NSA Linked to Spyware Hack on Privacy-Protecting Network

The Citizen's Guide to the Future
Aug. 5 2013 5:53 PM

NSA Linked to Spyware Hack on Privacy-Protecting Network

169616485
People sit around laptop computers at a cafe in Beijing

Photo by Ed Jones/AFP/Getty Images

Was the U.S. government behind a new hacking spree aimed at unmasking people hiding their identity on the Web? Security experts think so.

Ryan Gallagher Ryan Gallagher

Ryan Gallagher is a journalist who reports on surveillance, security, and civil liberties.

Users of the Tor browser reported Sunday that various websites hosted by the company Freedom Hosting had gone suddenly offline and had in some cases been infected with malware. Freedom Hosting provides so-called Tor “hidden service” servers that allow users to access websites available only through the Tor network. These sites are commonly referred to as being part of the “dark Web” and are used by activists and journalists who are attempting to evade surveillance. But hidden services also attract criminal elements—and are known to be used to share images of child abuse or to arrange drug deals.

Advertisement

Intriguingly, the malware that had apparently been placed on some of the Freedom Hosting websites Sunday may have turned up evidence showing how the feds are attempting to infiltrate Tor networks in order to track down suspects. According to an analysis by security researcher Vlad Tsrklevic, the malware in question collects identifying information about the person visiting the page and sends it back to an IP address near Reston, Va. Because the malware does not infiltrate the computer like criminal malware and instead merely collects identifying information, according to Tsrklevich, “it’s very likely that this is being operated by a law enforcement agency.”

So who exactly is responsible for the hack? The finger is being pointed squarely at U.S. authorities—but not just because the feds have been previously known to operate a spyware tool named CIPAV that performs a similar function. U.S. agencies are the prime suspects because the IP address that the malware was “phoning home” to traces back to Science Applications International Corp., a Virginia-based defense firm that “develops products and applied technologies which aid in anti-terrorism and Homeland Security efforts,” according to its website, which says that it helps “the U.S. Department of Defense, the FBI, and other agencies combat terrorism, cybercrime, and the proliferation of weapons of mass destruction.” Even more significant, as Ars Technica has noted, researchers say that the IP address appears to have been part of a block allocated by SAIC to the NSA.

The NSA and its contractors are known to conduct surveillance operations in cooperation with the FBI, as may have been the case here. As Wired’s Kevin Poulsen has noted, the deployment of the malware coincides with the arrest of Eric Eoin Marques in Ireland on Thursday on a U.S. extradition request, which may be a factor. Marques is alleged to be the man behind Freedom Hosting, and he has been accused of distributing child pornography in a federal case filed in Maryland. An FBI agent reportedly accused Marques of being “the largest facilitator of child porn on the planet.”

The FBI told me it would not comment about the Freedom Hosting malware, and SAIC had not responded to a request for comment at time of publication.

The discovery of the malware will prove to be a headache for the feds, if it is indeed one of the technologies it uses to collect information about Tor users. Security experts will now be able to reverse-engineer the tool, which was apparently exploiting a vulnerability in the security of Mozilla Firefox to load a malicious Javascript code designed to execute the surveillance. The Tor project has released a security advisory informing users about the issue, and Mozilla has published a blog post explaining that it supposedly only affects people running an outdated version of the browser. It is also likely that the spyware will be added to anti-virus databases, which will hinder the feds’ ability to deploy it in future.

In recent years, the FBI and other law enforcement agencies have increasingly turned to hacking tools for surveillance purposes. In April, I reported that a Texas judge had denied the feds authorization to use a spy Trojan that could covertly infiltrate a targeted computer and take photographs of its user through his or her webcam, collecting logs of emails and other data from the hard drive and sending it back to the FBI for inspection. According to a recent report by the Wall Street Journal, a group in the FBI called the Remote Operations Unit is tasked with taking a leading role in the hacking efforts. The Trojan-style technology, which can be used to counter encryption and anonymity tools like Tor, is said to be used primarily in cases involving organized crime, child pornography, or counterterrorism.

However, the powerful spy tools attract concern from civil liberties groups because laws governing their use are outdated, and the technology is also open to abuse. Outside the United States, governments are increasingly turning to spyware to target activists, for instance, and it is unclear what safeguards are in place to prevent corrupt law enforcement agents misusing Trojans to infiltrate computers and plant evidence on targets’ hard drives.

Future Tense is a partnership of SlateNew America, and Arizona State University.

TODAY IN SLATE

Medical Examiner

Here’s Where We Stand With Ebola

Even experienced international disaster responders are shocked at how bad it’s gotten.

U.S. Begins Airstrikes Against ISIS in Syria

The U.S. Is So, So Far Behind Europe on Clean Energy

It Is Very, Very Stupid to Compare Hope Solo to Ray Rice

Friends Was the Last Purely Pleasurable Sitcom

The Eye

This Whimsical Driverless Car Imagines Transportation in 2059

Politics

Meet the New Bosses

How the Republicans would run the Senate.

A Woman Who Escaped the Extreme Babymaking Christian Fundamentalism of Quiverfull

How in the World Did Turkey Just Get 46 Hostages Back From ISIS?

  News & Politics
Politics
Sept. 22 2014 6:30 PM What Does It Mean to Be an American? Ted Cruz and Scott Brown think it’s about ideology. It’s really about culture.
  Business
Moneybox
Sept. 22 2014 5:38 PM Apple Won't Shut Down Beats Music After All (But Will Probably Rename It)
  Life
Outward
Sept. 22 2014 4:45 PM Why Can’t the Census Count Gay Couples Accurately?
  Double X
The XX Factor
Sept. 22 2014 7:43 PM Emma Watson Threatened With Nude Photo Leak for Speaking Out About Women's Equality
  Slate Plus
Slate Plus
Sept. 22 2014 1:52 PM Tell Us What You Think About Slate Plus Help us improve our new membership program.
  Arts
Brow Beat
Sept. 22 2014 9:17 PM Trent Reznor’s Gone Girl Soundtrack Sounds Like an Eerie, Innovative Success
  Technology
Future Tense
Sept. 22 2014 6:27 PM Should We All Be Learning How to Type in Virtual Reality?
  Health & Science
Medical Examiner
Sept. 22 2014 4:34 PM Here’s Where We Stand With Ebola Even experienced international disaster responders are shocked at how bad it’s gotten.
  Sports
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.