Jump to content

Search the Community

Showing results for tags 'FBI'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 14 results

  1. Warning it's a fairly long read..But very interesting i think.. Security experts call it a “drive-by download”: a hacker infiltrates a high-traffic website and then subverts it to deliver malware to every single visitor. It’s one of the most powerful tools in the black hat arsenal, capable of delivering thousands of fresh victims into a hackers’ clutches within minutes. Now the technique is being adopted by a different kind of a hacker—the kind with a badge. For the last two years, the FBI has been quietly experimenting with drive-by hacks as a solution to one of law enforcement’s knottiest Internet problems: how to identify and prosecute users of criminal websites hiding behind the powerful Tor anonymity system. The approach has borne fruit—over a dozen alleged users of Tor-based child porn sites are now headed for trial as a result. But it’s also engendering controversy, with charges that the Justice Department has glossed over the bulk-hacking technique when describing it to judges, while concealing its use from defendants. Critics also worry about mission creep, the weakening of a technology relied on by human rights workers and activists, and the potential for innocent parties to wind up infected with government malware because they visited the wrong website. “This is such a big leap, there should have been congressional hearings about this,” says ACLU technologist Chris Soghoian, an expert on law enforcement’s use of hacking tools. “If Congress decides this is a technique that’s perfectly appropriate, maybe that’s OK. But let’s have an informed debate about it.” The FBI’s use of malware is not new. The bureau calls the method an NIT, for “network investigative technique,” and the FBI has been using it since at least 2002in cases ranging from computer hacking to bomb threats, child porn to extortion. Depending on the deployment, an NIT can be a bulky full-featured backdoor program that gives the government access to your files, location, web history and webcam for a month at a time, or a slim, fleeting wisp of code that sends the FBI your computer’s name and address, and then evaporates. What’s changed is the way the FBI uses its malware capability, deploying it as a driftnet instead of a fishing line. And the shift is a direct response to Tor, the powerful anonymity system endorsed by Edward Snowden and the State Department alike. Tor is free, open-source software that lets you surf the web anonymously. It achieves that by accepting connections from the public Internet—the “clearnet”—encrypting the traffic and bouncing it through a winding series of computers before dumping it back on the web through any of over 1,100 “exit nodes.” The system also supports so-called hidden services—special websites, with addresses ending in .onion, whose physical locations are theoretically untraceable. Reachable only over the Tor network, hidden services are used by organizations that want to evade surveillance or protect users’ privacy to an extraordinary degree. Some users of such service have legitimate and even noble purposes—including human rights groups and journalists. But hidden services are also a mainstay of the nefarious activities carried out on the so-called Dark Net: the home of drug markets, child porn, murder for hire, and a site that does nothing but stream pirated My Little Pony episodes. Law enforcement and intelligence agencies have a love-hate relationship with Tor. They use it themselves, but when their targets hide behind the system, it poses a serious obstacle. Last month, Russia’s government offered a $111,000 bounty for a method to crack Tor. The FBI debuted its own solution in 2012, in an investigation dubbed “Operation Torpedo,” whose contours are only now becoming visible through court filings. Operation Torpedo began with an investigation in the Netherlands in August 2011. Agents at the National High Tech Crime Unit of the Netherlands’ national police force had decided to crack down on online child porn, according to an FBI affidavit. To that end, they wrote a web crawler that scoured the Dark Net, collecting all the Tor onion addresses it could find. The NHTCU agents systematically visited each of the sites and made a list of those dedicated to child pornography. Then, armed with a search warrant from the Court of Rotterdam, the agents set out to determine where the sites were located. That, in theory, is a daunting task—Tor hidden services mask their locations behind layers of routing. But when the agents got to a site called “Pedoboard,” they discovered that the owner had foolishly left the administrative account open with no password. They logged in and began poking around, eventually finding the server’s real Internet IP address in Bellevue, Nebraska. They provided the information to the FBI, who traced the IP address to 31-year-old Aaron McGrath. It turned out McGrath was hosting not one, but two child porn sites at the server farm where he worked, and a third one at home. Instead of going for the easy bust, the FBI spent a solid year surveilling McGrath, while working with Justice Department lawyers on the legal framework for what would become Operation Torpedo. Finally, on November 2012, the feds swooped in on McGrath, seized his servers and spirited them away to an FBI office in Omaha. A federal magistrate signed three separate search warrants: one for each of the three hidden services. The warrants authorized the FBI to modify the code on the servers to deliver the NIT to any computers that accessed the sites. The judge also allowed the FBI to delay notification to the targets for 30 days. The FBI’s drive-by malware search warrants name all “computers that access the website” as targets. This NIT was purpose-built to identify the computer, and do nothing else—it didn’t collect keystrokes or siphon files off to the bureau. And it evidently did its job well. In a two-week period, the FBI collected IP addresses, hardware MAC addresses (a unique hardware identifier for the computer’s network or Wi-Fi card) and Windows hostnames on at least 25 visitors to the sites. Subpoenas to ISPs produced home addresses and subscriber names, and in April 2013, five months after the NIT deployment, the bureau staged coordinated raids around the country. Today, with 14 of the suspects headed toward trial in Omaha, the FBI is being forced to defend its use of the drive-by download for the first time. Defense attorneys have urged the Nebraska court to throw out the spyware evidence, on the grounds that the bureau concealed its use of the NIT beyond the 30-day blackout period allowed in the search warrant. Some defendants didn’t learn about the hack until a year after the fact. “Normally someone who is subject to a search warrant is told virtually immediately,” says defense lawyer Joseph Gross Jr. “What I think you have here is an egregious violation of the Fourth Amendment.” But last week U.S. Magistrate Judge Thomas Thalken rejected the defense motion, and any implication that the government acted in bad faith. “The affidavits and warrants were not prepared by some rogue federal agent,” Thalken wrote, “but with the assistance of legal counsel at various levels of the Department of Justice.” The matter will next be considered by U.S. District Judge Joseph Bataillon for a final ruling. The ACLU’s Soghoian says a child porn sting is probably the best possible use of the FBI’s drive-by download capability. “It’s tough to imagine a legitimate excuse to visit one of those forums: the mere act of looking at child pornography is a crime,” he notes. His primary worry is that Operation Torpedo is the first step to the FBI using the tactic much more broadly, skipping any public debate over the possible unintended consequences. “You could easily imagine them using this same technology on everyone who visits a jihadi forum, for example,” he says. “And there are lots of legitimate reasons for someone to visit a jihadi forum: research, journalism, lawyers defending a case. ACLU attorneys read Inspire Magazine, not because we are particularly interested in the material, but we need to cite stuff in briefs.” Soghoian is also concerned that the judges who considered NIT applications don’t fully understand that they’re being asked to permit the use of hacking software that takes advantage of software vulnerabilities to breach a machine’s defenses. The Operation Torpedo search warrant application, for example, never uses the words “hack,” “malware,” or “exploit.” Instead, the NIT comes across as something you’d be happy to spend 99 cents for in the App Store. “Under the NIT authorized by this warrant, the website would augment [its] content with some additional computer instructions,” the warrant reads. From the perspective of experts