Latest Ruling: FBI Does Not Have To Reveal Tor Exploit Code

Updated on:
2191

Cropped photo of FBI agent in action with a pistol, rear viewLast February, federal judge’s ruling was for the FBI to reveal the full source code they utilized in the Tor exploit to hack and track visitors of PlayPen, the world’s largest child exploitation site within the dark web.

Judge Robert J. Bryan ordered the agency to hand over the Tor browser malware code for the defense to better understand how the FBI hacked more than a thousand computers.

The defense wanted to verify that the malware didn’t go beyond what the warrant allowed, and additional functions as well as the data gathered were actually covered under its scope.

The government fought back, and has succeeded upon the federal judge changing his mind, a twist which is not quite clear.

Apparently this means that the defense won’t be able to examine and dig deep into the manner in which the evidence against their client was primarily collected.

The Defense

Your TOR usage is being watched

The defendant in the lawsuit is Jay Michaud, a Vancouver teacher arrested for accessing and downloading child exploitations from a dark web Tor hidden site.

He stands accused and demanded the right to review the malware, claiming it was responsible, rather than himself, for the illicit material tracked down on his computer.

Vlad Tsyrklevich, malware expert held by the defense, said that only parts of the NIT could be analyzed.

The Network Investigative Technique is the FBI’s term for their custom hacking tool mainly designed to penetrate Tor users, and by which they discovered the defendant’s IP address and unmasked his identity.

This method was only possible through a vulnerability within the Tor Browser.

It’s how the FBI took over the child exploitation site and incorporated the Tor browser malware in 2015, where they obtained over a thousand alleged US-based IP addresses, over three thousand from abroad, including MAC addresses, operating systems, and various technical details.

The FBI

Cropped photo of FBI agent using laptop in officeDOJ and the FBI filed in sealed motions, trying to convince the federal judge to reconsider, saying that revelation of the Tor exploit is unnecessary for the defense and other cases.

Special Agent Daniel Alfin explicitly said that the discovery of the Tor exploit the agency used to bypass the protections of the Tor browser would do nothing to help determine if the government did exceed the scope of the warrant.

He said it would merely explain how the NIT was deployed to the defendant’s computer, but not what it did once it’s been deployed.

The Maker of Firefox

Mozilla filed a brief with a Washington State District Court compelling FBI investigators to disclose the hack details of the vulnerability in the Firefox-based Tor Browser with them, at least 14 days prior to handing it over to the defense.

The Tor network and software suite for online anonymity and censorship circumvention works towards digital security and privacy of its users, and the Tor browser is partially based on the Firefox browser’s code.

guidelines-logo.7ea045a4e288Mozilla’s Chief Legal and Business Officer Denelle Dixon-Thayer says this is where the vulnerability might still exist.

She said that they are concerned about the hundreds of millions of users that would benefit with a timely disclosure.

If they would be given the information, Mozilla could then fix the vulnerability and update their products before it becomes public.

This works to protect the safety and security of Firefox and Tor users from nefarious actors, and the integrity of the systems and the networks that rely on the Web browser.

Write for us

Disclaimer:

The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.