FBI Harassing TOR Software Developer, Refusing To Explain Why They Want To Meet Her

Posted on

Short Bytes: Little did Isis Agora know that working for the Tor would land her into a land of troubles. This account of a series of events that happened between her and the FBI is sufficient to explain the intention of the FBI and what traumatic and post-traumatic behavioural changes a normal citizen has to go through after such incidents. 

To crack its authoritarian whip, FBI seems so wilful in its act. They like to chase, sniff and sometimes, even let loose from a distance that the sound is perceived not so loud to others yet it reaches out to the intended person. Such is the case with Isis Agora Lovecruft.

Isis Agora Lovecruft has been working with the Tor for many years. Currently, her job role is a lead software developer. Besides working as a lead software developer, she has experience in working with other security and encryption products and services like Open Whisper Systems and the LEAP Encryption Access Project.


Well, like her, there are many in the US who have such a job role and same working experience in security as a developer. So, is that a coincidence that FBI ‘just’ wants to talk to her?

It began with an FBI agent coming to her parents’ house, leaving behind his visiting card and later making phone calls to her parents when she was not at home and out for work. Puzzled by such incidents, Lovecruft decided to hire a lawyer who reached out to the FBI agent in the scene above.

Here is what happened:

The lawyer calls the FBI agent. The lawyer said that now he represents the Lovecruft’s family and asked the FBI agent that instead of directing the questions to the family members, all the questions should be directed to him. For which the agent agreed but asked to call back in five minutes.

Back then, LoveCruft was in a process of shifting to Germany permanently. Even in Germany, FBI gave her frequent visits and calls.

Meanwhile, in the discussion with the lawyer, the FBI kept mentioning some documents which they had no idea about and FBI insisted always on meeting with her in person.

However, the next day, Agora’s visa was approved but eight hours later, his lawyer received a voicemail saying:

Hello this is Special Agent Kelvin Porter, we spoke two days ago regarding your client. Umm… well… so the situation with the documents… it’s umm… it’s all fixed. I mean, we would of course still be happy to meet with your client if she’s willing, but the problem has… uh… yeah… been fixed. And uh… yeah. Just let us know if she wants to set up a meeting.

But this voicemail from January is not the end of the story.

Last week, FBI came knocking again at her door with a subpoena for her to serve. The lawyer representing Lovercuft was informed of the subpoena and asked that she should meet one of their agents in San Francisco. The situation looked like Lovecruft might be a potential target which FBI was reluctant to talk about from the beginning.

Owing to such tremendous pressure, she stopped contacting others fearing she might endanger them as well. Her parents a-9lso would sometimes receive threats and so will his lawyer.

As she mentions in the end that paychecks for working on Tor come from the US government. She is not doing any crime, she is just working on a software which lets people browse safely.



Snowden Says FBI can hack San Bernardino terrorist’s iPhone using acid and lasers

Posted on Updated on

Edward Snowden joins the iPhone hack party, says FBI can use acids and lasers to hack it. Amidst the ongoing debate whether or not Apple should unlock the iPhone, or provide backdoor access to the iPhone belonging to one of the shooters of the San Bernardino shootings, Edward Snowden said that the government can gain access to San Bernardino shooter Syed Rizwan Farook’s iPhone 5c by using acid, lasers and other very delicate instruments without the assistance of Apple.


In court filings last week in which the Department of Justice requested a judge compel Apple to assist them in opening the phone, the government said, “The phone may contain critical communications and data prior to and around the time of the shooting that, thus far: (1) has not been accessed; (2) may reside solely on the phone; and (3) cannot be accessed by any other means known to either the government or Apple.”

Former NSA contractor and privacy activist Edward Snowden who appeared in a virtual talk at Johns Hopkins University said the third statement is not totally true.

“The problem is, the FBI has other means… They told the courts they didn’t, but they do. The FBI does not want to do this,” Snowden said during his talk.

Called “de-capping,” this extremely risky hacking method involves removing and de-capsulating the phone’s memory chip to expose it to direct, microscopic scrutiny and exploitation.

According to some security experts, performing the decapping hack should be technically possible. Decapping is a mechanism where the main processor chip of the phone is physically attacked to probe its contents. The process first uses acid to remove the chip’s encapsulation. After that, a laser drills down into the chip in an attempt to expose the portion of the memory that contains the iPhone’s unique ID (UDID) data. From there they would place tiny probes on the spot and read out the UDID bit by bit, as well as the algorithm used to untangle it.

