The Onion Router under fire

Anonymity tool The Onion Router (TOR) has had a pretty rough few months, following confirmation that the FBI used an security flaw in the Tor Browser Bundle to install malware on its users' computers.

Despite offering our own privacy platform we’re big supporters of TOR and think it’s generally a secure platform to use (you can take a look at some of our guides on TOR right here). But this week’s confirmation that the FBI hacked TOR servers as part of an investigation into child pornography is a good reminder that the platform does have its vulnerabilities.

The target of the FBI’s investigation was Irish-US citizen Eric Marques. The FBI described Marques as the “largest faciliator of child porn on the planet.” According to the FBI, Marques operated Freedom Hosting, which hosted more than 100 child porn sites, which in turn supported thousands of members who had collectively posted millions of images. Freedom Hosting offered “.onion” domains that could only be reached via the Tor network.

In July the FBI seized control of Freedom Hosting and modified its sites to serve malware that targeted users of the Tor Browser Bundle (a version of Firefox customised for TOR use). The malware appeared to transmit the unique MAC address of infected PCs, allowing the FBI to identify users' IP addresses.

TOR popular with bot nets

The TOR Browser Bundle has since been fixed to protect users from the security flaw the FBI exploited. But TOR has faced more bad press with a report from the University of Luxembourg, which analysed TOR’s traffic types. The researchers used another exploit in TOR, which allowed the researchers to collect data on TOR users and see kind of content they were accessing via the network. The researchers say they achieved this “with only a moderate amount of resources.”

The security flaw was fixed a few months ago, but the results of the research were not good publicity for TOR, which mainly promotes itself as a tool for online freedom activists and people living under censorious regimes. The researchers found the top five most popular TOR addresses belonged to botnet command and control servers. The researchers also found that in total there was balance between the number of hidden services with illegal content/activites and those devoted to human rights and freedom of speech. It’s also worth noting that the research was only counting hidden TOR services. Many TOR users will obviously be using the platform to access regular, non-hidden, websites.

Stay vigilant

Hopefully TOR hasn’t been too damaged by these revelations and can continue to gain the trust of its users by rapidly fixing flaws and addressing concerns. But it’s worth remembering that pretty much every privacy tool will have its vulnerabilities. If you want to achieve a great level of protection you should probably look into combining platforms like TOR with a VPN.

Featured posts

Related posts

Privacy & Security

IVPN TunnelCrack vulnerability assessment

Posted on September 7, 2023 by IVPN Staff

Context TunnelCrack is the combination of two independent security vulnerabilities (LocalNet attack and ServerIP attack) that affect VPN applications. The research paper detailing these vulnerabilities was published and presented on 11 August 2023. IVPN apps were not tested by the researchers, and unlike other providers, we did not receive a vulnerability disclosure.

Privacy & Security

Most people don't need a commercial VPN to work from home securely

Posted on April 7, 2020 by Nick Pestell

Many small businesses and their employees are concerned about the security of their data whilst working from home during the coronavirus pandemic. We see a lot of confusion surrounding this topic, even from fairly technical folk and there is unfortunately a lot of misinformation being spread by commercial VPN providers themselves.