There's another group out there installing malware on computers - the FBI. It's using a tactic called drive-by hacking to track computers using the Tor anonymous computing system.
Security experts call it a “drive-by download”: a hacker infiltrates a high-traffic website and then subverts it to deliver malware to every single visitor.
With Tor, users can browse the Internet anonymously. The program routes your signal through multiple computers to hide your tracks online. But, the FBI has found out how to infiltrate the system. It infects target sites and then tracks users using the installed malware.
The FBI is using drive-by hacking to track users on the Dark Net, hidden websites that are only accessible through Tor. These websites usually deal in serious activity like drugs, child porn and murder contracts. The FBI has had some success tracking users of child porn sites and have 14 heading to trial. In the first child porn case, the malware was designed to identify the computers used by users and not take any other information.
On the surface, this sounds like a great tool to help law enforcement find and arrest some terrible criminals. But, questions are beginning to arise because there is some evidence that the FBI is tracking legal websites on Tor, too.
Others are worried that the tactic will be used to track people legally visiting other suspicious sites like researchers or human rights workers. There's been no public debate or Congressional hearings on this type of tracking, so the public doesn't know much about the full extent of the FBI's plans.
“You could easily imagine them using this same technology on everyone who visits a jihadi forum, for example,” he [ACLU technologist Chris Soghoian] says. “And there are lots of legitimate reasons for someone to visit a jihadi forum: research, journalism, lawyers defending a case. ACLU attorneys read Inspire Magazine, not because we are particularly interested in the material, but we need to cite stuff in briefs.”
The ACLU is also worried that judges signing the search warrants that make these malware attacks legal don't fully understand the technology. The Operation Torpedo search warrant didn't actually use the word malware anywhere.
So, if you're one of the people using Tor to legally access potentially dangerous sites on Tor, consider yourself warned - the FBI could be watching.
Want more news like this? Get top headlines straight to your inbox every day! Keep up with the latest in security, privacy, hardware and software developments, cool science and wacky Internet videos. Click here to sign up for my daily News of the Day newsletter now.