Kevin Poulsen reports:
Security researchers tonight are poring over a piece of malicious software that takes advantage of a Firefox security vulnerability to identify some users of the privacy-protecting Tor anonymity network.
The malware showed up Sunday morning on multiple websites hosted by the anonymous hosting company Freedom Hosting. That would normally be considered a blatantly criminal “drive-by” hack attack, but nobody’s calling in the FBI this time. The FBI is the prime suspect.
“It just sends identifying information to some IP in Reston, Virginia,” says reverse-engineer Vlad Tsrklevich. “It’s pretty clear that it’s FBI or it’s some other law enforcement agency that’s U.S.-based.”
Read more on Threat Level.
Update: There’s more to this story, and it seems to involve the NSA (not FBI) and SAIC. Read more on Cryptocloud and a big h/t to Ziplock for making me aware of this.
Update2: Well, wait, maybe that isn’t an NSA IP?