Windows DRM-Protected Files Used To Decloak Tor Browser Users (bleepingcomputer.com) 21
An anonymous reader writes from a report via BleepingComputer: Downloading and trying to open Windows DRM-protected multimedia files can deanonymize Tor Browser users and reveal their real IP addresses, security researchers from Hacker House have warned. On Windows, multimedia files encoded with special Microsoft SDK will automatically open an IE window and access a URL to check the file's license. Since this request is sent outside of the Tor Browser and without user interaction, this can be used to ping law enforcement servers and detect the user's real IP address and other details. For example, law enforcement could host properly signed DRM-protected files on sites pretending to host child pornography. When a user would try to view the file, the DRM multimedia file would use Internet Explorer to ping a server belonging to the law enforcement agency. The same tactic can also be used to target ISIS militants trying to view propaganda videos, illegal drug and weapons buyers trying to view video product demos, political dissidents viewing news videos, and more. A video of the attack is available here.
Umm... just WMVs? (Score:2)
Any DRM that phones home will do that (Score:3)
Of course that means the FBI has be able to host the files on the server, and has to have sufficient control to deliver a uniquely keyed file to the users they wish to target. Sort of implies you have hit a honeypot if they get you with that.
Quick Workaround (Score:4, Interesting)
1. Determine which TOR-nodes you're talking to. (Netstat or Ethereal)
/32s the TOR-nodes are on through the ISP router
2. Remove default route through your ISPs router
3. Add specific routes to the
Traffic routed through TOR will work fine.
Traffic going outside of TOR will fail except for the local network (your home or office LAN).
E
Quicker workaround (Score:2)
stop using IE (physically break it)
.asf .wma .wmv files. seriously these formats should be erased from existence!!!
stop using windows
stop using
deny all media players access to the web. seriously no video or music HAS to have access to the internet unless it has drm shit. and you should NEVEr buy drmed music or videos. if you want lyrics, open your browser.
If all else fails you could try obeying the law.
So watch netflix on your Android TV, whilst doing other stuff on your computer. I do this all of the time, well, not netflix, but streamed youtube et al, whilst gaming, shopping etc. and no, I do not want corporations spying on me, I do not want them to install software without my specific permission, nor do I want them to delete content without my permission. You can see it coming, the only copy of a wedding video, fresh from the camera, stored on windows and because ohh ahh copyrighted music for which the
They aren't using it to watch entertainment videos. They are going to underground web sites (child porn, drugs, weapons etc) and being tricked into viewing a video put there by law enforcement that is designed to phone home in this way.
It's always the pedos (Score:1)
So tired of these stories making reference to pedos. Sure they exist, but every time the govt is caught spying, the media trots out the pedophiles to justify it. Not everyone who views "questionable" content is a crook. I've read plenty of articles, and watched plenty of videos, on how to make bombs and explosives, yet have never actually made one. Nor do I ever plan to do so. Forbidden knowledge and all that.....
It's right there in the FAQ:Don't torrent over Tor (Score:2)
"Don't torrent over Tor
Torrent file-sharing applications have been observed to ignore proxy settings and make direct connections even when they are told to use Tor. Even if your torrent application connects only through Tor, you will often send out your real IP address in the tracker GET request, because that's how torrents work. Not only do you deanonymize your torrent traffic an
WMP Settings (Score:2)
The Windows media player - at least through Windows 7 - had an option to "download usage rights automatically when I play or sync a file". I wonder if this "attack" still takes place if this feature is not enabled.
Missed something important (Score:2)
For example, law enforcement could host properly signed DRM-protected files on sites pretending to host child pornography.
Apparently it's no longer even worth noting that representatives of the US government will run a child porn site offering downloads!
Again.
Yes, "pretending". So a honeypot without honey. That'll get real far now won't it?
Ask OS makers next? (Score:2)
Give the checksums to all the big US OS brands to add to their new OS AV efforts.
Recored every IP that responds to a checksum as part of anti virus spread tracking if the user "allowed" such self reporting to the OS.
Use the advanced and near instant indexing on most modern OS to report the file when it is opened and have the users OS report that file on the OS brand?