Tor's had a tough week. Just a few days ago, the organization made the difficult announcement that an attack on their system likely stripped users of anonymity. Now, Wired reports that the FBI effort has been running a campaign to identify Tor users by installing malware on their computers for years, virtually unchecked by the courts.
The report comes from Wired's hacker-in-residence Kevin Poulsen, a former black hat hacker who understands these issues from both sides of the fence. On one hand, it's hard to argue with what the FBI is doing. The so-called "network investigative techniques" that the bureau uses to gain backdoor access to computer users files, location, and web history is indisputably malware. And it's pretty creepy too at that, since it trains high-traffic websites to deliver the malware to large swaths of users in what security researchers call a "drive-by download."
However, the FBI has so far used the technique to find the demented people who peddle child pornography on the Deep Web. Poulsen reports that "over a dozen alleged users of Tor-based child porn sites are now headed for trial as a result" of the approach. Presumably, these sickos would otherwise still be taking advantage of children, if the FBI's malware hadn't intervened. To the agency's credit, they've owned up to these techniques in the past.
Like many things cyber security-related, however, there's plenty of mystery involved in exactly how this stuff works. One chief and pretty well-justified concern is that the malware is also targeting innocent Tor users. "You could easily imagine them using this same technology on everyone who visits a jihadi forum, for example," the ACLU's Chris Soghoian told Wired. "And there are lots of legitimate reasons for someone to visit a jihadi forum: research, journalism, lawyers defending a case."
It's unclear whether innocent users are caught in the crossfire, but the FBI is expected to continue using these drive-by download tools for the foreseeable future. Since they don't have to detail exactly what they're in court filings, the fact that they're basically hacking into unsuspecting Americans' computers is going unnoticed by the judges. Whether you think you might be a target or you're just interested in learning more about the FBI's sort of sketchy cybercrime methods, read the full report at Wired.
Image via Wikipedia / Gizmodo