TOR browser 0-day may have been exploited by FBI

News broke DEFCON that a 0-day vulnerability in javascript may have been exploited by the FBI to crack down on illegal activities in The Onion Router (TOR) network.  The 0-day affects the Firefox browser included in the TOR downloadable package and may have compromised half of TOR hosts to include TORmail.

Indicators of compromise:  exploit payload connects to 65<.>222<.>202<.>54:80 with an HTTP request including the TOR user’s host name and MAC address then deliberately crashes.  Exploit source and some analysis can be found on Pastebin at:

The FBI is implicated in this because of the recent take down of FreedomWeb and the arrest of the owner, Eric Eoin Marques over child pornography charges happened at the same time several hidden service servers went off line.

The majority of the users of TOR support the FBI wanting to take down the trash that child porn represents.  The forced loss of anonymity has many upset though.

A write up on what has happen on the official TOR web site has both good information and good discussion on this issue.  If you are a TOR user I strongly recommend you read the user posts.  The link to that article is:

There is speculation this may lead to a devaluation of Bitcoin.  It is assessed by Protocol 46 that there will only be a short term Bitcoin price drop and as workarounds or a patch is released for this exploit confidence in TOR will return and the value of Bitcoin will again increase.  There is a good chance that the devaluation of Bitcoin will be directly proportional to the percentage of illegal or illicit trading that occurs on TOR.

Post by Protocol 46