Anti-Tor malware reported back to the NSA



Boing Boing – by Cory Doctorow

More information on the malicious software that infected Tor Browser through Freedom Hosting’s servers, which were then seized by law-enforcement: it turns out that infected browsers called home to the NSA. Or, at least, to an IP block permanently assigned to the NSA.

Initial investigations traced the address to defense contractor SAIC, which provides a wide range of information technology and C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance) support to the Department of Defense. The geolocation of the IP address corresponds to an SAIC facility in Arlington, Virginia.

Further analysis using a DNS record tool from Robotex found that the address was actually part of several blocks of IP addresses permanently assigned to the NSA. This immediately spooked the researchers.

“One researcher contacted us and said, ‘Here’s the Robotex info. Forget that you heard it from me,'” a member of Baneki who requested he not be identified told Ars.

The use of a hard-coded IP address traceable back to the NSA is either a strange and epic screw-up on the part of someone associated with the agency (possibly a contractor at SAIC) or an intentional calling card as some analyzing the attack have suggested.

Researchers say Tor-targeted malware phoned home to NSA [Sean Gallagher/Ars Technica]

————————-

I write books. My latest is a YA science fiction novel called Homeland (it’s the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help(short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

http://boingboing.net/2013/08/05/anti-tor-malware-reported-back.html

Start the Conversation

Your email address will not be published. Required fields are marked *


*