An analysis done by Baneki Privacy Labs, a group of internet security researchers Cryptocloud has uncovered a JavaScript exploit that targets Firefox Long-Term Support version 17 which was included in the Tor Project browser bundle until June. But the Tor Project Firefox configuration doesn’t include automatic updates, so Tor users would not be protected unless they manually upgrade their Firefox browser.
The address that the exploit pointed to was defense contractor SAIC, which provides information technology to the US Department of Defense. Further analysis found that the address was part of a block of addresses allocated by SAIC to the National Security Agency.
The hack was apparently designed to enable tracking of child abuse hosts, but opened access to all Tor account users. According to Wired.com, Freedom Hosting "has long been notorious for allowing child porn to live on its servers." In 2011, the hactivist collective Anonymous instituted denial of service attacks against Freedom Hosting after allegedly finding that it hosted 95 percent of the child porn hidden services on the Tor network. Freedom Hosting is a provider of Tor hidden service sites ending with .onion, which can be accessed only over the Tor network and hide the actual location of the sites.
Tor was recently recommended as a privacy resource by Unknowncountry.com. That recommendation has now been withdrawn. Intelligence and policing organizations routinely target virtual private networks of all kinds, and it must be assumed that any VPN is an object of interest by governments worldwide at all times. However, VPNs will normally protect users from exposure to commercial ‘big data’ acquirers and such things as corporate spying and criminal abuse of user information.
Subscribers, to watch the subscriber version of the video, first log in then click on Dreamland Subscriber-Only Video Podcast link.