How Did the FBI Get a Tor User's IP Address?

The onion router is supposed to keep your web activity hidden from prying eyes. So how did the feds trace a Tor user to his grandmother's house?

We may earn a commission from links on this page.
Image for article titled How Did the FBI Get a Tor User's IP Address?
Photo: Ralf Liebhold (Shutterstock)

Polling the internet: what is the best way to de-anonymize a Tor user? Somebody over at the FBI definitely has a method, but they clearly aren’t planning on telling anybody anytime soon.

Motherboard originally reported that the bureau has somehow managed to nab the IP address of an alleged criminal using Tor, short for “The Onion Router,” as part of an ongoing anti-terrorism case. The guy in question, Muhammed Momtaz Al-Azhari, of Tampa, Florida, was charged in 2020 with attempting to provide material support to ISIS. According to the government, Al-Azhari is “an ISIS supporter who planned and attempted to carry out an attack on behalf of that terrorist organization.” Part of the government’s case against Al-Azhari revolves around his use of Tor to make multiple visits to an ISIS-related website prior to the planned attack.

The internet’s well-known portal to the dark web, Tor is supposed to protect your IP address and keep you anonymous as you surf. The browser encrypts a web user’s traffic and then bounces it around through a series of “relays” (also called nodes) to cover up the trail of activity. Still, Tor has been known to have vulnerabilities that can lead to de-anonymization.

Advertisement

All that said, it’s not exactly clear what happened here. Somehow, the government ascertained Al-Azhari’s real IP address—which actually turned out to be his grandma’s IP address because he was staying with her in Riverside, California at the time of his arrest, court documents state. Since Tor should have protected Azhari’s real location and IP address, the question remains: how did the feds get this information?

Motherboard reports that Al-Azhari’s defense has asked the feds to reveal more details about their digital probing methods, technically known as network investigative techniques, or NITs, but that the FBI’s lawyers are being pretty cagey. In fact, government attorneys seem to be doing everything in their power to make sure that the details of the NIT don’t enter the public docket. In many ways, this isn’t all that surprising, since federal cops tend to spend a lot of time trying to make sure that their methods and procedures remain secret and, therefore, effective against criminals.

Advertisement

That said, this also isn’t the first time that the bureau’s NITs have proven problematic during judicial proceedings. In 2015, the agency notoriously used its cyber skills to take over and temporarily run a child pornography website, “Playpen,” in an effort to unmask its visitors. The operation, which lasted more than a week and was cringingly dubbed “Operation Pacifier,” led to the arrest and conviction of the site’s creator but elicited a backlash for its methods. A case against one of the site’s members was later dropped when the suspect’s defense similarly asked the bureau to reveal the nature of the NIT that had been used. Rather than comply, the FBI moved to dismiss the case, preferring to keep its methods secret rather than successfully prosecute the site user.

Gizmodo reached out to the Justice Department for comment on this case and will update this story if it responds (it probably won’t).