FBI Exploits Tor vulnerabilities with NITS [Fwd: Posts from Just Security for 02/16/2016]
-------- Forwarded Message -------- Today on Just Security for 02/16/2016 View this email in your browser (http://us7.campaign-archive2. com/?u=96b766fb1c8a55bbe9b0cdc21&id=03238ecdef&e=b84e639eaa) ** Law Enforcement Online: Innovative Doesn’t Mean Illegal (https://www.justsecurity.org/29364/law-enforcement-online-innovative-doesnt-...) ------------------------------------------------------------ https://www.justsecurity.org/author/germanojudith/ Judith Germano (https://www.justsecurity.org/author/germanojudith/) Even the Wild West needed a sheriff. And today’s law enforcement agents, to be effective, need more than a Colt .45 and a gold star. Criminal actors have an increasing ability to commit serious crimes remotely via computers, while concealing their identity and location through the use of various means, including Tor hidden service protocols. To effectively identify and apprehend these criminals, law enforcement must be nimble and technologically savvy, and must employ regularly updated investigative tools. These tools include Network Investigative Techniques (NITs), which enable law enforcement (pursuant to court-authorized warrants) to identify the real IP address of web users, regardless of proxy settings. Some NITs also reveal users’ operating systems, CPU architecture, and session identification, and others (pursuant to a Title III or FISA warrant) can allow real-time, full-system monitoring. There has been some level of controversy recently regarding the FBI’s use of NITs. But as criminals evolve and become increasingly sophisticated through the use of Tor and encryption techniques, so too must law enforcement’s investigative measures evolve, provided they are employed in accordance with lawful procedures and adequate constitutional safeguards. It was through a NIT that the FBI, in 2015, was able to successfully take down one of the largest dark web child exploitation sites in the world, to apprehend child predators. The site, disturbingly named “Playpen,” provided thousands of pedophiles (http://www.scmagazine.com/staten-island-man-arrested-for-allegedly-possessin...) with images of horrifying sexual abuse of children, as well as guidance on how the molesters could avoid being detected. The Playpen site is reported to have had as many as 215,000 accounts within the first year, and an average of 11,000 unique visitors per week. The FBI, pursuant to a court order (http://arstechnica.com/tech-policy/2015/07/feds-bust-through-huge-tor-hidden...) , seized the web host server in North Carolina and, rather than shutting it down immediately, ran it under FBI control for a limited, two-week period. During that time, the FBI used a NIT, which exploited a security vulnerability in the Tor Browser Bundle, to identify more than 1,300 true IP addresses. More, see link at top.
participants (1)
-
Rayzer