The exploit was posted by Metasploit user sinn3r who claimed to have found it during a joint cyber forensics operation at the Defcon hacker conference mere hours after word of its use broke.
"I noticed a Reddit post regarding some Mozilla Firefox zero-day possibly being used by the FBI in order to identify some users using Tor for crackdown on child pornography," sinn3r wrote.
"The security community was amazing: within hours, we found more information such as brief analysis about the payload, simplified PoC, bug report on Mozilla, etc. The same day, I flew back to the Metasploit hideout (with Juan already there), and we started playing catch-up on the vulnerability."
The Tor vulnerability was revealed earlier in the week when local Irish sources reported the FBI used it to track a child pornography distributor. Trend Micro security director Rik Ferguson told V3, the exploit relates to a flaw in the Firefox browser on which the Tor Browser Bundle is based.
"This is the one that was supposedly used by US law enforcement in order to help identify users of child exploitation images online. It takes advantage of a vulnerability in the Tor Browser Bundle to unwittingly have the victim expose their true IP and MAC address," he explained.
"Certain servers (hidden services) on the Tor network containing illegal material were infiltrated and JavaScript containing this exploit was added. Meaning that whenever someone browsed to one of these pages, their browser would automatically generate a HTTP GET request for a resource on the open internet (rather than the ‘darkweb' of hidden services).
"This meant that law enforcement could get a reasonable indication of the location of individuals accessing child exploitation images, even on supposedly anonymous networks such as Tor."
Tor is a free service designed to let people hide their internet activity. It does this by directing internet traffic through a volunteer network of more than 3,000 relays to conceal the user's location. The exploit is thought to be especially significant as prior to it, many users had taken Tor as being a bulletproof means to surf the web anonymously.
Ferguson said even if the exploit is used by law enforcement to track some groups, its appearance should be of little concern to most people.
"Regular Firefox users were not targeted by the original exploit and it was for an older version of the browser anyway (the one that the TOR browser pack was based on) so regular FF users were almost certainly never affected (or targeted by it). TOR Browser Bundle only released a patch for it recently, and in any case, users of that environment tend to update less often, so no doubt it served its purpose there, and that's no bad thing."
The extent to which law enforcement monitors web users has been a growing concern in recent weeks, with the emergence of the notorious PRISM campaign. PRISM is a cyber campaign run by the NSA designed to collect vast reserves of web users personal information from big name companies like Facebook, Google and Twitter.
No comments:
Post a Comment