Tor exploit targeted visitors to a Dark Web child porn site
Word has been circulating of a security exploit being used to compromise Tor Browser users, and we now know who some of the targets are. Motherboard has learned that the JavaScript-based attack was used to target visitors to The GiftBox Exchange, a Dark Web child pornography site. The discovery not only raised alarm bells on the shadier side of the Dark Web (one wiki warned that it was a “NIT,” or a network investigative technique used by law enforcement), but led GiftBox to abruptly shut down on November 15th out of fear of police action. You won’t find many people shedding a tear over the closure, of course. However, it raises a question: just who’s using it?
There are signs that it might be law enforcement. Analysis of the code suggests that some of the exploit code is “almost” exactly like what the FBI used in a 2013 bust that exposed child pornography users. Whether or not the FBI is wielding a hacking tool again isn’t certain, though. While that makes sense, it could be the work of another law enforcement agency (including one beyond the US) or a private outfit.
The Tor Project team has patched the flaw, so it won’t be usable again. However, the code for the attack was public for many hours before a fix arrived. There’s a possibility that someone else used the vulnerability in that time frame, and they might not have had a noble goal like catching sex offenders. Intruders could have used the exploit to unmask political dissidents or otherwise cause chaos for innocent Dark Web users. One thing’s for sure: if law enforcement did launch the GiftBox attack, it’s having little trouble keeping up with Tor’s developers.
(56)
