Slashdot Mirror
Unsealed Court Docs Show FBI Used Malware Like 'A Grenade' (vice.com)
An anonymous reader quotes a report from Motherboard: In 2013, the FBI received permission to hack over 300 specific users of dark web email service TorMail. But now, after the warrants and their applications have finally been unsealed, experts say the agency illegally went further, and hacked perfectly legitimate users of the privacy-focused service. "That is, while the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade," Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told Motherboard in an email. The move comes after the ACLU pushed to unseal the case dockets in September. The Department of Justice recently decided to publish redacted versions of related documents. In 2013, the FBI seized Freedom Hosting, a service that hosted dark web sites, including a large number of child pornography sites and the privacy-focused email service TorMail. The agency then went on to deploy a network investigative technique (NIT) -- a piece of malware -- designed to obtain the real IP address of those visiting Freedom Hosting sites. According to the new documents, the NIT was used against users of 23 separate websites. As for TorMail, officials have maintained that the government obtained a warrant to deploy the NIT against specific users of the service. Now, we do know that to be true: recently unsealed affidavits include a total of over 300 redacted TorMail accounts that the FBI wanted to target. All of these accounts were allegedly linked to child pornography-related crimes, according to court documents. Importantly, the affidavits say that the NIT would only be used to "investigate any user who logs into any of the TARGET ACCOUNTS by entering a username and password." But, according to sources who used TorMail and previous reporting, the NIT was deployed before the TorMail login page was even displayed, raising the question of how the FBI could have possibly targeted specific accounts.
the next President of the United States?
From the director to the janitors, the FBI needs to be cleaned up. It's gotten to a point where J. Edgar is looking like a boy scout.
it's an old song and an old story. upset the apple cart for the one that's rotten.
"Like a grenade" seems a little eggcorn to me.
My PC's real IP address is 192.168.0.101.
Presumably the malware was sending ip packets home, via a path other than tor, so the feds could see the IP address of the local NAT router.
This is a gaping privacy hole in the interwebz that could be fixed several ways in the local stack. E.G. by sandboxing a VM in which the browser sits and preventing its traffic going by a path other than tor. You'd need to prevent sandbox escape malware too, which is not so easy given the way that big software is built.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
You'd think the government would team with vendors to patch every exploit so our computers are more secure and less likely to be hacked by bad guys. It is perfectly logical that the sheriffs across the USA do not have a master key to everyone's backdoor. If that key got out, the crooks could enter everyones house too. Why is it so hard to see backdoors for computers is just as bad and the same thing? With the government wanting to exploit computers, the bad guys can exploit them too.
is not all like a grenade..non the less good for them.
"Like a grenade" seems a little eggcorn to me.
[Samuel L.]
ENGLISH, MOTHERFUCKER!!
DO YOU SPEAK IT!?!?
[/Samuel L.]
No Tor, Freenet. That's all that needs to be said.
I'm sure no reasonable prosecutor will bring a case against this. They are a sad, pathetic department, even by government standards.
...that an organization that protects criminals does criminal shit. Go ahead... imagine the shock on my face!
"You're a putz!
-(((My in-laws))).
So they all got raises and job promotions for this, correct?
Kind of helps to understand why they won't go after politicians who do illegal things. In other words, *What do they call it when the assassin accuses the assassin?* This is a good example of 'Capoeira'. Everybody remains untouchable, but the spectacle is supreme.
“He’s not deformed, he’s just drunk!”
The reality is there is very little hope in both the legal and technological realms to solving the abuses of government, but some efforts are under way none-the-less. Freedom and freedom of communications is essential, but the majority will fall to emotions, and fear, sacrificing freedom for little more than security theatre. We can try and fight this seemingly hopeless battle dispersed as we are everywhere, or have some level of real success through a migration of like-minded individuals to New Hampshire (Free State Project, among other entities, it's really happening 10% of the anticipated signers have already moved), but it's not enough in the short term, and it's a very long-term solution to a more final solution (secession would be necessary to solve deeper issues long term even if the project can solve most state/local issues short term, but issues like copy'right', and federal meddling can't be).
