Skip to main content

The FBI is tracking Tor users with spyware and a new kind of warrant

The FBI is tracking Tor users with spyware and a new kind of warrant

Share this story

Tor has been a thorn in the side of law enforcement for years now, but new work from Wired's Kevin Poulsen shows the FBI has found a new way to track users across the network. Poulsen looks at the 2012 case of Aaron McGrath, who agents found hosting child pornography on a network of servers in Nebraska. Looking to expand on the bust, agents got a warrant to track anyone who visited the website at its Tor address, and infected servers with tracking malware to identify the root IP of anyone who visited the site. As a result, agents were able to track at least 25 users back to home addresses and subscriber names.

"An egregious violation of the Fourth Amendment."

The FBI has tracked users across Tor before, most notably in the massive Freedom Hosting busts last August, but the McGrath operations give a new window into the bureau's techniques, particularly the sophisticated use of tracking malware. The tactic still doesn't break the basic security properties of Tor, but circumvents them by seeding malware in the target server, giving law enforcement an easy way to follow users through even the most secure systems.

The tactics have already led to civil liberties complaints, since the FBI concealed its use of spyware for long after the 30-day blackout period allowed by the warrant. "Normally someone who is subject to a search warrant is told virtually immediately," a defense lawyer told Poulsen. "What I think you have here is an egregious violation of the Fourth Amendment."