TorBrowser Wasn’t Hacked: “Copernican” Discovery or Publicity Stunt?

Valentina

8 years ago

“Tor has been hacked“, “Italian hackers discover flaw in the system that makes people anonymous on the web“, “Italian hackers ‘pierce’ anonymity on Tor, the software for secretly browsing the web“. These are just some of the headlines that have bounced around in various newspapers that Tor, an acronym for The Onion Routher, has been hacked suggesting that TorBrowser is not secure.

Much ado about nothing. It seems, in fact, that the term “violate” is not entirely appropriate. But before we delve into it, we need to understand what Tor is. These are an anonymous communication system for the Internet based on the second generation of the onion routing network protocol. Through the use of this system, it is much more difficult to track the user’s Internet activity without being monitored.

Let’s get to the point. In reality, no system has been hacked, but a vulnerability has been identified. Oh no, it wasn’t Russian hackers but the very Italian Filippo Cavallarin, 35 years old, CEO of We are Segment, a small company in Mestre specializing in computer security. Cavallarin and his staff would have found a bug in the encrypted circuit, browsing through the MacOs and Linux operating systems, which they renamed “TorMoil“, which allows them to trace the identity of the network nodes that use it.

A “discovery” kissed by luck since, after the first press release, the news began to make the rounds on the web bringing notoriety, but also, “headaches” to the small Venetian company. Many online newspapers, in fact, headlined: “Tor hacked”, “TorMoil, new and dangerous vulnerability in TorBrowser“. So, the staff of We are Segment ran for cover by modifying the press release. “It’s very easy for someone who isn’t a technician in the field to confuse a component of a whole with the whole itself.” Filippo Cavallarin explains in an interview with the AGI news agency.

“If I were to break through, as they say in jargon, Internet Explorer, many would understand that I broke through the entire Internet,” he continues, “but in reality I would only have pierced a browser, not the entire Net. It’s a fairly common misunderstanding, so we’ve amended our press release to not allow for a misinterpretation of the facts and to make it clearer what happened.”

The “ethical hackers,” as they call themselves, could have sold the algorithm but didn’t. “Filippo Cavallarin,” Repubblica.it writes , ” She will be able to tell her children that she has saved from jail, or perhaps worse, thousands of journalists and activists working in countries that trample on human rights, including the right to get information and communicate via the Internet. And never mind if, with his self-denunciation, the Venetian programmer who violated the anonymity of Tor guaranteed that thousands of money launderers, drug dealers, child pornographers and so on would also remain anonymous.”

In short, heroes who have sacrificed their personal gain immediately notify the Seattle company. “In two hours they replied to me – Cavallarin told Repubblica.it – they were very worried and immediately started working to solve the bug”.

“The problem has not yet been fixed,” he concludes, “but for now TorBrowser 7.09 has been secured.” All’s well that ends well.

Some information needs more technical in-depth analysis.

Sign up to stay up to date on the latest news verified by our team.

By subscribing to the newsletter, you consent to the processing of personal data pursuant to law no. 196/2003. For more information, click here https://temp_new.vmenginelab.com/privacy-policy/

Registration successful!