The FBI somehow obtained the IP address of someone who allegedly visited an ISIS-related site on the dark web. The DOJ is blocking discussion of the issue from entering the public docket.

submitted by neolib from vice.com

all 8 comments
sorted by:
top
newinsightfulfun

[–][deleted]  (4 children)

[deleted]

    [–]LarrySwinger2 5 insightful - 2 fun5 insightful - 1 fun6 insightful - 2 fun -  (0 children)

    Can you tell me more? How do they deanonymize people?

    [–]Newzok 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 2 fun -  (0 children)

    I'd certainly like to hear more about this.

    [–]Drewski 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (1 child)

    Not saying you're wrong, but do you have any evidence of this? When you say 100% compromised, it's not just some vulnerability in the TOR browser that can be patched but an integral part of the network? And what are your thoughts on i2p?

    [–]BISH 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 2 fun -  (0 children)

    ISIS is an Israeli op.

    [–]SoCo 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (1 child)

    The FBI is obviously running the website and actively recruiting Americans to ISIS, similarly to how the FBI ran the largest darknet child porn site for 2 weeks, hosting and sharing kiddy porn with that "Play Pen" case in ~2015. I guess the FBI commits crimes with impunity and has no concept of entrapment or enticing citizens to commit crimes being wrong. Similarly, though, the FBI again ran Freedom Hosting to exploit users, although they may have not shared actual content that time, just a malicious attack page that hacked the computers of random visitors to the websites, which included lots of non-illegal stuff, making their action Constitutionally and legally indefensible, despite being ignored by the DOJ.

    We were never given the details of the FBI Play Pen technique, but enough people captured it from the FBI's Freedom Hosting warrant-less dragnet of hacking users who visited the Tor wiki and TorMail, among other sites, to know what they did in this instance, but also refused to disclose:

    They relied on JavaScript to tag the computer, remotely log the tag, and then they ran a FireFox exploit, which ran executable Windows code to grab the IP info.

    The lessor stuff they did is similar to what every Cloudflair protected site does; they generated a unique ID, store it in a cookie in people's browser and loaded a webpage in an IFrame sending that unique ID to a website for logging and time stamping. The ID in the cookie stayed on their browser a short time, but would ultimately be cleared by TorBrowser pretty quickly, unlike Cloudflair and other standard web-services which could potentially track you indefinitely across the web, from site to site, with time stamps and maybe even the full target URL. For the FBI, the remote website could collaborated that ID with a timestamp, a Tor connection (same chain?), and would be great proof....if the browser didn't clear cookies, but mostly would just track the same user across their website preventing too many multiple exploits of them in one browser session.

    The FBI also uses what was thought to be a stack spraying zero-day exploit against Firefox, allowing them to run exploit code against the Windows Operating System to grab details of the IP address (and probably MAC address too) of the network adapter.

    [–]SoCo 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

    Correction: the suspected technique was "heap spraying", not "stack spraying". If course it is a mess of semi-obfuscated JavaScript that's hard to guess what it is dong.

    [–]jet199 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (0 children)

    Surely they must realise half of those sites are fronts to catch such people.

    [–]IkeConn 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

    The FBI doesn't want Joe Public to know they listen to him piss and watch him sleep.