NSA Might Be Behind Tor Malware Attack as per Experts

Malware lodged on the web-servers of Freedom Hosting -- the renowned "hidden service" web hoster on the 'Tor' anonymized network shut down during the first week of August 2013- might have de-anonymized visitors to the websites on that server. This could send information regarding identity of visitors to an IP address which was coded into a malware script and injected into browsers. Apparently, the IP addresses under discussion belong to the NSA or National Security Agency, note security researchers, reported arstechnica.com on August 5, 2013.

This has been revealed by Baneki Privacy labs, group of Internet security researchers and VPN (Virtual Private Network) provider Cryptocloud by collaborating anaylsis.

As per the analysis, an IP address which was found in the JavaScript exploit used in the Firefox 17 attack has been traced back to SAIC (Science Applications International Corporation) which is a defense contractor.

The experts believe that IP address in question is a part of a block of IP addresses allocated by SAIC to NSA.

It has been concluded from the data of research service known as Domain Tools and Robotex which is a Swiss army knife Internet tool.

Techweekeurope.co.uk published news on 6th August, 2013 quoting a statement of Cryptocloud team as "SAIC is deep in the core of the cyber-military complex and certainly not the FBI".

However, others are questioning the accuracy of these reports as Conrad Longmore, Security Blogger of Dynamoo's Blog says that Domain Tool is misinterpreting the data. Softpedia.com published a report on 6th August 2013 stating that Longmore also believes that Robotex data is not conclusive.

Longmore noted "You may be surprised to know that law enforcement officers and intelligence agencies are not idiots when it comes to guarding their IP addresses and they do not (for example) sign into Silk Road, an online illegal drug market with their @fbi.gov email addresses or push around the underweb from a NSA IP address range".

While it is still not clear how much information the malware managed to send home or whether this information is completely correct but the danger of being identified is sure to make some Tor users nervous and hence they are advised to install the latest security tools.

» SPAMfighter News - 8/14/2013