The Inquirer-Home

FBI is accused of compromising the TOR network

Anonymous internet is missing in action
Mon Aug 05 2013, 15:05
Superfast fibre broadband rollout

THE UNITED STATES Federal Bureau of Investigation (FBI) has been accused of gathering data from the anonymous network known as TOR.

The FBI might be behind a security assault on the TOR network that grabs users' information.

Security researcher Vlad Tsyrklevich said that the attack is a strange one and is most likely the work of the authorities.

"[It] doesn't download a backdoor or execute any other commands, this is definitely law enforcement," he said in a tweet about the discovery.

He went a bit further in a blog post, explaining that the Firefox vulnerability is being used to send data in one direction.

"Briefly, this payload connects to 65.222.202.54:80 and sends it an HTTP request that includes the host name (via gethostname()) and the MAC address of the local host (via calling SendARP on gethostbyname()->h_addr_list). After that it cleans up the state and appears to deliberately crash," he added.

"Because this payload does not download or execute any secondary backdoor or commands it's very likely that this is being operated by an LEA and not by blackhats."

The bug is listed at Mozilla, and the firm has a blog post saying that it is looking into it.

Over the weekend a blog post appeared on the TOR website that sought to distant it from a number of closed down properties or hidden websites. It is thought that the shuttered websites, which were hosted by an outfit called Freedom Hosting, were home to the worst kind of abuses.

A report at the Irish Examiner said that a chap called Eric Eoin Marques is the subject of a US extradition request. He is accused of being in charge of Freedom Hosting.

"Around midnight on August 4th we were notified by a few people that a large number of hidden service addresses have disappeared from the TOR Network," the TOR project said.

"There are a variety of [rumours] about a hosting company for hidden services: that it is suddenly offline, has been breached, or attackers have placed a javascript exploit on their web site," it said.

"The person, or persons, who run Freedom Hosting are in no way affiliated or connected to The TOR Project, Inc., the organization coordinating the development of the TOR software and research." µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Coding challenges

Who’s responsible for software errors?