Saturday, September 14, 2013

FBI Admits It Controlled Tor Servers Behind Mass Malware Attack

Source: Wired Threat Level

It wasn’t ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors.

Freedom Hosting was a provider of turnkey “Tor hidden service” sites — special sites, with addresses ending in .onion, that hide their geographic location behind layers of routing, and can be reached only over the Tor anonymity network. Tor hidden services are used by sites that need to evade surveillance or protect users’ privacy to an extraordinary degree – including human rights groups and journalists.

...the FBI took over the servers in late July...

On August 4, all the sites hosted by Freedom Hosting ... began serving an error message with hidden code embedded in the page. ... it exploited a security hole in Firefox to identify users of the Tor Browser Bundle ...

... It looked up the victim’s MAC address — a unique hardware identifier for the computer’s network or Wi-Fi card — and the victim’s Windows hostname. Then it sent it to a server in Northern Virginia server, bypassing Tor, to expose the user’s real IP address, coding the transmission as a standard HTTP web request.

No comments:

Post a Comment

Comment Guidelines: Please be respectful of others at all times. Thanks for reading and thanks for your comments!