by Rakesh Krishnan
Leaking the source code of the proprietary tools is not a new scenario in the cyber threat arena. Recently, Windows 10 source code was leaked into “Beta Archives’ FTP”; (later removed) which is an active discussion forum on Windows Releases.
Sometimes, it may be an Insider Threat (Breach) or other times, it may be an Intrusion which ultimately classified into “Leaks”.
Few months ago, the source code of the proprietary tool named “Presto”- a browser layout engine used by Opera, was leaked in January 2017 into a code sharing site “GitHub” and later to “BitBucket”. Although Opera is recognized as an open source material in the outer world; the layout engine which they were using earlier was a proprietary product inside the Opera Community.
It was taken down immediately by the DMCA Takedown Request filed by Opera; the complete packages had been removed from multiple code sharing platforms like GitHub and BitBucket.
The netizens had expressed their notion against the takedown of Presto Engine; expressing their views to open source the product; voicing through social media platforms like Reddit and other online forums; but no response hit back.
BACK ON TOR
The whole repository of Presto Engine had come live in the TOR network sited as http://xxxxxxxx5q5s4urp.onion/.
This onion site also provided the ways to download the entire package (which is huge) using the following wget command:
wget -m http://xxxxxxxx5q5s4urp.onion/
In case, if any error occurs while mirroring/downloading the complete onion domain; the site had also facilitated it by subdividing each branch; hence making it into archives format: http://xxxxxxxx5q5s4urp.onion/browser.git/, so that clone command can be used effectively as:
git clone xxxxxxq5s4urp.onion/browser.git
During an investigation, it was found that the onion site had been created on 20th December, 2017 and is hosted on an unstable Nginx server. It was accessible at some time; which makes it unstable.
Hosting the leak in the deep web is a clever method to evade the take downs from DMCA or other legal entities, as the onion domains will not be tracked; and can’t break until it is attacked by any means like DDoS.
Presto was being used by Opera till 2013; switched to WebKit engine.
Although the source code had been in no use; still it can be referenced by anyone to analyze the methods in the Opera community; hence the future proprietary apps from Opera could be using the same strategy for the development.
CloudSEK is a Unified Risk Management Platform. Our AI/ML technology based products XVigil and CloudMon monitor threats originating from the Web, DarkWeb, Deep Web, Web applications etc.. and provide real time alerts.