Kevin Poulsen from Wired reported earlier in the week that the FBI is utilizing hacker-like strategies to track Tor users, in an effort labelled as ‘Operation Torpedo’. So far the legal authority says it has only tracked systems accessing underground child porn sites.
The hacking weapon of choice is the “drive by download”, informs Poulsen.
The method involves the FBI hacking into a website with high-traffic and then subverting it to deliver malware to every single visitor. The agency has been experimenting quietly with drive-by hacks as a way to expose criminals hiding behind Tor. Currently, more than 12 users of Tor-based child pornography websites have been exposed by the method and are dragged to trial.
Tor is the open network and software that enables anonymous access to the ‘deep web’ or ‘dark net’ and anonymous web browsing. It works by bouncing communications around a distributed network to hide the IP address from web activity of the user. Both activists and criminals want to escape prosecution for not supporting the regime of a country by using such solutions.
Under the new operation, the FBI agencies will be using drive-by hacking to track users on hidden websites and Dark Net – otherwise only accessible through Tor anonymity network. Apart from child porn websites, the dark networks compromise of other serious activities like drug-dealing and murder contracts.
Wired notes that though the use of malware and general hacking is nothing unusual, what is different is the way the FBI has started using its malware capability, deploying it as a driftnet this time rather than a finishing line.
“Because looking at child porn is a crime, it’s a fairly unobjectionable deployment of FBI spyware but the method — which the FBI calls the “network investigative technique” — raises questions about when else law enforcement might feel it has the right to drop spyware on your computer just for visiting a website. Will browsing an online drug bazaar get you reported to the cops even if you don’t buy?” commented Forbes.
Tor has been constantly in the headlines after allegedly facing an attack aimed at de-anonymizing users, which was scheduled to be a part of Black Hat 2014 event, but was taken off due to legal concerns.
“This is such a big leap, there should have been congressional hearings about this,” says Chris Soghoian, an ACLU technologist and an expert on law enforcement’s method of using hacking tools. “If Congress decides this is a technique that’s perfectly appropriate, maybe that’s OK. But let’s have an informed debate about it.”
Operation Torpedo was first initiated in August 2011 in the Netherlands. Agents at the Dutch police force’s National High Tech Crime Unit (NHTCU) decided to expose online child porn and wrote a web crawler that was linked to the Dark Net, gathering all the Tor .onion addresses it could discover. The agents visited each of the websites systemically and made a list of those hosting child porn and got a warrant. One of the sites was US-based and was monitored by the FBI for six months for gathering the case against all the site’s customers.
Wired’s report also informs us that intelligence and law enforcement agencies have a love-hate relation with Tor. They utilize it themselves, but when criminals hide behind the system to conduct adverse activities, it becomes a serious issue.
The Russian government too recognizes how difficult it is to detect adversaries in the Tor network. Just last month, it offered an $111,000 bounty to anyone with a method to crack open Tor, which is a daunting task.
The future of Tor users
The sophisticated method of tracking illicit sites and malware is turning out to be a great tool for law enforcement and intelligent agencies to find and arrest criminals. However, there are concerns that the tracking tactic could have consequences for innocent individuals legally using the Tor anonymity network, such as human rights workers and researchers.
“You could easily imagine them using this same technology on everyone who visits a jihadi forum, for example,” said ACU technologist Chris Soghoian. “And there are lots of legitimate reasons for someone to visit a jihadi forum: research, journalism, lawyers defending a case. ACLU attorneys read Inspire Magazine, not because we are particularly interested in the material, but we need to cite stuff in briefs.”
As it stands, nobody is sure if innocent users will be affected by Operation Torpedo, but FBI agents are expected to use drive-by download tools in the future. The bottom line is no security software, anti-virus or anti-malware can save Tor users from this FBI operation. Anyone visiting a dangerous .onion could be tracked by the FBI legally.
What do you think about FBI’s initiative against the Tor network?