Monday, August 05, 2013

The FBI attack on Tor

If you are going to have Total Information Awareness, you are going to have to take down any structures that protect privacy:
  1. "FBI accused of infiltrating Tor network to close child abuse host"
  2. "Hidden Services, Current Events, and Freedom Hosting"
  3. "Firefox Zero-Day Used in Child Porn Hunt?"
  4. Reddit thread
  5. "Feds bring down Tor-hosted child porn site using suspected vulnerability in Firefox browser" - was Mozilla in on it?
  6. "Feds are Suspects in New Malware That Attacks Tor Anonymity":
    "Shortly after Marques’ arrest last week, all of the hidden service sites hosted by Freedom Hosting began displaying a “Down for Maintenance” message. That included websites that had nothing to do with child pornography, such as the secure email provider TorMail.
    Some visitors looking at the source code of the maintenance page realized that it included a hidden iframe tag that loaded a mysterious clump of Javascript code from a Verizon Business internet address located in eastern Virginia.
    By midday Sunday, the code was being circulated and dissected all over the net. Mozilla confirmed the code exploits a critical memory management vulnerability in Firefox that was publicly reported on June 25, and is fixed in the latest version of the browser.
    Though many older revisions of Firefox are vulnerable to that bug, the malware only targets Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle – the easiest, most user friendly package for using the Tor anonymity network.
    “The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based,” the non-profit Tor Project wrote in a blog post Sunday. “We’re investigating these bugs and will fix them if we can.”
    The inevitable conclusion is that the malware is designed specifically to attack the Tor browser. The strongest clue that the culprit is the FBI, beyond the circumstantial timing of Marques’s arrest, is that the malware does nothing but identify the target.
    The heart of the malicious Javascript is a tiny Windows executable hidden in a variable named “Magneto”. A traditional virus would use that executable to download and install a full-featured backdoor, so the hacker could come in later and steal passwords, enlist the computer in a DDoS botnet, and generally do all the other nasty things that happen to a hacked Windows box.
    But the Magneto code doesn’t download anything. It looks up the victim’s MAC address – a unique hardware identifier for the computer’s network or Wi-Fi card — and the victim’s Windows hostname. Then it sends it to the Virginia server, outside of Tor, to expose the user’s real IP address, and coded as a standard HTTP web request."
  7. "FBI bids to extradite 'largest child-porn dealer on planet'" - calling him a 'child-porn dealer' is obvious nonsense, and fighting child porn is just their excuse for attacking privacy rights.
  8. "FBI shared child porn to nab pedophiles; Washington home raided" (you have to wonder these days how much of this stuff is distributed by the government for nefarious purposes including blackmail and social control).

I can't help but notice this Reddit posting and the links to what Endgame does as a broker of cyberwar exploits.  Michael Hastings may have been murdered for investigating Endgame.  Conspiracies tend to connect.
blog comments powered by Disqus