Richi Jennings

TOR attacked by NSA/FBI: Feds curb freedom over child porn

August 06, 2013 5:56 AM EDT

Onion Router exploited in child-exploitation case.

TOR logo

The Onion Router (TOR) hidden services hosted by Freedom Hosting have been compromised, allegedly by the FBI. The feds injected malicious JavaScript, in the search for child pornographers. But now, people legitimately needing the freedoms that TOR brings are feeling more than uncomfortable.

In IT Blogwatch, bloggers weigh the pros and cons of curbing freedom in this way.

Your humble blogwatcher curated these bloggy bits for your entertainment.

 
Here's Jeremy Kirk, with no colorful metaphors whatsover:

Freedom Hosting specialized in...TOR-configured websites and was widely believed to be connected to...Eric Eoin Marques [who] appeared in court on Friday in connection with...four charges filed in Maryland [alleging] child pornography.

...an FBI agent...described the 28-year-old as "the largest facilitator of child porn on the planet."  MORE


 
Rich Jones watches the situation:

Since the arrest, internet users have reported noticing malicious JavaScript...inserted into pages hosted by Freedom Hosting. ...there is no conclusive evidence that the injection...is the result of a government operation, however, this does fall under a known pattern of FBI...child porn sting operations.
...
Previously, the browser disabled JavaScript...however this change was recently reverted...in order to make the product more useful for average internet users.  MORE


 
But Darlene Storm rains on the FBI's parade:

...perhaps as much as half of all the Onion Router sites—and Tor Mail—are potentially compromised. ...if you use Tor Browser Bundle with Firefox 17, you accessed a Freedom Hosting...site since August 2...it’s likely your machine has been compromised.
...
Numerous hackers, security experts and researchers are...analyzing the malicious payload code. The FBI may not be the culprit here, but the timing of the attack...does seem suspicious.  MORE


 
So Andrew Lewman and Roger Dingledine distance themselves from the alleged paedo:

The person, or persons, who run Freedom Hosting are in no way affiliated or connected to The Tor Project, Inc.
...
This vulnerability was fixed in Firefox 17.0.7 ESR. ... Tor Browser Bundle users should ensure they're running a recent enough bundle version, and consider taking further security precautions.  MORE


 
Meanwhile, SJVN trumpets the elephant in the room:

Everyone agrees that child pornography is evil. [But] the JavaScript exploit forwarded users' data to...an IP address that was managed by...the private security contractor SAIC...for the NSA.
...
This is a classic privacy dilemma. On the one hand, child abusers may soon find themselves facing jail time. On the other hand, everyone who used hidden services for a legitimate purpose, say tracking human rights abuses in the Syria civil war, have also had their data collected.  MORE


 

Subscribe now to the Blogs Newsletter for a daily summary of the most recent and relevant blog posts at Computerworld.