Security News

Torsploit IP Address Is Owned By Government Contractor?

Posted on August 6th, 2013 by


So apparently this is the week I get to harp on the necessity of reading news with a soupçon of skepticism. Are you ready for a little dissection of some hyperbolic claims of certainty that the Feds were behind the Tor exploit? Because here it comes!

Yesterday, I said that we might never know for certain who was behind the attack on Tor. Partly I say this because we’re basing guesses right now on where data is being sent, not where the code originated. That’s mostly because that’s all the info we have right now. But the other part of it is that we can’t say for certain that the data is entirely trustworthy. If it’s sending to a government address, is that to create fear and throw blame on the government? If we found out it did in fact originate from a machine owned by the NSA, can we be certain that the machine wasn’t compromised? Most of these questions can’t (or likely won’t) conclusively be answered.

As it turns out, we also can’t be so sure that a government contractor does in fact own the IP where the data is going. Some popular tools will over-simplify data, and if we don’t double-check it, we could get some potentially misleading (if very sensational) data. Yes – it could still be a government contractor, but it could also be a pwned corporate machine, for instance.

I don’t know exactly how or where one should draw the line in terms of believing sensational news (the NSA revelations certainly threw me for a loop!) and I imaging this line will differ from one person to the next. But it’s a good idea to remember that the information we get in the early stages of an event are often more sensational than accurate.