[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] What happens when an .onion site is compromised?



On 12/06/2018 01:51 PM, Nathaniel Suchy wrote:
> If an onion site is compromised, you can serve the user malicious content and with a Tor Browser Vulnerability can harm it's users.
> 
> If your private key is compromised, your only recourse is to go create a new onion address.
> 
> We don't know what vulnerabilities exist in the current version of Tor Browser. If IP Leaks and zero day vulerabilites put you in physical danger, consider Tor Tails. It uses firewall rules to try and block non-tor traffic. It's not bulletproof but simple proxy bypasses are mitigated.

Whonix is arguably more bulletproof, in that the tor daemon and Tor
browser (along with many other apps) are on separate virtual machines,
which can be running in VirtualBox (easiest), KVM (harder) or Qubes
(arguably hardest).

So Tor browser and other userland apps can not reach the Internet except
via Tor. And for malware dropped in the Whonix workstation VM to mess
with the tor daemon, or reach the Internet, guest-to-host breakout is
required.

Also, Whonix gateway and workstation can be separate physical machines.
That makes breakout even harder. Not impossible, of course, but harder.

> Regarding the "CP Site" that you mentioned, the thing is that if the pedophiles had been using an up to date version of Tor Browser or you know, not looking at child pornography on Windows (macOS / Linux builds were not targeted as far as we know), they would not of been caught and would have remained free.

Yeah, that was all Windows malware.

> Some lessons learned...
> 1) Keep Tor Browser up to date2) Don't do illegal things on Windows, it has more users and is easier to mass target the most criminals by focusing on Windows hosts
> 3) Maybe, just maybe, don't look at child pornography in the first place
> 
> Cordially,
> Nathaniel Suchy
> 
> 
> 
> Dec 6, 2018, 3:33 PM by jiggytwiggy@xxxxxxxxxxxxx:
> 
>> Imagine that an .onion site is compromised. This could be by the owner who
>> wishes to expose visitors or by the police who want to target the
>> clientele.
>>
>> (I remember, in the later case, reading something on Deep Dot Web about
>> when the FBI took over a CP site and installed malware).
>>
>> The goal is to acquire users' real IP addresses.
>>
>> What would happen to a visitor if they visited a booby trapped .onion
>> site? The visitor would be using the current version of TBB. How would it
>> be possible for a visitor to be in danger?
>>
>>
>> -- 
>> tor-talk mailing list - > tor-talk@xxxxxxxxxxxxxxxxxxxx <mailto:tor-talk@xxxxxxxxxxxxxxxxxxxx>
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>
>>
> 
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk