Tuesday, 6 August 2013

FBI child porn arrest in Ireland creates Tor web tracking concerns

Digital security padlock red image
An FBI child pornography sting on hidden web services provider Freedom Hosting has led to concerns the law enforcement agency is using websites hosted on Freedom Hosting's servers to track people using the anonymous Tor network.
Reports that Freedom Hosting sites had been hijacked to spread a malware designed to track Tor users' web movements emerged after news broke that the FBI had arrested Eric Eoin Marques for alleged involvement in the distribution of online child pornography. Marques is believed to have strong links with Freedom Hosting and to be a vocal member of the Tor community.
The reports claim the FBI used a vulnerability in Firefox 17, on which the Tor browser is based, to turn Freedom Hosting sites into malware spreading tracker tools. Tor is a free service designed to let people hide their internet activity. It does this by directing internet traffic through a volunteer network of more than 3,000 relays to conceal the user's location.
Tor has since published a statement confirming it is looking into the reports.
"The current news indicates that someone has exploited the software behind Freedom Hosting. From what is known so far, the breach was used to configure the server in a way that it injects some sort of JavaScript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect users' computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based. We're investigating these bugs and will fix them if we can," read the Tor statement.
"As for now, one of multiple hidden service hosting companies appears to be down. There are lots of rumours and speculation as to what's happened. We're reading the same news and threads you are and don't have any insider information. We'll keep you updated as details become available."
Tor has since confirmed plans to publish a more thorough security advisory in the very near future.
At the time of publishing, the FBI had not responded to V3's request for comment on the rumours. However, Trend Micro security director Rik Ferguson confirmed there is evidence to suggest a breach occurred to allow tracking.
"Obviously we have to wait for more details to be made public in legal proceedings, but for now the weight of evidence in the hows and whys seems to indicate that a previously unknown vulnerability in Firefox 17 may have been used by law enforcement to identify people visiting certain hidden services as one part of the operation, and of course enough evidence has also been gathered to allow the arrest of Mr Marques in Ireland, suspected of running this hosting service," Ferguson said.
"All the malicious code did was to make a victim machine, which was visiting one of the compromised hidden sites, request a web site on the ‘visible' web, via HTTP, thereby exposing its real IP address. As the exploit did not deliver any malicious code, it is highly unlikely that this was a cybercriminal operation."
F-Secure security analyst Sean Sullivan added that Freedom Hosting is not the first Tor node to be taken down and will be of little consequence to most people using the anonymising web tool.
"Even as far back as 2007, there were examples that poisoned exit nodes could be used to track/capture non-encrypted traffic. Fortunately, activists most often want to communicate, and so can encrypt. Those who want to 'browse' the web - that's a leaky proposition," Sullivan said.
"For the average citizen - encryption is probably the key thing to pursue. If an average Joe wants to help human rights activists, they might best consider hosting a Tor node. But as far as using Tor for browsing? I wouldn't bother."
Web anonymity has been a growing political concern for several years now, with numerous human rights groups claiming European citizens should have the right to be forgotten.
The debate around anonymous browsing reached new heights this summer, when it was revealed the NSA was holding vast amounts of information on web users as a part of its notorious PRISM campaign.

No comments:

Post a Comment