All the latest UK technology news, reviews and analysis


FBI child porn arrest in Ireland creates Tor web tracking concerns

05 Aug 2013
Digital security padlock red image

An FBI child pornography sting on hidden web services provider Freedom Hosting has led to concerns the law enforcement agency is using websites hosted on Freedom Hosting's servers to track people using the anonymous Tor network.

Reports that Freedom Hosting sites had been hijacked to spread a malware designed to track Tor users' web movements emerged after news broke that the FBI had arrested Eric Eoin Marques for alleged involvement in the distribution of online child pornography. Marques is believed to have strong links with Freedom Hosting and to be a vocal member of the Tor community.

The reports claim the FBI used a vulnerability in Firefox 17, on which the Tor browser is based, to turn Freedom Hosting sites into malware spreading tracker tools. Tor is a free service designed to let people hide their internet activity. It does this by directing internet traffic through a volunteer network of more than 3,000 relays to conceal the user's location.

Tor has since published a statement confirming it is looking into the reports.

"The current news indicates that someone has exploited the software behind Freedom Hosting. From what is known so far, the breach was used to configure the server in a way that it injects some sort of JavaScript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect users' computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based. We're investigating these bugs and will fix them if we can," read the Tor statement.

"As for now, one of multiple hidden service hosting companies appears to be down. There are lots of rumours and speculation as to what's happened. We're reading the same news and threads you are and don't have any insider information. We'll keep you updated as details become available."

Tor has since confirmed plans to publish a more thorough security advisory in the very near future.

At the time of publishing, the FBI had not responded to V3's request for comment on the rumours. However, Trend Micro security director Rik Ferguson confirmed there is evidence to suggest a breach occurred to allow tracking.

"Obviously we have to wait for more details to be made public in legal proceedings, but for now the weight of evidence in the hows and whys seems to indicate that a previously unknown vulnerability in Firefox 17 may have been used by law enforcement to identify people visiting certain hidden services as one part of the operation, and of course enough evidence has also been gathered to allow the arrest of Mr Marques in Ireland, suspected of running this hosting service," Ferguson said.

"All the malicious code did was to make a victim machine, which was visiting one of the compromised hidden sites, request a web site on the ‘visible' web, via HTTP, thereby exposing its real IP address. As the exploit did not deliver any malicious code, it is highly unlikely that this was a cybercriminal operation."

F-Secure security analyst Sean Sullivan added that Freedom Hosting is not the first Tor node to be taken down and will be of little consequence to most people using the anonymising web tool.

"Even as far back as 2007, there were examples that poisoned exit nodes could be used to track/capture non-encrypted traffic. Fortunately, activists most often want to communicate, and so can encrypt. Those who want to 'browse' the web - that's a leaky proposition," Sullivan said.

"For the average citizen - encryption is probably the key thing to pursue. If an average Joe wants to help human rights activists, they might best consider hosting a Tor node. But as far as using Tor for browsing? I wouldn't bother."

Web anonymity has been a growing political concern for several years now, with numerous human rights groups claiming European citizens should have the right to be forgotten.

The debate around anonymous browsing reached new heights this summer, when it was revealed the NSA was holding vast amounts of information on web users as a part of its notorious PRISM campaign.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Privacy
What do you think?
blog comments powered by Disqus
Poll

Tech gifts for Christmas 2014

Is a new tablet on your wish list this festive season, or have they become yesterday’s fad?
12%
23%
11%
6%
48%

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Application Support Analyst

UCL Application Services; Common and Infrastructure Applications...

Technical Project Managers

Technical Project Managers Bitwise is looking for...

Junior Developer C# .NET

Ultima are a leading end to end IT infrastructure partner...

Senior Software Developer

Senior Software Developer Application Development...
To send to more than one email address, simply separate each address with a comma.