in computer security and privacy, the NIT is malware, pure and simple. That was demonstrated last August, when, perhaps buoyed by the success of Operation Torpedo, the FBI launched a second deployment of the NIT targeting more Tor hidden services. This one—still unacknowledged by the bureau—traveled across the servers of Freedom Hosting, an anonymous provider of turnkey Tor hidden service sites that, by some estimates, powered half of the Dark Net. This attack had its roots in the July 2013 arrest of Freedom Hosting’s alleged operator, one Eric Eoin Marques, in Ireland. Marques faces U.S. charges of facilitating child porn—Freedom Hosting long had a reputation for tolerating child pornography. The payload for the Tor Browser Bundle malware is hidden in a variable called “magneto”. Working with French authorities, the FBI got control of Marques’ servers at a hosting company in France, according to testimony in Marques’ case. Then the bureau appears to have relocated them—or cloned them—in Maryland, where the Marques investigation was centered. On August 1, 2013, some savvy Tor users began noticing that the Freedom Hosting sites were serving a hidden “iframe”—a kind of website within a website. The iframe contained Javascript code that used a Firefox vulnerability to execute instructions on the victim’s computer. The code specifically targeted the version of Firefox used in the Tor Browser Bundle—the easiest way to use Tor. This was the first Tor browser exploit found in the wild, and it was an alarming development to the Tor community. When security researchers analyzed the code, they found a tiny Windows program hidden in a variable named “Magneto.” The code gathered the target’s MAC address and the Windows hostname, and then sent it to a server in Virginia in a way that exposed the user’s real IP address. In short, the program nullified the anonymity that the Tor browser was designed to enable. As they dug further, researchers discovered that the security hole the program exploited was already a known vulnerability called CVE-2013-1690—one that had theoretically been patched in Firefox and Tor updates about a month earlier. But there was a problem: Because the Tor browser bundle has no auto-update mechanism, only users who had manually installed the patched version were safe from the attack. “It was really impressive how quickly they took this vulnerability in Firefox and extrapolated it to the Tor browser and planted it on a hidden service,” says Andrew Lewman, executive director of the nonprofit Tor Project, which maintains the code. The Freedom Hosting drive-by has had a lasting impact on the Tor Project, which is now working to engineer a safe, private way for Tor users to automatically install the latest security patches as soon as they’re available—a move that would make life more difficult for anyone working to subvert the anonymity system, with or without a court order. Unlike with Operation Torpedo, the details of the Freedom Hosting drive-by operation remain a mystery a year later, and the FBI has repeatedly declined to comment on the attack, including when contacted by WIRED for this story. Only one arrest can be clearly tied to the incident—that of a Vermont man named Grant Klein who, according to court records, was raided in November based on an NIT on a child porn site that was installed on July 31, 2013. Klein pleaded guilty to a single count of possession of child pornography in May and is set for sentencing this October. But according to reports at the time, the malware was seen, not just on criminal sites, but on legitimate hidden services that happened to be hosted by Freedom Hosting, including the privacy protecting webmail service Tormail. If true, the FBI’s drive-by strategy is already gathering data on innocent victims. Despite the unanswered questions, it’s clear that the Justice Department wants to scale up its use of the drive-by download. It’s now asking the Judicial Conference of the United States to tweak the rules governing when and how federal judges issue search warrants. The revision would explicitly allow for warrants to “use remote access to search electronic storage media and to seize or copy electronically stored information” regardless of jurisdiction. The revision, a conference committee concluded last May (.pdf), is the only way to confront the use of anonymization software like Tor, “because the target of the search has deliberately disguised the location of the media or information to be searched.” Such dragnet searching needs more scrutiny, Soghoian says. “What needs to happen is a public debate about the use of this technology, and the use of these techniques,” he says. “And whether the criminal statutes that the government relies on even permit this kind of searching. It’s one thing to say we’re going to search a particular computer. It’s another thing to say we’re going to search every computer that visits this website, without knowing how many there are going to be, without knowing what city, state or countries they’re coming from.” “Unfortunately,” he says, “we’ve tiptoed into this area, because the government never gave notice that they were going to start using this technique.” Source
  2. Tor is still DHE 1024 (NSA crackable) After more revelations, and expert analysis, we still aren't precisely sure what crypto the NSA can break. But everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys. Assuming no "breakthroughs", the NSA can spend $1 billion on custom chips that can break such a key in a few hours. We know the NSA builds custom chips, they've got fairly public deals with IBM foundries to build chips. The problem with Tor is that it still uses these 1024 bit keys for much of its crypto, particularly because most people are still using older versions of the software. The older 2.3 versions of Tor uses keys the NSA can crack, but few have upgraded to the newer 2.4 version with better keys. You can see this for yourself by going to a live listing of Tor servers, like http://torstatus.blutmagie.de/. Only 10% of the servers have upgraded to version 2.4. Recently, I ran a "hostile" exit node and recorded the encryption negotiated by incoming connections (the external link encryption, not the internal circuits). This tells me whether they are using the newer or older software. Only about 24% of incoming connections were using the newer software. Here's a list of the counts: 14134 -- 0x0039 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 5566 -- 0xc013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 2314 -- 0x0016 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 905 -- 0x0033 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 1 -- 0xc012 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA The older software negotiates "DHE", which are 1024 bit Diffie-Hellman keys. The newer software chooses ECDHE, which are Elliptical-Curve keys. I show the raw data because I'm confused by the last entry, I'm not sure how the software might negotiate ECDHE+3DES, it seems like a lulz-worthy combination (not that it's insecure -- just odd). Those selecting DHE+3DES are also really old I think. I don't know enough about Tor, but I suspect anything using DHE+3DES is likely more than 5 years old. (By the way, I used my Ferret tool to generate this, typing "ferret suites -r ".) The reason software is out of date is because it takes a long time for repositories to be updated. If you type "apt-get install tor" on a Debian/Ubuntu computer, you get the 2.3 version. And this is what pops up as the suggestion of what you should do when you go to the Tor website. Sure, it warns you that the software might be out-of-date, but it doesn't do a good job pointing out that it's almost a year out of date, and the crypto the older version is using is believed to be crackable by the NSA. Of course, this is still just guessing about the NSA's capabilities. As it turns out, the newer Elliptical keys may turn out to be relatively easier to crack than people thought, meaning that the older software may in fact be more secure. But since 1024 bit RSA/DH has been the most popular SSL encryption for the past decade, I'd assume that it's that, rather than curves, that the NSA is best at cracking. Therefore, I'd suggest that the Tor community do a better job getting people to upgrade to 2.4. Old servers with crackable crypto, combined with the likelyhood the NSA runs hostile Tor nodes, means that it's of much greater importance. by Robert Graham from Errata Security The feds pay for 60 percent of Tor’s development. Can users trust it? This week, we learned that the NSA had managed to circumvent much of the encryption that secures online financial transactions and other activities we take for granted on the Internet. How? By inserting backdoors into the very commercial software designed to keep sensitive medical records, bank files and