A little more than 16 months ago, word emerged that the FBI exploited a recently patched Firefox vulnerability to unmask Tor users visiting a notorious child pornography site. It turns out that the feds had waged an even broader uncloaking campaign a year earlier by using a long-abandoned part of the open source Metasploit exploit framework to identify Tor-using suspects.
According to Wired, "Operation Torpedo," as the FBI sting operation was dubbed, targeted users of three darknet child porn sites. It came to light only after Omaha defense attorney Joseph Gross challenged the accuracy of evidence it uncovered against a Rochester, New York-based IT worker who claims he was falsely implicated in the campaign. Operation Torpedo used the Metasploit Decloaking Engine to identify careless suspects who were hiding behind Tor, a free service used by good and bad guys alike to shield their point of entry to the Internet.
The Decloaking Engine went live in 2006 and used five separate methods to break anonymization systems. One method was an Adobe Flash application that initiated a direct connection with the end user, bypassing Tor protections and giving up the user's IP address. Tor Project officials have long been aware of the vulnerability and strenuously advise against installing Flash. According to Wired: