Following up on its takedown of a Tor-based child pornography host, a group within the Anonymous “hacktivist” group has published the Internet addresses of 190 alleged pedophiles. To do so, they allegedly collaborated with members of the Mozilla Foundation to create a modified Tor browser plugin which collected forensic data about the users. Members of the group also claim that a member of Tor’s developer team is the operator of the hosting service that serves up several child pornography sites.
The Tor privacy network uses a set of special protocols that can be used to allow anonymous browsing of the Internet and access to hidden “.onion” sites—a “darknet” of webpages, collaborative spaces and other Internet resources hidden from the view of the wider Internet. The Tor network conceals the location of these services, though attacks within the network can “fingerprint” them to gain information about them and use other methods to get a general idea of their location.
A recent security update to Tor corrected some vulnerabilities that made it possible to identify users by the security certificate they used to connect to sites. Anonymous claims to have used the update as the basis for a social engineering attack on pedophiles that it used to install an altered version of the Tor software so that it could collect forensic information on their use of the “Hard Candy” page of Hidden Wiki, a .onion site with links to child pornography, and of the “Lolita City” child pornography site on a Tor-based Web hosting service called Freedom Hosting. The OpDarkNet team of Anonymous has been conducting an ongoing denial of service attack on these sites.
“One week prior to October 27th, 2011,” the OpDarkNet wrote in a statement, “We <…> performed ‘Operations Security’ against the developers of Tor. We quietly listened on irc.oftc.net channels #tor and #tor-dev to find when the next major release of Tor would be.”
http://arstechnica.com/business/news/2011/11/anonymous-collects-publishes-ip-addresses-of-alleged-pedophiles.ars