other information private. The NSA’s sustained attempt to get around encryption calls into question many of the technologies people have come to rely on to avoid surveillance. One indispensable tool is Tor, the anonymizing service that takes a user’s Internet traffic and spits it out from some other place on the Web so that its origin is obscured. So far there’s no hard evidence that the government has compromised the anonymity of Tor traffic. But some on a Tor-related e-mail list recently pointed out that a substantial chunk of the Tor Project’s 2012 operating budget came from the Department of Defense, which houses the NSA. Last year, DoD funding accounted for more than 40 percent of the Tor Project’s $2 million budget. Other major donors include the U.S. State Department, which has an interest in promoting Internet freedom globally, and the National Science Foundation. Add up all those sources, and the government covers 60 percent of the costs of Tor’s development. Tor Executive Director Andrew Lewman wrote in an e-mail to users that just because the project accepts federal funding does not mean it collaborated with the NSA to unmask people’s online identities. “The parts of the U.S. and Swedish governments that fund us through contracts want to see strong privacy and anonymity exist on the Internet in the future,” Lewman wrote. “Don’t assume that ‘the government’ is one coherent entity with one mindset.” And Roger Dingledine, a founder of the Tor Project, says that the Defense Department money is much more like a research grant than a procurement contract. “They aren’t ‘buying products’ from us,” Dingledine tells me. “They’re funding general research and development on better anonymity, better performance and scalability and better blocking-resistance. Everything we do we publish in the open.” Dingledine acknowledges that “bad guys” could conceivably introduce vulnerabilities into Tor’s open-source code. But one of the major advantages of open-source software is that the product can be inspected by anyone for defects, which raises its security somewhat. There’d only be a problem if the NSA were somehow able to insert malicious code that nobody recognized. The NSA didn’t immediately respond to a request for comment Friday afternoon. Update: Roger Dingledine writes in to explain why the government has never asked the Tor Project to install a backdoor: I think this is mainly due to two reasons: A) We’ve had that faq entry up for a long time, including the part where we say we’ll fight it and that we have lots of lawyers who will help us fight it. So they know it won’t be easy. B ) I do a lot of outreach to various law enforcement groups to try to teach them how Tor works and why they need it to be safe. See e.g. the first two paragraphs of this: I think ‘A’ used to be a sufficient reason by itself, but now we’re reading about more and more companies and services that have tried to fight such a request and given up. The architecture of the Tor network makes it more complex (there’s no easy place in the deployed network to stick a backdoor), but that doesn’t mean they won’t try. I guess we rely on ‘B’ for now, and see how things go. Source Large botnet cause of recent Tor network overload Recently, Roger Dingledine described a sudden increase in Tor users on the Tor Talk mailinglist. To date there has been a large amount of speculation as to why this may have happened. A large number of articles seem to suggest this to be the result of the recent global espionage events, the evasion of the Pirate Bay blockades using the PirateBrowser or the Syrian civil war. At the time of writing, the amount of Tor clients actually appears to have more than quintupled already. The graph shows no signs of a decline in growth, as seen below: An alternative recurring explanation is the increased usage of botnets using Tor, based on the assertion that the increase appears to consist of mostly new users to Tor that apparently are not doing much given the limited impact on Tor exit performance. In recent days, we have indeed found evidence which suggests that a specific and rather unknown botnet is responsible for the majority of the sudden uptick in Tor users. A recent detection name that has been used in relation to this botnet is “Mevade.A”, but older references suggest the name “Sefnit”, which dates back to at least 2009 and also included Tor connectivity. We have found various references that the malware is internally known as SBC to its operators. Previously, the botnet communicated mainly using HTTP as well as alternative communication methods. More recently and coinciding with the uptick in Tor users, the botnet switched to Tor as its method of communication for its command and control channel. The botnet appears to be massive in size as well as very widespread. Even prior to the switch to Tor, it consisted of tens of thousands of confirmed infections within a limited amount of networks. When these numbers are extrapolated on a per country and global scale, these are definitely in the same ballpark as the Tor user increase. Thus one important thing to note is that this was an already existing botnet of massive scale, even prior to the conversion to using Tor and .onion as command and control channel. As pointed out in the Tor weekly news, the version of Tor that is used by the new Tor clients must be 0.2.3.x, due to the fact that they do not use the new Tor handshake method. Based on the code we can confirm that the version of Tor that is used is 0.2.3.25. The malware uses command and control connectivity via Tor .onion links using HTTP. While some bots continue to operate using the standard HTTP connectivity, some versions of the malware use a peer-to-peer network to communicate (KAD based). Typically, it is fairly clear what the purpose of malware is, such as banking, clickfraud, ransomware or fake anti-virus malware. In this case however it is a bit more difficult. It is possible that the purpose of this malware network is to load additional malware onto the system and that the infected systems are for sale. We have however no compelling evidence that this is true, so this assumption is merely based on a combination of small hints. It does however originate from a Russian spoken region, and is likely motivated by direct or indirect financial related crime. This specific version of the malware, which includes the Tor functionality, will install itself in: %SYSTEM%\config\systemprofile\Local Settings\Application Data\Windows Internet Name System\wins.exeAdditionally, it will install a Tor component in: %PROGRAMFILES%\Tor\Tor.exeThis location is regularly updated with new versions. Related md5 hashes: 2eee286587f76a09f34f345fd4e00113 (August 2013)c11c83a7d9e7fa0efaf90cebd49fbd0b (September 2013)Related md5 hashes from non-Tor version: 4841b5508e43d1797f31b6cdb83956a3 (December 2012)4773a00879134a9365e127e2989f4844 (January 2013)9fcddc45ae35d5cdc06e8666d249d250 (February 2013)b939f6ef3bd292996f97aa5786757870 (March 2013)47c8b85a4c82ed71487deab68de196ba (March 2013)3e6eb9f8d81161db44b4c4b17763c46a (April 2013)a0343241bf53576d18e9c1329e6a5e7e (April 2013)Source New Tor 0.2.4.17-rc packages There's a new Tor 0.2.4.17-rc to hopefully help mitigate some of the problems with the botnet issues Tor is experiencing. All packages, including the beta Tor Browser Bundles, have been updated. Relay operators are strongly encouraged to upgrade to the latest versions, since it mostly has server-side improvements in it, but users will hopefully benefit from upgrading too. Please try it out and let us know. https://www.torproject.org/projects/torbrowser.html.en#downloads Tor Browser Bundle (2.4.17-beta-1) Update Tor to 0.2.4.17-rc Update NoScript to 2.6.7.1 Update HTTPS Everywhere to 4.0development.11 Source
  3. James Duane explains in practical terms why citizens should never talk to police under any circumstances. James Duane is an American law professor at the Regent University School of Law, former criminal defense attorney, and Fifth Amendment expert. He received some viral online attention for his "Don't Talk To Police" video of a lecture he gave to a group of law students with Virginia Beach Police Department Officer George Bruch. Using former Supreme Court Justice Robert Jackson as support of his "Don't Talk to Police" advice, Duane says, inter alia, that: even perfectly innocent citizens may get themselves into trouble even when the police are trying to do their jobs properly, because police malfeasance is entirely unnecessary for the innocent to convict themselves by mistake; talking to police may bring up erroneous but believable evidence against even innocent witnesses; and individuals convinced of their own innocence may have unknowingly committed a crime which they inadvertently confess to during questioning. Link: Backup link: http://www.sockshare.com/file/52821CC375D143BCEnjoy.
