Visit the Wrong Website, and the FBI Could End Up in Your Computer

Security experts call it a “drive-by download”: a hacker infiltrates a high-traffic website and then subverts it to deliver malware to every single visitor. It’s one of the most powerful tools in the black hat arsenal.

Visit the Wrong Website, and the FBI Could End Up in Your Computer

As with all technology, Tor can be used for good or for bad reasons.

Using it to conduct shady business is a bad reason. For example distributing child pornography.

Attempting to track down child pornography is a nobel reason, but so is trying to report certain events to the world objectively, because the country where the reporter resides suppresses free speech.

The question is: where do we draw the line as regular users? Aren't we responsible enough to decide for ourselves? Do we want the government to know everything there is to know about us? Do they have that right? Aren't we entitled to decide with whom we share our inner, deepest thoughts?

And who's to say they can't plant things on computers to get people they want eliminated? I often wonder if some of the people accused of things like child porn being found on a computer was actually theirs, or planted? Is there truly an security anymore? Only if you never plug in.

The question is: where do we draw the line as regular users? Aren't we responsible enough to decide for ourselves? Do we want the government to know everything there is to know about us? Do they have that right? Aren't we entitled to decide with whom we share our inner, deepest thoughts?

1. Where do we draw the line? Stop, when faced with the urge to use the technology for illegal purposes.

2. Aren't we responsible enough to decide for ourselves? No, we're not. There are always going to be people who don't know how to stop at that line. People are going to hack into other computers/systems. People are going to commit theft, treason, and terrorism through the technology. People are going to view & distribute illegal porn. So... No. We're not.

3. Do we want the government to know everything there is to know about us? No, but we are the ones who accept the terms & conditions and we're the one's putting our private data out there. To the extent that we use the technology, even in what we think might be "cautious" ways, we make ourselves vulnerable and compromise our privacy.

4. Do they have that right? In many cases, yes.

5. Aren't we entitled to decide with whom we share our inner, deepest thoughts? Yes. But if we choose to share our inner, deepest thoughts on a cell phone, or in an email, or on the web, then we willingly compromise the privacy of that info.

Just my thoughts on it.

I'm sure (this being a conspiracy theory type site) that a lot of people here are familiar with Cryptome and Wikileaks Spy Files. If not, get Googling, because there is a formidable amount of important, real-world info out there on how deep the surveillance goes. Don't ever assume your use of technology, in whatever form that takes, is private.

a reply to: haarvik

Yea pretty much. I wondered that as well, but, a person who wouldn't find child porn 'planted' is usually someone who doesn't really know how to use a computer and most likely wouldn't fit the profile or a person who normally would.

When I was about 18 I used to use MSN all the time to chat with people, it was the ancient form of facebook really, and at one point I got some pretty crazy e-mail addresses adding me on MSN it involved Osama, AK-47s and what not, like [email protected] or [email protected]. At first I thought it was just spam e-mails until I started noticing them changing their names every so often. One day I talked to one of them and it got pretty scary.

So I went to the RCMP website (Canada's FBI) and sent in an 'anonymous' message, no name, email, phone number, nothing indicating it was me.

About a month later I had forgotten about it and I get a phone call from the RCMP... they tracked me down just from that one message, even phoning my dad at his work, they even knew my online gaming names, all my email addresses, everything. This was about 9 years ago, think about what they can do now days.

Ever since then I took great care in my online security, I use a Blackberry, I have three Spy ware removal systems, and I don't use Wifi for my home computer it's plugged in, which I unplug when I am not on it, my banking passwords are usually over 15 characters long and I reset them every month. Gotta be careful.

It seems that they were exploiting a Firefox vulnerability that was already known, but when one downloads the Tor bundle, which includes a version of Firefox, the software does not automatically update as time goes on. So when they had fixed this vulnerability a month prior to discovering the exploit, only those individuals who had manually installed updates were protected. That is the way I understand it anyway. The creators of Tor are not responsible for the things their software is used for, and they will work to fix any vulnerabilities, as well as allowing automatic updates out of the box.

I hate child pornography as much as the next person, but I still want to see the laws followed in all instances. Just because I dislike someone who uses or creates this stuff does not mean I want to see them go without a trial for instance. And part of the problem here is the way these situations have been handled, and whether it was within the bounds of the law. It was mentioned in the article that the 30 day search warrant period had expired or something, without the prosecutors giving any information or something like that, which could be a problem for them.

I really dislike grey areas in the law as it allows for authorities to get away with things that may not be legal. The problem with allowing them to do something illegal in certain instances, even if you agree with them on a certain issue, is that there is a very good chance that the same methods will be used in an increasing number and variety of situations, to the point where it becomes commonplace. It basically sets a precedent or standard that should not have been allowed in the first place.

It could be argued that these people are going to websites dealing in illegal materials, which is true, but in all instances this does not make a person a criminal. Like the article states I can go to a Jihad website where people are talking about killing US citizens, but that doesn't make me a terrorist. The child pornography thing of course is different, and I only use that example because of its prevalence in the original article. So as far as we know they are only using this on "illegal" sites accessed by the onion router. As far as we know. Is there anything preventing them from using this on regular .com sites? What if they keep expanding with their success and decide to use exploits to install malware or other software on computers that access subversive or counter-culture or anti-government sites? This is why I say there should never be any grey area.

