Feds bring down Tor-hosted child porn site using suspected vulnerability in Firefox browser

Feds bring down Tor-hosted child porn site using suspected vulnerability in Firefox browser

The US government has successfully taken down one of the Internet’s largest child porn sites, following a program that cracked security on a service that enables anonymous Internet browsing and site hosting.

Security expert Brian Krebs reports that US authorities were able to explore software behind a site hosted by Tor, a service that lets users browse the Web anonymously by rerouting traffic requests across its network. Access was supposedly made possible via a security vulnerability within Mozilla’s Firefox 17 browser– released in November 2012 — which Mozilla is investigating.

In particular, Ireland-based Eric Eoin Marques, who the FBI calls “the largest facilitator of child porn on the planet,” was the among the targets. Marques is facing extradition to the US and the company he runs on the Tor Network, Freedom Hosting, disappeared following a take down by US authorities using the Firefox vulnerability. (It’s important to note that the Tor Network is not affiliated with Freedom Hosting, or other sites that run on it, it simply provides a free space online.)

A post on the Tor Project blog explains that “around midnight on August 4th we were notified by a few people that a large number of hidden service addresses have disappeared from the Tor Network”. The post further explains that “multiple hidden service hosting companies appears to be down”.

While bringing down child porn sites is undoubtedly good for the Internet, there are concerns. The fact that the FBI managed to infiltrate a Tor Network site is a big deal, since it is commonly used by whistleblowers, media and activists that all seek online anonymity away from the gaze or reach of authorities.

That need has been particularly heightened with the many revelations of the US Prism program and other cyber spying initiatives.

The Tor Project post speculates that the site was accessed and rigged to identify visitors to Freedom Hosting:

The current news indicates that someone has exploited the software behind Freedom Hosting. From what is known so far, the breach was used to configure the server in a way that it injects some sort of javascript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect user’s computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based.

According to Krebs, the hole is likely not a problem for users of the latest version of the browser — Firefox 22 was launched in June — but it could affect organizations that use Mozilla. Version version 17 is currently in Extended Support Release (ESR), a system favored by business because it brings new features to the browser without needing an update to the latest build. Since Mozilla releases new versions at six-week intervals, ESR prevents a less time-intense option.

Microsoft provided the US government with a “an early start” on its security vulnerabilities, which was reportedly used to aid its cyber espionage programs. Microsoft claims the information was provided to help shore up US systems.

There’s no suggestion, at this point, that Mozilla worked with the government on this — for one thing because the company is investigating an issue brought to its attention by others.

Tor says its team “don’t have any insider information” about the issue. We’ve reached out to Mozilla to request more information.

Headline image via Shutterstock

Read next: China is reportedly probing two Apple suppliers over pollution allegations