dslreports logo
 story category
Government Eyed in Malware Attack on Tor

A rather amazing story has bubbled up over the last week after half of the onion sites in the TOR network were compromised, revealing the supposedly anonymous identities of Tor users. Malware popped up last Sunday morning on numerous sites hosted by anonymous hosting operation Freedom Hosting, the code exploiting a critical memory management vulnerability in Firefox (see the Tor security advisory). The code fools Tor users into sending identifying info to an IP address in Reston, Virginia.

Click for full size
While that's interesting in and of itself, what's more interesting is who many think are responsible for the malware. TOR was originally designed to fight government and corporate censorship, though it has of course been abused for other purposes -- including the distribution of child pornography and drug sales through sites like Silk Road.

The malware being dumped on Freedom Hosting servers arrived just after Freedom Hosting founder Eric Eoin Marques was arrested in Ireland on charges of distributing child pornography. He's currently awaiting extradition to the United States, but in the interim the malware has continued sending user info to the aforementioned IP address in Virginia.

While I've seen several reports claiming that the IP address in question belongs to the NSA, Wired seems to have the most solid reporting I've seen on the subject, noting that the address belongs to contractor Science Applications International Corporation, who is likely working on the FBI's computer and internet protocol address verifier (CIPAV) spyware initiative:
quote:
"It just sends identifying information to some IP in Reston, Virginia,” says reverse-engineer Vlad Tsyrklevich. "It’s pretty clear that it’s FBI or it’s some other law enforcement agency that’s U.S.-based." If Tsrklevich and other researchers are right, the code is likely the first sample captured in the wild of the FBI’s “computer and internet protocol address verifier,” or CIPAV, the law enforcement spyware first reported by WIRED in 2007.
Given the FBI's rich history waging war on entirely legal domestic political organizations, there's obviously many that worry the government will extend this power on those that use Tor for perfectly peaceful, legal and legitimate political reasons. Meanwhile, Tor notes that the vulnerability has been patched by Mozilla in later versions of Firefox, though many users may still be using older versions of the Tor Browser Bundle. They're also advising Tor users to stop using Windows and to disable JavaScript if they're truly interested in being secure.
view:
topics flat nest 
brianiscool
join:2000-08-16
Tampa, FL
·Charter

brianiscool

Member

I love TOR

Click for full size
I used it for downloading. Lightning fast for Linux distros !

FFH5
Premium Member
join:2002-03-03
Tavistock NJ

FFH5

Premium Member

Re: I love TOR

said by brianiscool:

I used it for downloading. Lightning fast for Linux distros !

Tor should not exist. In theory, it was to help the poor oppressed of China and Iran and others behind national firewalls get access to prohibited web sites. In reality, it is nothing but a mechanism to help law breakers avoid capture by the police.

winsyrstrife
River City Bounce
Premium Member
join:2002-04-30
Brooklyn, NY

1 recommendation

winsyrstrife

Premium Member

Re: I love TOR

That's a rather broad brush...

While it is used for illegal purposes, some laws have been broken in past history for good reason. Downloading files isn't necessarily one I'd put in the list, but perhaps Tor is used in the future (or now even) for some valid form of communication, for someone to mask themselves from a perceived oppressor?

Jim Kirk
Premium Member
join:2005-12-09
49985

1 recommendation

Jim Kirk

Premium Member

Re: I love TOR

said by winsyrstrife:

That's a rather broad brush...

Not surprising, considering the source.

GlennLouEarl
3 brothers, 1 gone
Premium Member
join:2002-11-17
Richmond, VA

GlennLouEarl to FFH5

Premium Member

to FFH5
Right... because you repeatedly saying that will only make it more and more true the more you say it. All laws "über alles" huh.

TelecomEng
@rr.com

10 recommendations

TelecomEng to FFH5

Anon

to FFH5
said by FFH5:

Tor should not exist.... In reality, it is nothing but a mechanism to help law breakers avoid capture by the police.

That could be said of a lot of things: guns, cars, motorcycles, ski masks, encryption...

