Darknet Child Porn Sites Redirecting Users with JavaScript Enabled


Darknet and deepweb child pornography sites catch much of the darknet-related media coverage. And this is for good reason; law enforcement agencies worldwide made child pornography busts a priority in fighting darknet crime. Aside from that of the Silk Road, no other type of hidden service site garnered as much media attention as the FBI’s Operation Pacifier continually collected. Operation Pacifier suspects, even now—years after the child pornography site “Playpen” faced infiltration by the FBI—stand trial. Additionally, the FBI sent information on suspects to countries across the globe, resulting in a growing number of large-scale busts.

Joseph Cox, a contributor at Motherboard explained that one darknet child pornography site “recently started redirecting visitors to a page with added security advice if their browser had JavaScript enabled.” To Tor users, and Internet users in general, JavaScript has proven to be a nightmare when it comes to privacy. Many the latest user-identifying bugs found in Firefox—Tor’s big brother—relied on operator error or JavaScript-dependent malware. This is, in fact, the way the FBI managed to identify at least 214 Playpen members.

The latest publicly-known bug existed in both Tor and Firefox. And by the bug, I mean vulnerability by which a threat actor pulled IP addresses from within Tor (Firefox) using a shellcode that strikingly resembled the shellcode used by the FBI during the PlayPen case. “When I first noticed the old shellcode was so similar, I had to double-check the dates to make sure I wasn’t looking at a 3-year-old post,” a security researcher tweeted.

The JavaScript issue as reported on the Tor mailing list:

“This is a Javascript exploit actively used against TorBrowser NOW. It consists of one HTML and one CSS file, both pasted below and also de-obscured. The exact functionality is unknown but it’s getting access to “VirtualAlloc” in “kernel32.dll” and goes from there. Please fix ASAP. I had to break the “the code” line in two in order to post, remove ‘ + ‘ in the middle to restore it.”

Ars Technica reported:

“The attack executed code when targets loaded malicious JavaScript and code based on scalable animation vector graphics. The exploit used the capability to send the target’s IP and MAC address to an attacker-controlled server. The code, in general, resembles the types of so-called network investigative techniques used by law-enforcement agencies and specifically one that the FBI used in 2013 to identify Tor-protected users who were trading child pornography.”

Motherboard’s Joseph Cox wrote an article titled “A Dark Web Child Porn Site Is Forcing Its Visitors to Learn Security Tips.” While true, the concept and very feature of any given website requiring the disabling of JavaScript is not a new one. “At [child pornography site] we have always had a big JavaScript warning if you have it enabled If [child pornography site] ever stops warning about JavaScript, redirecting or blocking non-official outdated browsers, then you will know something is wrong.”

No longer is the above child pornography site following the route of many hidden services by simply disallowing JavaScript; the site now redirects users to a page on the Tails website on securely using Tor.

You want the latest news about Crypto? Sign up to our weekly Newsletter!


< <上一篇