Windows DRM Files Could Be Utilized To Rat-Out IPs Of Tor Browser Users

It should be noted that this latest attack vector requires both the use of Windows and the Tor Browser. As Hacker House reports, clicking on “these ‘signed WMV’ files do not present any alert to a user before opening them they can be used quite effectively to decloak users of the popular privacy tool TorBrowser with very little warning.”

Such a sneaky attack would leave your IP address wide open for hackers, copyright holders, or perhaps government entities looking to gain access to your IP address.

In recent years, such attacks worked when a user clicked on and then opened a digitally-signed Windows media file. The file would (usually by default) open within Windows Media Player. At that time, users would be greeted with a popup prompting to visit a website to validate their license. It was at that point that the provided authorization link would point towards infected files:

^{(Source: Hacker House)}

The folks at Hacker House report that the ability to create a properly signed file means that there is no popup, which can automatically lead users to a malware-ridden files. However, such digital signing is cost prohibitive for typical hackers. “DRM is expensive business and unless you use the SDK to develop your own application you will likely need to make use of a license provider to encrypt your WMV files using these tools and also for signing purposes,” writes Hacker House. “If you want to build your own Microsoft DRM signing solution the price-tag is around $10,000.”

So, who could stand to gain from having access to IP addresses of people and also has the purchasing power to afford Microsoft’s signing tools? None other than the aforementioned copyright holders and law enforcement. Copyright holders could in effect setup sting operations with infected files to movies or TV shows. Government entities could also use such a technique to bust ISIS militant leaders looking to access propaganda videos.