FBI confirms they were behind Freedom Hosting's takeover
Posted on 16 September 2013.
An FBI agent testifying at the court hearing where the subject of bail for Freedom Hosting owner Eric Eoin Marques was discussed has confirmed that the FBI has, indeed, had a hand in taking over the host's servers and setting pages hosted on them to serve de-anonymizing malware to visitors, Wired reports.

Freedom Hosting is well known for allowing pages containing child pornography to be hosted on its servers, and has been the target of attacks by Anonymous in 2011, but among the sites it hosted were also "good" services such as TorMail.

Marques was arrested in Dublin on August 4, and on the same day all the sites hosted by Freedom Hosting started serving a “Down for Maintenance” message. While users speculated online what was happening, they initially failed to detected that spyware was being served to some of them.

Researchers analyzing the code injected in the pages have confirmed that it was created to exploit a vulnerability in Firefox.

"Although the vulnerability affects users of Firefox 21 and below the exploit targets only ESR-17 users. Since this attack was found on Tor hidden services presumably that is because the Tor Browser Bundle (TBB) is based on Firefox ESR-17," Daniel Veditz, Security Lead at Mozilla, opined at the time.

The served malware has one single goal - look up the victim’s MAC address and Windows hostname, and send that information to a server in Virginia operated by the FBI. The researchers believe that it's FBI's infamous CIPAV (Computer and Internet Protocol Address Verifier) spyware, which was used in previous child porn sting operations.

While testifying before the Irish court, FBI Supervisory Special Agent Brooke Donahue has not said how the Bureau has managed to take over Freedom Hosting servers (rented from a commercial French hosting provider) but has shared that Marques has managed to briefly boot them out and change the passwords before finally and definitely being locked out of them himself.

The agent told the court that Marques has been looking into getting a Russian citizenship so that he could get beyond the reach of US law enforcement, that he is still in possession of his own passport and has demonstrated a willingness to use a false one buy website hosting space from a Russian company, and that he had a lot of money at his disposal - all things that would make it easier for him to escape from the country if he were to be granted bail.

The judge obviously found these arguments compelling, and decided that Marques will have to remain in custody until his extradition hearing.









Spotlight

Almost 1 in 10 Android apps are now malware

Posted on 28 July 2014.  |  Cheetah Mobile Threat Research Labs analyzed trends in mobile viruses for Q1 and Q2 of 2014. Pulling 24.4 million sample files they found that 2.2 million files had viruses. This is a 153% increase from the number of infected files in 2013.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //