Menu
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Vault
Time Travel Schematics
T.E.C. Time Archive
The Why Files
Have You Seen...?
Chronovisor
TimeTravelForum.tk
TimeTravelForum.net
ParanormalNetwork.net
Paranormalis.com
ConspiracyCafe.net
Streams
Live streams
Featured streams
Multi-Viewer
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Paranormal Forum
Conspiracies & Cover-ups
Feds Are Suspects in New Malware That Attacks Tor Anonymity
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Samstwitch" data-source="post: 73083" data-attributes="member: 2770"><p><a href="http://www.wired.com/threatlevel/2013/08/freedom-hosting/" target="_blank"><span style="font-size: 22px"><strong>Feds Are Suspects in New Malware That Attacks Tor Anonymity</strong></span></a></p><p></p><p><span style="color: #ccff99">Security researchers tonight are poring over a piece of malicious software that takes advantage of a Firefox security vulnerability to identify some users of the privacy-protecting Tor anonymity network.</span></p><p><span style="color: #ccff99"></span></p><p><span style="color: #ccff99">The malware showed up Sunday morning on multiple websites hosted by the anonymous hosting company Freedom Hosting. That would normally be considered a blatantly criminal “drive-by” hack attack, but nobody’s calling in the FBI this time. The FBI is the prime suspect.</span></p><p><span style="color: #ccff99"></span></p><p><span style="color: #ccff99">“It just sends identifying information to some IP in Reston, Virginia,” says reverse-engineer Vlad Tsyrklevich. “It’s pretty clear that it’s FBI or it’s some other law enforcement agency that’s U.S.-based.”</span></p><p><span style="color: #ccff99"></span></p><p><span style="color: #ccff99">If Tsrklevich and other researchers are right, the code is likely the first sample captured in the wild of the FBI’s “computer and internet protocol address verifier,” or CIPAV, the law enforcement spyware first </span><a href="http://www.wired.com/politics/law/news/2007/07/fbi_spyware" target="_blank">reported</a> <span style="color: #ccff99">by WIRED in 2007.</span></p><p><span style="color: #ccff99"></span></p><p><span style="color: #ccff99">Court documents and FBI files released under the FOIA have described the CIPAV as software the FBI can deliver through a browser exploit to gather information from the target’s machine and send it to an FBI server in Virginia. The FBI has</span> <a href="http://www.wired.com/threatlevel/2009/04/fbi-spyware-pro/" target="_blank">been using the CIPAV</a><span style="color: #ccff99"> since 2002 against hackers, online sexual predators, extortionists, and others, primarily to identify suspects who are disguising their location using proxy servers or anonymity services, like Tor.</span></p><p><span style="color: #ccff99"></span></p><p><span style="color: #ccff99">The code has been used sparingly in the past, which kept it from leaking out and being analyzed or added to anti-virus databases.</span></p><p><span style="color: #ccff99"></span></p><p><span style="color: #ccff99">The broad Freedom Hosting deployment of the malware coincides with the</span> <a href="http://www.independent.ie/irish-news/courts/fbi-bids-to-extradite-largest-childporn-dealer-on-planet-29469402.html" target="_blank">arrest of Eric Eoin Marques</a><span style="color: #ccff99"> in Ireland on Thursday on an U.S. extradition request. The <em>Irish Independent</em> reports that Marques is wanted for distributing child pornography in a federal case filed in Maryland, and quotes an FBI special agent describing Marques as “the largest facilitator of child porn on the planet.”</span></p><p><span style="color: #ccff99"></span></p><p><span style="color: #ccff99">Freedom Hosting has long been notorious for allowing child porn to live on its servers. In 2011, the hactivist collective Anonymous</span> <a href="http://pastebin.com/T1LHnzEW" target="_blank">singled out</a> <span style="color: #ccff99">Freedom Hosting for denial-of-service attacks after allegedly finding the firm hosted 95 percent of the child porn hidden services on the Tor network.</span></p><p><span style="color: #ccff99"></span></p><p><span style="color: #ccff99">Freedom Hosting is a provider of turnkey “Tor hidden service” sites — special sites, with addresses ending in .onion — that hide their geographic location behind layers of routing, and can be reached only over the Tor anonymity network.</span></p><p><span style="color: #ccff99"></span></p><p><span style="color: #ccff99">Tor hidden services are ideal for websites that need to evade surveillance or protect users’ privacy to an extraordinary degree – which can include human rights groups and journalists. But it also naturally appeals to serious criminal elements.</span></p><p><span style="color: #ccff99"></span></p><p><span style="color: #ccff99">Shortly after Marques’ arrest last week, all of the hidden service sites hosted by Freedom Hosting began displaying a “Down for Maintenance” message. That included websites that had nothing to do with child pornography, such as the secure email provider TorMail.</span></p><p><span style="color: #ccff99"></span></p><p><span style="color: #ccff99">Some visitors looking at the source code of the maintenance page realized that it included a hidden iframe tag that loaded a mysterious clump of Javascript code from a Verizon Business internet address located in Virginia.