Posted by Curt on 14 September, 2013 at 12:11 am. Be the first to comment!



This has been bubbling around geek-space for a few days now, expect it to go mainstream in the next week or two now that geeks have figured out all the particulars and know exactly how the malware works.

On August 4, all the sites hosted by Freedom Hosting — some with no connection to child porn — began serving an error message with hidden code embedded in the page. Security researchers dissected the code and found it exploited a security hole in Firefox to identify users of the Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia. The FBI was the obvious suspect, but declined to comment on the incident. The FBI also didn’t respond to inquiries from WIRED today.

…the malware only targeted Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle – the easiest, most user-friendly package for using the Tor anonymity network. That made it clear early on that the attack was focused specifically on de-anonymizing Tor users….

Prior to the Freedom Hosting attack, the code had been used sparingly, which kept it from leaking out and being analyzed.

Ostensibly, this was all done as part of a child porn investigation, but many legit users were also caught up in it and had their security compromised by the malware too.

The child porn angle makes it a lot harder to criticize, particularly since there seems to be genuine malefactors involved rather than a generic fishing expedition. However, the notion of shotgunning active malware out onto the general public’s computers and hoping to snag a known culprit in that wide net is something that needs discussing. I’m not sure where I am on this one yet.

To the FBI’s credit, the hack code is quite limited in scope and reasonably well crafted from my cursory examination. Basically its circumventing annonymization by sending your hostname and unique LAN card ID’s (MAC address) to the FBI. With the MAC address, subsequent standard router packet sniffs could trace your internet traffic anywhere it goes.

Even though child porn was involved, in this instance, this practice leaves me with a queasy feeling. Is there ever an end to this shit?, lines that won’t be crossed? Its looking like the answer is no.

Read more

0 0 votes
Article Rating
Would love your thoughts, please comment.x