Exodus Flaw Leaked and Used to Unmask a Tor-Based Child Exploitation Site

Updated on:
Hacker on computer laptop
An Exodus flaw was leaked and used to reveal visitors to a Tor-based child abuse site called GiftBox.

Exodus Intel is one of the very few companies that develops, buys, and sells software vulnerabilities.

The Exodus firm has proven to be useful as the government can use its exploits to hack those websites it deems conducting illicit activities, mostly Tor hidden services.

Exodus carries out its operations in an organized manner unlike others in the same field that have been identified as being surreptitious private cyber arms dealers.

As a company, Exodus is quite ethical and has oathed to inform vendors about the bugs that it finds.

GiftBox – a Tor Hidden Child Exploitation Site

tor in red

However, earlier, an Exodus flaw was leaked which the public and all vendors had no idea about.

Your TOR usage is being watched

The flaw was used to reveal the visitors to a child abuse website based on Tor network called GiftBox.

The move to unmask Tor users of the child abuse site, GiftBox, was intended to be a positive one, although digital experts confirm their fears.

They said that in the present situation, any hacker can now use this tool to spy on citizens.

This is quite unacceptable and is illegal, to begin with.


The experts argue that the vendors be informed about their tools immediately.

This is to ensure that the consumers are protected.

A year ago, the same unpatched and unknown vulnerability was discovered.

It affected a large number of Firefox users to boot.

Tor itself is virtually based on Mozilla’s browser.

This only emerged recently, thanks to an alert on a Tor Project mailing list.

During an interview, Logan Brown, the Exodus president, said that they had no idea how the flaw leaked and that the company was investigating the matter.

He said that they had previously delivered to their clients multiple Firefox over the years and that this one did look similar to one of theirs.

Users who are already perplexed by the so-called zero-day exploit market expressed their dismay at the Exodus’ hacker code unintended leakage.

They fear that it could have been used by criminals before or after the patch.

In a post stating Mozilla’s concerns, the company wrote that if the exploit was in fact developed and deployed by the government or the law enforcement agency, the fact that it had been published meant that it can be used by any person to attack Firefox users.

He further noted that it was a clear indication of how purportedly limited government hacking can be a threat to the broader web.

The danger posed meant that vulnerability enabled an attacker to just launch the code to a targeted system once they land on a page with malicious JavaScript.

The victim’s IP and MAC addresses would then be sent to the hacker’s system or server.

Tor Hack

The hacking of the Tor hidden child abuse site, GiftBox, was further indication that the government had access to the exploit used on Tor users.

The question that remains unclear was which government agency was responsible or liable for using Exodus’ exploit on Tor users?

The Exodus president was quite conservative and vague as to whether there was a possibility that the vulnerabilities were shared with or sold to non-US governments; however, he stated that they did not sell to overseas law enforcement agencies.

According to him, there were a few allied countries that subscribed to the company’s services.

The company says that they are still investigating how it leaked and how it was or is being planned to be used.

Christopher Soghoian, principal technologist at the American Civil Liberties Union, says he thinks that a foreign agency could be behind the Tor hacking process and not the Federal Bureau of Investigation.

This could be a possibility as the targets’ IP addresses were sent to France; provided that thousands of GiftBox users were Americans.

Therefore, if a foreign government used the hacker tool on the Tor hidden child abuse site, then some serious legal questions can be raised.

It poses a very serious threat to cyber security.

Write for us


The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.