Security experts call it a "drive-by download": a hacker
infiltrates a high-traffic website and then subverts it to deliver
malware to every single visitor. It's one of the most powerful
tools in the black hat arsenal, capable of delivering thousands of
fresh victims into a hackers' clutches within minutes.
Now the technique is being adopted by a different kind of a
hacker -- the kind with a badge. For the last two years, the FBI
has been quietly experimenting with drive-by hacks as a solution to
one of law enforcement's knottiest Internet problems: how to
identify and prosecute users
of criminal websites hiding behind the
powerful Tor anonymity system.
The approach has borne fruit -- over a dozen alleged users of
Tor-based child porn sites are now headed for trial as a result.
But it's also engendering controversy, with charges that the
Justice Department has glossed over the bulk-hacking technique when
describing it to judges, while concealing its use from defendants.
Critics also worry about mission creep, the weakening of a
technology relied on by human rights workers and activists, and the
potential for innocent parties to wind up infected with US
government malware because they visited the wrong website. "This is
such a big leap, there should have been congressional hearings
about this," says ACLU technologist Chris Soghoian, an expert on
law enforcement's use of hacking tools. "If Congress decides this
is a technique that's perfectly appropriate, maybe that's OK. But
let's have an informed debate about it."
The FBI's use of malware is not new
http://www.wired.co.uk/news/archive/2014-08/06/operation-torpedo-fbi
No comments:
Post a Comment