FBI Randomly Used Malware on TORMail Users While Busting Pedophiles

[GigaloRob]

FBI Randomly Used Malware on TORMail Users While Busting Pedophiles
By Ryan De Souza on January 24, 2016


Report Hints on Possible Invading of TORMail users Privacy for Capturing Global Child Porn Gang by the FBI

In 2013, the Federal Bureau of Investigation seized one of the most popular dark web email platform called TorMail and soon after the department began to rifle through the contents of the server.

Back then, the researchers suspected that the FBI deployed an NIT (network investigative technique) as well to infect the users of the site. The NIT is a term used to refer to a hacking tool used by the FBI.

However, the campaign wasn’t confirmed at the time but now the Washington Post’s report proves that the FBI do relies upon NIT usage. Yet there are now more questions than ever particularly it is unclear if the hacking was conducted on such a large scale as being speculated or not.

Most importantly, what did the FBI do with the data received from the privacy-oriented email service?


The last two paragraphs of the Washington Post report talk about the TorMail issue, which informed that the email service of Tor was allegedly used by fraudsters, child pornographers, drug vendors and Silk Road employees.

Washington Post’s report states: “This week, people familiar with the investigation confirmed the FBI had used an NIT on TorMail.”

The article further informed readers that the agency obtained a warrant for hacking certain email accounts, owned by people suspected to be involved in child pornography activities.

“Using a privacy-preserving communication service is not an invitation, or a justification, for the government to hack your computer.”

This implies that the FBI was busy in targeting specific users instead of invading the privacy of innocent users. However, considering the previous reports on the way the FBI deployed the NIT previously, it seems quite unlikely that the hacking was targeted, states the Washington Post report.

The question that arises in a common person’s mind is that how could the FBI target specific email accounts owned by perpetrators of child pornography.

According to American Civil Liberties Union’s principal technologist Christopher Sohogian, “there were certainly large numbers of TorMail users who were not engaging in any criminal activity.”

“If the government, in fact, delivered an NIT to every single person who logged into TorMail, then the government went too far; using a privacy-preserving communication service is not an invitation, or a justification, for the government to hack your computer,” he added.

Sohogian opines that “this case was from 2013: we still don’t have the NIT order, or the NIT application,” which means that it is yet unclear if the judge who approved NIT really understood what was being authorized.

An FBI’s spokesperson Christopher Allen when asked to give his opinion on the recent report from the Washington Post, said that: “I would not be able to comment one way or the other on your specific question.”

Much later in 2015, the FBI conducted a yet unprecedented hacking spree in which the agency deployed malware infections on at least 1000 computers, which were being used for visiting a particular child pornography website. This particular move was part of an extensive operation called Operation Pacifier.

Operation Pacifier was a huge, multi-agency investigation into the growing issue of child pornography on the dark web.

 

[Burrr]

Whatever email is popular with pedophiles...um, better not use it.

 

[MindlessWork]

Now what if such people started using ProtonMail over Tor??? That would be a very bad thing.

 

[GigaloRob]

Whatever email is popular with pedophiles...um, better not use it.

One would have to be a pedophile in order to know which ones they use. They will move to another. Which one? Who knows.

 

[pumpingiron22]

Yeah I read about this recently.

 

[Millard]

Whatever email is popular with pedophiles...um, better not use it.

Services that claim to offer the best privacy and anonymity protections will inevitably be abused by pedophiles, terrorists, etc. Yes, that means every tool regularly used by guys buying AAS and other illicit drugs.

That's no reason to demonize or discourage people for using TOR, VPNs, PGP/GPG, encryption, protonmail, tutanota, anonymousspeech, countermail, bitcoin, tails, etc.

 

[Winnie the Pooh]

Whatever email is popular with pedophiles...um, better not use it.

As the Grugq says, "If your secure communications platform isn’t being used by terrorists and pedophiles, you’re probably doing it wrong. – [REDACTED]"

 

[Winnie the Pooh]

Now what if such people started using ProtonMail over Tor??? That would be a very bad thing.

