Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

A bunch of Tor sites spread malware. Was the FBI behind it?
Washington Post ^ | 8-5-2013

Posted on 08/05/2013 11:13:27 AM PDT by markomalley

Tor users visiting secret sites hosted by Freedom Hosting early Sunday morning weren’t able to reach their desired destinations. Instead they were met with a “Down for Maintenance” notice and, if they had javascript enabled, malware that could effectively identify Tor users. The Internet is wild with speculation that malware was planted by the FBI. And that isn’t as paranoid as you might think.

Eric Eoin Marques, the man believed to be behind Freedom Hosting, was arrested in Ireland Thursday and is currently awaiting extradition to the U.S. on child pornography charges. While Freedom Hosting was the largest hosting service for secret .onion sites and used for things like the secret e-mail service TorMail, it was also infamous for hosting sites that included depictions of the rape and torture of pre-pubescent children. Taking down the hosting service may have removed some half of the hidden sites accessible through the Tor network.

A lot of people know that you can use Tor to browse the Internet anonymously. This works by routing traffic through several randomly-selected computers in the Tor networks. Web site operators can use the same technique to hide the location of their servers. This can be for illicit purposes like child pornography or dealing drugs. However, Tor’s “hidden service” capability can also be a boon to political activists, whistleblowers, and journalists who want to publish anonymously.

(Excerpt) Read more at washingtonpost.com ...


TOPICS: Extended News; Government
KEYWORDS: firefox; javascript; tor; ubuntu
Also see this Wired article (cannot be posted to FR), Feds Are Suspects in New Malware That Attacks Tor Anonymity.

I personally use TOR through FF 21 over Ubuntu 12.04 LTS for my day to day browsing and I haven't seen this come up (course I don't go to the types of sites being targeted either). This could just be some government agitprop, but in case it's not, be aware.

1 posted on 08/05/2013 11:13:27 AM PDT by markomalley
[ Post Reply | Private Reply | View Replies]

To: markomalley

The torbrowser bundle seems to be the best, it’s a stripped down firefox package. No cookies or scripting allowed, so it’s not something you can really use all the time imo.

Anyway, they’ll infiltrate anything they can and I’m sure they are all over TOR.


2 posted on 08/05/2013 11:14:53 AM PDT by Monty22002
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley

Oh, after I read the article, the torbrowser package is the target. lol.. So much for even that.


3 posted on 08/05/2013 11:16:08 AM PDT by Monty22002
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley

tech bookmark


4 posted on 08/05/2013 11:16:35 AM PDT by Sergio (An object at rest cannot be stopped! - The Evil Midnight Bomber What Bombs at Midnight)
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley

Posted today:

Posted August 5th, 2013 by arma
in security,
tbb,
tor browser

An attack that exploits a Firefox vulnerability in JavaScript has been observed in the wild. Specifically, Windows users using the Tor Browser Bundle (which includes Firefox plus privacy patches) appear to have been targeted.

This vulnerability was fixed in Firefox 17.0.7 ESR. The following versions of the Tor Browser Bundle include this fixed version:
•2.3.25-10 (released June 26 2013)
•2.4.15-alpha-1 (released June 26 2013)
•2.4.15-beta-1 (released July 8 2013)
•3.0alpha2 (released June 30 2013)

Tor Browser Bundle users should ensure they’re running a recent enough bundle version, and consider taking further security precautions.


5 posted on 08/05/2013 11:17:44 AM PDT by Monty22002
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley

Wondering why Wired is on the “no posting” list?

It is getting hard to keep up.


6 posted on 08/05/2013 11:18:21 AM PDT by jacquej ("It is the peculiar quality of a fool to perceive the faults of others and to forget his own." — Ma)
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley

I highly recommend that everyone block the IP range that hosts the target address of the malware:

65.222.202.53


7 posted on 08/05/2013 11:18:38 AM PDT by MeganC (A gun is like a parachute. If you need one, and don't have one, you'll never need one again.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley

Did you see this?

13:50Tor Browser Bundle users who installed or manually updated after June 26 are safe from the exploit, according to the Tor Project’s new security advisory on the hack.


8 posted on 08/05/2013 11:19:52 AM PDT by DManA
[ Post Reply | Private Reply | To 1 | View Replies]

To: DManA

The government is surely working on the latest version as well. They’re always going to be a few steps ahead.


9 posted on 08/05/2013 11:20:32 AM PDT by Monty22002
[ Post Reply | Private Reply | To 8 | View Replies]

To: markomalley

Two of my guitar sites were down on Sunday too. They use the same server. But they always do maintenance ops on Sundays, so no connection to this, I’m sure.


10 posted on 08/05/2013 11:23:24 AM PDT by Dr. Bogus Pachysandra ( Ya can't pick up a turd by the clean end!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley

The Feds do NOT like it when free people use their resources against them. We’re seeing it more and more as of late. With the NSA outed and more likely to come, you can bet your bottom dollar that the government is frantically trying to close any “holes” they deem as problematic. That includes TOR.


