This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.bbc.co.uk/news/technology-23573048

The article has changed 2 times. There is an RSS feed of changes available.

Version 0 Version 1
Child abuse sites on Tor compromised by malware Child abuse sites on Tor compromised by malware
(about 20 hours later)
A service accused of helping distribute child abuse images on a hidden part of the internet has been compromised.A service accused of helping distribute child abuse images on a hidden part of the internet has been compromised.
Sites using service provider Freedom Hosting to deliver their material have had code added to their pages, which could be used to reveal the identities of people visiting them.Sites using service provider Freedom Hosting to deliver their material have had code added to their pages, which could be used to reveal the identities of people visiting them.
Freedom Hosting delivered sites via Tor, a network designed to keep net activity anonymous.Freedom Hosting delivered sites via Tor, a network designed to keep net activity anonymous.
The news has led some to claim that Tor no longer offers a "safe option".The news has led some to claim that Tor no longer offers a "safe option".
"This challenges the assumption people have made that Tor is a simple way of maintaining your anonymity online," Alan Woodward, chief technology officer at security advisors Charteris, told the BBC."This challenges the assumption people have made that Tor is a simple way of maintaining your anonymity online," Alan Woodward, chief technology officer at security advisors Charteris, told the BBC.
"The bottom line is that is not guaranteed even if you think you are taking the right steps to hide your identity. This is the first time we've seen somebody looking to unmask people rather than just security researchers discussing the possibility.""The bottom line is that is not guaranteed even if you think you are taking the right steps to hide your identity. This is the first time we've seen somebody looking to unmask people rather than just security researchers discussing the possibility."
Mr Woodward added that the way the added code had been designed suggested a US law enforcement agency was behind the breach.Mr Woodward added that the way the added code had been designed suggested a US law enforcement agency was behind the breach.
Tor users expressed mixed feelings about the news.Tor users expressed mixed feelings about the news.
"This exploit targets kiddie porn viewers only. If that's not you, you have nothing to worry about," suggested one."This exploit targets kiddie porn viewers only. If that's not you, you have nothing to worry about," suggested one.
An "exploit" refers to software that makes programs, websites and other code do something they were not originally designed to do.An "exploit" refers to software that makes programs, websites and other code do something they were not originally designed to do.
But another said: "This week it's child porn, next week it may be a whistle-blower or an activist."But another said: "This week it's child porn, next week it may be a whistle-blower or an activist."
Malware attackMalware attack
News of the action was confirmed by an administrator of the Tor Project on its blog.News of the action was confirmed by an administrator of the Tor Project on its blog.
It said that over the weekend people had contacted it to say that a large number of sites using Tor, which were hidden from other net users, had gone offline simultaneously.It said that over the weekend people had contacted it to say that a large number of sites using Tor, which were hidden from other net users, had gone offline simultaneously.
"The current news indicates that someone has exploited the software behind Freedom Hosting," it said."The current news indicates that someone has exploited the software behind Freedom Hosting," it said.
"From what is known so far, the breach was used to configure the server in a way that it injects some sort of Javascript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect users' computers.""From what is known so far, the breach was used to configure the server in a way that it injects some sort of Javascript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect users' computers."
Freedom Hosting was previously targeted by the Anonymous hacktivist collective, whose members temporarily forced it offline in 2011 after claiming it was the largest host of material showing child abuse on Tor.Freedom Hosting was previously targeted by the Anonymous hacktivist collective, whose members temporarily forced it offline in 2011 after claiming it was the largest host of material showing child abuse on Tor.
The Daily Dot news site reports that paedophiles continued to use the hosting service and have been warning each other of the breach since the news emerged.The Daily Dot news site reports that paedophiles continued to use the hosting service and have been warning each other of the breach since the news emerged.
They also told each other to stop using TorMail, a service used to allow people to send and receive email anonymously, which used Freedom Hosting's servers.They also told each other to stop using TorMail, a service used to allow people to send and receive email anonymously, which used Freedom Hosting's servers.
Freedom Hosting also provided access to HackBB, a hacking-themed discussion forum, and the Hidden Wiki, an encyclopaedia of Tor and other dark nets. Freedom Hosting also provided access to HackBB, a hacking-themed discussion forum, and the Cleaned Hidden Wiki, an encyclopaedia of Tor and other dark nets.
The hosting service's terms and conditions had stated that illegal activities were not allowed on the sites it supported, but added that it was "not responsible" for its users' actions.The hosting service's terms and conditions had stated that illegal activities were not allowed on the sites it supported, but added that it was "not responsible" for its users' actions.
Tor's developers have stressed that "the person, or persons, who run Freedom Hosting are in no way affiliated or connected to The Tor Project".Tor's developers have stressed that "the person, or persons, who run Freedom Hosting are in no way affiliated or connected to The Tor Project".
Law enforcersLaw enforcers
Analysis of the Javascript exploit suggests that it takes advantage of a vulnerability in Firefox 17, which meant that people using that version of Mozilla's browser could be identified, despite the protections built into Tor.Analysis of the Javascript exploit suggests that it takes advantage of a vulnerability in Firefox 17, which meant that people using that version of Mozilla's browser could be identified, despite the protections built into Tor.
"It appears to connect the machine using the compromised browser to an address which appears to originate from Reston, Virginia, US, and sends the hostname and MAC [media access control] address of the machine," Mr Woodward said."It appears to connect the machine using the compromised browser to an address which appears to originate from Reston, Virginia, US, and sends the hostname and MAC [media access control] address of the machine," Mr Woodward said.
"Unlike IP [internet protocol] addresses, media access control addresses are considered unique to a particular piece of hardware, although they can be spoofed under certain circumstances."Unlike IP [internet protocol] addresses, media access control addresses are considered unique to a particular piece of hardware, although they can be spoofed under certain circumstances.
"It seems unlikely that the malware was written by criminals as the information it is sending back to its masters is of little use to anyone other than law enforcement agencies who are trying to track down machines that are using the Tor network to remain anonymous.""It seems unlikely that the malware was written by criminals as the information it is sending back to its masters is of little use to anyone other than law enforcement agencies who are trying to track down machines that are using the Tor network to remain anonymous."
Irish arrestIrish arrest
News of the breach came shortly after the Irish Times reported that a 28-year-old Dublin-based man had been arrested and accused by the FBI of being "the largest facilitator of child porn on the planet".News of the breach came shortly after the Irish Times reported that a 28-year-old Dublin-based man had been arrested and accused by the FBI of being "the largest facilitator of child porn on the planet".
It said that Eric Eoin Marques faces allegations that he had aided and abetted a conspiracy to advertise material showing the abuse of prepubescent children.It said that Eric Eoin Marques faces allegations that he had aided and abetted a conspiracy to advertise material showing the abuse of prepubescent children.
The paper reported that the US authorities are seeking his extradition on four charges.The paper reported that the US authorities are seeking his extradition on four charges.
It said the judge in the case ruled that while Mr Marques was entitled to the presumption of innocence, he should remain in custody pending a further hearing because he posed a flight risk.It said the judge in the case ruled that while Mr Marques was entitled to the presumption of innocence, he should remain in custody pending a further hearing because he posed a flight risk.
A spokesman for the FBI told the BBC: "An individual has been arrested in Ireland as part of an ongoing criminal investigation in the United States. Because this is matter is ongoing, longstanding Department of Justice Policy prohibits us from discussing this matter further."A spokesman for the FBI told the BBC: "An individual has been arrested in Ireland as part of an ongoing criminal investigation in the United States. Because this is matter is ongoing, longstanding Department of Justice Policy prohibits us from discussing this matter further."