The FBI Hacked Over 8,000 Computers In 120 Countries Based on One Warrant

Those cases revolve around the FBI's investigation into dark web child pornography site Playpen. In February 2015, the FBI seized the site, but instead of shutting it down, the agency ran Playpen from a government server for 13 days. However, even though they had administrative control of the site, investigators were unable to see the real IP address of Playpen's visitors, because users typically connected to it through the Tor network.

In order to circumvent that anonymity, the FBI deployed what it calls a network investigative technique (NIT), or a piece of malware. That malware, which included a Tor Browser exploit, broke into the computer of anyone who visited certain child pornography threads on Playpen. It then sent the suspect's real IP address back to the FBI.

According to court filings, the FBI obtained over 1,000 IP addresses of alleged US-based users. Over the past year, Motherboard has also found that the FBI hacked computers in Australia, Austria, Chile, Colombia, Denmark, Greece, and likely the UK, Turkey, and Norway too.

motherboard.vice.com/read/fbi-hacked-over-8000-computers-in-120-countries-based-on-one-warrant

Other urls found in this thread:

mozilla.org/en-US/security/advisories/mfsa2016-37/
mozilla.org/en-US/security/advisories/mfsa2016-38/
mozilla.org/en-US/security/advisories/mfsa2016-14/
mozilla.org/en-US/firefox/45.0.1/releasenotes/
twitter.com/AnonBabble

...

...

...

Good on them, get fucked pedoshits.

Wasn't TOR that got them busted, it was the malware.

This. If they used Tor with something like links or w3m, they would have been safe (probably).

What an absolute imbecile. I would trust Java over bug fest C application any day.

I thought only the extracter/installer was Java though?

Then you don't know anything. C programs can be full of bugs. Java program are forced to use a JVM full of bugs.

It's pozzed:
CDEPEND="dev-java/bcprov:1.54 dev-java/commons-compress:0 dev-java/fec:0 dev-java/java-service-wrapper:0 dev-java/jbitcollider-core:0 dev-java/lzma:0 dev-java/lzmajio:0 dev-java/mersennetwister:0"DEPEND="app-arch/unzip >=virtual/jdk-1.7 ${CDEPEND} test? ( dev-java/junit:0 dev-java/ant-junit:0 ) dev-java/ant-core:0"RDEPEND=">=virtual/jre-1.7 net-libs/nativebiginteger:0 ${CDEPEND}"PDEPEND="net-libs/NativeThread:0"

Well if you're using modern consumer hardware (botnet) with mainstream OS (botnet) then you're in trouble.
But if you deviate from that, and the more you deviate from that, the harder it is for anyone to hack you. It will require a lot more effort than sending canned exploit.
And you can further improve by leaving very little attack surface, the least amount possible. But this is the opposite of "convenience", so most people won't bother to even take the most basic steps.
At the end of the day, there is the bottom line: money. If you make it cost too much effort, you're no longer worth it.

Let's count off the various ways they fucked up this investigation.


In summary: gigabytes of child abuse content circulated, a handful of fucked up cases, widespread outrage hampering future efforts and collaboration with foreign governments. Oops.

Shouldnt the bigger story here be that the fbi ran a cp site? That has to be illegal and makes everything else quite irrelevent as law enforcement cant break laws to catch people. Im no legalfag but ive seen enough crime shows to know you cant collect evidence illegally.

Don't forget
Why are they still being funded? So they can hack into peoples computers to plant evidence so they can "solve" it later?

Got source to back your claims up?

No, that's why I used variables. They'd have to answer how many unsolved crimes they chose to ignore to prioritize this instead.

it required javascript enabled to malware you
and whonix/vm/tails vm would protect even with js


US is totalitarian 3rd world shit, they don't care about laws

Well, that's not the first time I've read about Tor being an insecure piece of shit.

Are you questioning the NAVY and DARPA's competence?

It's okay when we do it goy.

Firefox isn't Tor. Tor Browser with security on high is a good default for most people. If you don't agree, post security tips instead of just shilling.

The fact the FBI has to exploit the web browser means Tor works pretty well.

And Freenet and i2p are mostly used with web browsers, so they'd be vulnerable to the same types of attacks.

Fucking sea lions

Well that wouldn't work with a setup like Whonix. The attacked computer wouldn't even know the IP-address.

If they wanted, they could chain a virtualbox or qemu/kvm exploit to break out of the VM.

It's unlikely because of the added cost and low amount of targets using virtualization, but it's possible.

We don't know anything about the actual exploit except it was for Tor Browser. The FBI classified the exploit for "national security reasons" after defendants asked for details.

There was one unconfirmed report that the exploit was in Firefox's graphite2 font file renderer.

How would I go about using links with Tor?

NoScript doesn't download fonts by default, so even if this was an issue with Firefox's font renderer (some rumors point to that), unless you're dumb enough to disable NoScript on an onion site you should be safe.

$ torsocks links
gee that was hard

Graphite2 had 16 critical CVE's this year

mozilla.org/en-US/security/advisories/mfsa2016-37/
mozilla.org/en-US/security/advisories/mfsa2016-38/
mozilla.org/en-US/security/advisories/mfsa2016-14/

Mozilla disabled it by default last March, so it's now disabled in the latest Tor Browser:

mozilla.org/en-US/firefox/45.0.1/releasenotes/

The Playpen operation wasn't a complete fuck up like the 2013 Freedom Hosting attack. If it was limited as described in the warrant then I have no problem with the Playpen hack.

The FBI only deployed the exploit against users who were logged in and browsing threads clearly labeled as CP. Even with 1 warrant, they had enough probable cause for all 8000 computers.

The Freedom Hosting exploit was supposed to be limited to 23 illegal sites too. But in reality, they (accidently?) embedded the exploit on every single onion hosted on Freedom Hosting. Thousands of legitimate Freedom Hosting onions were affected.

Congratulations to the FBI for accelerating the destruction of pedophilia worldwide. Our thanks must also go to them for creating delicious, juicy pedo butthurt.

Thats not at all what happened. Pedos can still easily view cp whenever they want. This was a terribly executed idea that arguably did more damage to the fbi than the pedos. If anything it has solidified peoples ideas that tor is secure as they had to find a different way to get peoples ip than "breaking tor".

Dark web pedos are a minority. The average internet pedo still downloads CP through open P2P networks, bare IP. They don't know or care about security. We see millions of IPs sharing CP each year and we can only afford to arrest less than 1%.

this
I2P would actually even better for them because it can do P2P as well.
But I really don't know what these kinds of raids are supposed to accomplished other than to serve as PR for the FBI, because it really doesn't make any difference in the long run and they probably even know that themselves.

As if this is the first time the FBI has broken the law during investigations. Look into the Weather Underground. The FBI broke so many laws gathering information against these guys, some of them got off for detonating bombs in government buildings.

...

The term 'pedophilia' is a plot to genocide white people. Other cultures recognize puberty as when sex isn't deviant behavior. As a result, their women have more usable fertile years, the age of first birth is lower speeding population growth, and careers don't get in the way of raising kids.
Cultures terrified of pedophilia now have birth rates so low they are literally dying out and are being quickly replaced by Mohammad and his pregnant 12 year old who will end up with 10 children. They've tricked you into killing yourselves by thinking this is unnatural despite it being normal in your own cultures until just one century ago. Figure it out.

Everything's a plot to genocide white people. Mohammad never wore shoes and he bore 72 children. In white countries today, everyone wears shoes and have a negative growth rate. Support white genocide today and war your shoes.

Remember though that with customization comes less anonymization.

Weigh the pros can cons before switching browsers.