Once the FBI has extracted the targeted data, they could put it on a super computer and gear up to recover the missing pass code by simply trying all possible combinations until one unlocks the iPhone data. Since the process is being done outside the iOS, there is no 10-try limit or self-destruct mechanism that can wipe the data.

The only drawback is that if at any point there’s even a slight mistake in the decapping or attack process, the chip could be destroyed and all access to the phone’s memory lost forever. This may be a major reason the FBI may not be willing to take the risk to recover the data this way and rather rely on a backdoor entry via Apple.

On the other hand, Apple doesn’t seem to be willing to break into that iPhone, and Apple CEO Tim Cook says that, even though “we mourn the loss of life and want justice for all those whose lives were affected,” the fact that the FBI wants to create a backdoor that can be installed on every phone is still a security threat.

“The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control,” Cook pointed out.

By the end of the week, the company is set to file its legal response to the FBI’s court order, though Tim Cook has said he wants the government to drop the order and let a federal commission make the decision.


FBI Warns About the Dangers of EMV Credit Card Chips

Posted on

All US banks will replace all magnetic strip cards with EMV chip-based cards by the end of October 2015
The US is finally catching up to the rest of the world as banks are getting ready to migrate most of their customers to EMV chip-based credit and debit cards. While this technology is not new, it is not as widespread in the States and most people don’t know how to particularly use it.

Now, to prevent abuses and better inform American citizens, the FBI has put out a Public Service Announcement (PSA), about the dangers that are still looming over chip-based card users.


While EMV cards are many times more secure over classic cards that used a magnetic strip and the user’s signature to authenticate them, the FBI warns that the presence of the chip does not completely safeguard users from dangers.

The card’s EMV chip, named after the companies that pioneered it, Europay, MasterCard, and Visa, is an advancement in card security technology, mainly because of the famous 4-digit PIN which serves to protect transactions.

Cards with EMV chips are safer, but not 100% safe, FBI warns

Despite this, the FBI warns new EMV chip card users that are going to migrate to the technology this October in the US, that hackers may still be able to steal their data either by installing malware on PoS (Point of Sale) systems or by stealing card details (like before) and using them in online or phone transactions, where the merchant cannot verify the card via a PIN.

Additionally, the FBI also urges new EMV card holders to activate their new cards as soon as possible and reinforces the old advice of keeping your credit card safe at all times, since thieves can use EMV or non-EMV cards in the same manner.

Basically, what the FBI is trying to say is that the same security rules that were applied before need to be applied with the new cards as well, since the new EMV chip and PIN do nothing more than add an extra layer of security, but not fully protect users from all threats.


Dozens Nabbed in Takedown of Cybercrime Forum Darkode

Posted on Updated on

MORE THAN 70 people have been arrested around the world in the takedown of one of the most active underground cybercrime web forums, according to authorities.

Darkode, which had been in operation since 2007, was an online marketplace catering to cybercriminals buying and selling hacking tools, zero-day exploits, ransomware, stolen credit card numbers and other banking data, as well as spamming and botnet services, before authorities seized it this week.

roughly 800 criminal Internet forums worldwide, Darkode represented one of the gravest threats to the integrity of data on computers in the United States and around the world and was the most sophisticated English-speaking forum for criminal computer hackers in the world,” US Attorney David Hickton said in a statement. “Through this operation, we have dismantled a cyber hornets’ nest of criminal hackers which was believed by many, including the hackers themselves, to be impenetrable.”


The crackdown, dubbed Operation Shrouded Horizon by the FBI, was initiated two years ago by that agency’s Pittsburgh, Pennsylvania, office but eventually included Europol and law enforcement agencies in more than 20 countries.

So far at least 12 people have been arrested in the US, and another 28 are known to have been arrested on Tuesday in Denmark, Germany, India, Israel, Romania, Sweden, and the UK.

The Kingpin

The alleged administrator of the site at the time of the crackdown was Johan Anders Gudmunds, a 27-year-old Swede who went by the online handles “Mafi,” “Crim,” and “Synthet!c,” and who took control of the forum from its founder in May, 2010, according to authorities.

Gudmunds allegedly created and sold a number of malware exploit packages (such as CrimePack, Antiklus and Pandemiya 2014), according to theindictment (.pdf) against him. He also allegedly created a botnet malware called Blazebot and controlled and sold access to a Zeus botnet that was 60,000 computers strong. The Zeus malware was designed to steal bank account credentials.