dslreports logo

story category
Government Eyed in Malware Attack on Tor
by Karl Bode 02:41PM Tuesday Aug 06 2013 Tipped by ARGONAUT See Profile
A rather amazing story has bubbled up over the last week after half of the onion sites in the TOR network were compromised, revealing the supposedly anonymous identities of Tor users. Malware popped up last Sunday morning on numerous sites hosted by anonymous hosting operation Freedom Hosting, the code exploiting a critical memory management vulnerability in Firefox (see the Tor security advisory). The code fools Tor users into sending identifying info to an IP address in Reston, Virginia.

Click for full size
While that's interesting in and of itself, what's more interesting is who many think are responsible for the malware. TOR was originally designed to fight government and corporate censorship, though it has of course been abused for other purposes -- including the distribution of child pornography and drug sales through sites like Silk Road.

The malware being dumped on Freedom Hosting servers arrived just after Freedom Hosting founder Eric Eoin Marques was arrested in Ireland on charges of distributing child pornography. He's currently awaiting extradition to the United States, but in the interim the malware has continued sending user info to the aforementioned IP address in Virginia.

While I've seen several reports claiming that the IP address in question belongs to the NSA, Wired seems to have the most solid reporting I've seen on the subject, noting that the address belongs to contractor Science Applications International Corporation, who is likely working on the FBI's computer and internet protocol address verifier (CIPAV) spyware initiative:
"It just sends identifying information to some IP in Reston, Virginia,” says reverse-engineer Vlad Tsyrklevich. "It’s pretty clear that it’s FBI or it’s some other law enforcement agency that’s U.S.-based." If Tsrklevich and other researchers are right, the code is likely the first sample captured in the wild of the FBI’s “computer and internet protocol address verifier,” or CIPAV, the law enforcement spyware first reported by WIRED in 2007.
Given the FBI's rich history waging war on entirely legal domestic political organizations, there's obviously many that worry the government will extend this power on those that use Tor for perfectly peaceful, legal and legitimate political reasons. Meanwhile, Tor notes that the vulnerability has been patched by Mozilla in later versions of Firefox, though many users may still be using older versions of the Tor Browser Bundle. They're also advising Tor users to stop using Windows and to disable JavaScript if they're truly interested in being secure.

55 comments .. click to read

Recommended comments

netbus developer
Brighton, MA

4 recommendations

reply to slynerve

Re: Tor is dead.

Tor is a tool, nothing more. Tools can be used for good or evil. Tor is used for both.
A sane approach to our federal budget: Ignore the tea party



10 recommendations

reply to FFH

Re: I love TOR

said by FFH:

Tor should not exist.... In reality, it is nothing but a mechanism to help law breakers avoid capture by the police.

That could be said of a lot of things: guns, cars, motorcycles, ski masks, encryption...

Just because someone can use something to break the law does not mean it should not exist.