Anonymity Freedom Hosting Comes Under Attack

Posted: August 14, 2013 in IT Security News
Tags: , , ,

Symantec CorpSymantec reported the detection of an attack on a popular hosting “Freedom Hosting”, which provides anonymous hosting service through a network of Tor. On the page of the service have been detected malicious scripts that allow attackers to intercept user data network Tor. As a result, questioned the anonymity of the hosting center – in fact with the help of malicious programs can track the user’s location.

August 4 at the sites hosted on hosting Freedom Hosting, allows access through a network of Tor, were found malicious scripts. Discovered scripts use the vulnerability, found in the browser Firefox, which has already been fixed in Firefox 22 and Firefox 17.0.7 ESR (Extended Support Release). Most likely, this vulnerability has been chosen because it set to work with a network of Tor Browser Bundle (TBB) is based on the Firefox ESR 17. Symantec products are defined these scripts as Trojan.Malscript! Html.

Hackers attack

Hackers Attack steps

In the event of a successful attack MAC-address of the network card and the local host name of the infected computer sent to the IP-address – that is, fall into the wrong hands. Here is an example sends the data in this way, where the host – the name of the local computer and the cookie ID – its MAC-address:

GET / 05cea4de-951d-4037-bf8f-f69055b279bb HTTP/1.1
Host: PXE306141
Cookie: ID = 0019B909D908
Connection: keep-alive
Accept: * / *
Accept-Encoding: gzip

In addition, as a result of a malicious site on the computer is the unique cookie-file, and with his help, and using MAC-address and name of the local host, attackers can determine the location of an individual computer targeted by the attack. The introduction of such methods would allow law enforcement agencies to determine the location of the system by keeping track of who was sold to one or the other network card. There is much speculation about the identity and motives of the attacker or attackers behind this attack, but at this time does not prove anything is possible.

Although the Tor network and was designed to protect the personal data of users by hiding their location and Internet activity from the various systems of traffic analysis and network monitoring, this attack shows that Tor users can still be traced, they say in Symantec.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s