Tor service operator arrested, malware inserted in Tor sites

Freedom Host administrator has been arrested in Ireland, he is currently awaiting extradition to the US, being described by an FBI special agent as “the largest facilitator of child porn on the planet.” Freedom Host was a service inside the Tor network hosting anonymous content that could consist of anything, ranging from leaked documents to hacking tools and illegal images.

Tor Project’s Executive Director has confirmed in his blog that Freedom Host servers were breached before going offline and it is claimed that hidden Tor sites in Freedom Host had been injecting a javascript exploit in an attempt to identify its users. The vulnerability only worked in Firefox 17, on which Tor Browser Bundle is based and is therefore vulnerable, the developers had recently turned on javascript by default in an attempt to make it more user friendly. People using the the NoScript addon or Tails live DVD to access Freedom Host hidden sites should have been protected from the exploit.

Freedom Host Tor operator arrested

Freedom Host Tor operator arrested

OnionNews posters also link FreedomHost administrator with Tormail and a Bitcoin escrow service called OnionBank, those services should be considered compromised by law enforcement as well.

It is important to remember that what has been seized are servers belonging to an individual running various Tor services, this is not a Tor network vulnerability, as long as you did not run the Tor Browser Bundle you should be safe. Hidden sites running on different servers should also be safe, but this sends a strong message that what has happened to one operator might happen to others. The lesson learnt here is that you should always disable javascript in your browser.

More info: Tor Project official blog 

  1. 5 August, 2013
  2. 6 August, 2013
  3. 23 August, 2013
  4. 16 September, 2015
  5. 16 September, 2015

Leave a Reply

Your email address will not be published. Required fields are marked *