Anonymous Web-host shut down, owner arrested; Tor users compromised by Javascript exploit

Anonymous Web-host shut down, owner arrested; Tor users compromised by Javascript exploit

boingboing.net

FreedomWeb, an Irish company known for providing hosting for Tor "hidden services" -- services reached over the Tor anonymized/encrypted network -- has shut down after its owner, Eric Eoin Marques, was arrested over allegations that he had facilitated the spread of child pornography. Users of Tor hidden services report that their copies of "Tor Browser" (a modified, locked-down version of Firefox that uses Tor by default) were infected with malicious Javascript that de-anonymized them, and speculate that this may have originated with with FBI. Tor Browser formerly came with Javascript disabled by default, but it was switched back on again recently to make the browser more generally useful.

Some are predicting an imminent Bitcoin crash precipitated by the shutdown.

(visit the link for the full news article)

The founder of Freedom Hosting has been arrested in Ireland and is awaiting extradition to USA.

In a crackdown that FBI claims to be about hunting down pedophiles, half of the onion sites in the TOR network has been compromised, including the e-mail counterpart of TOR deep web, TORmail.

This is undoubtedly a big blow to the TOR community, Crypto Anarchists, and more generally, to Internet anonymity. All of this happening during DEFCON.

If you happen to use and account name and or password combinations that you have re used in the TOR deep web, change them NOW.

Source

A few days ago there were mass outages of Tor hidden services that predominantly effected Freedom Hosting websites.

postimg.org...

"Down for Maintenance
Sorry, This server is currently offline for maintenance. Please try again in a few hours."

If you saw this while browsing Tor you went to an onion hosted by Freedom Hosting. The _javascript exploit was injected into your browser if you had _javascript enabled.

What the exploit does:

The JavaScript zero-day exploit that creates a unique cookie and sends a request to a random server that basically fingerprints your browser in some way, which is probably then correlated somewhere else since the cookie doesn't get deleted. Presumably it reports the victim's IP back to the FBI.

An iframe is injected into FH-hosted sites:

Source

Some are saying that half of all TOR sites have been compromised.

This is pretty big news that could have serious implications for many people not just criminals. TOR isn't just used by the bad guys its used by many people around the world who live in countries that filter their internet content so these people are at risk of being exposed as well

The already volatile Bitcoin crypto-currency that is used throughout the TOR network as an anonymous way of paying for goods and services is sure to lose its value rapidly over the next few weeks. There has already been one large Bitcoin market crash in April of this year and some people are predicting it could reach its lowest value ever.

To be honest ive never fully trusted the TOR network but to think that the FBI might have had a hand in messing with the TOR browser bundle is still surprising. All in all it was only a matter of time before something like this happened.



boingboing.net
(visit the link for the full news article)

I tried tor a while back as a way of getting around the "This video is blocked to your country" message on some youtube vids.

Me thinks I'll be doing some serious scanning of my drives.


ETA: Just read it again, de-anonymize, Nothing for me to worry about.

Well let me put on my surprised face.......wait for it.....wait for it......

War has been waged on all fronts. Everything is in motion and has been for some time.

There is no doubt that where there's a will theres a way. And there is obviously a will and want to exploit TOR. Case in point, your OP

Not for nothing... but I've been warning about this sort of thing for the past year and a half. The Feds control some of the exit nodes and have ISP based access to others.

I heard about this early this morning from a friend in the law enforcement community. While the friend could not divulge much, I did get the feeling that more arrests are forthcoming.

using _javascript....lol

Glad I didn't invest in Bitcoin.

Even more glad I didn't invest my time in anonymity.

reply to post by PhoenixOD

Whoa.... This is a shock. Freedom Hosting, eh? They estimate only half of the Onion world? I'm going to guess it's considerably higher than 50% by this. WOW.... I'll bet the FBI got logs and data that shocked even those guys into cold silence. I can only imagine ...as they started matching IP's to hosts and specific origins ...just what they found.

How many out of Government agencies? Which ones...? How many in other walks of life no one would ever guess in a million years?? This also goes WAY beyond kiddie porn. There are serious and REAL weapons smuggling outlets down there. Basically the Black Market in every form, for every thing and in every way one can imagine. Any THING one can imagine being possible to sell, short of nuclear material (and that's probably there too..but not at the TOR level of things)

I have a feeling there are people all over the world sweating bullets tonight on this news and looking for ways to dig holes and pull them in over top of themselves. TOR was considered safe...so I have no doubt everyone with warped interests that discovered it? Ran wild in it. If the FBI doesn't play hyper-politics about who they go after? This could be the biggest thing since the 80's for major scandals to HIGH levels of power, in all directions.

That's my take.

Sounds like someone released some serious information that needed to be wiped and this was a convenient excuse to do it.

I was recently considering using Tor. But now that it seems they're going to frame people for child pornography, I think I'll stay away. Unfortunately, that is me bending to government fear.

reply to post by Wrabbit2000


People just have to understand this isn't the movies - you will be tracked and what you do on the net will be monitored. Perhaps this is a good thing, perhaps people will stop this anonymous protesting and will actually start doing SOMETHING for real.

I always thought TOR was like a super deep underweb that you only see representations of in movies and hear about on 4chan. Like something only the most secure of hackers use. I mean, I knew it was basically a free black market but judging from the comments I didn't think it would be that rampant. Always wanted to see what it was like one day on my linux box but I guess not.

Originally posted by MidnightTide
perhaps people will stop this anonymous protesting

Protecting your identity isn't protesting. It's using your rights as a human being.

I had tor on my old P.C. but I didn't add it to this one after I grew suspicious. Glad I didn't

reply to post by mr10k


TOR is just Firefox configured to run on proxies and with all of the fun ( and potentially identifying plugins and addons removed ). In and of itself it's just a very securely set up web browser.

Where people run into trouble is when they use TOR and start Googling "Hidden Wiki".

Originally posted by Hefficide
reply to post by mr10k

 

TOR is just Firefox configured to run on proxies and with all of the fun ( and potentially identifying plugins and addons removed ). In and of itself it's just a very securely set up web browser.

Where people run into trouble is when they use TOR and start Googling "Hidden Wiki".

I honestly don't get how people enjoy using it. It's unbelievably slow. Like dial-up internet slow.

Originally posted by MidnightTide
reply to post by Wrabbit2000

 

People just have to understand this isn't the movies - you will be tracked and what you do on the net will be monitored. Perhaps this is a good thing, perhaps people will stop this anonymous protesting and will actually start doing SOMETHING for real.

Agreed and in a way, this is actually good news. I've been saying for a long time now that the efforts to "attack" things like Child Porn has absolutely no meaning while TOR and deeper levels existed to basically function as the center for all that and so much worse. All, seemingly, without any law of any kind.

If they've been working into that world to quietly catalog the players for a major take down? It would be one of the best days society could ask for. Some of the worst monsters our world has...hang out down there. No joke.

Somebody who is using Tor or other anonymous methods to spread child pornography, deserves to be arrested. Anonymity is not a passport to commit crimes.

It can be a good thing to overcome censorship and get past stupid video restrictions based on a host's IP address. Some people also have the need to express themselves without running the risk of being arrested or worse.

Wasn't the initial purpose of the Internet - as we know it - to exchange information and ideas on a global scale, a place without borders, where we could all connect?

Look what it has become: a controlled environment. Again, human kind has found a way to screw up something ingenious and turned it into a monitoring tool used for commercial and psychological profiling.

Technology as it seems, is always used for the worse, never for the best. We always seem to turn it into something negative or destructive.

I guess knowledge is worth nothing without the wisdom to treasure and nurture it.

I really don't understand... If the government is openly spying on all internet use, then it should be very easy to find any cyber crimes committed, and trace it down to the person(s) and/or location(s). This sounds like making a big show for a chilling effect.

Everything you ever do on the internet is recorded somewhere.

Everything you ever do on the internet is recorded somewhere.

There are techniques, however, to be "invisible" on the Internet if you know the seven layers of the OSI model.
Something I will not discuss here or on any other forum for that matter.