[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.



On 09/07/2014 01:25 PM, blobby@xxxxxxxxxxxxxxx wrote:
> On 2014-08-14 00:18, Roger Dingledine wrote:
>> On Wed, Aug 13, 2014 at 10:06:00AM +0000, blobby@xxxxxxxxxxxxxxx wrote:
>>> If it's possible for the owner of a hidden service (whether the FBI
>>> or a regular person) to install malware which grabs visitors' IPs,
>>> then what is stopping any hidden service owner from doing this?
>>
>> See
>> https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html
>>
>> and
>> https://blog.torproject.org/blog/tor-security-advisory-old-tor-browser-bundles-vulnerable
>>
>> plus all the discussion under it.
>>
>> Browser security is a big issue because there's so much surface area
>> to secure.
>>
>> The defense is to stay up to date on your browser. It's not perfect
>> but it sure does help (and it was sufficient in this case).
>>
>>> How, in this case, was it possible for the FBI to learn the IP
>>> addresses of visitors to this hidden service? The Tor hidden server
>>> page states that "In general, the complete connection between client
>>> and hidden service consists of 6 relays: 3 of them were picked by
>>> the client with the third being the rendezvous point and the other 3
>>> were picked by the hidden service."
>>>
>>> Can someone knowledgeable please explain how visitors to a Tor
>>> hidden service can have their real IPs detected?
>>
>> In addition to the above links, you might also like
>> https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-august-7th-2013
>>
>> https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-august-14th-2013
>>
>> https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting
>>
>>
>> --Roger
> 
> Thanks for these links. Illuminating reading.
> 
> However, the story I referred to has nothing to do with Freedom Hosting.
> 
> It refers to "Operation Torpedo" (get the joke: "tor" + "pedo").
> 
> Wired did a follow up to the original story on 26 August:
> http://www.wired.com/2014/08/federal-cybersecurity-director-guilty-child-porn-charges/
> 
> 
> Original story (5 August): http://www.wired.com/2014/08/operation_torpedo/
> 
> As I mentioned, the original story has a link to the affidavit which
> contains information about the FBI malware.

It's the same malware.

Operation Torpedo _preceded_ the Freedom Hosting takedown.

| From the perspective of experts in computer security and privacy,
| the NIT is malware, pure and simple. That was demonstrated last
| August, when, perhaps buoyed by the success of Operation Torpedo,
| the FBI launched a second deployment of the NIT targeting more
| Tor hidden services.
|
| This one—still unacknowledged by the bureau—traveled across the
| servers of Freedom Hosting, an anonymous provider of turnkey Tor
| hidden service sites that, by some estimates, powered half of
| the Dark Net.

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk