Windows DRM: Now An (Unwitting) Ally In Efforts To Expose Anonymous Tor Users

from the press-'play'-to-decloak dept

In case you were wondering what other misery DRM could contribute to, Hacker House security researchers have an answer for you:

HackerHouse have been investigating social engineering attacks performed with Digital Rights Management (DRM) protected media content. Attackers have been performing these attacks in the wild to spread fake codec installers since Microsoft introduced DRM to it’s proprietary media formats.

Improperly-licensed media files will produce a pop-up, asking the user if they want to visit the originating site to obtain the rights to play the file. This popup also warns users that this is great way to pick up malware if they’re not careful. In these cases, computer users will likely be deterred from following through on the risky click.

But that only happens if it’s not licensed properly. If it is — an expensive process that runs about $10,000 — then no warning appears, leaving users open to attack by malicious fake codec installers. What would be the point of these fake installers? One possible use for the exploitation of Windows DRM is the exposure of Tor users’ information.

As these “signed WMV” files do not present any alert to a user before opening them they can be used quite effectively to decloak users of the popular privacy tool TorBrowser with very little warning. For such an attack to work your target candidate must be running TorBrowser on Windows. When opening/downloading files, TorBrowser does warn you that 3rd party files can expose your IP address and should be accessed in tails.

The $10k price tag for proper licensing is a deterrent to small-time malware purveyors. But it would only be a drop in the bucket for a well-funded government agency and/or any NGOs they employ. It’s basically the Network Investigative Technique the FBI deployed in the Playpen cases — only one able to be buried inside media files which could be scattered around like mini-honeypots.

The DRM-based attack certainly wouldn’t be limited to law enforcement agencies. It would also be deployed by spy agencies for use against terrorists (who love to share media files) and, unfortunately, by governments every bit as malicious as the software they’re deploying. The exploit could just as easily be deployed to target dissidents, journalists, and other “enemies of the state” through booby-trapped, DRM-laden files that strip away anonymity while delivering information these entities might find intriguing/useful.

Underneath it all is Microsoft’s apparently misplaced faith in properly-signed media files put together with its development kits. Rather than warn users that the redirect to the codec installer may still be risky despite the proper signature, Windows will automatically open a new browser instance and download the file with no further user interaction.

Here’s Hacker House’s explanation of the whole process:

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Windows DRM: Now An (Unwitting) Ally In Efforts To Expose Anonymous Tor Users”

Subscribe: RSS Leave a comment
Anonymous Coward says:

…which is why you just DON’T allow auto-play / click play on embedded videos whenever you feel like you give a damn about these things – you look at the page source, DOWNLOAD the video file itself, ascertain its extension and play it in a trusted player other than WMP (preferably with its own built-in codecs, preferably with network access denied). Yes, it might fail to play if it has DRM. Oh well…

Bamboo Harvester says:


There are people out there so benighted they STILL use formats like WMV, WMA, the various MS document types that include scripting?

And why would anyone with half a brain play any sort of media file with a player other than VLC?

If you *must* use MS formats (work or the like) there are dozens of converters out there to change the files to safer, non-DRM formats.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...