Skip to main content
Black Listed News

Anti-Tor malware reported back to the NSA

Published: August 5, 2013
Share | Print This


Source: Boing Boing


More information on the malicious software that infected Tor Browser through Freedom Hosting's servers, which were then seized by law-enforcement: it turns out that infected browsers called home to the NSA. Or, at least, to an IP block permanently assigned to the NSA.

Initial investigations traced the address to defense contractor SAIC, which provides a wide range of information technology and C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance) support to the Department of Defense. The geolocation of the IP address corresponds to an SAIC facility in Arlington, Virginia.

Further analysis using a DNS record tool from Robotex found that the address was actually part of several blocks of IP addresses permanently assigned to the NSA. This immediately spooked the researchers.

"One researcher contacted us and said, 'Here's the Robotex info. Forget that you heard it from me,'" a member of Baneki who requested he not be identified told Ars.

The use of a hard-coded IP address traceable back to the NSA is either a strange and epic screw-up on the part of someone associated with the agency (possibly a contractor at SAIC) or an intentional calling card as some analyzing the attack have suggested.

Researchers say Tor-targeted malware phoned home to NSA [Sean Gallagher/Ars Technica] 

Share This Article...



Subscribe To Updates
Blacklisted Newsletter
Blacklisted Radio
Blacklisted Nation
On Twitter
On Facebook
The DoomCast
Podcasts on Demand
Podcasts on Spreaker
Podcasts on Youtube
Podcasts on iTunes
Podcasts on Stitcher
Podcasts on Tunein
Podcasts on Roku

Support Us
Donate Today!

Affiliates
Shop Amazon
Golden Eagle Coins
6 Dollar T-Shirts
DHGATE.COM
The Ready Store
Onnit Labs
Audible Audio Books
Blue Host




BlackListed News CC 2006-2014