You cannot effectively use Protonmail over Tor, as Javascript is required. Javascript can be used to learn your real IP address, undoing the protection afforded by the Tor network. Essentially, you have no anonymity while using Protonmail.

Furthermore, even the protection afforded by PGP can easily be lost. I view Protonmail as the next Hushmail -- anyone involved in illegal activity, who believes that Protonmail is going to protect them is liable to get a very rude awakening -- the same type of rude awakening that Tyler Stumbo (Oscabro) and many others received when Hushmail was compelled to turn over 12 CDs full of decrypted email to the DEA.

Before taking a look at the similarities between Hushmail and Protonmail, it might be beneficial to review a little about public key crypto.

One of the fundamental, bedrock principles of public key cryptography lies in the separation of public and private keys. The entire strength of the system lies in that sepraration. Under NO circumstances is the private half of the keypair ever meant to leave the custody or control of the owner (who usually generates the key). Both Hushmail and Protonmail violate this funamental principle, as they both generate as well as store both halves of the keys.

In both cases -- Hushmail and Protonmail -- Javascript code is used to generate PGP keys in the users' browser. These keys are then stored on the respective servers of Hushmail or Protonmail. One way to see for yourself that the keys are stored on the server is to setup an account, and they try to login from two different devices. In each case, you will be prompted for the username and password, as well as the mailbox key -- i.e. the PGP passphrase required to decrypt encrypted email.

What this means is this: for both Hushmail as well as Protonmail, you do not own/control the PGP keys -- Hushmail or Protonmail do.

It would appear that, for Version 3.0 of Protonmail at least, you cannot even download your PGP public key from their server:

Q. How can I add public keys to a key ring?

A. Unfortunately, at this moment we do not support adding public keys to a key ring. We will be adding full PGP support in the future, including the ability to manage keys. You can learn more about how to download your ProtonMail Public key here....

Q. How can I download my public key?

A. ProtonMail uses PGP for end-to-end encryption (learn more what is encrypted here: What is encrypted? - ProtonMail Support). This means that your account has two keys, one public and one private. You can share your public key with other contacts outside of ProtonMail, so they can send you secure messages. Since our public release and the upgrade to the latest version 3.x the feature to download the public key has been temporarily disabled, as we are working on improving it.

You can still download your public key from the old version at ProtonMail. To download your public key:

- Log in on the old version
- Go to Settings
- Open the Security tab
- Click on “Download Public Key”

The PGP key(s) are tied to the account, and you do not have control over them. I suspect, even if Protonmail does follow through on their promise of "adding full PGP support" it is unclear whether you will be permitted to download the private half of the public key that they are storing for you. To a degree, this serves as a means of account/data lock-in.

Now, you might ask, 'Why is the storage of both halves of he PGP keys on the server a bad thing?"


The answer is that this is the key weakness that was exploited by the courts to compel Hushmail to decrypt 12 CDs worth of email to hand over to the DEA.

As anyone familiar with PGP will already know, the PGP public key is used to encrypt messages, while the private key (and its' associated passphrase) are used to decrypt encrypted message traffic. Since Hushmail already had a copy of the private key on its' servers, all that was required to decrypt a customer's traffic was the passphrase. When you use the service, (whether it is Hushmail or Protonmail) you have to enter a passphrase (or mailbox key, as Protonmail calls it) to decrypt your PGP encrypted emails.

What happened in the case of Hushmail was that Hushmail used a modified Java applet designed to capture a customer's passphrase -- with that passphrase, and the private half of the PGP key, it was a trivial matter to decrypt the customers' emails.

I would argue that Protonmail is vulnerable to the very same approach as was used with Hushmail. In Hushmail's case, the Mutual Law Enforcement Assistance Treaty (MLAT) was used to get a court order to compel Hushmail to decrypt and hand over the emails.