Just because someone can use something to break the law does not mean it should not exist.
clone (banned)
join:2000-12-11
Portage, IN

clone (banned) to FFH5

Member

to FFH5
"Establishment, establishment, you always know what's best!" Get off your knees and stand, slave.

ArrayList
DevOps
Premium Member
join:2005-03-19
Mullica Hill, NJ

ArrayList to FFH5

Premium Member

to FFH5
"it is nothing but a mechanism to help law breakers avoid capture by the police."

I'm sure that is exactly how what the police in China and Iran think of it.

meeeeeeeeee
join:2003-07-13
Newburgh, NY

meeeeeeeeee to FFH5

Member

to FFH5
said by FFH5:

Tor should not exist. In theory, it was to help the poor oppressed of China and Iran and others behind national firewalls get access to prohibited web sites. In reality, it is nothing but a mechanism to help law breakers avoid capture by the police.

A very simplistic view from someone who lives in a black and white world. The REAL world happens to have a multitude of shades of gray as well as COLORS!

People can SAY all kinds of illegal and terrible things, so do you propose people's mouths be sealed from birth? People can THINK all kinds of illegal and terrible thoughts, do you want brains to be removed at birth? People could potentially advocate for all kinds of illegal and terrible things right here on these forums, so should DSLReports be shut down?

It's unfortunate that someone will always find a way of perverting something good into something bad, that is human nature. It certainly does not mean that we should throw away all good things to be protected from the bad. That's Patriot Act thinking.

chip89
Premium Member
join:2012-07-05
Columbia Station, OH

chip89

Premium Member

Re: I love TOR

Shutting down dslreports Is something I do not want to ever see in my lifetime! And this Becuse someone did something they should've have done on a site that everyone on it will do bad things!

meeeeeeeeee
join:2003-07-13
Newburgh, NY

meeeeeeeeee

Member

Re: I love TOR

said by chip89:

Shutting down dslreports Is something I do not want to ever see in my lifetime! And this Becuse someone did something they should've have done on a site that everyone on it will do bad things!

I would pretty much feel the same about sealing people's mouths shut or removing their brains at birth but then again... In some cases, it might be an improvement.
brianiscool
join:2000-08-16
Tampa, FL
·Charter

brianiscool to meeeeeeeeee

Member

to meeeeeeeeee
Click for full size
This is all I could get tonight speed wise

meeeeeeeeee
join:2003-07-13
Newburgh, NY

1 edit

meeeeeeeeee

Member

Re: I love TOR

said by brianiscool:

This is all I could get tonight speed wise

It's always a bit of a crapshoot with TOR and I suspect a lot of people have suspended their participation resulting in fewer nodes handling greater traffic each. Once this FBI thing has been dissected and measures put in place to protect against such intrusions, I'm sure people will come back and things will get back to normal. In the long haul, things will probably improve. I'm sure this has put a damper on the kiddie pervs and other felonious traffic, so we'll be pushing around less illegitimate bits.
brianiscool
join:2000-08-16
Tampa, FL

brianiscool to FFH5

Member

to FFH5
I only downloaded one program. I'm going to try multiple ISO's of Ubuntu. Maybe I can pull 9MB's.
axus
join:2001-06-18
Washington, DC

1 recommendation

axus to FFH5

Member

to FFH5
Actually it's a great way to participate in chat rooms and message boards with immature people without someone hacking into your computer or digging up your personal information.
clone (banned)
join:2000-12-11
Portage, IN

clone (banned)

Member

Re: I love TOR

I assume it must pay well...
EdmundGerber
join:2010-01-04

EdmundGerber to FFH5

Member

to FFH5
said by FFH5:

said by brianiscool:

I used it for downloading. Lightning fast for Linux distros !

Tor should not exist. In theory, it was to help the poor oppressed of China and Iran and others behind national firewalls get access to prohibited web sites. In reality, it is nothing but a mechanism to help law breakers avoid capture by the police.

Pardon me, but your ignorance is showing

batterup
I Can Not Tell A Lie.
Premium Member
join:2003-02-06
Netcong, NJ

batterup to FFH5

Premium Member

to FFH5
said by FFH5:

Tor should not exist.

Troll alert or one of THEM.

meeeeeeeeee
join:2003-07-13
Newburgh, NY

meeeeeeeeee

Member

Re: I love TOR

said by batterup:

said by FFH5:

Tor should not exist.

Troll alert or one of THEM.

Maybe he's just bored and waiting for the Mothership?

batterup
I Can Not Tell A Lie.
Premium Member
join:2003-02-06
Netcong, NJ

batterup

Premium Member

Re: I love TOR

said by meeeeeeeeee:

Maybe he's just bored and waiting for the Mothership?

R U suggesting what Cartman got?



tmh
@comcastbusiness.net

tmh to FFH5

Anon

to FFH5
said by FFH5:

Tor should not exist. In theory, it was to help the poor oppressed of China and Iran and others behind national firewalls get access to prohibited web sites. In reality, it is nothing but a mechanism to help law breakers avoid capture by the police.

You're saying the same thing. Just ask the police in China and Iran.

elios
join:2005-11-15
Springfield, MO

elios to FFH5

Member

to FFH5
no TOR was made for the DoD
they made it public since the more data on the network the hard to tell whats what

batterup
I Can Not Tell A Lie.
Premium Member
join:2003-02-06
Netcong, NJ

batterup to brianiscool

Premium Member

to brianiscool
TOR was hacked, now fixed, where the originating IP could be seen.

Also the men who have and could take it on the chin are the last computer in the chain.
quote:
Austrian Police Seize Computers From Tor Exit Node

»www.techdirt.com/article ··· de.shtml

meeeeeeeeee
join:2003-07-13
Newburgh, NY

meeeeeeeeee

Member

Re: I love TOR

said by batterup:

TOR was hacked, now fixed, where the originating IP could be seen.

Also the men who have and could take it on the chin are the last computer in the chain.

quote:
Austrian Police Seize Computers From Tor Exit Node

»www.techdirt.com/article ··· de.shtml

Sorry, the article is old news, way prior to this exploit and discusses a not uncommon occurrence of clueless police raiding a TOR exit node because they have absolutely no knowledge of how the system works.

TOR, to my knowledge has not been "fixed" yet per say. There are work arounds for THIS particular exploit but there's nothing yet in place to prevent it from being re-engineered and done again. THAT's going to take some time.

tshirt
Premium Member
join:2004-07-11
Snohomish, WA

1 edit

tshirt

Premium Member

It's a pretty broad assumption...

... that
"It’s pretty clear that it’s FBI or it’s some other law enforcement agency that’s U.S.-based." just because it homes to Ruston, VA.
there are many IP's in Ruston including several huge server farms belongs to AOL among others.
I think most US agencies are clever enough to select a non obvious IP location if the wished to stay hidden, and also have plenty of ways to "leak" that 'it is them if they wanted your paranoia to spike.
The US Law enforcement isn't the only one who might want/benefit from access to those addresses, but they certainly are an easy target for conspiracy sensationalists

Some people see/want to see "No Comment" or " we can neither confirm nor deny..." as absolute proof.
Rekrul
join:2007-04-21
Milford, CT

Rekrul

Member

Re: It's a pretty broad assumption...

said by tshirt:

Some people see/want to see "No Comment" or " we can neither confirm nor deny..." as absolute proof.

Someone breaks into your home and you suspect it's your neighbor. You confront and directly accuse him of the crime. He replies with "No comment" and slams the door in your face. Yup, he's perfectly innocent.

ArrayList
DevOps
Premium Member
join:2005-03-19
Mullica Hill, NJ

ArrayList

Premium Member

Re: It's a pretty broad assumption...

"No comment" doesn't mean what you think it means.
Rekrul
join:2007-04-21
Milford, CT

Rekrul

Member

Re: It's a pretty broad assumption...

said by ArrayList:

"No comment" doesn't mean what you think it means.

It means they didn't deny it.

ArrayList
DevOps
Premium Member
join:2005-03-19
Mullica Hill, NJ

ArrayList

Premium Member

Re: It's a pretty broad assumption...

that doesn't mean that they admit it either.
Rekrul
join:2007-04-21
Milford, CT

Rekrul

Member

Re: It's a pretty broad assumption...

said by ArrayList:

that doesn't mean that they admit it either.

Sure, because when an innocent party is accused of something they didn't do, the most logical response is "no comment."

•••••

tshirt
Premium Member
join:2004-07-11
Snohomish, WA

tshirt to Rekrul

Premium Member

to Rekrul
said by Rekrul:

said by tshirt:

Some people see/want to see "No Comment" or " we can neither confirm nor deny..." as absolute proof.

Someone breaks into your home and you suspect it's your neighbor. You confront and directly accuse him of the crime. He replies with "No comment" and slams the door in your face. Yup, he's perfectly innocent.

Would you feel the same if he personally invoked the fifth amendment and quietly closed the door?
for the spokes person (or in this case the non-speaking person 0r person not authorized to speak or just choose not to comment) It isn't personal, or you aggressively suspecting them personally (unless you really do suspect every single employee or contractor of the gov't of being guilty of all crimes you can think of)
it's being asked did you know your company is doing XXX?
and 99.99% of the people not only wouldn't know they wouldn't be allowed to say if they did even believe it was true.
No comment is a legitimate response and not an admission of anything.
reporter's for the National Enquirer use those sort of "you had sex with a donkey!" questions and when you refuse to acknowledge their idiocy claim you couldn't/wouldn't deny it.

More reasonable people like to see clearer evidence and multiple sources.
It is possible you are wrong about your neighbor, and calling the police or some independent third party investigator eliminates the emotional response.

•••

skeechan
Ai Otsukaholic
Premium Member
join:2012-01-26
AA169|170

skeechan to tshirt

Premium Member

to tshirt
It didn't simply go to VA. It specifically went to the Science Applications International Corporation, an FBI (along with others) contractor which refused to comment when asked about this by Wired.com

»www.saic.com/natsec/

»www.domaintools.com/rese ··· 2.202.54

tshirt
Premium Member
join:2004-07-11
Snohomish, WA

tshirt

Premium Member

Re: It's a pretty broad assumption...


Oh I did not see the specific IP named.

SAIC does a wide variety of contract services for our gov't and other industries.
While the LE angle seem plausible, and they certainly might be involved it could be the NSA (not Law Enforcement, but may have a legitimate interest in some TOR users transmissions) or a bot'ed computer at NASA or USDA or some secondary contractor for all we know.

skeechan
Ai Otsukaholic
Premium Member
join:2012-01-26
AA169|170

skeechan

Premium Member

Re: It's a pretty broad assumption...

I only saw it in a few different articles. It still isn't proof-proof but the circumstantial evidence is pretty apparent. SAIC is a legitimate organization which deals in intelligence services...or rather services to intelligence services; logistics.

IF the FBI wanted to do this, it seems to me this is exactly how they would do it. Occam's Razor.

What is quite surprising to me is that normally Conservative posters are very supportive of this creeping totalitarianism, especially in the wake of the IRS leaks. The concept of limited government seems to have flown out the window.
slynerve
join:2011-04-11

slynerve

Member

Tor is dead.

I understand what TOR is supposed to be used for, but you're being completely disingenuous if you think it's actually used for that. TOR has become a haven for pedophiles and stupid people trying to buy drugs on Silkroad with bitcoins. Find or build a new privacy network and let one that's been corrupted by vile people burn and flame out.

••••

atuarre
Here come the drums
Premium Member
join:2004-02-14
EC/SETX SWLA

atuarre

Premium Member

RE

I hope they arrest all the dirty pedos on there.

•••

WireHead
I drive to fast
Premium Member
join:2001-05-09
Muncie, IN

WireHead

Premium Member

This one and that one

Why not just send tons of random IP's to the collecting server. Baffle them with bull shit I always say. They want some data to sift through so give it to them. That way they can stay busy.

ARGONAUT
Have a nice day.
Premium Member
join:2006-01-24
New Albany, IN

ARGONAUT

Premium Member

.

First! ALL kid porn scum should be arrested.

The problem here is when a government agency uses hacker methods to spy or it could be called 'random warrantless searches'.

The next thing expected, virus protection software will have backdoors just for government spying purposes.