Wednesday, June 24, 2015

FBI uses drive-by malware to nab child porn servers and users "hiding" behind TOR

The FBI has been going into the malware business itself, offering dangerous drive-by downloads to anonymous visitors to certain sites through TOR, often serving child pornography.

The technical process is pretty complicated, and is explained in a long and detailed Wired article by Kevin Poulsen in Wired, Aug. 5, 2014, “Visit the wrong website, and the FBI could wind up in your computer”, link here
One server farm c.p. in Nebraska was tracked down this way, but the FBI sat on it for a year before making an arrest. 
The government has a “love-hate” relationship with TOR and “onion-like” products, realizing they are important for resisting authoritarian governments and a trove for intelligence collection, but also a harbor for crime, most of all c.p.
Wikipedia has noted before that sometimes people have been prosecuted for clicking on a single link leading to images with c.p.  The possibility of malware distributing it was discussed here in the summer of 2013, but another source could be spam, where it loads when the email is opened, but this seems to be relatively rare.  Most states (like Florida) have laws requiring users to notify police immediately if accidentally opening it from spam. A single incident would seem capable of causing someone’s computers and mobile devices to be confiscated.  On two or three occasions, I have marked email as spam because of suspicious titles like this;  it’s also possible to open or preview an email accidentally when intending to mark it as spam.