Web-wide fear follows Tor browser exploit

GlobalPost
The World

Hackers, researchers and security experts are desperately trying to determine the source of a piece of malware that, using vulnerability in the Firefox browser, identified users of the private Tor network.

The Tor network is comprised of a number of proxy nodes through which a user’s connection is routed, creating randomly generated private network pathways that change every ten minutes.

This particular piece of malware, delivered through javascript injection, appeared on several websites belonging to the Dark Net — hidden sites only accessible through the Tor network. The malware collects identifying information from the user, like the computer’s MAC (media access control) address and hostname, and sends it over a connection that is not anonymous.

More from GlobalPost: A far cry from Call of Duty, Kerbal Space Program is inspiring players to learn physics (VIDEO)

Speculation and hysteria about the breach are now gripping the internet at large — an internet already nervous about NSA surveillance.  

"Feds Are Suspects in New Malware That Attacks Tor Anonymity enjoy what's left of your internet freedoms," tweeted @Anon_Central, one of the larger Anonymous-branded Twitter accounts.

But the fear is based on the incorrect assumption that the Tor network itself was compromised. In reality, vulnerability in the web browser was exploited; the Tor network itself remains intact and secure. Updated Firefox browsers are also safe from the exploit, as the malware targeted a vulnerability in Firefox 17, an older version.

While Tor is used by criminals attempting to evade law enforcement, the anonymous internet browser is also widely used by journalists (including this one) to help protect the identities of sources. The network is also used by activists who fear government reprisals to avoid detection online.

Some are linking the Dark Net breach to the arrest of Irish national Eric Eoin Marques, whom the FBI has called "the largest facilitator of child porn on the planet.” Marques, the founder of Freedom Hosting, the Tor brower’s most popular hosting service, was arrested in Ireland on Thursday on an extradition request put forth by the intelligence agency. Freedom Hosting manages servers for a large number of child pornography sites on the Dark Net.

Patrick O’Neill at the Daily Dot reported that infamous child pornography websites such as Lolita City, the Love Zone, and PedoEmpire were customers of Freedom Hosting.

The arrest of Marques by US law enforcement initially led many to believe that the FBI was behind the malware targeting the Dark Net, presumably in an effort to locate Marques. Contacted by GlobalPost on Monday, the FBI did acknowledge their pursuit of Marques, but refused to comment on further action taken against the Dark Net. 

“An individual has been arrested as part of an ongoing criminal investigation in the United States. Because this is matter is ongoing, longstanding Department of Justice policy prohibits us from discussing this matter further,” FBI Supervisory Special Agent Jason Pack told GlobalPost.

Tor's director said Monday he was unaware of any attempts by law enforcement to track down Dark Net users. 

More from GlobalPost: How to beat the UK porn ban, protect your privacy and maintain streaming speeds

“We have no information pointing us at law enforcement or anyone claiming responsibility for any of this. The Tor Project has not been approached by law enforcement about Eric Eoin Marques nor Freedom Hosting. It's not clear these two are related at this time,” Tor Executive Director Andrew Lewman told GlobalPost.

A spokesperson for Mozilla Firefox also told GlobalPost they had not been contacted by law enforcement officials.

Further research into the attack on the Dark Net traced an IP address hard-coded into the malware to defense contractor SAIC. SAIC provides a wide variety of services to support the US Department of Defense including “scientific, engineering, systems integration, and technical services and solutions,” according to the company’s website.

More from GlobalPost: FEMA hacked: Anonymous hacks US server in defense of Snowden and government transparency

Sign up for our daily newsletter

Sign up for The Top of the World, delivered to your inbox every weekday morning.