NSA Linked to Spyware Hack on Privacy-Protecting Network

Future Tense
The Citizen's Guide to the Future
Aug. 5 2013 5:53 PM

NSA Linked to Spyware Hack on Privacy-Protecting Network

169616485
People sit around laptop computers at a cafe in Beijing

Photo by Ed Jones/AFP/Getty Images

Was the U.S. government behind a new hacking spree aimed at unmasking people hiding their identity on the Web? Security experts think so.

Ryan Gallagher Ryan Gallagher

Ryan Gallagher is a journalist who reports on surveillance, security, and civil liberties.

Users of the Tor browser reported Sunday that various websites hosted by the company Freedom Hosting had gone suddenly offline and had in some cases been infected with malware. Freedom Hosting provides so-called Tor “hidden service” servers that allow users to access websites available only through the Tor network. These sites are commonly referred to as being part of the “dark Web” and are used by activists and journalists who are attempting to evade surveillance. But hidden services also attract criminal elements—and are known to be used to share images of child abuse or to arrange drug deals.

Advertisement

Intriguingly, the malware that had apparently been placed on some of the Freedom Hosting websites Sunday may have turned up evidence showing how the feds are attempting to infiltrate Tor networks in order to track down suspects. According to an analysis by security researcher Vlad Tsrklevic, the malware in question collects identifying information about the person visiting the page and sends it back to an IP address near Reston, Va. Because the malware does not infiltrate the computer like criminal malware and instead merely collects identifying information, according to Tsrklevich, “it’s very likely that this is being operated by a law enforcement agency.”

So who exactly is responsible for the hack? The finger is being pointed squarely at U.S. authorities—but not just because the feds have been previously known to operate a spyware tool named CIPAV that performs a similar function. U.S. agencies are the prime suspects because the IP address that the malware was “phoning home” to traces back to Science Applications International Corp., a Virginia-based defense firm that “develops products and applied technologies which aid in anti-terrorism and Homeland Security efforts,” according to its website, which says that it helps “the U.S. Department of Defense, the FBI, and other agencies combat terrorism, cybercrime, and the proliferation of weapons of mass destruction.” Even more significant, as Ars Technica has noted, researchers say that the IP address appears to have been part of a block allocated by SAIC to the NSA.

The NSA and its contractors are known to conduct surveillance operations in cooperation with the FBI, as may have been the case here. As Wired’s Kevin Poulsen has noted, the deployment of the malware coincides with the arrest of Eric Eoin Marques in Ireland on Thursday on a U.S. extradition request, which may be a factor. Marques is alleged to be the man behind Freedom Hosting, and he has been accused of distributing child pornography in a federal case filed in Maryland. An FBI agent reportedly accused Marques of being “the largest facilitator of child porn on the planet.”

The FBI told me it would not comment about the Freedom Hosting malware, and SAIC had not responded to a request for comment at time of publication.

The discovery of the malware will prove to be a headache for the feds, if it is indeed one of the technologies it uses to collect information about Tor users. Security experts will now be able to reverse-engineer the tool, which was apparently exploiting a vulnerability in the security of Mozilla Firefox to load a malicious Javascript code designed to execute the surveillance. The Tor project has released a security advisory informing users about the issue, and Mozilla has published a blog post explaining that it supposedly only affects people running an outdated version of the browser. It is also likely that the spyware will be added to anti-virus databases, which will hinder the feds’ ability to deploy it in future.

In recent years, the FBI and other law enforcement agencies have increasingly turned to hacking tools for surveillance purposes. In April, I reported that a Texas judge had denied the feds authorization to use a spy Trojan that could covertly infiltrate a targeted computer and take photographs of its user through his or her webcam, collecting logs of emails and other data from the hard drive and sending it back to the FBI for inspection. According to a recent report by the Wall Street Journal, a group in the FBI called the Remote Operations Unit is tasked with taking a leading role in the hacking efforts. The Trojan-style technology, which can be used to counter encryption and anonymity tools like Tor, is said to be used primarily in cases involving organized crime, child pornography, or counterterrorism.

However, the powerful spy tools attract concern from civil liberties groups because laws governing their use are outdated, and the technology is also open to abuse. Outside the United States, governments are increasingly turning to spyware to target activists, for instance, and it is unclear what safeguards are in place to prevent corrupt law enforcement agents misusing Trojans to infiltrate computers and plant evidence on targets’ hard drives.

Future Tense is a partnership of SlateNew America, and Arizona State University.

TODAY IN SLATE

Politics

Smash and Grab

Will competitive Senate contests in Kansas and South Dakota lead to more late-breaking races in future elections?

Stop Panicking. America Is Now in Very Good Shape to Respond to the Ebola Crisis.

The 2014 Kansas City Royals Show the Value of Building a Mediocre Baseball Team

The GOP Won’t Win Any Black Votes With Its New “Willie Horton” Ad

Sleater-Kinney Was Once America’s Best Rock Band

Can it be again?

Technocracy

Forget Oculus Rift

This $25 cardboard box turns your phone into an incredibly fun virtual reality experience.

One of Putin’s Favorite Oligarchs Wants to Start an Orthodox Christian Fox News

These Companies in Japan Are More Than 1,000 Years Old

Trending News Channel
Oct. 20 2014 6:17 PM Watch Flashes of Lightning Created in a Lab  
  News & Politics
Politics
Oct. 20 2014 8:14 PM You Should Be Optimistic About Ebola Don’t panic. Here are all the signs that the U.S. is containing the disease.
  Business
Moneybox
Oct. 20 2014 7:23 PM Chipotle’s Magical Burrito Empire Keeps Growing, Might Be Slowing
  Life
Outward
Oct. 20 2014 3:16 PM The Catholic Church Is Changing, and Celibate Gays Are Leading the Way
  Double X
The XX Factor
Oct. 20 2014 6:17 PM I Am 25. I Don't Work at Facebook. My Doctors Want Me to Freeze My Eggs.
  Slate Plus
Tv Club
Oct. 20 2014 7:15 AM The Slate Doctor Who Podcast: Episode 9 A spoiler-filled discussion of "Flatline."
  Arts
Brow Beat
Oct. 20 2014 9:13 PM The Smart, Talented, and Utterly Hilarious Leslie Jones Is SNL’s Newest Cast Member
  Technology
Technocracy
Oct. 20 2014 11:36 PM Forget Oculus Rift This $25 cardboard box turns your phone into an incredibly fun virtual-reality experience.
  Health & Science
Medical Examiner
Oct. 20 2014 11:46 AM Is Anybody Watching My Do-Gooding? The difference between being a hero and being an altruist.
  Sports
Sports Nut
Oct. 20 2014 5:09 PM Keepaway, on Three. Ready—Break! On his record-breaking touchdown pass, Peyton Manning couldn’t even leave the celebration to chance.