The tor exploit was exploited by FBI to track CP users.

https://www.eff.org/deeplinks/2016/09/playpen-story-fbis-unprecedented-and-illegal-hacking-operation


Comments


[7 Points] Throwawayyyy63638484:

Totally thought he meant Checkpoint at first derrrrrrrr


[3 Points] aedrm:

Pics and embedded malware. Little Johnnies weiner pic or true GG#4 topself........We don't give a shit. Crime is Crime.


[3 Points] None:

[deleted]


[2 Points] CookyDough:

The exploit was exploited?

https://www.eff.org/pages/playpen-cases-frequently-asked-questions#whathappened

THE NIT

How did the malware in the Playpen investigation work?

The FBI has delivered its malware by exploiting a vulnerability in Mozilla’s Firefox browser. The initial exploit code downloaded the rest of the NIT malware which then copied certain identifying information from the computer and sent that information back to the FBI without encrypting the data or mathematically authenticating it.

The malware used in the Playpen investigation can be thought of as being composed of at least three critical parts:

1) a generator, running on the hidden service, which created a unique ID for each deployment and transmitted the ID, exploit, and payload;

2) the exploit that took advantage of the vulnerability in the user’s software, allowing access to the user’s device; and

3) the payload that copied information from a user’s device and then sent that information back to the FBI unencrypted and unauthenticated via the Internet.

What is a generator?

The generator is the component of the NIT that generated a unique ID for each deployment and was responsible for delivering that ID, the exploit, and payload to the targeted computer. The unique ID was used to associate a particular user of the site with the information that was ultimately obtained from the payload.

What is a vulnerability?

A vulnerability is a weakness in software or hardware that may allow an attacker to intrude into a user’s system.

What is an exploit?

An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or some other electronic device. Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service attack.

What is a payload?

In the context of malware, the payload refers to the part of the malware that performs actions chosen by the malware’s author or operator, producing effects on or through the affected systems. In this case, the FBI has indicated that the payload of the software that ran on users’ computers was designed and used to gather identifying information from those computers and transmit it back to the government.


[1 Points] Mark_Ass_Bitch:

I'm ok with this.