It is worthy of note that there is also an MLAT agreement between Switzerland the United States -- it has been in force since 1977. The fact that the datacentre (and its encrypted data) are located in Switzerland will afford no more protection than was afforded by the Hushmail servers being located in Canada.

 

[master.on]

That's what I've always said
TOR attracts even more attention from LE
Compared to pedophiles, buying or even selling roids ain't that prosecuted (some people even think juicing is a victimless crime)
Just use a prepaid phone and remove its battery and/or sim card when turned "off" so it won't continuosly reveal your location.
You can use it only at a school or business district where hundreds of thousands of people are in the same location, as opposed to sparsely populated suburban areas.
Turn off GPS tracking.

 

[Winnie the Pooh]

That's what I've always said
TOR attracts even more attention from LE

As I said earlier, Tor has stopped more than one investigation dead in its' tracks.

Compared to pedophiles, buying or even selling roids ain't that prosecuted (some people even think juicing is a victimless crime)

I don't think steroid use should a crime; I don't think that smoking weed should be a crime, either, but it is, and in many places, people are still going to prison over it.

Just use a prepaid phone and remove its battery and/or sim card when turned "off" so it won't continuosly reveal your location.
You can use it only at a school or business district where hundreds of thousands of people are in the same location, as opposed to sparsely populated suburban areas.
Turn off GPS tracking.

You're forgetting about the fact that each phone can be tracked using its IMEI number -- the fact that there may be hundreds, or even thousands of people where you are using it is totally irrelevant.

As Astor from Silk Road often said: "No one has ever regretted being too secure, but many people have regretted not being secure enough."

In the end, it's a personal choice -- I sincerely hope that, in the future, you do not regret the ones that you have made.

 

[master.on]

Buying or even selling steroids is a relatively mild crime compared to those in the darkweb.
Moderate juicing is quite victimless as long as you don't get roid rage and you do proper pct.

Darkweb crimes are nasty
The most common seems to be pedophilia, the most coward crime. Hard drugs and weapons
So it may actually work backward just accessing tor may raise suspicion from Le and its resulting malware.
Thus a steroid buyer or seller which would never get under le radar, may get flagged by using tor.

Still
large steroid sources only access their public website or sales email
from a computer located in a shitty lawless country (i.e. moldova) and separately forward the info to the domestic remailers.
For further anonimity they use a different device, internet connection (IP) and a different encrypted email account. They just don't forward the Email to a different address which could easily be traced.
Likely they save the email info in a usb or something, and transfer it to the second device with said different ip internet connection, and encrypted email.

Of course this info is just provided for information/entertainment purposes only.
I'm not advocating to break any law in any country.

 

[Docd187123]

Buying or even selling steroids is a relatively mild crime compared to those in the darkweb.
Moderate juicing is quite victimless as long as you don't get roid rage and you do proper pct.

Darkweb crimes are nasty
The most common seems to be pedophilia, the most coward crime. Hard drugs and weapons
So it may actually work backward just accessing tor may raise suspicion from Le and its resulting malware.
Thus a steroid buyer or seller which would never get under le radar, may get flagged by using tor.

Still
large steroid sources only access their public website or sales email
from a computer located in a shitty lawless country (i.e. moldova) and separately forward the info to the domestic remailers.
For further anonimity they use a different device, internet connection (IP) and a different encrypted email account. They just don't forward the Email to a different address which could easily be traced.
Likely they save the email info in a usb or something, and transfer it to the second device with said different ip internet connection, and encrypted email.

Of course this info is just provided for information/entertainment purposes only.
I'm not advocating to break any law in any country.

Stop pretending like you know how this shit works. You think Pharmacist had an armed hit squad for crying out loud.

 

[master.on]

Stop pretending like you know how this shit works. You think Pharmacist had an armed hit squad for crying out loud.

Not pharmacist LOL
But naps had armed guards to protect the money receivers from being robbed out of the Western Union or Moneygram branches
Hitmen were occasional, hired only as needed.
Not bragging but I know how it works