The next step in the near term has to be to focus on a technological solution. Right now we're thinking too small. What we need to do is design entire systems built around components we have complete control over (EOMA68 should help reduce costs of doing this, EOMA68 is a modular computing standard). Once we have hardware without backdoors (Intel/AMD backdoors added in 2009 & 2013, China's got non-x86 backdoors too, but not at the CPU level) we need to eliminate components that could leak location data to the OS (wifi, mics, cameras, etc). Then we need to physically compartmentalize the OS and separate it with a hardened device running just the Tor software (think physical firewall). A compromised machine would not be able to discover its own location or IP. At least not without a remote exploit (should make it much more difficult).
The next step after this is to focus on adding support for a high latency anonymity network that is setup such that it does not feel slow. To improve anonymity you need high latency. However it isn't necessarily the case the user has to feel that latency. If the anonymity system works such that every user stores massive amounts of data on there own machines (10TBs) then a user will rarely have to access the network directly. What never is requested via the network can't be tracked by NSA-level adversaries. Instead the network would 'sync' the most popular data in the background. By the time the user goes to accesses it that data will most likely be on the users machine or on one of a handful of other nearby user's friend's machines (significantly reducing various attacks/risks). Such a network would solve many of the attacks that the government can currently use (at least potentially use) against Tor. 10TB data stores could be ordered online thus solving the issue of 'it takes too long to download 10TB' (and 10TB can grow in time, we have 10TB disks *now*). You don't need the whole internet, just the important bits that you don't want to reveal your accessing. To give people an idea just how much space this is you could fit every major hollywood movie made between 1990 and 2003 in 10TB of space.
Actually it makes no difference if he is dead, alive or none of the above. Nothing has changed since Hoover was in charge of the FBI. They don't care about the Constitution and are lawless, which means they act as if no law applies to what they do. Their agenda, which includes expected areas like going after bank robbers, kidnappers and organized crime also includes suppressing and criminalizing any attempt to alter the current political order, even if it is totally legitimate. This activity is rarely targeted to any right wing movement, but the mere existence of a left wing or minority organization brings the hammer down.,
Compare and Contrast: Occupy Wall Street and the take over of the Oregon wildlife facility by armed Christian terrorists. Law enforcement, including the FBI, sent in provocateurs to incite violence, infiltrated to gather (illegal) intelligence, and engaged in intimidation during and after Occupy events. Just sending an FBI agent to do "routine" interviews with employers, co-workers or neighbors is a way of punishing a person for using their right to express their opinion, and the FBI takes great advantage of that, and they did a lot of it
Now look at the Oregon armed takeover. For weeks right wing Cowboys with Guns were wandering into town for a hot meal or a warm bed. There was no perimeter established. Local and Federal law enforcement (i.e. the FBI) stayed as far away as possible. The didn't want to cause an "incident". It was only after the press stated to take notice of the absence of law enforcement and the Governor of Oregon wrote a letter of complaint that law enforce showed up.
The FBI always takes sides. They only go after right wingers after events become so extreme they can't be swept under the rug. They go after anyone else just for opening their mouths. So J Edgar continues to assert his rule.
Why is Snark Required?
Wouldn't you have to be a dumb ass to use a service like TorMail?
That is, while the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade,” Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told Motherboard in an email.
Whoop. Dee. Doo.
What the TFA neglects to mention is that the 23 separate child porn sites were all hosted on the same server as TorMail. In fact, the affidavit said the administrator(s) of TorMail are also wanted in connection with the cp sites.
https://en.wikipedia.org/wiki/Eggcorn
But now, after the warrants and their applications have finally been unsealed, experts say the agency illegally went further, and hacked perfectly legitimate users of the privacy-focused service. "That is, while the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade,"
Yet another known illegal activity of a politically corrupt organization and I still do not see a single member going to prison or even being charged. Let's just start calling James Comey, Handsome Jack and be done with it.
Requires Java.
Nope.
Mesh Networking instead.
FBI: We want to hack a ton of computers belonging to people who are probably innocent.
Judge: Sorry, I can't issue a warrant for that.
FBI: We need to do this in order to catch monsters who sexually abuse children.
Judge: Fucking scum like that have no rights! You have my warrant, do whatever it takes!
New Hampshire? Fuck, they told me Vermont... But I'm only 30 mins from the border!!!