[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] SIGAINT email service targeted by 70 bad exit nodes
-----BEGIN PGP SIGNED MESSAGE-----
So apparently we have drawn attention to our humble little email service that
mostly lives inside of the Tor network.
Today we reported 58 bad exit nodes to Philipp. He instantly found 12 more
we had missed, and there may be even more of them. (Thank you, Philipp!)
FYI: They were added to the BadExit list just hours ago so traffic to them
should dry up.
The attacker had been trying various exploits against our infrastructure over
the past few months. Our exploit mitigations have been sounding various
We are confident that they didn't get in. It looks like they resorted to
rewriting the .onion URL located on sigaint.org to one of theirs so they
MITM logins and spy in real-time.
The attacker doesn't seem to be after passwords (they probably have some of
them now). We get less than 1 user of 42K complaining about their account
being hijacked every 3 months.
I think we are being targeted by some agency here. That's a lot of exit
I know we could SSL sigaint.org, but if it is a state-actor they could just
use one of their CAs and mill a key.
Interestingly, we ended up becoming a sort of canary. Those exit nodes may
have been doing other shady stuff as well.
P.S. My PGP key is here: http://sigaintevyh2rzvw.onion/pubkey.txt
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to