[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Darknets: Full of onions, and eeps, and other wondrous things

> Email to tor-talk@ [0] made me wonder if (some of) these
> are run by the same people that have been trying to hijack
> Bitcoin transactions.  In the first step, they could enumerate
> services by crawling them

That would be useful to get an early start in the spamming / seeding
publication below.

> and setting up an impersonation
> site that has substituted Bitcoin addresses on it.

There's no need to 'mirror' or 'clone' or 'set up a site', the good ones
are just transparent cleartext proxies, one onion in front of another.
They can be timed, but don't fall to the dynamic content and
update differences that mirrors do.

Regardless, the last step is publication of the proxy. This is done in
wholesale on onionland services such as forums and the now tens of
wannabe 'hidden wikis', many of which are run by the same actors,
obviously adding to the attack surface. Users surf them, they and the
links looks legit, they get bookmarked and that's that till they somehow
find out. It's been going on that way for years. All onionland services
should be considered suspect, even email, syndication and storage.

> Finally, they are
> running malicious exists that rewrite onion domains to their own
> impersonation sites.

Exit rewriting is an easy way to skim another fraction of users without
needing to play with forums and wikis.

As interesting as why, is that there are so many.

Those willing to immerse themselves in the corners of onionland would
probably find some insight, at least for that which comes from there.

Topside ventures that reach down into onions would be different story.

Databasing, crime, anti-crime, covert stuff, games, research, hacking,
and even the overriding majority of everyday legitimate use by users
around the globe....

The story and scaling over time of all these aspects is becoming quite

> [0] <https://lists.torproject.org/pipermail/tor-talk/2016-January/040038.html>
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to