Security researchers tonight are poring over a piece of malicious software that takes advantage of a Firefox security vulnerability to identify some users of the privacy-protecting Tor anonymity network.People who are trying to shield their identity must have something to hide. The decedents of J. Edgar seem interested in finding out more about who they are.
The malware showed up Sunday morning on multiple websites hosted by the anonymous hosting company Freedom Hosting. That would normally be considered a blatantly criminal “drive-by” hack attack, but nobody’s calling in the FBI this time. The FBI is the prime suspect.
“It just sends identifying information to some IP in Reston, Virginia,” says reverse-engineer Vlad Tsyrklevich. “It’s pretty clear that it’s FBI or it’s some other law enforcement agency that’s U.S.-based.”
This appears to be an implementation of the CIPAV, computer and internet protocol address verifier, a piece of software that has been in use by the FBI since 2002. It's existence first came to public attention in 2007. This use seems to be an effort to learn the identity of people using the Tor anonymity network. One theory is that this was done in conjunction with a child porn investigation.
The code that was implanted captures the identity of the anonomized user and sends it to a specific address. It turns out that the IP address is registered to Science Applications International Corporation which is a major contractor for defense agencies and the FBI.
Just another way in which your tax dollars are at work.