</span></p><p><span style="color: #ccff99"></span></p><p><span style="color: #ccff99">By midday Sunday, the code was being circulated and dissected all over the net. Mozilla confirmed the code exploits a critical memory management vulnerability in Firefox that was</span> <a href="http://www.mozilla.org/security/announce/2013/mfsa2013-53.html" target="_blank">publicly reported</a> <span style="color: #ccff99">on June 25, and is fixed in the latest version of the browser.</span></p><p><span style="color: #ccff99"></span></p><p><span style="color: #ccff99">Though many older revisions of Firefox are vulnerable to that bug, the malware only targets Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle – the easiest, most user-friendly package for using the Tor anonymity network.</span></p><p></p><p><a href="http://www.wired.com/threatlevel/2013/08/freedom-hosting/" target="_blank"><span style="font-size: 18px">CONTINUED: Click Me to read Full Article</span></a></p></blockquote><p></p>
[QUOTE="Samstwitch, post: 73083, member: 2770"] [URL='http://www.wired.com/threatlevel/2013/08/freedom-hosting/'][SIZE=6][B]Feds Are Suspects in New Malware That Attacks Tor Anonymity[/B][/SIZE][/URL] [COLOR=#ccff99]Security researchers tonight are poring over a piece of malicious software that takes advantage of a Firefox security vulnerability to identify some users of the privacy-protecting Tor anonymity network. The malware showed up Sunday morning on multiple websites hosted by the anonymous hosting company Freedom Hosting. That would normally be considered a blatantly criminal “drive-by” hack attack, but nobody’s calling in the FBI this time. The FBI is the prime suspect. “It just sends identifying information to some IP in Reston, Virginia,” says reverse-engineer Vlad Tsyrklevich. “It’s pretty clear that it’s FBI or it’s some other law enforcement agency that’s U.S.-based.” If Tsrklevich and other researchers are right, the code is likely the first sample captured in the wild of the FBI’s “computer and internet protocol address verifier,” or CIPAV, the law enforcement spyware first [/COLOR][URL='http://www.wired.com/politics/law/news/2007/07/fbi_spyware']reported[/URL] [COLOR=#ccff99]by WIRED in 2007. Court documents and FBI files released under the FOIA have described the CIPAV as software the FBI can deliver through a browser exploit to gather information from the target’s machine and send it to an FBI server in Virginia. The FBI has[/COLOR] [URL='http://www.wired.com/threatlevel/2009/04/fbi-spyware-pro/']been using the CIPAV[/URL][COLOR=#ccff99] since 2002 against hackers, online sexual predators, extortionists, and others, primarily to identify suspects who are disguising their location using proxy servers or anonymity services, like Tor. The code has been used sparingly in the past, which kept it from leaking out and being analyzed or added to anti-virus databases. The broad Freedom Hosting deployment of the malware coincides with the[/COLOR] [URL='http://www.independent.ie/irish-news/courts/fbi-bids-to-extradite-largest-childporn-dealer-on-planet-29469402.html']arrest of Eric Eoin Marques[/URL][COLOR=#ccff99] in Ireland on Thursday on an U.S. extradition request. The [I]Irish Independent[/I] reports that Marques is wanted for distributing child pornography in a federal case filed in Maryland, and quotes an FBI special agent describing Marques as “the largest facilitator of child porn on the planet.” Freedom Hosting has long been notorious for allowing child porn to live on its servers. In 2011, the hactivist collective Anonymous[/COLOR] [URL='http://pastebin.com/T1LHnzEW']singled out[/URL] [COLOR=#ccff99]Freedom Hosting for denial-of-service attacks after allegedly finding the firm hosted 95 percent of the child porn hidden services on the Tor network. Freedom Hosting is a provider of turnkey “Tor hidden service” sites — special sites, with addresses ending in .onion — that hide their geographic location behind layers of routing, and can be reached only over the Tor anonymity network. Tor hidden services are ideal for websites that need to evade surveillance or protect users’ privacy to an extraordinary degree – which can include human rights groups and journalists. But it also naturally appeals to serious criminal elements. Shortly after Marques’ arrest last week, all of the hidden service sites hosted by Freedom Hosting began displaying a “Down for Maintenance” message. That included websites that had nothing to do with child pornography, such as the secure email provider TorMail. Some visitors looking at the source code of the maintenance page realized that it included a hidden iframe tag that loaded a mysterious clump of Javascript code from a Verizon Business internet address located in Virginia. By midday Sunday, the code was being circulated and dissected all over the net. Mozilla confirmed the code exploits a critical memory management vulnerability in Firefox that was[/COLOR] [URL='http://www.mozilla.org/security/announce/2013/mfsa2013-53.html']publicly reported[/URL] [COLOR=#ccff99]on June 25, and is fixed in the latest version of the browser. Though many older revisions of Firefox are vulnerable to that bug, the malware only targets Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle – the easiest, most user-friendly package for using the Tor anonymity network.[/COLOR] [URL='http://www.wired.com/threatlevel/2013/08/freedom-hosting/'][SIZE=5]CONTINUED: Click Me to read Full Article[/SIZE][/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Paranormal Forum
Conspiracies & Cover-ups
Feds Are Suspects in New Malware That Attacks Tor Anonymity
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
Accept
Learn more…
Top