Freedom Hosting
In case you missed our earlier story regarding the shutdown of hidden sites hosted by the anonymous and cheap hosting company Freedom Hosting, here's the background: malicious Javascript code was found to be embedded in many of the sites hosted by Freedom Hosting, relying on the Tor network that keeps users' identities completely anonymous. The malware exploited vulnerabilities that existed in the Firefox 17 web browser, which is part of the Tor Browser Bundle used to access the Tor network.
The Tor Anonymity project announced the attack, saying, “Windows users using the Tor Browser Bundle (which includes Firefox plus privacy patches) appear to have been targeted.” Their recommendation: update the Tor Browser Bundle as soon as possible to the latest version, released August 9.
Freedom Hosting: Who's Responsible?
The whole situation just happens to coincide with the arrest by the FBI of Eric Eoin Marques, founder of Freedom Hosting. He was arrested due to allegations his company hosted sites containing child pornography, and every website the cheap hosting company hosted went dark, as did Tor Mail, anonymous email service.
The nature of Tor Browser Bundle is to keep the identity of users a secret, and more users are turning to it than ever. It's easy to see why, in a world where the NSA and its allies have been conducting Internet surveillance. Tor Browser Bundle accesses hidden services typical search engines can't, and Tor Mail allowed users to expose secrets like human rights violations and government oppression without fear of getting caught. At one time, Tor Mail was known as the most anonymous email service on the Internet. But who could break through the anonymity to discover an identity?
Freedom Hosting: The End Of Tor?
Many wonders if this is the end of the anonymous safety net Tor provides. Although there are nefarious uses such as child pornography, it is used more by journalists covering government corruption, human rights activists, protesters, whistle-blowers, and anyone trying to stay under the radar.
If a method has been discovered to locate people who are trying to remain anonymous, will anyone trust the network with their information again? Some say the only ones that should be concerned are those participating in illegal activities. However, who's to say a journalist exposing some form of political wrongdoing in another country won't be punished? One must assume that there is a reason that person wishes to remain anonymous.
One thing is certain: if the security at Freedom Hosting was breached, then no site hosted on Tor is safe. The Javascript, as reported by Wired, “exploited memory management vulnerability, forcing Firefox to send a unique identifier to a third-party server using a public IP address that can be linked back to the person's ISP.”
Freedom Hosting: The Attack
According to Vlad Tsrklevich, a reverse-engineer who broke down the code said the attack “contained several hallmarks of professional malware development, including ‘heap spraying' techniques to bypass Windows security protections and the loading of executable code that prompted compromised machines to send the identifying information to a server located in Virginia.” Doesn't that location just scream ‘government involvement?'
This code is the first discovered FBI Computer and Internet Protocol Address Verifier (CIPAV), and files released from the FBI itself describe CIPAV “as software the FBI can deliver through a browser exploit to gather information from the target's machine and send it to an FBI server in Virginia.”
So should you be worried? Definitely. It seems that despite refusals by hosting companies and website owners to hand over user information, the FBI and NSA will find another way to get the information they need.
Weigh in on this issue in the comments, we'd love to hear what you think!
