[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Fwd: Freedom Hosting Owner Arrested, Tormail Compromised, Malicious JS Discovered



did not see this here, might interest some.
sorry if previously posted.
i have no further info.


-------- Original Message --------
Subject: 	Freedom Hosting Owner Arrested, Tormail Compromised, Malicious
JS Discovered
Date: 	Sun, 4 Aug 2013 14:12:53 -0400
From: 	Rich Jones <rich@xxxxxxxxxxxxx>
To: 	cypherpunks@xxxxxxxxxx



https://openwatch.net/i/200/anonymous-web-host-freedom-hosting-owner-arrested


    Owner arrested in Ireland, FBI makes extradition request, malicious
    JavaScript discovered on a number of important hidden services.


      What happened?

Eric Eoin Marques, the 28 year old owner and operator of the Tor-based
internet host 'Freedom Hosting' has been arrested in Ireland and charged
with distributing and promoting child pornography on the
internet, reports
<http://www.independent.ie/irish-news/courts/fbi-bids-to-extradite-largest-childporn-dealer-on-planet-29469402.html> the
Independent.
Since the arrest, internet users have reported
<http://www.reddit.com/r/onions/comments/1jmrta/founder_of_the_freedom_hosting_arrested_held/> noticing malicious
JavaScript <http://pastebin.com/pmGEj9bV> designed to compromise their
identities inserted into pages hosted by Freedom Hosting, including the
'Tormail' service, as well as a number of pedophile messageboards.


      Why?

'Freedom Hosting' provides hosting for anonymous 'hidden services' on
the Tor network. These services can range from everything from anonymous
email and library services, to online marketplaces for drug distribution
and the production and exchange of child pornography.
As this is part of an ongoing FBI investigation, there is no conclusive
evidence that the injection of this JavaScript is the result of a
government operation, however, this does fall under a known pattern of
FBI behavior
<http://gizmodo.com/why-the-fbi-ran-a-child-porn-site-for-two-whole-weeks-510247728> related
to child porn sting operations. It is possible that the attack, which
delivers a weaponized exploit to Firefox users running Windows systems,
is the work of non-government cyber criminals, although the timing of
the arrest and the appearance of this code on a number of hidden
services hosted by Freedom Hosting does seem to imply a government
operation.

The execution of malicious JavaScript inside the Tor Browser Bundle,
perhaps the most commonly used Tor client, comes as a surprise to many
users. Previously, the browser disabled JavaScript execution by default
for security purposes, however this change was recently reverted by
developers in order to make the product more useful for average internet
users. As a result, however, the applications has become vastly more
vulnerable to attacks such as this/. /


      What's going to happen next?

Although it is difficult to gauge the size of the anonymous internet,
Freedom Hosting did seem to be perhaps the largest anonymous web host,
and its compromise will have serious implications for the future of Tor
hidden services. 

We expect there will be a deeper technical analysis of the malware in
the coming days as security researchers examine it in greater detail.
Since the attack was designed at Firefox for Windows, which the Tor
Browser Bundle is based upon, it seems likely that this is not a random
occurance, and that the malware is designed specifically designed to
compromise the identities of anonymous internet users. Although this
would be a victory for the FBI against child pornographers who use the
Tor network, it could also mean a serious security breach for
international activists and internet users living in repressive states
who use the services to practice online free speech.

OpenWatch has been in the early stages of designing a new alternative to
Freedom Hosting, calledOnionCloud
<https://github.com/Miserlou/OnionCloud>, to allow anonymous Heroku-like
application hosting. Developers interested in this idea and other
OpenWatch technologies are invited to join the discussion by joining the
openwatch-dev mailing list by sending an email to
openwatch-dev+subscribe@xxxxxxxxxxxxxxxx
<mailto:openwatch-dev%2Bsubscribe@xxxxxxxxxxxxxxxx>



-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk