In the Tor Bundle found a vulnerability that allows to de-anonymize users, which was used by FBI agents
In the fight against child pornography, according to official representatives, FBI agents hacked Tor-hosting Freedom Hosting:
It’s not entirely clear from the article whether all Tor Browser Bundle packages are vulnerable, or only those downloaded from this hosting, or those that connect to this hosting, but the outlook is still bleak. Especially if we recall the ticket 901614, which proposes to improve the security of the Firefox browser by introducing the Tor anonymizer into it as a standard option . Thus, it is necessary to get a new version with a new hole and all the anonymity will be called into question.
Also, recently it became known that 60% of the sponsorship of Tor covers the US government
On the other hand, if the use of this vulnerability requires the installation of special software on Tor servers, then apparently this tool is not suitable for mass surveillance.
PS I know that some experts will say, they said, only the “MAC address of the device from which the Internet was accessed and the name of the victim’s computer in the Windows operating system” were transmitted, but in this case this data turned out to be quite enough.
PPS I apologize for the somewhat yellow header.
')
UPDATE The sites using the services of this hosting have injected malicious JavaScript code. An analysis of the exploit by Mozilla showed that it exploits the Firefox vulnerability fixed on June 25, 2013, which makes only Windows users with an outdated version of the browser exposed to it. Thus, the target of the attack was the same vulnerability in the Tor Browser Bundle, which made it possible to de-anonymize users. Tor Browser users were urged to update the application immediately. One of Tor's key developers, Roger Dingledine, recommended that users, for the sake of their own security, always disable JavaScript by default and also stop using Windows and switch to more reliable systems like TAILS and Whonix. Soon there was information that the FBI was behind the attack, which intentionally left Freedom Hosting in working condition in order to identify the largest possible number of visitors to sites hosted on this hosting. Then it was turned off, which led to the inaccessibility of a number of hidden Tor services, since many of them worked precisely on the Freedom Hosting platform. The malicious script was named torsploit and, taking into account the version of the involvement of the FBI, was assigned to the tracking programs (policeware) from the CIPAV category. Cryptocloud specialists conducted their own investigation in order to find out where the information from the affected computers flowed and found that torsploit sends it to the IP address of the SAIC company, which works under the contract with the NSA. But later they recognized their conclusion as erroneous. Subsequently, the FBI admitted that it was it who seized control of Freedom Hosting.
The experts analyzed the code of the software installed on the servers and concluded that it exploits a vulnerability in the Firefox 17 ESR browser, on the basis of which the Tor Browser Bundle package is compiled. This package, freely posted on the project’s official website, is intended for users who wish to use an anonymous network.
Reverse engineering made it possible to find out that the purpose of the hidden code is to expose anonymous users: by transferring the unique MAC address of the device from which you are logged into the Internet, and the name of the victim's computer in the Windows operating system.
This data was sent to an unknown server in Northern Virginia, USA, to determine the user's IP address. It was succeeded to find two addresses on which the hidden code sent data, however with whom they were connected, it was not possible to establish - trace broke on one of servers of the American telecommunication company Verizon.
FBI involvement in the creation of this code was confirmed by the official representative for the first time. Before that, observers could only guess who its author was. It was most obvious that it was the authorities that were involved in this, since the purpose of the code was to declassify users, and not to install any malware.
Speaking in court, special agent Donahue explained that the code was implemented to search for Marquez's accomplices.
It’s not entirely clear from the article whether all Tor Browser Bundle packages are vulnerable, or only those downloaded from this hosting, or those that connect to this hosting, but the outlook is still bleak. Especially if we recall the ticket 901614, which proposes to improve the security of the Firefox browser by introducing the Tor anonymizer into it as a standard option . Thus, it is necessary to get a new version with a new hole and all the anonymity will be called into question.
Also, recently it became known that 60% of the sponsorship of Tor covers the US government
The Tor project is 60% funded by the US government - this follows from a 2012 report published on the project’s official website. Total funding last year was about $ 2 million, of which 40% was provided by the US Department of Defense, and the remaining 20% ​​by the US State Department and the National Science Foundation under the US government.
On the other hand, if the use of this vulnerability requires the installation of special software on Tor servers, then apparently this tool is not suitable for mass surveillance.
PS I know that some experts will say, they said, only the “MAC address of the device from which the Internet was accessed and the name of the victim’s computer in the Windows operating system” were transmitted, but in this case this data turned out to be quite enough.
PPS I apologize for the somewhat yellow header.
')
UPDATE The sites using the services of this hosting have injected malicious JavaScript code. An analysis of the exploit by Mozilla showed that it exploits the Firefox vulnerability fixed on June 25, 2013, which makes only Windows users with an outdated version of the browser exposed to it. Thus, the target of the attack was the same vulnerability in the Tor Browser Bundle, which made it possible to de-anonymize users. Tor Browser users were urged to update the application immediately. One of Tor's key developers, Roger Dingledine, recommended that users, for the sake of their own security, always disable JavaScript by default and also stop using Windows and switch to more reliable systems like TAILS and Whonix. Soon there was information that the FBI was behind the attack, which intentionally left Freedom Hosting in working condition in order to identify the largest possible number of visitors to sites hosted on this hosting. Then it was turned off, which led to the inaccessibility of a number of hidden Tor services, since many of them worked precisely on the Freedom Hosting platform. The malicious script was named torsploit and, taking into account the version of the involvement of the FBI, was assigned to the tracking programs (policeware) from the CIPAV category. Cryptocloud specialists conducted their own investigation in order to find out where the information from the affected computers flowed and found that torsploit sends it to the IP address of the SAIC company, which works under the contract with the NSA. But later they recognized their conclusion as erroneous. Subsequently, the FBI admitted that it was it who seized control of Freedom Hosting.
Source: https://habr.com/ru/post/194046/
All Articles