Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: FBI behind Firefox zero-day compromising half of all Tor sites?

Darlene Storm | Aug. 6, 2013
Perhaps as much as half of all the Onion Router sites are potentially compromised, and some hackers are blaming FBI for it.

People use the Tor anonymity network to protect their privacy, but perhaps as much as half of all the Onion Router sites—and Tor Mail—are potentially compromised . . . and some hackers are pointing the finger of blame at the FBI.

The owner of an Irish company, Freedom Hosting, has allegedly been providing turnkey hosting services for the Darknet, or Deep Web, which is "hidden" and only accessible through Tor .onion and the Firefox browser. The FBI reportedly called Eric Eoin Marques "the largest facilitator of child porn on the planet" and wants to extradite the 28-year-old man. About that time, Freedom Hosting went down; Tor users discovered that someone had used a Firefox zero-day to deliver drive-by-downloads to anyone who accessed a site hosted by Freedom Hosting. Ofir David, of Israeli cybersecurity firm Cyberhat, told Krebs on Security, "Whoever is running this exploit can match any Tor user to his true Internet address, and therefore track down the Tor user."

If you've never visited the Hidden Wiki, then you should be fully aware that if you do, you will see things that can never be unseen. Freedom Hosting maintained servers for "TorMail, long considered the most secure anonymous email operation online," wrote Daily Dot. "Major hacking and fraud forums such as HackBB; large money laundering operations; and the Hidden Wiki, which, until recently, was the de facto encyclopedia of the Dark Net; and virtually all of the most popular child pornography websites on the planet."

But if you use Tor Browser Bundle with Firefox 17, you accessed a Freedom Hosting hidden service site since August 2, and you have JavaScript enabled, then experts suggest it's likely your machine has been compromised. In fact, E Hacking News claimed that almost half of all Tor sites have been compromised by the FBI.

"It's very likely that this is being operated by an LEA and not by blackhats," according to analysis by Vlad Tsyrklevich. "It just sends identifying information to some IP in Reston, Virginia," he told Wired. "It's pretty clear that it's FBI or it's some other law enforcement agency that's U.S.-based."

The Tor Project blog first reported that a large number of hidden service addresses disappeared from the Tor network around midnight on August 4. Mozilla had issued a security advisory back on June 25, which was echoed on the Tor Project blog on August 5, stating that old Tor Browser Bundles are vulnerable. "An attack that exploits a Firefox vulnerability in JavaScript has been observed in the wild. Specifically, Windows users using the Tor Browser Bundle (which includes Firefox plus privacy patches) appear to have been targeted."

"Tor Browser Bundle users should ensure they're running a recent enough bundle version, and consider taking further security precautions," the Tor Project advised. Those security precautions include keeping the Tor Browser Bundle up-to-date, disabling JavaScript as Firefox zero-days will continue to be released into the wild, and potentially switching to a "live system" like Tails. The critical security announcement also stated, "Really, switching away from Windows is probably a good security move for many reasons."


1  2  Next Page 

Sign up for CIO Asia eNewsletters.