  4. By Kevin Poulsen 01.27.14 6:30 AM While investigating a hosting company known for sheltering child porn last year the FBI incidentally seized the entire e-mail database of a popular anonymous webmail service called TorMail. Now the FBI is tapping that vast trove of e-mail in unrelated investigations. The bureau’s data windfall, seized from a company called Freedom Hosting, surfaced in court papers last week when prosecutors indicted a Florida man for allegedly selling counterfeit credit cards online. The filings show the FBI built its case in part by executing a search warrant on a Gmail account used by the counterfeiters, where they found that orders for forged cards were being sent to a TorMail e-mail account: “[email protected]” Acting on that lead in September, the FBI obtained a search warrant for the TorMail account, and then accessed it from the bureau’s own copy of “data and information from the TorMail e-mail server, including the content of TorMail e-mail accounts,” according to the complaint (.pdf) sworn out by U.S. Postal Inspector Eric Malecki. The tactic suggests the FBI is adapting to the age of big-data with an NSA-style collect-everything approach, gathering information into a virtual lock box, and leaving it there until it can obtain specific authority to tap it later. There’s no indication that the FBI searched the trove for incriminating evidence before getting a warrant. But now that it has a copy of TorMail’s servers, the bureau can execute endless search warrants on a mail service that once boasted of being immune to spying. “We have no information to give you or to respond to any subpoenas or court orders,” read TorMail’s homepage. “Do not bother contacting us for information on, or to view the contents of a TorMail user inbox, you will be ignored.” In another e-mail case, the FBI last year won a court order compelling secure e-mail provider Lavabit to turn over the master encryption keys for its website, which would have given agents the technical ability to spy on all of Lavabit’s 400,000 users – though the government said it was interested only in one. (Rather than comply, Lavabit shut down and is appealing the surveillance order). TorMail was the webmail provider of choice for denizens of the so-called Darknet of anonymous and encrypted websites and services, making the FBI’s cache extraordinarily valuable. The affair also sheds a little more light on the already-strange story of the FBI’s broad attack on Freedom Hosting, once a key service provider for untraceable websites. Freedom Hosting specialized in providing turnkey “Tor hidden service” sites — special sites, with addresses ending in .onion, that hide their geographic location behind layers of routing, and can be reached only over the Tor anonymity network. Tor hidden services are used by those seeking to evade surveillance or protect users’ privacy to an extraordinary degree – human rights groups and journalists as well as serious criminal elements. By some estimates, Freedom Hosting backstopped fully half of all hidden services at the time it was shut down last year — TorMail among them. But it had a reputation for tolerating child pornography on its servers. In July, the FBI moved on the company and had the alleged operator, Eric Eoin Marques, arrested at his home in Ireland. The U.S. is now seeking his extradition for allegedly facilitating child porn on a massive scale; hearings are set to begin in Dublin this week. According to the new document, the FBI obtained the data belonging to Freedom Hosting’s customers through a Mutual Legal Assistance request to France – where the company leased its servers – between July 22, 2013 and August 2 of last year. That’s two days before all the sites hosted by Freedom Hosting , including TorMail, began serving an error message with hidden code embedded in the page, on August 4. Security researchers dissected the code and found it exploited a security hole in Firefox to de-anonymize users with slightly outdated versions of Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia. Though the FBI hasn’t commented (and declined to speak for this story), the malware’s behavior was consistent with the FBI’s spyware deployments, now known as a “Network Investigative Technique.” No mass deployment of the FBI’s malware had ever before been spotted in the wild. The attack through TorMail alarmed many in the Darknet, including the underground’s most notorious figure — Dread Pirate Roberts, the operator of the Silk Road drug forum, who took the unusual step of posting a warning on the Silk Road homepage. An analysis he wrote on the associated forum now seems prescient. “I know that MANY people, vendors included, used TorMail,” he wrote. “You must think back through your TorMail usage and assume everything you wrote there and didn’t encrypt can be read by law enforcement at this point and take action accordingly. I personally did not use the service for anything important, and hopefully neither did any of you.” Two months later the FBI arrested San Francisco man Ross William Ulbricht as the alleged Silk Road operator. The connection, if any, between the FBI obtaining Freedom Hosting’s data and apparently launching the malware campaign through TorMail and the other sites isn’t spelled out in the new document. The bureau could have had the cooperation of the French hosting company that Marques leased his servers from. Or it might have set up its own Tor hidden services using the private keys obtained from the seizure, which would allow it to adopt the same .onion addresses used by the original sites. The French company also hasn’t been identified. But France’s largest hosting company, OVH, announced on July 29, in the middle of the FBI’s then-secret Freedom Hosting seizure, that it would no longer allow Tor software on its servers. A spokesman for the company says he can’t comment on specific cases, and declined to say whether Freedom Hosting was a customer. “Wherever the data center is located, we conduct our activities in conformity with applicable laws, and as a hosting company, we obey search warrants or disclosure orders,” OVH spokesman Benjamin Bongoat told WIRED. “This is all we can say as we usually don’t make any comments on hot topics.” http://www.wired.com/threatlevel/2014/01/tormail
  5. The FBI is gearing up for a major crackdown on cybercrime, and says that arrests of major criminals will follow in weeks. Speaking at the Reuters Cybersecurity Summit, the FBI’s executive assistant director of cyber enforcement Robert Anderson said, “There is a philosophy change. If you are going to attack Americans, we are going to hold you responsible.” Anderson’s speech said that the FBI’s dealings with cybercrime would now show “a much more offensive side,” and made it clear that this involved extraditions, referring to a foreign national detained at an airport in Spain for running a botnet that targeted Americans, according to Deep Dot Web’s report. Prior to working in cyber enforcement, Anderson worked in espionage and counter-intelligence. Anderson said, “If we can reach out and touch you, we are going to reach out and touch you.” Previously, the FBI has held back from pursuiing extradition in certain cases. “There’s a lot of countries that will not extradite. That will not stop us from pressing forward and charging those individuals and making it public,” he said, according to Russia Today’s report. He also said that arrested hackers could expect long jail sentences, rather than reduced terms for cooperating or becoming informants, according to the Voice of Russia. He said that the only circumstances in which reduced sentences would be considered would be those affecting “national security”, according to Reuters. Politico.com reported that the FBI was also setting up “online and in-person” cyber training courses for America’s 17,000 police forces. Source
  6. Three men have been arrested by the FBI for identifying vulnerabilities and network weak points to illegally access computer systems at Microsoft, as well as video game developers Valve Corporation, Activision Blizzard, Zombie Studios, and Epic Games. The hackers were able to illegally obtain copies of various games that were still in development - games like Gears of War 3 and Call of Duty Modern Warfare 3. The incidents began around January of 2011 and continued for two years, but the 54-page federal indictment was only revealed by The Smoking Gun today. The men are Nathan Leroux (19 years old); Sanadodeh Nesheiwat (28 years old); and David Pokora, a Canadian resident. These hackers were able to steal "login credentials, trade secrets, and intellectual property relating to the Xbox gaming system." The hackers were able to access the valid credentials of Microsoft software development partners, during the time the next-gen Xbox One was in development. In fact, using these credentials, these hackers were able to copy over and arm themselves with "internal design and technical specifications and pre-release operating system software code" and were able to build a "fake next-generation" Xbox console. They sold it on eBay for nearly $5000. A second fake Xbox console, built with hardware purchased from the popular retailer Newegg, was destined for a purchaser in the Republic of Seychelles (African island). The FBI was able to intercept the second console before it reached its destination. According to the indictment, one of the hackers spoke of compromising a "fuckton of Paypals" from compromised databases, adding that "we could have already sold them for Bitcoins which would have been untraceable if we did it right. It could have already been easily an easy 50 grand." "If we do this right, we will make a million dollars each," one of the hackers stated. These men were arrested last week, except for Pokora - whose status is unknown at this time. They are facing fifteen felony counts, including conspiracy, fraud, and computer hacking. Source
  7. Getting busted by the FBI can hardly be a pleasurable experience but for one former Android software pirate his debt to the authorities won't be over anytime soon. As part of a plea agreement with the Department of Justice, a former member of the SnappzMarket group has just agreed to work undercover for the FBI. In 2012, three Android-focused websites were seized by the Department of Justice. With help from French and Dutch police, the FBI took over applanet.net, appbucket.net and snappzmarket.com, a trio of so-called ‘rogue’ app stores. Carrying out several arrests the authorities heralded the operation as the first of its kind, alongside claims that together the sites had facilitated the piracy of more than two million apps. Last month the Department of Justice announced that two of the three admins of Appbucket had entered guilty pleas to charges of criminal copyright infringement and would be sentenced in June. Yesterday the DoJ reported fresh news on the third defendant. Appbucket’s Thomas Pace, 38, of Oregon City, Oregon, pleaded guilty to one count of conspiracy to commit criminal copyright infringement and will be sentenced in July. As reported in late March, the former operator of Applanet says he intends to fight the U.S. Government. However, the same definitely cannot be said about Kody Jon Peterson of Clermont, Florida. The 22-year-old, who was involved in the operations of SnappzMarket, pleaded guilty this week to one count of conspiracy to commit criminal copyright infringement. He admitted being involved in the illegal copying and distribution of more than a million pirated Android apps with a retail value of $1.7 million. His sentencing date has not been set, but even when that’s over his debt to the government may still not be paid. As part of his guilty plea, Peterson entered into a plea agreement in which he gave up his right to be tried by a jury and any right to an appeal. He also accepted that he could be jailed for up to five years, be subjected to supervised release of up to three years, be hit with a $250,000 fine, and have to pay restitution to the victims of his crimes. Peterson also agreed to cooperate with the authorities in the investigation, including producing all relevant records and attending interviews when required. However, in addition to more standard types of cooperation, the 22-year-old also agreed to go much further. A copy of his plea agreement obtained by TF reveals that Peterson has agreed to work undercover for the Government. “Upon request by the Government, the Defendant agrees to act in an undercover investigative capacity to the best of his ability,” the agreement reads. “The Defendant agrees that Defendant will make himself available to the law enforcement agents designated by the Government, will fully comply with all reasonable instructions given by such agents, and will allow such agents to monitor and record conversations and other interactions with persons suspected of criminal activity.” The plea agreement also notes that in order to facilitate this work, Government attorneys and agents are allowed to contact Peterson on no notice and communicate with him without his own attorney being present. The extent of Peterson’s cooperation will eventually be detailed to the sentencing court and if it is deemed to be “substantial” then the Government will file a motion to have his sentence reduced. But despite the agreements, Peterson has another huge problem to face. According to court documents he is an immigrant to the United States and as such a guilty plea could see him removed from the country. Whether he will be allowed to stay will be the subject of a separate proceeding but given his agreement to work undercover it seems unlikely the Government would immediately choose to eject such a valuable asset. In the meantime, former associates and contacts of Peterson could potentially be talking online to him right now, with a FBI agent listening in over his shoulder and recording everything being said. Source: TorrentFreak
  8. New documents released by the FBI show that the Bureau is well on its way toward its goal of a fully operational face recognition database by this summer. EFF received these records in response to our Freedom of Information Act lawsuit for information on Next Generation Identification (NGI)—the FBI's massive biometric database that may hold records on as much as one third of the U.S. population. The facial recognition component of this database poses real threats to privacy for all Americans. What is NGI? NGI builds on the FBI's legacy fingerprint database—which already contains well over 100 million individual records—and has been designed to include multiple forms of biometric data, including palm prints and iris scans in addition to fingerprints and face recognition data. NGI combines all these forms of data in each individual's file, linking them to personal and biographic data like name, home address, ID number, immigration status, age, race, etc. This immense database is shared with other federal agencies and with the approximately 18,000 tribal, state and local law enforcement agencies across the United States. The records we received show that the face recognition component of NGI may include as many as 52 million face images by 2015. By 2012, NGI already contained 13.6 million images representing between 7 and 8 million individuals, and by the middle of 2013, the size of the database increased to 16 million images. The new records reveal that the database will be capable of processing 55,000 direct photo enrollments daily and of conducting tens of thousands of searches every day. NGI Will Include Non-criminal as Well as Criminal Photos One of our biggest concerns about NGI has been the fact that it will include non-criminal as well as criminal face images. We now know that FBI projects that by 2015, the database will include 4.3 million images taken for non-criminal purposes. Currently, if you apply for any type of job that requires fingerprinting or a background check, your prints are sent to and stored by the FBI in its civil print database. However, the FBI has never before collected a photograph along with those prints. This is changing with NGI. Now an employer could require you to provide a "mug shot" photo along with your fingerprints. If that's the case, then the FBI will store both your face print and your fingerprints along with your biographic data. In the past, the FBI has never linked the criminal and non-criminal fingerprint databases. This has meant that any search of the criminal print database (such as to identify a suspect or a latent print at a crime scene) would not touch the non-criminal database. This will also change with NGI. Now every record—whether criminal or non—will have a "Universal Control Number" (UCN), and every search will be run against all records in the database. This means that even if you have never been arrested for a crime, if your employer requires you to submit a photo as part of your background check, your face image could be searched—and you could be implicated as a criminal suspect—just by virtue of having that image in the non-criminal file. Many States are Already Participating in NGI The records detail the many states and law enforcement agencies the FBI has already been working with to build out its database of images (see map below). By 2012, nearly half of U.S. states had at least expressed an interest in participating in the NGI pilot program, and several of those states had already shared their entire criminal mug shot database with the FBI. The FBI hopes to bring all states online with NGI by this year. The FBI worked particularly closely with Oregon through a special project called "Face Report Card." The goal of the project was to determine and provide feedback on the quality of the images that states already have in their databases. Through Face Report Card, examiners reviewed 14,408 of Oregon's face images and found significant problems with image resolution, lighting, background and interference. Examiners also found that the median resolution of images was "well-below" the recommended resolution of .75 megapixels (in comparison, newer iPhone cameras are capable of 8 megapixel resolution). FBI Disclaims Responsibility For Accuracy At such a low resolution, it is hard to imagine that identification will be accurate.1 However, the FBI has disclaimed responsibility for accuracy, stating that "[t]he candidate list is an investigative lead not an identification." Because the system is designed to provide a ranked list of candidates, the FBI states NGI never actually makes a "positive identification," and "therefore, there is no false positive rate." In fact, the FBI only ensures that "the candidate will be returned in the top 50 candidates" 85 percent of the time "when the true candidate exists in the gallery." It is unclear what happens when the "true candidate" does not exist in the gallery—does NGI still return possible matches? Could those people then be subject to criminal investigation for no other reason than that a computer thought their face was mathematically similar to a suspect's? This doesn't