In the tech news recently there have been several articles about Tor being targeted for malware by the NSA.
If you’re new to the world of tech freedom, TOR is supposed to be a safe zone, a sanctuary. Among other things, it offers a way to surf anonymously. Governments hate it because the bad guys can use it as a way to evade detection. Digital freedom fighters like it for the same reason.
But now using Tor puts your computer at risk! Luckily the people at Tor are on this and have made available a new Tor bundle that patches these vulnerabilities. If you use Tor, download the new Bundle.
TOR Security Advisery Here:
https://blog.torproject.org/...
The exploit takes advantage of a vulnerability in Firefox that has since been patched. Users of TOR are advised to make sure they are using the most up-to-date browser bundle available from the TOR project. TOR users are also advised to disable both JavaScript, Flash and most browser add-ons while attempting to browse anonymously.
According to the BBC, it was initially assumed hackers had targeted TOR as an action against kiddie porn:
“The code to exploit the bug was fed into the Tor network via servers owned by Freedom Hosting that ran sites accessible only via Tor. In 2011, Freedom Hosting sites on Tor came under attack by the Anonymous hacktivist collective, which claimed they hosted large amounts of images of child sexual abuse.
“The most recent attack is widely believed to have been carried out in an attempt to identify people viewing or swapping images of abuse via Freedom Hosting.”
That turned out to most likely not be the case, however. When malware was installed on TOR users’ Windows machines, it called home using an IP address hardcoded into the malware. Naturally, the security folks thought this would be a good clue to investigate:
“The warning comes as security researchers and computer forensics experts try to trace where the unique IDs grabbed by the attack code were being sent.
“Early work showed it was going to a location in the American state of Virginia. Further sleuthing now suggests the web address it is being sent to is run by the US National Security Agency.”
Aha! Our old friends at the NSA haven’t seemed to learn to retreat or even to pretend to do so as a public relations ploy. The only reason I can see for such an action, especially one that left a trail of breadcrumbs that could be followed to their door, is that our favorite spooks wanted to get caught. This has all the appearances of a warning shot over the bow or the Borg collective announcing, “Resistance is futile.”
A similar conclusion was expressed in an article on Ars:
“The use of a hard-coded IP address traceable back to the NSA is either a strange and epic screw-up on the part of someone associated with the agency (possibly a contractor at SAIC) or an intentional calling card as some analyzing the attack have suggested. One poster on Cryptocloud’s discussion board wrote, ‘It’s psyops—a fear campaign… They want to scare folks off Tor, scare folks off all privacy services.’”
Although indications are that the IP address used by the malware initially belonged to defense contractor SAIC and was allocated to the NSA as part of several blocks of IP addresses handed over, the address could possibly belong to another government agency instead:
There are several sources that contend that the analysis of the DNS records…is flawed because of aged domain data for the IP address, and that the address block could be in use by any number of federal agencies or government contractors connected through Verizon Business / UUNET in that area. But DNS data points to the address being owned by SAIC.
While much of the news coming out of the NSA spy revelations is disturbing, to say the least, there have been a few rays of hope coming out of this mess. For example, on Saturday Reuters. reported it was evident at this years Black Hat conference and Def Con that the recent spy scandals have dealt a serious blow to the NSA recruitment efforts. Def Con went so far as to ask the NSA to not attend this years event and sentiment against Federal intelligence agencies was rampant:
“Peiter Zatko, a hacker hero who funded many small projects from a just-departed post at the Pentagon’s Defense Advanced Research Projects Agency, told another large audience that he was unhappy with the surveillance programs and that ‘challenging the government is your patriotic duty.’
“The disenchanted give multiple reasons, citing previous misleading statements about domestic surveillance, the government’s efforts to force companies to decrypt user communications, and the harm to U.S. businesses overseas.
“‘I don’t think anyone should believe anything they tell us,’ former NSA hacker Charlie Miller said of top intelligence officials. ‘I wouldn’t work there anymore.’”
Another unintended consequence of this mess may be that everyday people might finally get it and understand that there absolutely can be no privacy guarantees in cyberspace. No matter what privacy laws get passed, individuals, companies and governments can and will be collecting data to which they have no right.