Hacker 10 – Security Hacker

Computer security
Menu
  • Anonymity
  • Encryption
  • Mobile Phone
  • Other
  • Security

Protect your privacy with a no logs VPN!

Join TorGuard
Home
Anonymity
Tor service operator arrested, malware inserted in Tor sites
Anonymity

Tor service operator arrested, malware inserted in Tor sites

John Durret 5 August, 2013

Freedom Host administrator has been arrested in Ireland, he is currently awaiting extradition to the US, being described by an FBI special agent as “the largest facilitator of child porn on the planet.” Freedom Host was a service inside the Tor network hosting anonymous content that could consist of anything, ranging from leaked documents to hacking tools and illegal images.

Tor Project’s Executive Director has confirmed in his blog that Freedom Host servers were breached before going offline and it is claimed that hidden Tor sites in Freedom Host had been injecting a javascript exploit in an attempt to identify its users. The vulnerability only worked in Firefox 17, on which Tor Browser Bundle is based and is therefore vulnerable, the developers had recently turned on javascript by default in an attempt to make it more user friendly. People using the the NoScript addon or Tails live DVD to access Freedom Host hidden sites should have been protected from the exploit.

Freedom Host Tor operator arrested

Freedom Host Tor operator arrested

OnionNews posters also link FreedomHost administrator with Tormail and a Bitcoin escrow service called OnionBank, those services should be considered compromised by law enforcement as well.

It is important to remember that what has been seized are servers belonging to an individual running various Tor services, this is not a Tor network vulnerability, as long as you did not run the Tor Browser Bundle you should be safe. Hidden sites running on different servers should also be safe, but this sends a strong message that what has happened to one operator might happen to others. The lesson learnt here is that you should always disable javascript in your browser.

More info: Tor Project official blog 

Reddit
Tweet
Email
Prev Article
Next Article

Related Articles

Review anonymous file sharing P2P software Freenet
UPDATE 2015: Read Police arrest Freenet user! This software is …

Review anonymous file sharing P2P software Freenet

Anonymous online payments with Shadow Cash
ShadowCash (SDC) is a decentralised crypto currency with a focus on …

Anonymous online payments with Shadow Cash

About The Author

John Durret

5 Comments

  1. corrector

    “The lesson learnt here is that you should always disable javascript in your browser.”

    Patently inane conclusion.

    Many sites are unusable without JS. Also, not all vulnerabilities are JS-based. The next exploit might be with Web fonts, with the PNG renderer… will you also disable images?

    OTOH, you probably should :
    – ensure the host running the browser does not have an Internet address
    – block all outgoing connections except for Tor
    – make the MAC address random

    5 August, 2013
  2. salt

    Every Tor exploit in the past has relied on JavaScript. The steps you outlined are not practical for the average user. If you insist on enabling JS an easier method would be to run Tor under a VPN. In this case the exploit would reveal only the VPN’s IP.

    6 August, 2013
  3. doc

    How about connecting to Tor through a ssh tunnel to an anonymous proxy? Would that suffice too?

    23 August, 2013
  4. imu

    Will there be an update to this news?

    16 September, 2015
    • Brittany

      hello imu,

      I am not updating the blog sorry, too busy working.

      hacker10

      16 September, 2015

Hacker 10 – Security Hacker

Computer security
Copyright © 2025 Hacker 10 - Security Hacker
Privacy by TorGuard VPN