“I was doing some online research”, Filippo Cavallarin – founder and CEO of cyber security company We are Segment –  explains, “when I felt something was just not right, something that should have been there was missing. I monitored the situation for more than an hour and I found a vulnerability which jeopardises the principle of anonymity in the Tor system. I just had an intuition.”

This vulnerability, later named TorMoil, affects the anonymous communication system Tor Browser. It affects macOS and Linux users, but not Windows ones.

The vulnerability advisory, published by the CEO of the company, reads as follows:

“due to a Firefox bug in the management of file://URLs, users may leak IP addresses in both operating systems”.

This compromises the core principle of Tor, undermining the advantage of being anonymous.

An ethical choice

Filippo Cavallarin was faced with a hard choice.

– He could have sold the vulnerability to companies such as Zerodium in order to make a profit.
– He could have chosen the “ethical route” by warning Tor Project developers so that they could fix the issue, only to reveal what he had discovered afterwards.
The CEO of We are Segment chose the second path, following the responsible disclosure policy, and sticking to the ethical code of the company. He chose ethical hacking over profit, to save the lives of those who use Tor Browser as a tool to spread news and to denounce violence in countries where freedom of speech is limited.

Filippo later explained in a press release that:

“compromising anonymity is something not to underestimate. Tor Browser users identities are exposed and they are put at great risk. Their lives could be in danger. Just think about how journalists, thanks to the anonymity provided by this tool, avoid government censorship and exercise their freedom of speech”.

The impact of torMoil discovery

TorMoil news was initially released exclusively by the La Repubblica newspaper website – and afterwards by We are Segment -, on Friday afternoon, November 3, 2017.

In a few hours, the news spread like a wildfire, not just in Italy but all over the world.

National and international newspapers and TV invited the ethical hacker behind TorMoil for an interview, in order to spread the news of the vulnerability.

After La Repubblica, the news was reported by Il Corriere della SeraAnsa and many other Italian online newspapers, as well as international magazines, such as Securitylab.ru, News Asis, The Hacker NewsZDNetThe Register and Security Affairs.

The importance of Tor

Tor, acronym for “The Onion Router”, is a communication system which allows to anonymously surf the Web.  In other words, IP addresses of PCs and other connected devices cannot be traced back to Tor Browser users. The system is stratified into different levels where data is encrypted, thus forming an Onion structure.

The “Onion Protocol”  is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor users, instead of making a direct connection to the network, employ a series of virtual tunnels to hide traces of their online activity.