FBI admitted publicly that the Bureau had compromised the Freedom Hosting, probably the most popular Tor hidden service operator company.
The news confirms the suspects raised after that a group of Security researchers found a malicious script that takes advantage of a Firefox Zero-day to identify some users of the Tor anonymity network.
Mozilla confirmed the presence of the security vulnerability in Firefox 17 (MFSA 2013-53) , which is currently the extended support release (ESR) version of Firefox.
“Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable.”
The exploit is based on a Javascript that is a tiny Windows executable hidden in a variable dubbed “Magneto”. Magneto code looks up the victim’s Windows hostname and MAC address and sends the information back to the FBI Virginia server exposing the victims’s real IP address. The script sends back the data with a standard HTTP web request outside the Tor Network.
Eric Eoin Marques, the 28-year-old Irishman owner and operator of Freedom Hosting, is now awaiting extradition to the US where he could face 100 years in prison on child pornography charges. The new details emerged in press reports from a Thursday bail hearing in Dublin, where Marques, 28, is fighting extradition to America on the above charges. He was denied bail for the second time since his arrest in July. According law enforcement Marques might reestablish contact with co-conspirators, and further complicate the FBI probe.
reedom Hosting with a series of DDoS attacks after allegedly finding the firm hosted more that 90% of the child porn hidden services on the Tor network.
Court documents and FBI files released under the FOIA have described the CIPAV (Computer and Internet Protocol Address Verifier) as software the FBI can deliver through a browser exploit to gather information from the suspect’s machine and send it to on the server of the Bureau in Virginia.
The event is the confirmation that Tor network provides an extra layer of obfuscation but it must be clear it does not provide bulletproof online anonymity, various researches already that evidenced it.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
[adrotate banner=”5″]
[adrotate banner=”13″]
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
This website uses cookies.
