[tor-relays] Grizzly Steppe

Subject: [tor-relays] Grizzly Steppe

From: "Dr Gerard Bulger" <gerard@xxxxxxxxxxxx>

Date: Mon, 2 Jan 2017 08:15:29 -0000

Delivery-date: Mon, 02 Jan 2017 03:26:29 -0500

Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=bulger.co.uk; s=mail; t=1483344930; bh=u7mzYk8TFBcCsMZQzCw2kB1rjwcHz0+NwJ43iIszzbw=; h=From:To:Subject:Date:From; b=Hp+Xf2blLO4c0JT3QxC1X+bDwpbvgIqUHD1TJ6GTiLzTx8kg8H8tGuUeYgB39RfO4 8owaZfx+uQTBs1xzkCvzq+9XlNhMsEiZ/181Tw3Rsr2LGBzlaG1c3vi1QNwTgsaR0A CMx8MrzAV+7d4VwBpVsMlsGVMtf04fNB66jAGwOQ=

List-archive: <http://lists.torproject.org/pipermail/tor-relays/>

List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>

List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>

List-post: <mailto:tor-relays@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>

Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Thread-index: AdJk0F0NzehhLpZtS82eh8KyD890Uw==

I ran an exit node, but gave up after too many abuse reports that annoyed my ISP. So I turned al exit ports off, and reports stopped as a rely. After months and many terabytes of data I get an abuse complaint that my tor IP has been used for espionage.

“NCSC have been made aware of a report and associated malicious indicators released by the United States Government relating to malicious cyber activity. A copy if the report and indicators can be found at the following link:-
https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity

Details within this report indicate network assets which may have been compromised or associated with malicious activity. We have identified the following IP address from this report as x.x.x.x As a minimum, it is recommended that you check systems and any available logs concerned with the above addresses for indications of malicious activity”

There are no other details as to HOW my tor relay is being used. The espionage seems to relay on the stupidity of recipients on receiving emails asking for passwords. I am not sure HOW ISP or relay service can stop that. Or is it that my relay was being used to transfer the data?

I assume my IP was found by way of a DNS leak which I need to look into. There is nothing else I can do as a relay to stop this or is there?

Gerry

_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays