Meet the new hackers: Johnny Law

Who just pwned the Tor anonymity network? All signs point to the hackers at the FBI

It seems hackers have attained a new image. Forget scruffy 20-something males carrying backpacks and desperately in need of personal grooming. Think buzz cuts, gray suits, and Brylcreem.

As feds and hackers eyed each other warily across the blackjack tables at last week's Black Hat conference, some were apparently busy attacking the Tor anonymity network.

[ Also on InfoWorld: Someone is spying on your Google searches -- but it's not who you think. | For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter and follow Cringely on Twitter. | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]

Tor was designed to mask the identities of political dissidents, whistleblowers, abuse victims, and anyone else concerned about who might be watching where they go on the Web. But like every tool created for good, it has also been deployed by criminal elements. Now it seems these tools can be abused by a third party: our friends in law enforcement.

Tor takes a tumble

This much we know: Over the weekend, somebody exploited a known JavaScript vulnerability in the Firefox browser that's included with the Tor anonymity software bundle and used it to distribute malware.

They created websites on Ireland-based Freedom Hosting, a notorious hive of child porn that's accessible via only the Tor network. These sites then performed drive-by malware downloads to anyone who visited. The sole purpose of the illicit code wasn't to coerce the compromised computers into a bot network. It was not to steal personal information. It was not to host other illicit websites, send spam, hold the systems ransom, or any of the other nefarious things real cyber criminals do.

No, the sole purpose of this malware was to uniquely identify each machine -- period -- and to send that identifying info back to servers based in Reston, Va. In other words, it was really an attack on Tor's ability to keep its users and hosts anonymous.

Security researcher Vlad Tsyrklevich, who reverse-engineered the hack, says the malware was most likely planted by law enforcement agents attempting to establish a digital trail between a suspect's machine and the websites in question.

Given that the FBI just announced plans to extradite the "largest facilitator of child porn on the planet," and said facilitator happens to be the operator of Freedom Hosting -- well, even I can add two and two and come up with four (most of the time).

Wired hacker-turned-journalist Kevin Poulsen makes a strong case that the technology in play is one that has been used by the feds for more than 10 years -- the "computer and Internet protocol address verifier" (CIPAV). A 2009 Freedom of Information Act request by Wired revealed that the FBI had used CIPAV in multiple cases involving extortion, threats, cyber stalking, and other crimes, all of them after obtaining court approval for using the software.

1 2 Page
Join the discussion
Be the first to comment on this article. Our Commenting Policies