Browse > Home /

Potential Tor Browser Vulnerability Reported

December 19, 2016

Over at Hacker Noon, blogger “movrcx” reveals a potential vulnerability chain that he says threatens the entire Tor Browser ecosystem in, “Tor Browser Exposed: Anti-Privacy Implantation at Mass Scale.” Movrcx says the potential avenue for a massive hack has existed for some time, but taking advantage of these vulnerabilities would require around $100,000. This could explain why movrcx’s predicted attack seems not to have taken place. Yet. The write-up summarizes the technique:

Anti-Privacy Implantation at Mass Scale: At a high-level the attack path can be described by the following:

*Attacker gains custody of an addons.mozilla.org TLS certificate (wildcard preferred)

*Attacker begins deployment of malicious exit nodes

*Attacker intercepts the NoScript extension update traffic for addons.mozilla.org

*Attacker returns a malicious update metadata file for NoScript to the requesting Tor Browser

*The malicious extension payload is downloaded and then silently installed without user interaction

*At this point remote code execution is gained

*The attacker may use an additional stage to further implant additional software on the machine or to cover any signs of exploitation

This attack can be demonstrated by using Burp Suite and a custom compiled version of the Tor Browser which includes a hardcoded root certificate authority for transparent man-in-the-middle attacks.

See the article for movrcx’s evidence, reasoning, and technical details. He emphasizes that he is revealing this information in the hope that measures will be taken to nullify the potential attack chain. Preferably before some state or criminal group decides to invest in leveraging it.

Cynthia Murrell, December 19, 2016

Written by Stephen E. Arnold · Filed Under Analytics, Corporate Concerns, News, Security, Technology | Comments Off on Potential Tor Browser Vulnerability Reported 

Victims of Their Own Foolishness

December 15, 2016

Incidences of law enforcement agencies arresting criminals for selling their services on Dark Web are increasing. However, their success can be attributed to the foolishness of the criminals, rather than technological superiority.

Cyber In Sight in a news report titled IcyEagle: A Look at the Arrest of an Alleged Dark Web Vendor, the reporter says:

the exact picture of how law enforcement has managed to track down and identify Glende remains unclear, the details released so far, provide an interesting behind the scenes view of the cybercrime-related postings we often highlight on this blog.

The suspect in this case inadvertently gave details of his service offerings on AlphaBay. Cops were able to zero on his location and managed to put him under arrest for drug peddling. The report reveals further:

An undercover officer purchased stolen bank account information from IcyEagle in March and April 2016, according to the indictment. Interestingly, Glende was also arrested by local police for selling drugs around the same time. A tip from U.S. Postal Inspectors led to police officers finding a “trove” of drugs at his Minnesota home in March.

It is thus apparent that the criminals, in general, are of the opinion that since they are selling on Dark Web, they are untraceable, which clearly is not the case. The trace, however, was possible only because the suspect handed it over himself. Hackers and real cyber criminals are still out of the ambit of law enforcement agencies, which needs to change soon.

Vishal Ingole, December  15, 2016

Written by Stephen E. Arnold · Filed Under Dark Web, Legal matters, News, Privacy, Security | Comments Off on Victims of Their Own Foolishness 

The Web, the Deep Web, and the Dark Web

July 18, 2016

If it was not a challenge enough trying to understand how the Internet works and avoiding identity theft, try carving through the various layers of the Internet such as the Deep Web and the Dark Web.  It gets confusing, but “Big Data And The Deep, Dark Web” from Data Informed clears up some of the clouds that darken Internet browsing.

The differences between the three are not that difficult to understand once they are spelled out.  The Web is the part of the Internet that we use daily to check our email, read the news, check social media sites, etc.  The Deep Web is an Internet sector not readily picked up by search engines.  These include password protected sites, very specific information like booking a flight with particular airline on a certain date, and the TOR servers that allow users to browse anonymously.  The Dark Web are Web pages that are not indexed by search engines and sell illegal goods and services.

“We do not know everything about the Dark Web, much less the extent of its reach.

“What we do know is that the deep web has between 400 and 550 times more public information than the surface web. More than 200,000 deep web sites currently exist. Together, the 60 largest deep web sites contain around 750 terabytes of data, surpassing the size of the entire surface web by 40 times. Compared with the few billion individual documents on the surface web, 550 billion individual documents can be found on the deep web. A total of 95 percent of the deep web is publically accessible, meaning no fees or subscriptions.”

The biggest seller on the Dark Web is child pornography.  Most of the transactions take place using BitCoin with an estimated $56,000 in daily sales.  Criminals are not the only ones who use the Dark Web, whistle-blowers, journalists, and security organizations use it as well.  Big data has not even scratched the surface related to mining, but those interested can find information and do their own mining with a little digging

 

Whitney Grace,  July 18 , 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

There is a Louisville, Kentucky Hidden Web/Dark
Web meet up on July 26, 2016.
Information is at this link: http://bit.ly/29tVKpx.

Written by Stephen E. Arnold · Filed Under Big data, Dark Web, News, Security | Comments Off on The Web, the Deep Web, and the Dark Web 

Battlefield Moves Online Forming Cyber Industrial Complex

April 13, 2016

Undoubtedly, in recent decades many processes and products have moved online. Warfare may not be exempt from this migration. Meet The Cyber-Industrial Complex: Private Contractors May Get $7B Windfall From Pentagon’s Cyberwar On ISIS, an article from International Business Times, tells us more. Defense Secretary Ashton Carter recently confirmed U.S. development of digital weapons and training of online soldiers. According to the article,

“Cyberwar threatens to cause havoc worldwide, but it could be good for the U.S. economy and a handful of publicly listed companies. Defense Secretary Ashton Carter, as part of a $582.7 billion budget request to fund his department through 2017, recently said nearly $7 billion of that will be allocated toward improving the military’s ability to develop and deploy offensive cyberweapons. That’s great news for a number of private contractors, who stand to benefit from the spending., and the highly skilled individuals they may end up hiring.”

The article explains these capabilities have been utilized by the U.S. in the past, such as the Kosovo war, but now the U.S. is claiming these tools and tactics. It is an interesting leap to visualize what attacks will evolve to look like on an online battlefield. Equally interesting is the article’s point about conflict being a business opportunity for some; it may also be true to say more problems, more money.

 

Megan Feil, April 13, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Data, Government, News, Security, Technology | Comments Off on Battlefield Moves Online Forming Cyber Industrial Complex 

  • Archives

  • Recent Posts

  • Meta