[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Fwd: Freedom Hosting Owner Arrested, Tormail Compromised, Malicious JS Discovered

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Fwd: Freedom Hosting Owner Arrested, Tormail Compromised, Malicious JS Discovered
From: bpmcontrol <bpmcontrol@xxxxxxxxx>
Date: Mon, 05 Aug 2013 06:34:10 +0300
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 04 Aug 2013 16:41:30 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; bh=JgeRKGyVFcOh83STsFrrv8FPy0wbuZBKDYdaH7rcjAw=; b=ondQ2GzFZjGeUDM8EVQ70YXHGrtY+ddchntzEWOz/3dLzlSV07HUjTwWmNGKC/nsiS WDveHBwqUVm1Nl5H+8xu9DOUZkPRSvC647py1V5VtJkXquK/zhAcAxJrpRvKK0gk4p/o 8TewgpWwrGD7Fi9fk0ZBg7TUkF/fUgXtnDR1mTAmP/hHZO9w8yvTnFua68wPjZlTy6WZ LdPWk/nVOosivVHwVFXplbM8lQva4vYV5/abyE5PkoFcF5E7cjFJb6CN7KcHDi43nCXi f5WaNT3mmY262brZHz8WL/YArAL7drA1WceYBxtGSFDkbDtS4C0NrM7+6uiAkPY+Xdcz UfSg==
In-reply-to: <CADJYzxLAUnD0h4i74WQnUOXR0EVMUbEkN8mX7BugatEnuOn6cw@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CADJYzxLAUnD0h4i74WQnUOXR0EVMUbEkN8mX7BugatEnuOn6cw@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130620 Thunderbird/17.0.7

did not see this here, might interest some.
sorry if previously posted.
i have no further info.

-------- Original Message --------
Subject: 	Freedom Hosting Owner Arrested, Tormail Compromised, Malicious
JS Discovered
Date: 	Sun, 4 Aug 2013 14:12:53 -0400
From: 	Rich Jones <rich@xxxxxxxxxxxxx>
To: 	cypherpunks@xxxxxxxxxx

https://openwatch.net/i/200/anonymous-web-host-freedom-hosting-owner-arrested

    Owner arrested in Ireland, FBI makes extradition request, malicious
    JavaScript discovered on a number of important hidden services.

      What happened?

Eric Eoin Marques, the 28 year old owner and operator of the Tor-based
internet host 'Freedom Hosting' has been arrested in Ireland and charged
with distributing and promoting child pornography on the
internet, reports
<http://www.independent.ie/irish-news/courts/fbi-bids-to-extradite-largest-childporn-dealer-on-planet-29469402.html> the
Independent.
Since the arrest, internet users have reported
<http://www.reddit.com/r/onions/comments/1jmrta/founder_of_the_freedom_hosting_arrested_held/> noticing malicious
JavaScript <http://pastebin.com/pmGEj9bV> designed to compromise their
identities inserted into pages hosted by Freedom Hosting, including the
'Tormail' service, as well as a number of pedophile messageboards.

      Why?

'Freedom Hosting' provides hosting for anonymous 'hidden services' on
the Tor network. These services can range from everything from anonymous
email and library services, to online marketplaces for drug distribution
and the production and exchange of child pornography.
As this is part of an ongoing FBI investigation, there is no conclusive
evidence that the injection of this JavaScript is the result of a
government operation, however, this does fall under a known pattern of
FBI behavior
<http://gizmodo.com/why-the-fbi-ran-a-child-porn-site-for-two-whole-weeks-510247728> related
to child porn sting operations. It is possible that the attack, which
delivers a weaponized exploit to Firefox users running Windows systems,
is the work of non-government cyber criminals, although the timing of
the arrest and the appearance of this code on a number of hidden
services hosted by Freedom Hosting does seem to imply a government
operation.

The execution of malicious JavaScript inside the Tor Browser Bundle,
perhaps the most commonly used Tor client, comes as a surprise to many
users. Previously, the browser disabled JavaScript execution by default
for security purposes, however this change was recently reverted by
developers in order to make the product more useful for average internet
users. As a result, however, the applications has become vastly more
vulnerable to attacks such as this/. /

      What's going to happen next?

Although it is difficult to gauge the size of the anonymous internet,
Freedom Hosting did seem to be perhaps the largest anonymous web host,
and its compromise will have serious implications for the future of Tor
hidden services. 

We expect there will be a deeper technical analysis of the malware in
the coming days as security researchers examine it in greater detail.
Since the attack was designed at Firefox for Windows, which the Tor
Browser Bundle is based upon, it seems likely that this is not a random
occurance, and that the malware is designed specifically designed to
compromise the identities of anonymous internet users. Although this
would be a victory for the FBI against child pornographers who use the
Tor network, it could also mean a serious security breach for
international activists and internet users living in repressive states
who use the services to practice online free speech.

OpenWatch has been in the early stages of designing a new alternative to
Freedom Hosting, calledOnionCloud
<https://github.com/Miserlou/OnionCloud>, to allow anonymous Heroku-like
application hosting. Developers interested in this idea and other
OpenWatch technologies are invited to join the discussion by joining the
openwatch-dev mailing list by sending an email to
openwatch-dev+subscribe@xxxxxxxxxxxxxxxx
<mailto:openwatch-dev%2Bsubscribe@xxxxxxxxxxxxxxxx>

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Fwd: Freedom Hosting Owner Arrested, Tormail Compromised, Malicious JS Discovered
  - From: Andrew Lewman

Prev by Author: Re: [tor-talk] ***[SPAM]*** Re: Tor and Financial Transparency
Next by Author: Re: [tor-talk] Tor security advisory: Old Tor Browser Bundles vulnerable
Previous by thread: Re: [tor-talk] I cannot see Tor anywhere
Next by thread: Re: [tor-talk] Fwd: Freedom Hosting Owner Arrested, Tormail Compromised, Malicious JS Discovered
Index(es):
- Author
- Thread