seem to matter much to the FBI—the Bureau notes that because "this is an investigative search and caveats will be prevalent on the return detailing that the [non-FBI] agency is responsible for determining the identity of the subject, there should be NO legal issues." Nearly 1 Million Images Will Come From Unexplained Sources One of the most curious things to come out of these records is the fact that NGI may include up to 1 million face images in two categories that are not explained anywhere in the documents. According to the FBI, by 2015, NGI may include: 46 million criminal images 4.3 million civil images 215,000 images from the Repository for Individuals of Special Concern (RISC) 750,000 images from a "Special Population Cognizant" (SPC) category 215,000 images from "New Repositories" However, the FBI does not define either the "Special Population Cognizant" database or the "new repositories" category. This is a problem because we do not know what rules govern these categories, where the data comes from, how the images are gathered, who has access to them, and whose privacy is impacted. A 2007 FBI document available on the web describes SPC as "a service provided to Other Federal Organizations (OFOs), or other agencies with special needs by agreement with the FBI" and notes that "[t]hese SPC Files can be specific to a particular case or subject set (e.g., gang or terrorist related), or can be generic agency files consisting of employee records." If these SPC files and the images in the "new repositories" category are assigned a Universal Control Number along with the rest of the NGI records, then these likely non-criminal records would also be subject to invasive criminal searches. Goverment Contractor Responsible For NGI has Built Some of the Largest Face Recognition Databases in the World The company responsible for building NGI's facial recognition component—MorphoTrust(formerly L-1 Identity Solutions)—is also the company that has built the face recognition systems used by approximately 35 state DMVs and many commercial businesses.2MorphoTrust built and maintains the face recognition systems for the Department of State, which has the "largest facial recognition system deployed in the world" with more than 244 million records,3 and for the Department of Defense, which shares its records with the FBI. The FBI failed to release records discussing whether MorphoTrust uses a standard (likely proprietary) algorithm for its face templates. If it does, it is quite possible that the face templates at each of these disparate agencies could be shared across agencies—raising again the issue that the photograph you thought you were taking just to get a passport or driver's license is then searched every time the government is investigating a crime. The FBI seems to be leaning in this direction: an FBI employee email notes that the "best requirements for sending an image in the FR system" include "obtain[ing] DMV version of photo whenever possible." Why Should we care About NGI? There are several reasons to be concerned about this massive expansion of governmental face recognition data collection. First, as noted above, NGI will allow law enforcement at all levels to search non-criminal and criminal face records at the same time. This means you could become a suspect in a criminal case merely because you applied for a job that required you to submit a photo with your background check. Second, the FBI and Congress have thus far failed to enact meaningful restrictions on what types of data can be submitted to the system, who can access the data, and how the data can be used. For example, although the FBI has said in these documents that it will not allow non-mug shot photos such as images from social networking sites to be saved to the system, there are no legal or even written FBI policy restrictions in place to prevent this from occurring. As we have stated before, the Privacy Impact Assessment for NGI's face recognition component hasn't been updated since 2008, well before the current database was even in development. It cannot therefore address all the privacy issues impacted by NGI. Finally, even though FBI claims that its ranked candidate list prevents the problem of false positives (someone being falsely identified), this is not the case. A system that only purports to provide the true candidate in the top 50 candidates 85 percent of the time will return a lot of images of the wrong people. We know from researchers that the risk of false positives increases as the size of the dataset increases—and, at 52 million images, the FBI's face recognition is a very large dataset. This means that many people will be presented as suspects for crimes they didn't commit. This is not how our system of justice was designed and should not be a system that Americans tacitly consent to move towards. For more on our concerns about the increased role of face recognition in criminal and civil contexts, read Jennifer Lynch's 2012 Senate Testimony. We will continue to monitor the FBI's expansion of NGI. Here are the documents: FBI NGI Description of Face Recognition Program FBI NGI Report Card on Oregon Face Recognition Program FBI NGI Sample Memorandum of Understanding with States FBI NGI Face Recognition Goals & Objectives FBI NGI Information on Implementation FBI Emails re. NGI Face Recognition Program FBI Emails from Contractors re. NGI FBI NGI 2011 Face Recognition Operational Prototype Plan FBI NGI Document Discussing Technical Characteristics of Face Recognition Component FBI NGI 2010 Face Recognition Trade Study Plan FBI NGI Document on L-1's Commercial Face Recognition Product 1. In fact, another document notes that "since the trend for the quality of data received by the customer is lower and lower quality, specific research and development plans for low quality submission accuracy improvement is highly desirable." 2. MorphoTrust's parent company, Safran Morpho, describes itself as "[t]he world leader in biometric systems," is largely responsible for implementing India's Aadhaar project, which, ultimately, will collect biometric data from nearly 1.2 billion people. 3. One could argue that Facebook's is larger. Facebook states that its users have uploaded more than 250 billion photos. However, Facebook never performs face recognition searches on that entire 250 billion photo database. Source
  9. The homepage of DarkMarket, a prototype for a decentralized online black market. The Silk Road, for all its clever uses of security protections like Tor and Bitcoin to protect the site’s lucrative drug trade, still offered its enemies a single point of failure. When the FBI seized the server that hosted the market in October and arrested its alleged owner Ross Ulbricht, the billion-dollar drug bazaar came crashing down. If one group of Bitcoin black market enthusiasts has their way, the next online free-trade zone could be a much more elusive target. At a Toronto Bitcoin hackathon earlier this month, the group took home the $20,000 first prize with a proof-of-concept for a new online marketplace known as DarkMarket, a fully peer-to-peer system with no central authority for the feds to attack. If DarkMarket’s distributed architecture works, law enforcement would be forced to go after every contraband buyer and seller one by one, a notion that could signal a new round in the cat-and-mouse game of illicit online sales. “What doesn’t kill you makes you stronger,” said Amir Taaki, one of DarkMarket’s creators and the founder of the anarchist group Unsystem, in a short speech at the Toronto Bitcoin Expo unveiling the project. He compared DarkMarket’s improvements on the now-defunct Silk Road to the advent of Bittorrent, a decentralized technology that revamped Napster’s more vulnerable model of filesharing and flummoxed copyright enforcers. “Like a hydra, those of us in the community that push for individual empowerment are in an arms race to equip the people with the tools needed for the next generation of digital black markets.” DarkMarket, Taaki and its other developers admit, is still just an experimental demonstration. They have yet to integrate anonymity protections like Tor into the software; currently every user’s IP address is listed for every other user to see. And black market enthusiasts shouldn’t expect DarkMarket’s creators to finish the open source project themselves any time soon–Taaki says he’s focused on polishing his anonymous Bitcoin software project Dark Wallet, and his co-creators Damian Cutillo and William Swanson say they’re tied up with their own Bitcoin startup known as Airbitz. “This is just a simple prototype, but we wanted to show people that it’s possible,” Taaki says. “But this is going to happen. If not us, someone else will do it.” Taaki argues that DarkMarket’s code, posted to GitHub, already has all the basic ingredients that made Silk Road a giant underground success: the ability for buyers and sellers to communicate privately and make payments to each other, pages where sellers can show their wares, a reputation system for sellers with ratings and reviews, and an escrow system that protects payment until goods are received by the buyer. “And it’s all totally decentralized,” says Taaki. Achieving those functions, while also preventing scams and fraud, is no simple task. Two of DarkMarket’s creators, Swanson and Cutillo, gave WIRED a demo of the software along with a step-by-step explanation of how a typical deal would go down. What they revealed is a Rube Goldberg machine of checks and balances designed to prevent users from cheating each other, without ever requiring oversight from an administrator or other authority figure. Here’s how it works: A user downloads the DarkMarket software, which runs as a daemon in the background of the user’s operating system, allowing them to connect to the DarkMarket network through any browser. The DarkMarket daemon incorporates a library of commands for peer-to-peer networking known as ZeroMQ, which allows the user’s PC to become a node in a distributed network where every user can communicate directly with every other user. Any DarkMarket user can become a seller on the market simply by editing an HTML file that DarkMarket designates as his or her seller page, adding pictures and descriptions of items for sale just as he or she would on the Silk Road or eBay. (For users with nothing to sell, the page remains blank.) Buyers can browse the market by clicking on other users’ DarkMarket nodes or search for a seller’s nickname to view their seller pages. At the moment, DarkMarket displays only a bare IP address for every user, but the system’s creators say it will eventually show a pseudonym for each one and also allow product searches. When a user wants to buy something, he or she sends an order message (“I’ll take ten of your finest MDMA doses”) to the seller. If the seller agrees, the buyer and seller together choose what DarkMarket calls an “arbiter.” Since the market doesn’t have any central authority, the arbiter’s job is to settle any disputes–to serve as a tie breaker in any stalemate that might arise if the deal goes sour. Both the buyer and seller can keep a list of approved arbiters, and one will be chosen at random from the overlapping names on their lists. “The arbiter is just another peer on the network,” says Swanson. “Just as anyone can be a buyer or seller, anyone can be an arbiter.” Once the buyer, seller and arbiter for a transaction are chosen, DarkMarket creates a new Bitcoin address that will serve as the escrow, holding the buyer’s money until the transaction is complete. But this isn’t any run-of-the-mill Bitcoin address; It combines the three users’ public encryption keys, created based on a private encryption key generated when they installed DarkMarket, to offer what’s known as a “multisignature” address. That address is designed so that once the buyer’s bitcoins go into it, they can only be moved again if two out of three of the parties agrees and signs that transaction with the private key that controls their Bitcoins. The buyer moves his or her money to the escrow address. If the product is shipped and arrives, the buyer and seller both sign a transaction to move the escrowed bitcoins to the seller. If the product doesn’t arrive–or if it’s defective, or some other dispute arises–the buyer and the seller may both try to move the bitcoins into their own account. In that case the arbiter can choose which transaction to sign, which determines where the coins end up. The arbiter can also demand a payment for his or her services, which would be split off from the bitcoins. After a transaction, every participant can leave ratings and reviews for every other participant. Those reputation measurements are cryptographically signed with the writer’s private key so that they can’t be forged, and copied to other nodes on the network. When a user visits a seller page, the ratings and reviews for that seller are pulled from other nodes to display the seller’s track record, preventing fraud and rewarding good customer service. To create consistent identities and prevent untrustworthy users from impersonating trusted ones, DarkMarket nodes keep a list of all the public keys and nicknames of every user on the network. This ledger of names and keys is periodically put through a cryptographic function known as a hash and added to the Bitcoin blockchain by including it in a small transaction. That trick prevents anyone from altering the ledger to steal someone’s identity; When a user searches for a nickname on DarkMarket, the software looks at the blockchain to check the user’s key against the ledger before displaying that user’s seller page. (So far, Taaki has made DarkMarket’s identities to the Bitcoin blockchain manually, but he says he plans to automatic the process.) If DarkMarket improves and catches on among contraband traders, it’s not exactly clear what legal risks Taaki and his fellow coders might be taking. Taaki argues that he’s merely distributing a program–not running a criminal conspiracy. “I’m just a humble coder,” he says. “Code is a form of expression. You can’t imprison someone for speaking an idea.” And if the creators of a fully peer-to-peer black market were to be locked up? If all goes according to plan, their leaderless community would go about business as usual. Here’s a video made by an audience member at Taaki and Swanson’s presentation of DarkMarket at the Toronto Bitcoin Expo. Source
  10. A hacker who became an informant for the FBI directed hundreds of cyber attacks against the websites of foreign governments, including Brazil, Iran, Pakistan, Syria and Turkey, the New York Times reported Thursday. It was unclear whether the FBI explicitly ordered the digital attacks, but court documents and interviews suggest "that the government may have used hackers to gather intelligence overseas," the Times wrote. The figure at the center of the case is Hector Xavier Monsegur, who had become a prominent hacker with the activist group Anonymous, which has staged cyber assaults on MasterCard, PayPal and other commercial and government targets. Monsegur was arrested by the Federal Bureau of Investigation and became an informant, helping the law enforcement agency identify other members of Anonymous. Monsegur instructed a fellow hacker, Jeremy Hammond, to extract data from a long list of foreign government websites. And then that information -- which included bank records and login details -- was uploaded to a server "monitored" by the FBI, the Times reported, citing court papers. The vast target list for hacking added up to more than 2,000 Internet domains, including the Polish Embassy in Britain and the electricity ministry in Iraq, according to an uncensored court document cited by the Times. Monsegur and Hammond had previously worked together to sabotage servers for Strafor Global Intelligence, an intelligence consultant firm based in Austin, Texas. "After Stratfor, it was pretty much out of control in terms of targets we had access to," Hammond told the Times in an interview from a federal prison in Kentucky, where he is serving a 10-year sentence for the Stratfor attack and other hacking. Hammond said he and Monsegur learned of a vulnerablity that could be exploited in web-hosting software called Plesk, which permitted backdoor access to thousands of websites. A court sentencing statement said that Monsegur directed other hackers to pull data from Syrian government sites, including banks and various ministries, according to the Times. "The FBI took advantage of hackers who wanted to help support the Syrian people against the Assad regime, who instead unwittingly provided the US government access to Syrian systems, said the court statement quoted by the Times. Monsegur's location is unknown and his sentencing hearing has been delayed repeatedly, fueling speculation that he remains an informant for the US government, the Times wrote. The report reinforces allegations that the US government has exploited flaws in Internet security to spy on foreign targets. The FBI was not immediately available for comment. Source
  11. Kim Dotcom has lost his bid to have evidence held by the FBI against him kept a secret. The information , a 200-page document which includes a sampling of 22 million emails relevant to his extradition case, may now be made public. Efforts by Dotcom to gain access to government held documentation against him was also rejected. In 2012 following the raid on his New Zealand mansion, Kim Dotcom fought to gain access to the information being held against him by the FBI. A ruling by District Court Judge David Harvey in May of that year, which stood despite an August appeal, ordered disclosure of all documents relating to the alleged crimes of the so-called Megaupload Conspiracy. While it was agreed that this information should be made available, an order forbidding publication was handed down in respect to the so-called Record of Case, a 200-page document summarizing an estimated 22 million emails and Skype discussions obtained by the FBI during their investigation. Last November a sealed court order by US Judge Liam O’Grady already allowed the U.S. Government to share the summary of evidence from the Megaupload case with copyright holders, something which was actioned before the end of the year. Over in New Zealand, however, Kim Dotcom has been fighting an application by the Crown to make the Record of Case public. That battle came to an end today when Auckland District Court Judge Nevin Dawson rejected an application by Dotcom’s legal team to extend the suppression order placed on the document. According to RadioNZ, the document contains sensitive information including email and chat conversations which suggest that the Megaupload team knew their users were uploading copyrighted material. In another setback, further applications by Dotcom to force Immigration New Zealand, the Security Intelligence Service, and several other government departments to hand over information they hold on him, were also rejected by Judge Dawson. Dotcom’s lawyer Paul Davidson, QC, told Stuff that the battle will continue. “We will press on with our resolve,” he said. Source: TorrentFreak
