Tor's had a tough week. Just a few days ago, the organization made the difficult announcement that an attack on their system likely stripped users of anonymity. Now, Wired reports that the FBI effort has been running a campaign to identify Tor users by installing malware on their computers for years, virtually unchecked by the courts.
The report comes from Wired's hacker-in-residence Kevin Poulsen, a former black hat hacker who understands these issues from both sides of the fence. On one hand, it's hard to argue with what the FBI is doing. The so-called "network investigative techniques" that the bureau uses to gain backdoor access to computer users files, location, and web history is indisputably malware. And it's pretty creepy too at that, since it trains high-traffic websites to deliver the malware to large swaths of users in what security researchers call a "drive-by download."
However, the FBI has so far used the technique to find the demented people who peddle child pornography on the Deep Web. Poulsen reports that "over a dozen alleged users of Tor-based child porn sites are now headed for trial as a result" of the approach. Presumably, these sickos would otherwise still be taking advantage of children, if the FBI's malware hadn't intervened. To the agency's credit, they've owned up to these techniques in the past.