Adam Winn, Senior Product Manager at OPSWAT, has examined further revelations from the Hacking Team breach, after it was revealed that the FBI were among those who purchased services and products from Hacking Team for the purpose of identifying TOR users. Using techniques such as spear phishing and drive-by-downloads, the FBI were able to gain the IP addresses of the TOR users that they required, all whilst remaining undetected by security measures.
With the majority of the population not attempting to remain anonymous on TOR and evade the FBI, an attacker would generally use spyware or a Trojan to do a lot more than just collect an IP address. Fortunately, that makes malware easier to detect, especially with heuristics.
The key highlights include;
The techniques the FBI used to gain access to TOR users IP addresses
How the small set of behaviours were able to evade both heuristic and sandbox detection, allowing the FBI access to the information they required without employing of these sanitisation tools
Lessons that IT departments can learn from the Hacking Team breach
Steps everyone can take to ensure their endpoints are protected.