No details, though:
According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts “unofficial propaganda and photographs related to ISIS” multiple times on May 14, 2019. In virtue of being a dark web site—that is, one hosted on the Tor anonymity network—it should have been difficult for the site owner’s or a third party to determine the real IP address of any of the site’s visitors.
Yet, that’s exactly what the FBI did. It found Al-Azhari allegedly visited the site from an IP address associated with Al-Azhari’s grandmother’s house in Riverside, California. The FBI also found what specific pages Al-Azhari visited, including a section on donating Bitcoin; another focused on military operations conducted by ISIS fighters in Iraq, Syria, and Nigeria; and another page that provided links to material from ISIS’s media arm. Without the FBI deploying some form of surveillance technique, or Al-Azhari using another method to visit the site which exposed their IP address, this should not have been possible.
There are lots of ways to de-anonymize Tor users. Someone at the NSA gave a presentation on this ten years ago. (I wrote about it for the Guardian in 2013, an essay that reads so dated in light of what we’ve learned since then.) It’s unlikely that the FBI uses the same sorts of broad surveillance techniques that the NSA does, but it’s certainly possible that the NSA did the surveillance and passed the information to the FBI.
More Stories
WK Kellogg Confirms Data Breach Tied to Cleo Software Exploit
WK Kellogg breach exposed employee data after attackers exploited flaws in Cleo software Read More
Precision-Validated Phishing Elevates Credential Theft Risks
New phishing method targets high-value accounts using real-time email validation Read More
Ransomware Attacks Hit All-Time High as Payoffs Dwindle
While ransomware attack claims are at an all-time high, financial losses from actual attacks may be reducing Read More
How to Leak to a Journalist
Neiman Lab has some good advice on how to leak a story to a journalist. Read More
Three-Quarters of IT Leaders Fear Nation-State AI Cyber Threats
73% of respondents in an Armis survey said they worried about nation-state actors using AI for cyber-attacks Read More
Microsoft Fixes Over 130 CVEs in April Patch Tuesday
Microsoft has issued security updates to fix 130+ vulnerabilities this month, including one zero-day Read More