  12. The FBI officers have arrested a 20-year-old Tennessee man and charged with federal computer hacking for allegedly conspiring to launch cyber attacks on five organizations in 2013, including two universities and three companies in the US and Canada, federal law enforcement officials announced today. The accused named Timothy Justin French, who go online by the name “Orbit,” is a key member of the collective “NullCrew” hacking group, that claimed responsibility for dozens of high-profile computer attacks against corporations, educational institutions, and government agencies. NullCrew is a hacktivist group that came into light in 2012 after a successful cyber attack against the World Health Organization (WHO) and Public Broadcasting Service (PBS) in 2012, which resulted in plain-text username and passwords being posted online on Pastebin. The group, represent itself as a part of Anonymous hacking collective, has since 2012 carried out a number of similar high profile cyber attacks, including a successful infiltration into the servers run by the U.S. Department of Homeland Security last year. The accused was arrested without incident by FBI agents at his home in Morristown, Tenn., east of Knoxville, last week and is about to face prosecution in U.S. District Court in Chicago. French, who allegedly used the online handles such as “Orbit,” “@Orbit,” “@Orbit_g1rl,” “crysis,” “rootcrysis,” and “c0rps3,” was charged with conspiracy to commit computer fraud and abuse. The FBI has been working with a "confidential witness" to engage members of the NullCrew hacking group in a chat conversation on Skype, Twitter, and Cryptocat. Unknowingly, during the chat conversations, the NullCrew members discussed past, present, and future hacking attacks and shared current computer vulnerabilities used in the attacks. With the help of these information, the Federal officers tracked the IP address of one of the computers used in those five attacks as well as during other online attacks, which later found to be at French's address in Tennessee. All the records found from the victims’ computers show access from the same IP address at or around the time the attacks. "Cyber crime sometimes involves new-age technology but age-old criminal activity ― unlawful intrusion, theft of confidential information, and financial harm to victims," said Zachary Fardon, who has appointed up-and-coming young Assistant U.S. Attorney for the Northern District of Illinois as a deputy section chief in charge of targeting Internet crime, in a statement. "Hackers who think they can anonymously steal private business and personal information from computer systems should be aware that we are determined to find them, to prosecute pernicious online activity, and to protect cyber victims," Fardon added. If convicted, French faces a maximum sentence of 10 years in prison and a $250,000 fine. Source
  13. Law enforcement agencies in Europe and the United States, including Europol and the FBI, ran a coordinated takedown of the GameOver Zeus botnet on Friday, seizing servers and disrupting the botnet’s operation. Authorities say that the same botnet has been used to distribute the CryptoLocker ransomware and they’re now looking for a 30-year-old Russian whom they say is connected to the operation of the botnet. GameOver is a separate strain of malware from the more well-known Zeus Trojan and the botnet built using GameOver has proven to be a hard target for researchers and law enforcement. The GameOver Zeus botnet uses a P2P architecture, which makes it difficult to disrupt because of the decentralized command-and-control infrastructure. Many malware authors and botnet operators have shifted to this architecture in the last few years because of the advantages it offers in resisting takedowns and removal attempts. GameOver Zeus is used as part of a wire fraud scheme that involves stealing financial credentials from infected users’ computers and then sending money from the victims’ accounts to those controlled by the attackers. GameOver often is distributed to victims through other botnets, specifically the Cutwail botnet. On May 30, authorities working out of the European Cybercrime Center (EC3) worked with a number of security companies and researchers to takedown the botnet and seize the servers that were part of the botnet. The Shadowserver Foundation, Abuse.ch, CrowdStrike, Microsoft and several other companies were part of the takedown. “This big, and very successful, operation has been an important test of the EU Member States’ ability to act fast, decisively and coordinated against a dangerous criminal network that has been stealing money and information from victims in the EU and all over the globe. Over many days and nights cyber police from several EU countries in EC3 operation rooms maximized the impact of this joint investigation. We get better and better after each such operation, and many more will undoubtedly follow,” said Troels Oerting, head of the EC3. On Monday, the US-CERT issued a technical warning about Zeus GameOver, telling users to be wary of the malware. “GOZ, which is often propagated through spam and phishing messages, is primarily used by cybercriminals to harvest banking information, such as login credentials, from a victim’s computer. Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks,” the warning says. This is not the first time that researchers and authorities have gone after a Zeus botnet. In 2012, Microsoft took down some servers used as C&C points for Zeus, but because GameOver Zeus uses a P2P architecture, the operation didn’t put a dent in that malware operation. The FBI hasn’t released any statements about the operation against GameOver Zeus yet. Source
  14. Government communication obtained through a Freedom of Information inquiry reveals that several people have asked the authorities to shut down The Pirate Bay. The requests were originally sent to the FBI, who were also contacted by a mother looking for advice on how to deal with the pirating father of her son. There is no doubt that copyright holders repeatedly press the authorities to take action against The Pirate Bay. So, when a Pirate Bay-related Freedom of Information request was sent to Homeland Security’s National Intellectual Property Rights Coordination Center, we expected to see letters from the major music labels and Hollywood studios. Interestingly that was not the case. Late June Polity News asked Homeland Security to reveal all information the center holds on the notorious torrent site. Earlier this week the responses were received, mostly consisting of requests from individuals to shut down The Pirate Bay. In total the center received 15 emails, and all appear to have been forwarded by the FBI, where they were apparently first sent. Some of the emails only list a few pirate site domains but others are more specific in calling for strong action against The Pirate Bay. “Why don’t you seize all THE PIRATE BAY domains? Starting with thepiratebay.se. You have no idea how much good that would do to writers, artists, musicians, designers, inventors, software developers, movie people and our global economy in general,” one email reads. The emails are all redacted but the content of the requests sometimes reveals who the sender might be. The example below comes from the author of “The Crystal Warrior,” which is probably the New Zealand author Maree Anderson. “The Pirate Bay states that it can’t be held responsible for copyright infringement as it is a torrent site and doesn’t store the files on its servers. However the epub file of my published novel The Crystal Warrior has been illegally uploaded there,” the email reads. The author adds that she takes a strong stand against piracy, but that her takedown notices are ignored by The Pirate Bay. She hopes that the authorities can take more effective action. “Perhaps you would have more luck in putting pressure on them than one individual like myself. And if you are unable to take further action, I hope this notification will put The Pirate Bay in your sights so you can keep an eye on them,” the author adds. Most of the other requests include similar calls to action and appear to come from individual copyright holders. However, there is also a slightly more unusual request. The email in question comes from the mother of a 14-year-old boy whose father is said to frequently pirate movies and music. The mother says she already visited an FBI office to report the man and is now seeking further advice. Apparently she previously reached out to the MPAA, but they weren’t particularly helpful. “MPAA only wanted to know where he was downloading and could not help. I ask you what can I do, as a parent, to prevent a 14-year-old from witnessing such a law breaking citizen in his own home?” the mother writes. “It is not setting a good example for him and I don’t think that it is right to subject him to this cyber crime. Devices on websites used: www.piratebay.com for downloads and www.LittleSnitch.com so he won’t be detected. This is not right. Any help would be appreciated,” she adds. All of the revealed requests were sent between 2012 and 2014. Thus far, however, the Department of Homeland Security nor the FBI have taken any action against the Pirate Bay. Whether the pirating dad is still on the loose remains unknown for now, but chances are he’s still sharing music and movies despite the FBI referral. Source: TorrentFreak
×
×
  • Create New...