Stories
Slash Boxes
Comments

SoylentNews is people

Operation Torpedo: FBI Seizes Child Porn Tor Hidden Services, Converts to Honeypot

posted by janrinok on Wednesday August 06 2014, @04:37PM   Printer-friendly
from the the-user-is-the-weakest-link dept.

keplr writes:

From the Wired article, "Instead of going for the easy bust, the FBI spent a solid year surveilling McGrath, while working with Justice Department lawyers on the legal framework for what would become Operation Torpedo. Finally, on November 2012, the feds swooped in on McGrath, seized his servers and spirited them away to an FBI office in Omaha.

A federal magistrate signed three separate search warrants: one for each of the three hidden services. The warrants authorized the FBI to modify the code on the servers to deliver the NIT to any computers that accessed the sites. The judge also allowed the FBI to delay notification to the targets for 30 days."

The FBI modified the .onion sites to serve a malicious script which was used to de-anonymize users. It's worth noting that only those using Tor improperly would be vulnerable. The FBI tracking payload required scripting to be enabled in the browser--a common blunder among inexperienced Tor users.

 
This discussion has been archived. No new comments can be posted.
Operation Torpedo: FBI Seizes Child Porn Tor Hidden Services, Converts to Honeypot | Log In/Create an Account | Top | 23 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Informative) by keplr on Wednesday August 06 2014, @05:13PM

    by keplr (2104) on Wednesday August 06 2014, @05:13PM (#78105) Journal

    It's in the article, "Tor hidden services mask their locations behind layers of routing. But when the agents got to a site called Pedoboard, they discovered that the owner had foolishly left the administrative account open with no password. They logged in and began poking around, eventually finding the server's real Internet IP address in Bellevue, Nebraska."

    So it wasn't a genius SIGINT op attacking the Tor network, just a hilariously incompetent sysadmin.

    --
    I don't respond to ACs.
    Starting Score:    1  point
    Moderation   +2  
       Informative=2, Total=2
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4  

  • (Score: 4, Insightful) by tathra on Wednesday August 06 2014, @05:41PM

    by tathra (3367) on Wednesday August 06 2014, @05:41PM (#78117)

    or at least thats what they're claiming. anybody who knows that parallel construction [wikipedia.org] exists, and is in fact SOP, [muckrock.com] yet still believes the claims of LEOs is incredibly naive.

    • (Score: 4, Insightful) by keplr on Wednesday August 06 2014, @05:44PM

      by keplr (2104) on Wednesday August 06 2014, @05:44PM (#78119) Journal

      Correct. I should have mentioned that's the official story, so it's necessary to remain skeptical. However, incompetent criminals do exist, and naturally these are the ones who tend to get caught and reported on.

      --
      I don't respond to ACs.