Tor conceals the geographic location and identity of users by bouncing connections through multiple servers around the world. Thus, a political dissident could use Tor to protect himself although -- yes -- someone could use Tor for illicit activity, too.
The hacker or hackers exploited a Firefox vulnerability and managed to identify users on websites hosted by the anonymous hosting company Freedom Hosting. An FBI operation is suspected because, after reverse engineering it, it was discovered that the malware only sends identifying information back to an IP address location in Reston, Va.
Normal malware would generally do far more than that, such as attempting to steal usernames and passwords to monetize the hack. Based on that, Vlad Tsyrklevich said:
It’s pretty clear that it’s FBI or it’s some other law enforcement agency that’s U.S.-based.Additional evidence comes from the arrest of Eric Eoin Marques in Ireland on Thursday on an U.S. extradition request. Marques is wanted for distributing child pornography in a federal case filed in Maryland, and Freedom Hosting has long been notorious for allowing child porn to be hosted on its servers.
The Irish Independent reported that Marques is wanted for distributing child pornography in a federal case filed in Maryland; an FBI special agent was quoted as describing Marques as “the largest facilitator of child porn on the planet.”
While that sort of arrest probably sits well with most, following the recent revelations about NSA activity such as PRISM and XKeyscore, it probably shows up as a red flag for many others.
Reportedly, the bug is fixed in the latest versions of Firefox, but exists in many versions, including Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle, which is the most common way for users to log into the Tor anonymity network.