Ways how Tor network was hacked by government services like FBI
In this article im pasting information i found. Everything that is said here can be misleading and is unverified, because im a newbie in these things, if you have anything to correct, please comment.
Police probably found hole/vulnerability on the server which was hosting Tor hidden service.
Thanks to this hole they gained admin access probably and thanks to Firefox exploit (was already patched in newest version) they was able to reveal identity (wifi details, mac addresses, IPs) of all visitors (those with outdated Firefox) of the sites hosted on the hidden server and was probably able to discover real server IP.
https://www.wired.com/2013/09/freedom-hosting-fbi/ <-- Freedom Hosting (hidden service)
http://i.usatoday.net/_common/_notches/076bc42d-7260-4aee-ad3f-0a23e7fdbf35-05_b.png <-- Silk Road v1
What to learn as a hidden service owner?
- Setup up automatic security updates of the webserver
- Setup up firewall the way it route traffic only via Tor (no leak)
- Do maximum work to prevent anyone gaining root privileges/access
Tor users are not anonymous if they access HTTP only websites. They are quite safe only if they access HTTPS site or hidden .onion service. Tor exit nodes (last server in the chain that decrypt data from/to Tor user / destination webserver) can be operated by anyone, sometimes by hackers and sometimes claimed to be operated by FBI or such parties who have interest in watching other people data.
What to learn as a Tor user?
- When accessed website is HTTP only, then your passwords, logins, all data can be seen by the Tor Exit node owner
- When accessed website is HTTPS equiped, then exit node owner can see which URLs you visit but canot see data transmitted
- When accessed website is an .onion site you are anonymous
- Remember Tor will not provide anonymity unless you browse only .onion sites (which can be hacked, so judge which data you provide)