11 posted on 08/05/2013 11:27:53 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley

I was port scanned last night by 64.214.103.254...

OrgName: Level 3 Communications, Inc.
OrgId: LVLT
Address: 1025 Eldorado Blvd.
City: Broomfield
StateProv: CO
PostalCode: 80021
Country: US
RegDate: 1998-05-22
Updated: 2012-01-30
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Ref: http://whois.arin.net/rest/org/LVLT

Per Wikipedia: “In July 2013 Level 3 was accused of wiretapping large parts of data on the German Internet Exchange Point DE-CIX for the NSA”


12 posted on 08/05/2013 12:15:55 PM PDT by dadgum (Overjoyed to be the Pariah.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jacquej
Wondering why Wired is on the “no posting” list?

I've always assumed it's because they're a bunch of liberals who hate our guts, and who've complained about us posting excerpts of their articles on this site.

Shame, because there are occasionally some very good articles on their site.

13 posted on 08/05/2013 1:29:21 PM PDT by Windflier (To anger a conservative, tell him a lie. To anger a liberal, tell him the truth.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: MeganC
I highly recommend that everyone block the IP range that hosts the target address of the malware: 65.222.202.53

How does one go about doing that?

14 posted on 08/05/2013 1:30:05 PM PDT by Windflier (To anger a conservative, tell him a lie. To anger a liberal, tell him the truth.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Windflier

In IE you go to your Internet Settings > Security and add it to the restricted sites list.


15 posted on 08/05/2013 1:50:23 PM PDT by MeganC (A gun is like a parachute. If you need one, and don't have one, you'll never need one again.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: MeganC
In IE you go to your Internet Settings > Security and add it to the restricted sites list.

I use Firefox. Looking through the 'tools' area, I can't find where or how to block certain sites.

Any suggestions?

16 posted on 08/05/2013 2:35:57 PM PDT by Windflier (To anger a conservative, tell him a lie. To anger a liberal, tell him the truth.)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Windflier

Inbound/Outbound filter on your router.


17 posted on 08/05/2013 2:50:32 PM PDT by dadgum (Overjoyed to be the Pariah.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Windflier

Sorry, no.


18 posted on 08/05/2013 3:42:35 PM PDT by MeganC (A gun is like a parachute. If you need one, and don't have one, you'll never need one again.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: markomalley
"But the malware only targeted the version of Firefox that is part of the Tor Browser Bundle.

The malware looked up users’ MAC addresses and Windows hostnames, then relayed it to a server in Virginia outside of the Tor network — revealing the users’ real IP addresses.
"

Looks like a social engineering attack devised to moove the Windoze herd away from private browsing.


19 posted on 08/05/2013 4:15:06 PM PDT by familyop (We Baby Boomers are croaking in an avalanche of rotten politics smelled around the planet.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley
"Some reverse engineers looking at the code over the weekend argued that it was “likely” operated by a law enforcement agency because the malware doesn’t do anything other than identify users."


20 posted on 08/05/2013 4:16:04 PM PDT by familyop (We Baby Boomers are croaking in an avalanche of rotten politics smelled around the planet.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Sergio

Bump for later


21 posted on 08/05/2013 4:18:55 PM PDT by citizen (We get the government we choose. America either voted for Obama or handed it to him by not voting.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: markomalley
Firefox Zero-Day Exploit used by FBI to shutdown Child porn on Tor Network hosting; Tor Mail Compromised

The Hacker News

Update: According to Baneki Privacy Labs research, the IP address 65.222.202.53 hardcoded into the exploit belongs to Virginia is actually owned by Science Applications International Corporation (SAIC), a major intelligence, military, aerospace, engineering and systems contractor involved with the Federal Bureau of Investigation (FBI), Defense Advanced Research Projects Agency (DARPA) , Central Intelligence Agency (CIA) and National Security Agency (NSA).

They believe that the hardcoded IP address is directly allocated to the NSA's Autonomous Systems (AS), so its probably not the FBI, its NSA who used Firefox Zero-Day exploit to compromise Freedom Hosting and TOR network.





22 posted on 08/05/2013 4:29:01 PM PDT by familyop (We Baby Boomers are croaking in an avalanche of rotten politics smelled around the planet.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley

Author: Mohit Kumar


23 posted on 08/05/2013 4:29:55 PM PDT by familyop (We Baby Boomers are croaking in an avalanche of rotten politics smelled around the planet.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley

News that PC contractor employees would want to distract from. And yeah—that Oxford, the one with the University and the mosques.

The Oxford sex ring and the preachers who teach young Muslim men that white girls are cheap
http://freerepublic.com/focus/f-news/3051474/posts


24 posted on 08/05/2013 4:59:04 PM PDT by familyop (We Baby Boomers are croaking in an avalanche of rotten politics smelled around the planet.)
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson