{"id":186970,"date":"2013-08-05T20:34:00","date_gmt":"2013-08-06T01:34:00","guid":{"rendered":"https:\/\/www.panix.com\/~msaroff\/40years\/2013\/08\/05\/live-in-obedient-fear-citizen-54\/"},"modified":"2013-08-05T20:34:00","modified_gmt":"2013-08-06T01:34:00","slug":"live-in-obedient-fear-citizen-54","status":"publish","type":"post","link":"https:\/\/www.panix.com\/~msaroff\/40years\/2013\/08\/05\/live-in-obedient-fear-citizen-54\/","title":{"rendered":"Live in Obedient Fear, Citizen"},"content":{"rendered":"<p>It looks like the <a href=\"http:\/\/www.wired.com\/threatlevel\/2013\/08\/freedom-hosting\/\">Feds are probably responsible for hacking an online anonymity service<\/a>:<\/p>\n<blockquote><p><span style=\"color: blue;\">Security researchers tonight are poring over a piece of malicious software that takes advantage of a Firefox security vulnerability to identify some users of the privacy-protecting Tor anonymity network.<\/span><br \/><span style=\"color: blue;\"><br \/><\/span> <span style=\"color: blue;\">The malware showed up Sunday morning on multiple websites hosted by the anonymous hosting company Freedom Hosting. That would normally be considered a blatantly criminal \u201cdrive-by\u201d hack attack, but nobody\u2019s calling in the FBI this time. The FBI is the prime suspect.<\/span><br \/><span style=\"color: blue;\"><br \/><\/span> <span style=\"color: blue;\">\u201cIt just sends identifying information to some IP in Reston, Virginia,\u201d says reverse-engineer Vlad Tsyrklevich. \u201cIt\u2019s pretty clear that it\u2019s FBI or it\u2019s some other law enforcement agency that\u2019s U.S.-based.\u201d<\/span><br \/><span style=\"color: blue;\"><br \/><\/span> <span style=\"color: blue;\">If Tsrklevich and other researchers are right, the code is likely the first sample captured in the wild of the FBI\u2019s \u201ccomputer and internet protocol address verifier,\u201d or CIPAV, the law enforcement spyware first reported by WIRED in 2007.<\/p>\n<p>\u2026\u2026\u2026<\/p>\n<p>By midday Sunday, the code was being circulated and dissected all over the net. Mozilla confirmed the code exploits a critical memory management vulnerability in Firefox that was publicly reported on June 25, and is fixed in the latest version of the browser.<\/p>\n<p>Though many older revisions of Firefox are vulnerable to that bug, the malware only targets Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle \u2013 the easiest, most user-friendly package for using the Tor anonymity network.<\/p>\n<p>\u201cThe malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based,\u201d the non-profit Tor Project wrote in a blog post Sunday. \u201cWe\u2019re investigating these bugs and will fix them if we can.\u201d<\/p>\n<p>The inevitable conclusion is that the malware is designed specifically to attack the Tor browser. The strongest clue that the culprit is the FBI, beyond the circumstantial timing of Marques\u2019 arrest, is that the malware does nothing but identify the target.<\/span><\/p><\/blockquote>\n<p>Anyone want to guess who is behind this?<\/p>\n<p>Whoever is ultimately behind this, it&#8217;s been farmed out to a contractor, &#8220;<i>According to Domaintools, the malware\u2019s command-and-control IP address in Virginia is allocated to Science Applications International Corporation. Based in McLean, Virginia, SAIC is a major technology contractor for defense and intelligence agencies, including the FBI.<\/i>&#8221; (SAIC refused comment)<\/p>\n<p>SAIC isn&#8217;t doing this on its own.&nbsp; Someone in the government is paying them to do this.<\/p>\n<p>As&nbsp; to whether or not there is a court order authorizing the FBI to plant malware on thousands of people&#8217;s machines, possibly, but we will never know, since it is almost certainly been finessed through the FISA court somehow..<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It looks like the Feds are probably responsible for hacking an online anonymity service: Security researchers tonight are poring over a piece of malicious software that takes advantage of a Firefox security vulnerability to identify some users of the privacy-protecting Tor anonymity network. The malware showed up Sunday morning on multiple websites hosted by the &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[970,1102,1041,1066],"tags":[],"class_list":["post-186970","post","type-post","status-publish","format-standard","hentry","category-corruption","category-intelligence","category-law-enforcement-misconduct","category-privacy"],"_links":{"self":[{"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/posts\/186970"}],"collection":[{"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/comments?post=186970"}],"version-history":[{"count":0,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/posts\/186970\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/media?parent=186970"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/categories?post=186970"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/tags?post=186970"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}