Submission + - Windows DRM-Protected Files Used to Decloak Tor Browser Users (bleepingcomputer.com) 1
An anonymous reader writes: Downloading and trying to open Windows DRM-protected multimedia files can deanonymize Tor Browser users and reveal their real IP addresses, security researchers from Hacker House have warned.
On Windows, multimedia files encoded with special Microsoft SDK will automatically open an IE window and access a URL to check the file's license. Since this request is sent outside of the Tor Browser and without user interaction, this can be used to ping law enforcement servers and detect the user's real IP address and other details.
For example, law enforcement could host properly signed DRM-protected files on sites pretending to host child pornography. When a user would try to view the file, the DRM multimedia file would use Internet Explorer to ping a server belonging to the law enforcement agency. The same tactic can also be used to target ISIS militants trying to view propaganda videos, illegal drug and weapons buyers trying to view video product demos, political dissidents viewing news videos, and more. A video of the attack is available here.
On Windows, multimedia files encoded with special Microsoft SDK will automatically open an IE window and access a URL to check the file's license. Since this request is sent outside of the Tor Browser and without user interaction, this can be used to ping law enforcement servers and detect the user's real IP address and other details.
For example, law enforcement could host properly signed DRM-protected files on sites pretending to host child pornography. When a user would try to view the file, the DRM multimedia file would use Internet Explorer to ping a server belonging to the law enforcement agency. The same tactic can also be used to target ISIS militants trying to view propaganda videos, illegal drug and weapons buyers trying to view video product demos, political dissidents viewing news videos, and more. A video of the attack is available here.
This is nothing to do with TOR (Score:2)
The DRMed files phone home under windows. It doesn't matter how they were obtained. If opened as an email attachment the IP address would be reported.
The story is actually "MS DRM file format identifies recipient's IP when opened/played/executed"