Within a few hours many people analyzed the exploit. Somebody noticed the malicious JavaScript on the 28th and posted it to Reddit, and someone else sent it to the Tor developers on the 29th. On or before November 28th, someone, probably French law enforcement, apparently took over a child pornography site called “ GiftBox” and deployed an FBI-style NIT to deanonymize users. The NIT itself consists of three major components: the exploit which takes over the Tor browser (a customized copy of FireFox), the payload which conducts the search needed to deanonymize the target, and server support infrastructure which not only hosts the NIT but modifies each copy sent to include a unique identifier. This may be the last time we see a NIT used in these cases. Just the other day, we saw a NIT used in another child porn case. In the Freedom Hosting case, the NIT got captured as the FBI deployed it too broadly, while the PlayPen NIT remains confidential. So far we've seen exploitive NITs used by the FBI two major child pornography cases: Freedom Hosting and PlayPen. Lawfare readers by now should be very familiar with the concept of the FBI's Network Investigatory Technique or NIT, a small piece of malicious code that exploits the target’s computer to generate a message which deanonymizes the target.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |