Monday, August 5, 2013

TOR Compromised By The Feds


The inevitable conclusion is that the malware is designed specifically to attack the Tor browser. The strongest clue that the culprit is the FBI, beyond the circumstantial timing of Marques’ arrest, is that the malware does nothing but identify the target.

< snip >

But the Magneto code doesn’t download anything. It looks up the victim’s MAC address — a unique hardware identifier for the computer’s network or Wi-Fi card — and the victim’s Windows hostname. Then it sends it to the Virginia server, outside of Tor, to expose the user’s real IP address, and coded as a standard HTTP web request.

< snip >

In short, Magneto reads like the x86 machine code embodiment of a carefully crafted court order authorizing an agency to blindly trespass into the personal computers of a large number of people, but for the limited purpose of identifying them.
Entire store here:

http://www.wired.com/threatlevel/2013/08/freedom-hosting/

Time for plan B.

Repost eveywhere.

h/t Wirecutter


3 comments:

  1. I can't believe anyone felt TOR or any other publicly accessible network to be truly "anonymous."

    When "law enforcement" personnel identify a superior hacker or computer genius they simply wait for them to make a mistake -- or design a mistake attributable to them -- and drop the hammer on them. Then the hacker is told to either bend over for the soap in prison or go to work for them in the name of "truth and justice" cracking down on enemies of the state.

    If man can design a system, man can crack it...

    ReplyDelete
  2. Bear in mind that this exploit only works (or worked, it's been patched) on Bill Gate's government/cyber criminal playground called WINDOWS. I keep telling folks....dump that system. You are making yourself "low hanging fruit" by using it....and the same could be said of Mac. Of course the other part of this is the need for computer users to develop disciplined security and software habits. Same as a soldier demonstrating well disciplined tactics....just a different battlespace...

    ReplyDelete
  3. DARPA originally developed TOR's encryption mechanism and the US Naval Research Laboratory funded TOR's development in it early stages.

    It is not surprising the Feds would know how to hack their own browser

    ReplyDelete