2. http://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/
On September 12, 2013, an FBI official announced that the agency gained control over a server owned by Freedom Hosting (FH), which operates over Tor anonymity network.
Tor provides anonymity for its users for a good cause. For example, human rights activists may use the network to practice online freedom of speech. However, Tor was found to attract malicious users who need to conceal their identity.
In the case of FH, it was reported to the FBI that FH was allowing hosting child pornography, a federal felony in the United States. The FBI decided to investigate. As part of its plan, malware was used to track down the identity of their target. The FBI attack exploited a Firefox bug to embed arbitrary JavaScript code in iframe to collect users’ data to reveal the identity of the targeted Tor user. The embedded code collects the victim’s MAC address and Windows hostname, and sends it to a Command-and-Control (C&C) server.
On August 4, other benign sites hosted by FH reported receiving error messages with embedded hidden code containing IP addresses. These messages were traced back to the Verizon data center in Northern VA. The servers were used as the malware’s C&C. The packets were sent over HTTP, which made it easier for the researchers to analyze (good for us!!). The exploit targeted Firefox 17 ESR. 17 ESR is the version of Firefox that enables the Tor Browser Bundle.
One independent researcher made an interesting observation. Due to the lack of sophistication of the JavaScript code and its functionality, it is very likely this exploit was crafted by the Government (interesting!)
I believe that although the FBI was trying to track down the identity of a pedophile, they also invaded the privacy of other non-suspect users and served Malware using public ISP provider’s infrastructure, is this lawful?