An Federal Bureau of Investigation (FBI) hacking campaign has led to a one-year jail sentence for Grant Klein, a Vermont man snarled in a federal anti-child pornography offensive last summer.
Last year, FBI hackers infiltrated Freedom Hosting, a Dark Net service they called “the largest facilitator of child porn on the planet.” Using techniques borrowed from cybercriminals, the FBI delivered malware to visitors and brought down some of the biggest child-pornography websites of all time.
Freedom Hosting was run on the Tor anonymizing network, which encrypts users’ Internet traffic and bounces it to three so-called nodes around the world, thus hiding the identities and online activity of users. Tor used by a wide range of people including criminals, journalists, and political activists.
The FBI hack inserted Javascript code into Freedom Hosting websites in an iframe that exploited a Firefox vulnerability found in the Tor browser, which is a custom version of Firefox. The exploit, targeted directly at Tor, was the first Tor browser exploit ever found in the wild. It gave up the users’ MAC address, Windows hostname, and IP address, providing federal agents full knowledge of who was visiting these sites.
The exploit was patched a month before the FBI campaign began, but many Tor users didn’t upgrade to the newest browser nearly soon enough.
“It was really impressive how quickly they took this vulnerability in Firefox and extrapolated it to the Tor browser and planted it on a hidden service,” Andrew Lewman, executive director of the nonprofit Tor Project, told Wired.
As a direct result, new Tor releases now auto-update to avoid similar problems.
Many of the details about the FBI’s drive-by attack remain shrouded in mystery, but the Nov. 2013 arrest of Grant Klein can be traced to FBI malware installed on July 31, 2013.
Klein pleaded guilty and was just sentenced to 12 months and one day in a minimum security prison. He’ll begin serving the sentence in December and will be subject to supervised release for the following ten years. Klein is now a registered sex offender and is being put in a mental health program by the U.S. Probation office.
Eric Eoin Marques, the Irishman accused by the FBI of running Freedom Hosting, is currently fighting an uphill battle against extradition to the United States.
Grant Klein judgement and sentencing
Photo via tup wanders (CC BY 2.0)
Correction: This article previously stated that Klein had been sentenced to two years in prison. That was incorrect. The sentence is one year.