Browser Exploit Unmasks Tor Users

Exploitation code targeting a known bug in the Mozilla browser was found on hidden Tor services hosted by the FreedomHosting company, whose owner is now facing extradition to the United States, where he is apparently being charged with distribution of online child pornography.

The aim of the hack seems to have been to de-anonymize Tor Browser Bundle users who were visiting the compromised services. There is much speculation as to the source of the attack code, but nothing is known with certainty, except that the executable delivered by means of the exploit was “phoning home” to an IP address in the United States. The address’ assignee is not (yet?) known.

The attack was completely automated, all that was required of the victims was to visit one of the compromised sites using a vulnerable browser.

According to the Tor project maintainers, the latest version of the Tor Browser is not vulnerable but users of earlier versions should update at their earliest convenience. Bitdefender has added detection for the exploit.