- News & Events
September 18, 2013
Does the Federal Bureau of Investigation (FBI) use malware to fight crime and occasionally trap innocents? Well J. Edgar Hoover did some pretty dodgy deeds in his day besides wearing a dress. Okay, nobody has proof positive he ever wore a dress — not even his couturier. But J. Edgar did authorize, even insist, agents find “dirt” on everyone from presidents to civil rights leaders. Therefore the possibility of today’s FBI is using malware doesn’t fall into the category of a nutty conspiracy theory, where everything from President Kennedy’s assassination to 911 is blamed on a secret government cabal.
A recent piece on techdirt.com makes no bones about pointing an accusing finger at the Bureau taking control of Freedom Hosting’s servers:
While some reports had suggested that it was the NSA involved, it seemed much more likely (as we predicted) that the FBI was behind the attempt to control Freedom Hosting’s servers and effectively insert a bit of malware designed to identify users of the Tor Browser, who thought they were anonymous.
And, now the FBI has more or less admitted it as part of its effort to extradite Eric Eoin Marques, the owner of Freedom Hosting from Ireland. The FBI has been known to use malware like this, though it had repeatedly tried to keep it away from investigations involving more technically savvy folks, who might discover it and reveal it to the world.
Too late for that now of course.
Freedom Hosting clearly hosted some very bad stuff, and there’s nothing wrong with law enforcement looking to find and arrest those who are involved in criminal activities — but when it reaches the level of installing effective malware and re-identifying a ton of people who chose to be anonymous, many of whom are not criminals at all, it begins to raise questions about how appropriate (or legal) the activity really is.
Taking control over all Freedom Hosting servers and inserting some code really seems like an incredibly questionable move.
ThreatMetrix is the fastest-growing provider of integrated web fraud and cybersecurity solutions. The TrustDefender™ Cybercrime Protection Platform helps companies prevent unauthorized access to web and mobile applications, protect sensitive data, and secure transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.
To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.
Posted by Dan Rampe
Tags: Account Takeover, Account Takeover Fraud, Bank Fraud, Botnets, CNP fraud, Cookieless Device Identification, Cookies, Credit Card Fraud, Cyber attacks, Device Detection, Device Fingerprint, Device Fingerprinting, Device ID, Device Identification, FBI and Malware, Fraud Prevention, Hacking, Identity Spoofing, Identity theft, Malware, Malware Protection, Man-in-the-Browser Detection, MitB, Mobile fraud, Online Fraud, Phishing, PII, ThreatMetrix, ThreatMetrix Global Trust Intelligence Network, TrustDefender Cybercrime Protection Platform, Web Fraud