FBI Is Classifying Its Tor Browser Exploit Because 'National Security'

Joseph Cox, reporting for Motherboard:Defense teams across the US have been trying to get access to a piece of malware the FBI used to hack visitors of a child pornography site. None have been successful at obtaining all of the malware's code, and the government appears to have no intention of handing it over. Now, the FBI is classifying the Tor Browser exploit for reasons of national security, despite the exploit already being used in normal criminal investigations well over a year ago. Experts say it indicates a lack of organization or technical capabilities within the FBI. "The FBI has derivatively classified portions of the tool, the exploits used in connection with the tool, and some of the operational aspects of the tool in accordance with the FBI's National Security Information Classification Guide," government attorneys wrote in a filing earlier this month. It came in response to the defense of Gerald Andrew Darby, who is charged with child pornography offenses.

Javascript exploit

This a JS exploit, not a Tor problem. It really doesn't matter what this exploit does or how it works. If you have JS enabled in Tor, you're already pwn3d.

Probably because...

[gatfirls]

....It's a laughably silly exploit that anyone can do and they paid 10 million dollars to get.

Re:So nice to see

[bluefoxlucid]

The best bit is he's definitely guilty, and trying to get off on a technicality. The argument is the entire body of evidence collected since this whole thing started is tainted, and they have no valid reason to search him (knowing that his house is still full of child pornography because they already did an *illegal* search isn't a justifiable cause), so he gets away scot free because the authorities fucked up.

This is *exactly* what we want. We want the authorities to follow the rules, and we want people who can hide in the rules to get away with it. We don't need the FBI searching you because they feel like it, finding evidence for an unpredicted crime, then charging you for it based on an illegal search. That leads to all kinds of vindictive political control, turning political opponents and other undesirables into targets to be ground away at by government overreach.

The biggest danger is the public realizing what just happened and crying out against a child porn hoarder getting off free, and then demanding the repeal of the fourth and fifth amendments immediately. The second biggest danger is the FBI succeeding with their bluff, either having no evidence to present ("we used a thing that got us information, but we won't show you that thing, so just trust us about the evidence chain") or being forced to present and being called on performing an illegal search (hacked your computer) and then *not* penalized for it ("this is all technically inadmissible, but we'll allow it anyway").

The neutral state is the FBI being forced to present and arguing (successfully and correctly) the defendant was *not* subject to an illegal search because the FBI had ample reason to believe the target site *was* doing illegal things and that its visitors were engaging in illegal activities (similar to a sting on a whore house). The outcome of being forced to present is the public can examine the code used to break Tor, then counteract it (technical arms race); Darby goes to jail; and the case sets no legal precedents weakening constitutional law.