FBI Attack on Child Porn Sites May Have Blown Tor Users' Cover
The Tor project offers a valuable service for many Web users whose very lives may depend on anonymity -- but it also gives criminals access to the same privacy protections. It's suspected that the FBI used hacker tactics to exploit a vulnerability in the Tor browser, based on Firefox, to take down a child porn network. However, other Tor users may have been de-anonymized in the process.
Aug 5, 2013 2:52 PM PT
Ireland-based Freedom Hosting, which hosted several servers on the Tor Project's hidden network, has been taken down through a vulnerability in the Firefox browser -- and the FBI is widely suspected of being the attacker.
The FBI is seeking to extradite Freedom Hosting's owner, Eric Eoin Marques, to the United States on a Maryland warrant, according to the Irish Independent.
Marques, whom the FBI alleges was running a huge child porn network on Freedom Hosting using Tor hidden services, has dual Irish and U.S. citizenship. He is being held in an Irish jail pending the determination of the extradition request
The Tor project, an open network that promises anonymity to users, has denied any connection with Marques.
"It wasn't the Tor network itself that was compromised," Pete Ashdown, founder and CEO of Utah ISP XMission, told TechNewsWorld. "It was the end points, and there are any number of exploits you can run against a Web server."
The FBI declined to comment for this story because the investigation is ongoing.
How Freedom Hosting Was Hacked
The attack was launched through a vulnerability in Firefox 22 and Firefox version 17.0.7.
The latter is in Extended Support Release. An ESR brings new features to the browser build without requiring users to update to the latest version. That saves businesses considerable effort, because Mozilla unleashes a new version of Firefox every six weeks.
Mozilla announced the MFSA 2013-53 vulnerability on Sunday.
The Tor Browser Bundle is based on Firefox ESR-17.
The vulnerability has been fixed in both Firefox 22 and ESR-17. Users running the latest version of the Tor Browser Bundle or Firefox are not at risk from the attack.
Following revelations about the NSA's PRISM program, which is being used to spy on Americans' communications, advice on how consumers can protect their privacy has proliferated in the media. One suggestion that comes up repeatedly is for people to use Tor for communications.
Tor essentially protects users from traffic analysis, which looks at packet headers in Internet traffic, to determine information such as the destination and source of the messages, as well as their timing.
It does so by bouncing messages around a distributed network of relays worldwide.
Tor is used by activists, the media, businesses, and military and law enforcement agencies. In fact, one U.S. Navy team used Tor while deployed in the Middle East. Law enforcement uses Tor to conduct surveillance on websites and for security during sting operations.
Tor and the Freedom Hosting Takedown
The Tor project is investigating the bugs in Firefox that led to the Freedom Hosting takedown.
It says it has nothing to do with Freedom Hosting.
While some reports claim half the Tor hidden service servers have been taken out of action by the attack on Freedom Hosting, the Tor Project will only say that one of multiple hidden service hosting companies appears to be down.
Tor hidden services are servers that can only be reached through the Tor network. Anyone can run a hidden service. Users include dissidents and activists, as well as organizations for suicide prevention, and groups aiding domestic violence and abuse recovery victims.
Hidden service addresses are cryptographically and automatically generated by the Tor software. In other words, nobody knows what they are and nobody can predict what they will be.
"Tor networks make it more difficult to be tracked, but not impossible," Randy Abrams, a research director at NSS Labs, told TechNewsWorld. "It becomes a question of cost -- how much is it worth to go after a target?"
Should Tor Users Fear the FBI?
In the wake of the PRISM revelations, Tor users may have concerns that U.S. spying programs are now seeking to crack the security of services like Tor that offer users anonymity.
However, "the fact that the FBI had known about [Freedom Hosting's] activities since 2011 shows they weren't acting hastily," Daniel Castro, a senior analyst at the Information Technology & Innovation Foundation, told TechNewsWorld.
"I see this as similar to the FBI doing a stakeout and recording criminals they see walking by," Castro elaborated. "This is a net benefit, and it seems like it's very much skewed in favor of a legitimate activity."