Home » Featured » Darknet Child Porn Sites Redirecting Users with JavaScript Enabled
Click Here To Hide Tor

Darknet Child Porn Sites Redirecting Users with JavaScript Enabled

Darknet and deepweb child pornography sites catch much of the darknet-related media coverage. And this is for good reason; law enforcement agencies worldwide made child pornography busts a priority in fighting darknet crime. Aside from that of the Silk Road, no other type of hidden service site garnered as much media attention as the FBI’s Operation Pacifier continually collected. Operation Pacifier suspects, even now—years after the child pornography site “Playpen” faced infiltration by the FBI—stand trial. Additionally, the FBI sent information on suspects to countries across the globe, resulting in a growing number of large-scale busts.

Joseph Cox, a contributor at Motherboard explained that one darknet child pornography site “recently started redirecting visitors to a page with added security advice if their browser had JavaScript enabled.” To Tor users, and Internet users in general, JavaScript has proven to be a nightmare when it comes to privacy. Many the latest user-identifying bugs found in Firefox—Tor’s big brother—relied on operator error or JavaScript-dependent malware. This is, in fact, the way the FBI managed to identify at least 214 Playpen members.

The latest publicly-known bug existed in both Tor and Firefox. And by the bug, I mean vulnerability by which a threat actor pulled IP addresses from within Tor (Firefox) using a shellcode that strikingly resembled the shellcode used by the FBI during the PlayPen case. “When I first noticed the old shellcode was so similar, I had to double-check the dates to make sure I wasn’t looking at a 3-year-old post,” a security researcher tweeted.

The JavaScript issue as reported on the Tor mailing list:

“This is a Javascript exploit actively used against TorBrowser NOW. It consists of one HTML and one CSS file, both pasted below and also de-obscured. The exact functionality is unknown but it’s getting access to “VirtualAlloc” in “kernel32.dll” and goes from there. Please fix ASAP. I had to break the “the code” line in two in order to post, remove ‘ + ‘ in the middle to restore it.”

Ars Technica reported:

“The attack executed code when targets loaded malicious JavaScript and code based on scalable animation vector graphics. The exploit used the capability to send the target’s IP and MAC address to an attacker-controlled server. The code, in general, resembles the types of so-called network investigative techniques used by law-enforcement agencies and specifically one that the FBI used in 2013 to identify Tor-protected users who were trading child pornography.”

Motherboard’s Joseph Cox wrote an article titled “A Dark Web Child Porn Site Is Forcing Its Visitors to Learn Security Tips.” While true, the concept and very feature of any given website requiring the disabling of JavaScript is not a new one. “At [child pornography site] we have always had a big JavaScript warning if you have it enabled If [child pornography site] ever stops warning about JavaScript, redirecting or blocking non-official & outdated browsers, then you will know something is wrong.”

No longer is the above child pornography site following the route of many hidden services by simply disallowing JavaScript; the site now redirects users to a page on the Tails website on securely using Tor.

4 comments

  1. If you are concerned about privacy, then use the Highest security settings within the Tor browser but also select the NoScript icon -> Options -> Embeddings. Check everything!! Tor Bridges and anonymous public Wi-Fi are an absolute must as is backend encryption using VeraCrypt within a Tails persistent storage container. A hardware encrypted USB drive that contains your Tails install could not hurt, either; buy anonymously, paying in cash!!

  2. NOScript browser plugin won’t work against the FBI. Firefox and other browsers used to provide the option of disabling Javascripts without using a browser add-on.

  3. What do you mean by “NOScript browser plugin won’t work against the FBI”.If the javascript is disabled no code could be execute.But “about:config java_enabled = false” technique is a good alternative.Use both.

    Avoid windows and mac.Prefer an open source OS.Some distribution of linux are build to protect anonymity.Look at cube os or whonix.

    And the last but not the least avoid this kind of site, i mean pedo website.

  4. To heck with kiddy porn and the Fbi. Java lets every nasty irritating script that is trying to dump junk/popups/new windows with adds and every other kind of garbage that you have ever seen, I was browsing on a web site and hit the wrong button and 35 popups ERUPTED!! And each one opened up more. finally had to shut down and restart to break the chain. NEVER RUN JAVA OR FLASH!!.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *