricouRaven · · Score: 5, Informative

    Freenet uses a very different model - it's basically a very elaborate distributed key-value store. It's good for dissemination and publication, but by design it can't be used for real-time communication - there's a delay of minutes to days for a message to become available to all nodes. It's all compromise: The same design that prevents real-time communication also makes Freenet a lot more resilient.