Advertisement

The FBI uses malware to combat online anonymity

Online anonymity is a beautiful, terrible thing, so naturally governments and law enforcement types are eager to see what happens behind the web's closed doors. Naturally, that includes the folks at the FBI: According to Wired, the FBI has been using "network investigative techniques" -- like highly specific, purpose-built malware -- to help peel back popular anonymizing service Tor's layers of obscurity to catch criminals.

The bureau's efforts began in earnest with an involved child pornography investigation dubbed Operation Torpedo back in 2012. They eventually lucked out by gaining access to a CP site called Pedoboard, arresting the operator, taking over the servers, and delivering malware to visitors who thought they were protected by Tor.

There's no denying that some good has come from the bureau's use of malware, as Wired's Kevin Poulsen points out that more than 12 child porn aficionados are headed to trial as a result. The flip side of that coin is that the FBI's success with Operation Torpedo led to another effort to bypass the anonymity that Tor provides... and possibly exposed some innocent people's information to the FBI's eager eyes. With a little Javascript, understanding of Firefox and Tor security issues and a "tiny" Windows program, users of some Tor-hidden services like Tormail (hosted by an outfit called Freedom Hosting, which itself was being investigated for "tolerating" child porn) essentially had their IP addresses unmasked.