Innocent TorMail Users, Compromised By The FBI

TorMail amongst one of the prime emailing sites under the dark web that allowed the user to communicate anonymously through a series of relaying nodes around the world. It was so effective that it led the FBI to become easily suspicious of its services. A warrant was granted to the FBI that allowed them to spy on 300 unsuspecting specific user accounts that they built a case upon.


Once the case had concluded and submitted, the America Civil Liberties Union(ACLU) in September, gained access to the case documents and reveal a rather twist to the proposed story. It acknowledged the FBI want to intentionally catch innocent users using the TorMail service.

“That is, while the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade,” ACLU Principal Technologist Christopher Soghoian told Motherboard.

The FBI, back in 2013, took over Freedom Hosting, a web hosting service that hosted a series of child pornography websites as well as TorMail. They did so to mine all the IP addresses of visiting users to such sites, by deploying their own Network Investigative Technique(NIT).

In the revealed court documents the NIT was used to scour through up to 23 websites of such. In what was found, the FBI acquired all the 300 TorMail account link to child pornography. However, the FBI set up NIT right before TorMail’s login page in order to capture ever user accessing that website. According to the affidavit, NIT’s main purpose was to investigate “any user who logs into any of the TARGET ACCOUNTS by entering a username and password.”

NIT posed itself as a malware, it could only be detected by an unsuspecting user by being displayed as an error message. This made the malware easily discoverable by the security community.


Once the warrant was returned to the court, it was discovered that if the malware was not detected there would be a probable chance that the FBI’s hacking activities were most likely not going to stop. This could lead them to dig deep into the anonymity of people’s lives on the dark web. “This strongly suggests that the FBI kept the court in the dark about the extent to which they botched the TorMail operation,” said Soghoian.

It is unknown whether the court was ever acknowledged that the FBI “exceeded the scope of the warrant”.

A spokesperson from the FBI, Christopher Allen said, “Narrowly tailors warrants but doesn’t exceed the scope of those warrants.”

FBI hosted a website called PlayPen using NIT to catch a convicted child porn lover, Jay Michaud. Therefore, labeling NIT as “good” spy malware with no negative intentions.

As a result of this case, the TorMail site has been rendered inactive and inaccessible since 2013. Ironically, TorMail has no connection to Tor.

About The Author
Lamin Kanteh
Lamin loves smartphones and was introduced to the world of mobile devices with Android. Ubuntu is new to him, but he is enjoying writing about it so far.

Leave a Response