FBI lures Tor Users with Malware

[drmike]

FBI Admits Control of Malware-Spewing Tor Servers

...malware attack on the Tor network used a Firefox exploit to send the personal data of Tor users to an IP address in Reston, Virginia.  FBI's "computer and internet protocol address verifier" (CIPAV) spyware iniatiative.... a new Wired report confirms that the FBI in court has acknowledged they controlled the servers behind that attack on the Tor network.

It looked up the victim’s MAC address — a unique hardware identifier for the computer’s network or Wi-Fi card — and the victim’s Windows hostname. Then it sent it to a server in Northern Virginia server, bypassing Tor, to expose the user’s real IP address, coding the transmission as a standard HTTP web request.

The magic behind the exploit?

"malicious Javascript with a tiny Windows executable hidden in a variable named “Magneto".

[source: http://www.dslreports.com/shownews/FBI-Admits-Control-of-MalwareSpewing-Tor-Servers-125839]

 

[RiotSecurity]

So it's the usual shit?

Like, really.

Whoopty doo, how much skill does it take to write a exploit for firefox js runtime?

Also, to achieve what? Congratulations, you got a few guys who love CP off the deep web, want a cookie?

 

[Cloudrck]

Aside from not spoofing your MAC address, if you're using Windows than you aren't trying to stay hidden. Using TOR or any other similar software isn't going to help.

 

[drmike]

More reasoning --- for me --- to continue running with javascript disabled.   It's a non stop problem/security issue.

 

[raindog308]

The subtle thing here is that if you have a MAC address and a Windows hostname, it's not like you can immediately say "that's Joe Schmoe at 123 main St" and go arrest him.

However, if you keep it in a database for practically forever, at some point in the future if you happen to seize a laptop at an airport for some other purpose...

I'm all for executing pedophiles (though we don't, alas) but it seems rather dubious for the FBI to spreading malware with a wide shotgun approach.

Then again, dubiosity and the Federal government go hand-in-hand.

 

[drmike]

It's freaking Santa Claus list approach of naughty or nice.  Just it applies for eternity.

One has to wonder where else they might be collecting same data from and where else / what else it is being stored and used for.  

I won't mention this big tech company wifi scanning or anything, collecting all sort of ID materials from wifi.   That plus this data and presto, you have someone.

 

[zim]

The subtle thing here is that if you have a MAC address and a Windows hostname, it's not like you can immediately say "that's Joe Schmoe at 123 main St" and go arrest him.

However, if you keep it in a database for practically forever, at some point in the future if you happen to seize a laptop at an airport for some other purpose...

I'm all for executing pedophiles (though we don't, alas) but it seems rather dubious for the FBI to spreading malware with a wide shotgun approach.

Then again, dubiosity and the Federal government go hand-in-hand.

When you begin to collect information on a large scale and cross correlate with other databases identifying a user becomes rather simple. If i can analyze TB of data on a small hadoop cluster in a few minutes, i wonder what uncle same can do.