 "US government shuts Tor-based child porn site using suspected Firefox vulnerablity")
The topic of pornography and the stance that many governments are taking against it has been in the news for a while now. New reports show that the US government was able to take down one of the Internet’s largest child porn sites. This was possible after a programme successfully cracked the security on a service that enables anonymous Internet browsing and site hosting.
A report by security expert Brian Krebs shows that US authorities were able to crack the software behind a site hosted by Tor. Tor is a Web service that allows users to surf the Internet anonymously by rerouting the traffic requests across its network. According to the report, authorities were able to get inside the software using a vulnerability in the security within Mozilla’s Firefox 17 browsers . The Firefox version was released last year in November, and Mozilla is current investigating the vulnerability in the same.
One of the principal suspects in the take-down, Ireland-based Eric Eoin Marques, is reportedly facing extradition to the US, according to the Independent . The company that he runs, Freedom Hosting, disappeared from the network following the take-down, according to a Tor post put up on the official blog. According to the FBI, Marques is reportedly the “largest facilitator of child porn on the planet.” It is important to point out that Tor project had no connection to Freedom Hosting, or any other site that the company ran on it. Tor simply provided a free space online.
US government shuts down child pornography site using possible vulnerablity in Firefox OS…
A post on the Tor Project blog said that, “around midnight on August 4th we were notified by a few people that a large number of hidden service addresses have disappeared from the Tor Network”. The post added that “multiple hidden service hosting companies appears to be down”.
While the take-down is definitely an important one, because it deals with a sensitive topic like child pornography, there are some security concerns. The US government managed to crack a Tor Network site, which is a big deal because many whistleblowers, media houses, and activists use the service in the pursuit of anonymity. And anonymity has become a prime commodity after massive data gathering programmes like PRISM and other cyber spying initiatives came to light.
The post on the Tor blog has said that, “The current news indicates that someone has exploited the software behind Freedom Hosting. From what is known so far, the breach was used to configure the server in a way that it injects some sort of javascript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect user’s computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based.”
Users of the latest version of the browser, Firefox 22 , which was launched in June, are not likely to be affected by the problem, according to Krebs. The report does suggest that other organisations that use Mozilla could be affected.
Version 17 of Firefox is currently in Extended Support Release (ESR), a system preferred by most businesses because it brings new features to the browser without the need for a lengthy update process to the latest build. As Mozilla rolls out new updates regularly, ESR becomes an easier option for most companies who want the latest features without having to download the latest update. There does not seem to be any reports to suggest that Mozilla was working with the US government on this crack-down. There has been no official word from Mozilla at this time.