Further FBI overreach
From
Wired:
FBI Admits It Controlled Tor Servers Behind Mass Malware Attack
It wasn�t ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors.
Freedom Hosting�s operator, Eric Eoin Marques, had rented the servers from an unnamed commercial hosting provider in France, and paid for them from a bank account in Las Vegas. It�s not clear how the FBI took over the servers in late July, but the bureau was temporarily thwarted when Marques somehow regained access and changed the passwords, briefly locking out the FBI until it gained back control.
A bit more -- smoking gun:
The heart of the malicious Javascript was a tiny Windows executable hidden in a variable named �Magneto.� A traditional virus would use that executable to download and install a full-featured backdoor, so the hacker could come in later and steal passwords, enlist the computer in a DDoS botnet, and generally do all the other nasty things that happen to a hacked Windows box.
But the Magneto code didn�t download anything. It looked up the victim�s MAC address � a unique hardware identifier for the computer�s network or Wi-Fi card � and the victim�s Windows hostname. Then it sent it to a server in Northern Virginia server, bypassing Tor, to expose the user�s real IP address, coding the transmission as a standard HTTP web request.
�The attackers spent a reasonable amount of time writing a reliable exploit, and a fairly customized payload, and it doesn�t allow them to download a backdoor or conduct any secondary activity,� said Vlad Tsyrklevich, who reverse-engineered the Magneto code, at the time.
The malware also sent a serial number that likely ties the target to his or her visit to the hacked Freedom Hosting-hosted website.
The official IP allocation records maintained by the American Registry for Internet Numbers show the two Magneto-related IP addresses were part of a ghost block of eight addresses that have no organization listed. Those addresses trace no further than the Verizon Business data center in Ashburn, Virginia, 20 miles northwest of the Capital Beltway.
Our government is seriously overstepping its bounds...
Posted by DaveH at September 14, 2013 1:15 PM