Tuesday, 16 December 2014

FBI used Metasploit to identify Tor users

The FBI has used a component of the popular Metasploit hacking tool to identify Tor users. Metasploit is a tool that penetration testers and security experts test the safety of systems and networks. It is now being developed and managed by security company Rapid7.

Wired reports that the FBI in 2012 set in part of Metasploit to successfully identify different Tor users through Adobe Flash Player. The US investigation department made ​​use of an abandoned Metasploit project called " Decloaking Engine ". It was one in 2006 developed experimental concept where multiple tricks were used to identify users of a service such as Tor anonymity via a specially crafted Web site. In case the Tor user had his installation secure he could not be identified through the website. However, if users made ​​a mistake their real IP address is visible.

Flash Player

One of the tricks was the use of a Flash application. Adobe Flash Player can set up a direct connection to the Internet and thus leak the IP address of the user. A known problem and the Tor Project advises users therefore not to install Flash Player. Finally appeared in 2011, a version of the Tor Browser, the software to access the Tor network, allowing users were better protected and the test site that was set up for the Decloacking Engine almost no users identified more.

However, the FBI used Decloaking Engine as a basis for an operation against child pornography sites on the Tor network. The investigation department had access to several of these sites and then let them run Flash programs in visitors' browsers in order to determine their true IP address. A total of 25 users in the United States were identified and an unknown number elsewhere. According to Wired is to use the first time the FBI spyware-like software to all visitors of a website started in place against certain individuals.


However, it is unknown whether the FBI standard Decloaking Engine has used or a customized version. HD Moore, the original developer of Metasploit and Decloaking Engine, argues that his release could barely identify Tor users. Only suspects with very old Tor version or who had gone to great lengths to install Flash Player would have been at risk.

In this way, the FBI would only have to suspects with the worst operational security-oriented instead of the worst offenders. A few months later, the FBI provided the weather on Tor users. Then there was an exploit for a known Firefox vulnerability used to determine the IP address and MAC address of Tor users. Again it came to users with poor operational security, as it attacked Firefox leak was already in the latest version of Tor Browser solved .

No comments:

Post a Comment