Main Menu

How Hacking Team Created Spyware that Allowed the FBI To Monitor Tor Browser

Exam22062013CodeWar_large

In July of 2012, FBI contractor Pradeep Lal contacted the customer support department of the Italian company Hacking Team, a maker of spyware for law enforcement and intelligence agencies worldwide. Lal needed help; he had used Hacking Team software to break into and monitor an investigative target’s computer, but the monitoring wasn’t working as well as Lal expected. It reported what addresses his target visited in normal web browsers, but not when his target used Tor Browser, software designed to mask sensitive web surfing.

Lal described his problem succinctly, complaining on Hacking Team’s customer website that the company’s “URL collector does not collect web traffic on TOR browser,” according to a large trove of emails and other documents recently obtained by one or more computer hackers. He then outlined the steps someone might take to reproduce the problem he encountered with Hacking Team spyware:

download TOR browser bundle. Surf web through TOR browser. Infect the target with an agent with www collector enabled. WWW traffic is not collect when target surfs through TOR browser.

Hacking Team’s support staff responded the next day, writing, “From our understanding the tbb [Tor Browser Bundle] is just a customized Firefox, we will look at it for future releases.“ Less than two weeks later they told Lal that his requested feature was in the works: “Dear Client, next RCS [Remote Control System] release (8.2.0) will capture URL from the TOR browser. Thank you.” (An April 2013 email laments Lal’s departure from the FBI.)

Hacking Team, at the FBI’s request, had just added the ability to monitor ostensibly anonymous Tor Browser traffic from a target infected with Hacking Team malware. The Tor Browser monitoring capability did not represent a breach of the Tor network, which bounces web traffic around the world to hide its destination. It’s impossible for any security software, including Tor Browser, to continue to protect someone after their computer has been hacked. But the incident serves as a reminder of the government’s strong interest in bypassing the protections Tor offers — and of how vulnerable computer users can be even when using proven and secure privacy systems.

 

 

Read more