# FBI lures Tor Users with Malware



## drmike (Sep 18, 2013)

*FBI Admits Control of Malware-Spewing Tor Servers*

...malware attack on the Tor network used a Firefox exploit to send the personal data of Tor users to an IP address in Reston, Virginia.  FBI's "computer and internet protocol address verifier" (CIPAV) spyware iniatiative.... a new Wired report confirms that the FBI in court has acknowledged they controlled the servers behind that attack on the Tor network.

It looked up the victim’s MAC address — a unique hardware identifier for the computer’s network or Wi-Fi card — and the victim’s Windows hostname. Then it sent it to a server in Northern Virginia server, bypassing Tor, to expose the user’s real IP address, coding the transmission as a standard HTTP web request.

The magic behind the exploit?

"malicious Javascript with a tiny Windows executable hidden in a variable named “Magneto".

[source: http://www.dslreports.com/shownews/FBI-Admits-Control-of-MalwareSpewing-Tor-Servers-125839]


----------



## RiotSecurity (Sep 18, 2013)

So it's the usual shit?

Like, really.

Whoopty doo, how much skill does it take to write a exploit for firefox js runtime?

Also, to achieve what? Congratulations, you got a few guys who love CP off the deep web, want a cookie?


----------



## Cloudrck (Sep 18, 2013)

Aside from not spoofing your MAC address, if you're using Windows than you aren't trying to stay hidden. Using TOR or any other similar software isn't going to help.


----------



## drmike (Sep 18, 2013)

More reasoning --- for me --- to continue running with javascript disabled.   It's a non stop problem/security issue.


----------



## raindog308 (Sep 18, 2013)

The subtle thing here is that if you have a MAC address and a Windows hostname, it's not like you can immediately say "that's Joe Schmoe at 123 main St" and go arrest him.

However, if you keep it in a database for practically forever, at some point in the future if you happen to seize a laptop at an airport for some other purpose...

I'm all for executing pedophiles (though we don't, alas) but it seems rather dubious for the FBI to spreading malware with a wide shotgun approach.

Then again, dubiosity and the Federal government go hand-in-hand.


----------



## drmike (Sep 18, 2013)

It's freaking Santa Claus list approach of naughty or nice.  Just it applies for eternity.

One has to wonder where else they might be collecting same data from and where else / what else it is being stored and used for.  

I won't mention this big tech company wifi scanning or anything, collecting all sort of ID materials from wifi.   That plus this data and presto, you have someone.


----------



## zim (Sep 19, 2013)

raindog308 said:


> The subtle thing here is that if you have a MAC address and a Windows hostname, it's not like you can immediately say "that's Joe Schmoe at 123 main St" and go arrest him.
> 
> However, if you keep it in a database for practically forever, at some point in the future if you happen to seize a laptop at an airport for some other purpose...
> 
> ...


When you begin to collect information on a large scale and cross correlate with other databases identifying a user becomes rather simple. If i can analyze TB of data on a small hadoop cluster in a few minutes, i wonder what uncle same can do.


----------

