Tor Browser Vulnerability: When Tor Isn’t for Sure
When Tor isn’t for Sure: Authorities are shining a light on the dark web and arresting those hiding in the shadows
In many people’s minds, the dark web conjures images of dangerous cybercriminals traversing an inaccessible, subterranean network of servers and connecting with each other via anonymous markets with names like Silk Road and AlphaBay. Indeed, the dark web’s negative connotation is well-earned; however, federal authorities recently demonstrated that the dark web is not as subterranean or anonymous as many assume.
This month, Eric Eoin Marques plead guilty to crimes related to his online hosting service, Freedom Hosting. He faces up to 30 years in prison for hosting several illicit sites such as drug markets, money laundering networks, and child pornography sites. In fact, the FBI considered Mr. Marques to be the largest facilitator of child pornography in the world.
So how did federal authorities identify that it was Mr. Marques running the presumably anonymous hosting site? By allegedly exploiting a vulnerability in the browser that Mr. Marques used to access the dark web—the Tor browser.
The Tor browser (short for “The Onion Router”) is a modified version of Mozilla’s Firefox browser. It encrypts and routes users’ internet traffic through a series of global relays—the Tor network—to obfuscate users’ original location. The Tor Project—the non-profit responsible for maintaining the software and global network—touts the browser as secure and anonymous.
The Tor browser can be used to access sites on the clear web, just like a typical browser, but it must be used to access Tor Hidden Service sites—the dark part of the dark web. These sites (also known as “onion sites” for their “.onion” top-level domain suffix) are encrypted and only accessible via the Tor network.
A large majority of Tor users depend on the browser to circumvent internet censorship or gain an additional layer of privacy. While not all dark web activity is illicit, the Tor network, due to providers like Freedom Hosting, is home to dark web markets, criminal syndicates, terrorist organizations, and human trafficking operations.
So, what happened to Mr. Marques? The FBI and other law enforcement agencies, both international and domestic, had their eyes on Freedom Hosting since its creation in 2008. In 2013, authorities allegedly used malware to exploit a vulnerability in Tor’s Firefox source code to gain control of Freedom Hosting and reveal the true IP addresses of thousands of computers, including that of Mr. Marques. However, the exact way law enforcement broke through Tor’s privacy and security protocols has not been released.
In theory, the Tor browser grants users increased privacy and anonymity. But Mr. Marques’ case is not unique. There have been several vulnerabilities in Tor that have revealed users’ true location or technical details.
The Tor browser is not impenetrable, nor is it as secure as many presume. It does provide access to hidden service sites, thereby making it a conduit to the dark web. However, Tor alone is not a sufficient managed attribution solution. Entities with enough expertise, resources, and motivation can surface bad actors from the dark web and shine a light on those hiding in the shadows.