The absence of grey area does not mean that authorities cannot use their common sense, but we should still eliminate stupid laws as well. For instance like arresting a mother for letting her children play outside. Ridiculous, and lacking in common sense on the part of the authorities, who are not tasked with using common sense and human decency.

LOl.

I use a public computer. (not gonna tell you where - kinda defeats the purpose.)

Just saying they can suk my.......

originally posted by: haarvik
Is there truly an security anymore? Only if you never plug in.

Agreed. And even then, unplugged, one needs to be cautious.

Those who surveil want us as plugged-in as possible. Even un-plugged, audio and video technology (from a remote source) is way more advanced than a lot of people think.

Somewhere in the HSCA documents (now declassified) is a one-sentence statement by James Angleton (then counterintelligence Chief of the CIA) of the type of audio tech available for surveillance at the time (early 1960's) - a device that the CIA & FBI used, when pointed at a pane of glass (window), would turn that glass into a receiver and you could then hear the conversation in the room.

Here it is (it took me a bit to find it - I read through all that stuff years ago, it is interesting reading), page 23 of the House Select Committee on Assassinations, testimony of James Angleton, 5 Oct. 1978:

Listening device...

Not that I'm paranoid or anything. But Orwell's vision of the future is here, now. And on steroids. And much more sub-surface than in 1984.

a reply to: kranskik

There is no "noble" reason for it. Saying "child pornography" is not a noble reason ... except in your puny brain.

There is a reason, why spying of this nature has been dismissed by courts. It's because you cannot verify the authenticity of the data. You say child porn, what is to stop you to plant that evidence. You find somebody who is political, and you plant child porn on his computer and there ya go.

The act itself, is criminal in nature ... and is committed by the criminally insane. Saying A is less criminally insane than B, is no brainer.

A hacker infiltrating a website and uploading hacks to your PC is not having "the FBI on your computer".

At least that's what it sounds like at face value. But titles gonna be as scandalous as poss for those hits.

a reply to: igor_ats

Relax. You're kina sorta safe here....?

If it helps capture pedophiles I'm all for it! I think people with something to hide should be worried!

It definitly is any site that is .gov

originally posted by: Staroth
If it helps capture pedophiles I'm all for it! I think people with something to hide should be worried!

I'm worried.

Ha,
I say go ahead, waste your time reading through all the inane sh*t I write on the internet.

originally posted by: minusinfinity
LOl.

I use a public computer. (not gonna tell you where - kinda defeats the purpose.)

Just saying they can suk my.......

Their is a good chance that place has cameras , on the way to that place you crossed cameras, if you paid by CC you made the task even easier . Hope you didn't check any personal emails ,accounts ,etc to make it even easier.

Hope your cellphone or other electronics weren't with you.

It takes more than computer skills to be anonymous today perhaps even some luck.

If they want to get you they can get you and not just by known published methods

originally posted by: Staroth
If it helps capture pedophiles I'm all for it! I think people with something to hide should be worried!

You don't have anything to hide, so you are ok with not having any privacy?
Then why don't you wear see-through clothing? Or give us your Facebook user/pass? Or talk on your speaker phone anytime you are in public?

Your argument of "I don't have anything to hide" is pretty common. But you fail to differentiate between "criminal activity" and "right to privacy". I am not a criminal, but I don't want anyone listening in on my phone calls, reading my mail, rummaging through my underwear drawer or trackin me via cell-phone signal to follow my shopping habits. Perhaps you take comfort in fact that every street corner there is a mic and camera recording your argument with your lover... I certainly don't.

Those who surrender freedom for security will not have, nor do they deserve, either one.
Benjamin Franklin

a reply to: minusinfinity

Yeah, well at what library or college? They are the worse and most often tracked....much easier to do on them.

a reply to: lonweld

Besides "right to privacy" many of the ""I don't have anything to hide" mentality make the wrong assumption that the people that are using the data are their to protect you versus market you and manipulate you.

The people in control are not the gov't but the corporate lobbyist and they will ultimately use the data to manipulate you , sway public opinions, and control the masses.

I am always impressed by the people that never heard of this before.
A lot of people have no clue how insecure the web is, even if you have a firewall and an antivirus program installed.
Trust me I know what I am talking about (expierence in this scene).
The only way to be secure from hacking is being offline. It is way too easy to get behind most private security symstems.

This is why you need to think twice before posting anything.
Even TOR is not secure/anonymous if the rest of your PC is not.

I'm not the least bit concerned about the FBI looking at my collection of silly captioned cat pictures and boring music files.

I'm pretty sure in instances involving "implanted" CP, the Agency has a record of what sites were visited and weigh in on whether or not it was maliciously installed. Agents aren't stupid....and I'm pretty sure in serious cases the work in tandem with the CIA when it comes to certain types of serious offenses or suspected involvement of illicit activity.

I tend to avoid "questionable" sites in general because I'm well aware of the nefarious black hatters who are complete jerks....and besides books are a tried and true alternative if you're worried about online security issues via malware.