[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.



Mirimir wrote:

It's the same malware.

Operation Torpedo _preceded_ the Freedom Hosting takedown.

| From the perspective of experts in computer security and privacy,
| the NIT is malware, pure and simple. That was demonstrated last
| August, when, perhaps buoyed by the success of Operation Torpedo,
| the FBI launched a second deployment of the NIT targeting more
| Tor hidden services.
|
| This oneâstill unacknowledged by the bureauâtraveled across the
| servers of Freedom Hosting, an anonymous provider of turnkey Tor
| hidden service sites that, by some estimates, powered half of
| the Dark Net.


Some people also collected details around the malware and did a bit of analysis. There is a better repository of this info, but I wasn't able to find it in my notes. Here are some details: https://gist.github.com/glamrock/6ecc6d6d193152c8ad9e

After a visitor was popped, their system would call back to the FBI's server. Pretty straightforward. However, there are a couple of things to note:

1) This is not the first time that Freedom Hosting had been taken down. onionland folks had hacked them at various points. Among other reasons, this leads me to believe that they didn't host anywhere near a majority of the hidden services :P They're barely a blip.

2) People started pranking each other by distributing links to pages with the payload. That, combined with the relatively mundane nature of most FH-hosted hidden services, is probably why there haven't been a lot of cases to come out of the FH takedown.

hope this helps!
Griffin

--
"I believe that usability is a security concern; systems that do
not pay close attention to the human interaction factors involved
risk failing to provide security by failing to attract users."
~Len Sassaman
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk