Another aspect of the US government electronic surveillance increase that has been popping up here over the last few weeks, it now appears that they have hacked some (most?) of the servers that host TOR (a web anonymising service). They appear to be inserting malicious code into the responses, which exploits potential bugs in Firefox 17 ESR that phones home to the FBI when the victim resumes non-TOR browsing.
This really seems to be a game changer to me. Prior to this I would have said that activists could always get anonymity if they really needed it (as could the drug dealers and kiddy porn users), but now it would seem no-where online is safe from the powers that be. I have to admit to not knowing much about this, but I know it is used by a lot of people, some "goodies" and some "baddies".
Questions that seem worthy of discussion:
Register
Slashdot
[EDIT] More Mainstream source: Guardian
Freedom Hosting, linked by the FBI to child abuse images, has gone offline, as the FBI sought the extradition of a 28-year-old suspect from Ireland.
Eric Eoin Marques is the subject of a US arrest warrant for distributing and promoting child abuse material online.
He has been refused bail by the high court in Dublin, reported the Irish Independent, until the extradition request is decided. Marques, who is both a US and Irish national, will face the high court again on Thursday.
If extradited to the US, Marques faces four charges relating to images hosted on the Freedom Hosting network, including images of the torture and rape of children. He could be sentenced to 30 years in prison.
Freedom Hosting hosted sites on the The Onion Router (Tor) network, which anonymises and encrypts traffic, masking the identity of users.
Whistleblowers, journalists and dissidents too?
On Sunday, Tor's official blog posted a detailed statement confirming that a large number of "hidden service addresses", or servers anonymised using the network, had unexpectedly gone offline.
Tor was quick to distance itself from Freedom Hosting, which has been claimed to be a hub for child abuse material as well as Silk Road – the eBay of hard drugs, saying "the persons who run Freedom Hosting are in no way affiliated or connected to the Tor Project Inc, the organisation co-ordinating the development of the Tor software and research."
"Anyone can run hidden services, and many do," said the statement. "Organisations run hidden services to protect dissidents, activists, and protect the anonymity of users trying to find help for suicide prevention, domestic violence, and abuse recovery.
"Whistleblowers and journalists use hidden services to exchange information in a secure and anonymous way and publish critical information in a way that is not easily traced back to them. The New Yorker's Strongbox is one public example."
Security blogger and former Washington Post reporter Brian Krebs wrote on Sunday that users were identified using a flaw in Firefox 17, on which the Tor browser is based.
Rik Ferguson, vice-president of security research at Trend Micro, said he was awaiting further details to be made public as Marques is brought to trial, but that the takedown and related law enforcement "is great news for the campaign against child exploitation".
"The malicious code made a 'victim machine' which visited one of the compromised hidden sites, and requested a website on the 'visible' web, via HTTP, thereby exposing its real IP address. As the exploit did not deliver any malicious code, it is highly unlikely that this was a cybercriminal operation.
"It is a legitimate concern that users of child abuse material may simply go elsewhere, and as such the individual users should continue to be targeted by law enforcement globally. However, going after the people and organisations that really enable this content to be made available at all is a much more effective strategy."
In 2011, hacking collective Anonymous took down Freedom Hosting with a targeted DDos attack as part of an anti-paedophile campaign. Anonymous also published details of the accounts of 1,500 members of Lolita City, claiming Freedom Hosting was home to 100GB of child abuse material.
FBI conspiracy?
Users on the Tor sub-Reddit were suspicious about the news, dissecting the details of the vulnerability and pointing to a previous case where the FBI had taken over and maintained a site hosting child abuse material for two weeks in order to identify users.
"FBI uploads malicious code on the deep web sites while everyone is off at Defcon. Talk about paying dirty," commented VarthDaTor. Defcon is an annual event in the US for security experts and hackers.
"The situation is serious," said gmerni. "They got the owner of FH and now they're going after all of us. Half the onion sites were hosted on FH! Disable Javascript in your Tor browser for the sake of your own safety."
This really seems to be a game changer to me. Prior to this I would have said that activists could always get anonymity if they really needed it (as could the drug dealers and kiddy porn users), but now it would seem no-where online is safe from the powers that be. I have to admit to not knowing much about this, but I know it is used by a lot of people, some "goodies" and some "baddies".
Questions that seem worthy of discussion:
- Is this moral? Is the loss of a free and open line of communication to those who need it for justifiable purposes (chinese dissidents spring to mind) worth catching the perverts and drugys for?
- Is this legal? Is inserting malware on devices in this way legal in a way that doing almost exactly the same has got many people locked up?
- Are there any other options? If TOR can no longer be relied upon to be safe, is anywhere left?
Register
Spoiler :
Network anonymisation outfit TOR has posted a fascinating piece of commentary on reports that some of the anonymous servers it routes to have disappeared from its network.
“Around midnight on August 4th we were notified by a few people that a large number of hidden service addresses have disappeared from the Tor Network,” the piece starts. “There are a variety of rumors about a hosting company for hidden services: that it is suddenly offline, has been breached, or attackers have placed a javascript exploit on their web site”.
As it explores the rumours, the post goes on to name an entity called Freedom Hosting, and to vigorously dissociate TOR from the organisation.
Distancing TOR from Freedom seems a fine idea given numerous reports, such as this from The Irish Examiner, suggest its founder Eric Eoin Marques has been arrested because the FBI believes he facilitated the distribution of child pornography using TOR. The FBI wants to extradite Marques to the USA.
TOR's not sure if the arrest and the disappearance of some nodes is linked, but is saying “someone has exploited the software behind Freedom Hosting … in a way that it injects some sort of javascript exploit in the web pages delivered to users.” That payload results in malware reaching users' PCs, possibly thanks to “potential bugs in Firefox 17 ESR, on which our Tor Browser is based.”
TOR is “investigating these bugs and will fix them if we can”.
Various forums online, however, report that the malware has spread beyond sites hosted by Freedom. Some suggest TORmail, TOR's secure email service, may also have been compromised, or that the attack means TOR is no longer able to mask users' IP addresses.
TOR's post says it's not sure what's really happening and that it will update users once it learns more.
“Around midnight on August 4th we were notified by a few people that a large number of hidden service addresses have disappeared from the Tor Network,” the piece starts. “There are a variety of rumors about a hosting company for hidden services: that it is suddenly offline, has been breached, or attackers have placed a javascript exploit on their web site”.
As it explores the rumours, the post goes on to name an entity called Freedom Hosting, and to vigorously dissociate TOR from the organisation.
Distancing TOR from Freedom seems a fine idea given numerous reports, such as this from The Irish Examiner, suggest its founder Eric Eoin Marques has been arrested because the FBI believes he facilitated the distribution of child pornography using TOR. The FBI wants to extradite Marques to the USA.
TOR's not sure if the arrest and the disappearance of some nodes is linked, but is saying “someone has exploited the software behind Freedom Hosting … in a way that it injects some sort of javascript exploit in the web pages delivered to users.” That payload results in malware reaching users' PCs, possibly thanks to “potential bugs in Firefox 17 ESR, on which our Tor Browser is based.”
TOR is “investigating these bugs and will fix them if we can”.
Various forums online, however, report that the malware has spread beyond sites hosted by Freedom. Some suggest TORmail, TOR's secure email service, may also have been compromised, or that the attack means TOR is no longer able to mask users' IP addresses.
TOR's post says it's not sure what's really happening and that it will update users once it learns more.
Slashdot
Spoiler :
"The founder of Freedom Hosting has been arrested in Ireland and is awaiting extradition to USA. In a crackdown the FBI claims to be about hunting down pedophiles, half of the onion sites in the TOR network have been compromised, including the e-mail counterpart of TOR deep web, TORmail. The FBI has also embedded a 0-day Javascript attack against Firefox 17 on Freedom Hosting's server. It appears to install a tracking cookie and a payload that phones home to the FBI when the victim resumes non-TOR browsing. Interesting implications for The Silk Road and the value of Bitcoin stemming from this. The attack relies on two extremely unsafe practices when using TOR: Enabled Javascript, and using the same browser for TOR and non-TOR browsing. Any users accessing a Freedom Hosting hosted site since 8/2 with javascript enabled are potentially compromised."
[EDIT] More Mainstream source: Guardian
Spoiler :
Freedom Hosting, linked by the FBI to child abuse images, has gone offline, as the FBI sought the extradition of a 28-year-old suspect from Ireland.
Eric Eoin Marques is the subject of a US arrest warrant for distributing and promoting child abuse material online.
He has been refused bail by the high court in Dublin, reported the Irish Independent, until the extradition request is decided. Marques, who is both a US and Irish national, will face the high court again on Thursday.
If extradited to the US, Marques faces four charges relating to images hosted on the Freedom Hosting network, including images of the torture and rape of children. He could be sentenced to 30 years in prison.
Freedom Hosting hosted sites on the The Onion Router (Tor) network, which anonymises and encrypts traffic, masking the identity of users.
Whistleblowers, journalists and dissidents too?
On Sunday, Tor's official blog posted a detailed statement confirming that a large number of "hidden service addresses", or servers anonymised using the network, had unexpectedly gone offline.
Tor was quick to distance itself from Freedom Hosting, which has been claimed to be a hub for child abuse material as well as Silk Road – the eBay of hard drugs, saying "the persons who run Freedom Hosting are in no way affiliated or connected to the Tor Project Inc, the organisation co-ordinating the development of the Tor software and research."
"Anyone can run hidden services, and many do," said the statement. "Organisations run hidden services to protect dissidents, activists, and protect the anonymity of users trying to find help for suicide prevention, domestic violence, and abuse recovery.
"Whistleblowers and journalists use hidden services to exchange information in a secure and anonymous way and publish critical information in a way that is not easily traced back to them. The New Yorker's Strongbox is one public example."
Security blogger and former Washington Post reporter Brian Krebs wrote on Sunday that users were identified using a flaw in Firefox 17, on which the Tor browser is based.
Rik Ferguson, vice-president of security research at Trend Micro, said he was awaiting further details to be made public as Marques is brought to trial, but that the takedown and related law enforcement "is great news for the campaign against child exploitation".
"The malicious code made a 'victim machine' which visited one of the compromised hidden sites, and requested a website on the 'visible' web, via HTTP, thereby exposing its real IP address. As the exploit did not deliver any malicious code, it is highly unlikely that this was a cybercriminal operation.
"It is a legitimate concern that users of child abuse material may simply go elsewhere, and as such the individual users should continue to be targeted by law enforcement globally. However, going after the people and organisations that really enable this content to be made available at all is a much more effective strategy."
In 2011, hacking collective Anonymous took down Freedom Hosting with a targeted DDos attack as part of an anti-paedophile campaign. Anonymous also published details of the accounts of 1,500 members of Lolita City, claiming Freedom Hosting was home to 100GB of child abuse material.
FBI conspiracy?
Users on the Tor sub-Reddit were suspicious about the news, dissecting the details of the vulnerability and pointing to a previous case where the FBI had taken over and maintained a site hosting child abuse material for two weeks in order to identify users.
"FBI uploads malicious code on the deep web sites while everyone is off at Defcon. Talk about paying dirty," commented VarthDaTor. Defcon is an annual event in the US for security experts and hackers.
"The situation is serious," said gmerni. "They got the owner of FH and now they're going after all of us. Half the onion sites were hosted on FH! Disable Javascript in your Tor browser for the sake of your own safety."