29 Mar 2016

FBI is fighting back against Judge's Order to reveal TOR Exploit Code

tor-exploit-code
 
Last month, the Federal Bureau of Investigation (FBI) was ordered to reveal the complete source code for the TOR exploit it used to hack visitors of the world’s largest dark web child pornography site, PlayPen.

Robert J. Bryan, the federal judge, ordered the FBI to hand over the TOR browser exploit code so that defence could better understand how the agency hacked over 1,000 computers and if the evidence gathered was covered under the scope of the warrant.

Now, the FBI is pushing back against the federal judge’s order.
 
On Monday, the Department of Justice (DOJ) and the FBI filed a sealed motion asking the judge to reconsider its ruling, saying revealing the exploit used to bypass the Tor Browser protections is not necessary for the defense and other cases.

In previous filings, the defence has argued that the offensive operation used in the case was "gross misconduct by government and law enforcement agencies," and that the Network Investigative Technique (NIT) conducted additional functions beyond the scope of the warrant.

The Network Investigative Technique or NIT is the FBI's terminology for a custom hacking tool designed to penetrate TOR users.

This particular case concerns Jay Michaud, one of the accused from Vancouver, Washington, who was arrested in last year after the FBI seized a dark web child sex abuse site and ran it from agency’s own servers for the duration of 13 days.

During this period, the FBI deployed an NIT tool against users who visited particular, child pornography threads, grabbing their real IP addresses among other details. This leads to the arrests of Michaud among others.

The malware expert, Vlad Tsyrklevich held by the defense to analyse the NIT, said that it received only the parts of the NIT to analyse, but not sections that would ensure that the identifier attached to the suspect's NIT-infection was unique.
"He is wrong," Special Agent Daniel Alfin writes. "Discovery of the 'exploit' would do nothing to help him determine if the government exceeded the scope of the warrant because it would explain how the NIT was deployed to Michaud's computer, not what it did once deployed."
In a separate case, the Tor Project has accused the FBI of paying Carnegie Mellon University (CMU) at least $1 Million to disclose the technique it had discovered that could help them unmask Tor users and reveal their IP addresses. Though, the FBI denies the claims.