In an ongoing series of revelations regarding Hacking Team's recent security breach, Motherboard has pieced together that the American Federal Bureau of Investigation (FBI) likely used Hacking Team software to de-anonymize a user of the anonymizing Tor software. It doesn't seem, however, that Tor itself has been cracked by Hacking Team or the FBI.
Hackers breached the computer systems of notorious Italian spyware firm Hacking Team last week. Some 400 GB of internal documents were taken from Hacking Team's servers and dumped on BitTorrent to later be published by WikiLeaks. According to these documents, the FBI spent as much as US$775K on spy tools made by Hacking Team.
It has now come to light that an FBI agent who is part of an “elite” cybercrime unit emailed Hacking Team in September 2014 for advice. The agent wanted to know if the company's main product, Remote Control System (RCS), would be able to reveal the IP address of a target using Tor. Rather than breaching TOR, however, the agent suggested planting malicious software – a “scout” – on the target’s computer.
In his first email, the FBI agent asked:
“In version 8, one of your engineers told us that the scout can reveal the true IP address of target using Tor. Is that still true with the latest version?”
The agent later added that he planned to send the malicious software to his target in order to track him:
“We will need to send him an email with a document or pdf attachement [sic] to hopefully install the scout.”
In reply, a Hacking Team staff member confirmed that the software should suffice:
“If he is using TBB [Tor Browser Bundle] you will get the real ip address of the target.”
When asked by Cointelegraph, Kate Krauss from the Tor Project agreed that this does not in any way imply Tor itself has been cracked. Krauss said:
“We think these attacks involve phishing to control an individual's computer. If someone takes control of your computer because you opened up an email attachment, that person may be able to watch everything you see and do – they could access your web camera or microphone, view your photos, or follow your web browsing. The problem is not Tor; the problem is that you've lost control of your computer.”
This is of course good news for Bitcoin users who wish to remain anonymous, as some Bitcoin software (like Bitcoin Core) offers the option to broadcast transactions over Tor. Likewise, it suggests that users of bitcoin-fueled dark markets should still be able to do so anonymously. Hacking Team software can, however, monitor Bitcoin activity on infected machines, as was revealed last week.
Hacking Team refused to respond to this specific case, but did tell Cointelegraph that their software is not used for mass surveillance on TOR users, nor anyone else.