Bitcoin Forum
November 05, 2024, 12:42:21 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: BREAKING: HALF OF TOR SITES COMPROMISED, INCLUDING TORMAIL  (Read 6462 times)
infested999 (OP)
Hero Member
*****
Offline Offline

Activity: 854
Merit: 500



View Profile
August 04, 2013, 04:50:44 PM
 #1

http://www.twitlonger.com/show/n_1rlo0uu



The founder of Freedom Hosting has been arrested in Ireland and is awaiting extradition to USA.

In a crackdown that FBI claims to be about hunting down pedophiles, half of the onion sites in the TOR network has been compromised, including the e-mail counterpart of TOR deep web, TORmail.

http://www.independent.ie/irish-news/courts/fbi-bids-to-extradite-largest-childporn-dealer-on-planet-29469402.html

This is undoubtedly a big blow to the TOR community, Crypto Anarchists, and more generally, to Internet anonymity. All of this happening during DEFCON.

If you happen to use and account name and or password combinations that you have re used in the TOR deep web, change them NOW.

Eric Eoin Marques who was arrested runs a company called Host Ultra Limited.

http://www.solocheck.ie/Irish-Company/Host-Ultra-Limited-399806
http://www.hostultra.com/

He has an account at WebHosting Talk forums.

http://www.webhostingtalk.com/showthread.php?t=157698

A few days ago there were mass outages of Tor hidden services that predominantly effected Freedom Hosting websites.

http://postimg.org/image/ltj1j1j6v/

"Down for Maintenance
Sorry, This server is currently offline for maintenance. Please try again in a few hours."

If you saw this while browsing Tor you went to an onion hosted by Freedom Hosting. The javascript exploit was injected into your browser if you had javascript enabled.

What the exploit does:

The JavaScript zero-day exploit that creates a unique cookie and sends a request to a random server that basically fingerprints your browser in some way, which is probably then correlated somewhere else since the cookie doesn't get deleted. Presumably it reports the victim's IP back to the FBI.

An iframe is injected into FH-hosted sites:

TOR/FREEDOM HOST COMPORMISED
By: a guest on Aug 3rd, 2013
http://pastebin.com/pmGEj9bV

Which leads to this obfuscated code:

Javascript Mozilla Pastebin
Posted by Anonymous on Sun 4th Aug 02:52
http://pastebin.mozilla.org/2776374

FH STILL COMPROMISED
By: a guest on Aug 3rd, 2013
http://pastebin.com/K61QZpzb

FBI Hidden Service in connection with the JavaScript exploit:
7ydnpplko5lbgfx5

Who's affected Time scales:

Anyone who accessed an FH site in the past two days with JavaScript enabled. Eric Eoin Marques was arrested on Sunday so that's the earliest possible date.

"In this paper we expose flaws both in the design and implementation of Tor’s hidden services that allow an attacker to measure the popularity of arbitrary hidden services, take down hidden services and deanonymize hidden services
Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization"

http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf

The FBI Ran a Child Porn Site for Two Whole Weeks
http://gizmodo.com/why-the-fbi-ran-a-child-porn-site-for-two-whole-weeks-510247728

http://postimg.org/image/o4qaep8pz/

On any other day one would say these sick perverts got what they deserved. Unfortunately the Feds are stepping far beyond just pedophiles in this latest issue.

The js inserted at Freedom Hosting? Nothing really, just an iframe inject script with a UUID embedded server-side.

The iframe then delivers an exploit kit that appears to be a JavaScript 0day leading to...something. It only attempts to exploit Firefox (17 and up) on Windows NT. There's definitely some heap spraying and some possible shell code. The suspect shell code block contains some strings that look to formulate an HTTP request, but I haven't been able to collect the final payload yet. The shell code also contains the UUID with which the exploit was delivered. Any UUID will work to get this part of the exploit.

I'm still pulling this little bundle of malware apart. So far, I've got that the attack is split across three separate files, each loaded into an iframe. Calls are made between the frames to further obfuscate the control flow. The 'content_2.html' and 'content_3.html' files are only served up if the request "looks like" Firefox and has a correct Referer header. The 'content_2.html' is loaded from the main exploit iframe and in turn loads 'content_3.html'.

Short version. Preliminary analysis: This little thing probably CAN reach out without going through Tor. It appears to be exploiting the JavaScript runtime in Firefox to download something.

UPDATE: The exploit only affects Firefox 17 and involves several JS heap-sprays. Note that the current Extended Support Release is Firefox 17, so this may also affect some large organizations using Firefox ESR.

http://pastebin.mozilla.org/2777139

The script will only attempt the exploit on Firefox 17, so I'm no longer worried about it being some new 0day. Enough of the "Critical" MFSAs are for various sorts of memory corruption that I don't have the time to find out if this is actually a new exploit or something seen before.

http://postimg.org/image/mb66vvjsh/

Logical outcomes from this?

1. FBI/NSA just shut down the #1 biggest hosting site and #1 most wanted person on Tor

2. Silkroad is next on their list, being the #2 most wanted (#1 was Child Porn, #2 is drugs)

3. Bitcoin and all crypto currenecies set to absolutely CRASH as a result since the feds can not completely control this currency as they please.

I don't always call the Feds agenda transparent, but when i do, I say they can be trying harder.

              ▄███▄   ▄███▄
              █████   █████
      ▄███▄    ▀▀▀     ▀▀▀    ▄███▄
      █████     ▄██▄ ▄██▄     █████
       ▀▀▀ ▄██▄ ▀██▀ ▀██▀ ▄██▄ ▀▀▀
 ▄███▄     ▀██▀           ▀██▀     ▄███▄
 █████ ▄██▄                   ▄██▄ █████
  ▀▀▀  ▀██▀                   ▀██▀  ▀▀▀
                       ▄█
▄███▄ ▄██▄            ███ ███  ▄██▄ ▄███▄
█████ ▀██▀  ████      █████    ▀██▀ █████
 ▀▀▀         ▀███▄    ████           ▀▀▀
       ▄██▄    ████   ███     ▄██▄
 ▄███▄ ▀██▀     ▀███  ███     ▀██▀ ▄███▄
 █████            ███▄██           █████
  ▀▀▀              ▀████            ▀▀▀
                     ███
                     ███
                     ██
                   ███

████    ██
  ████    ██
    ████    ██
      ████    ██
        ████    ██
          ████    ██
          ████    ██
        ████    ██
      ████    ██
    ████    ██
  ████    ██
████    ██










White Paper
Yellow Paper
Pitch Deck
Telegram
LinkedIn
Twitter
vm1990
Legendary
*
Offline Offline

Activity: 1540
Merit: 1002



View Profile
August 04, 2013, 05:28:02 PM
 #2

while all this is pretty interesting and rather annoying for any user of tor the FBI (god damn Americans controlling everything again) there is 1 major issue IF they have shut down FH which as far as i know is controlled by multiple people in multiple country's (to shut it down they must have found the physical data center) they have once again affected there target and alot of innocent users (anyone remember the complete mess they made with mega upload)

they also have to rely on Ireland to extradite him (if i was Ireland i wouldn't just to piss the FBI off) and then on top of all that we can count the other "successful" actions the FBI or US has done to "stop" anything they dont like

lets list some

bittorrent ...still going
usenext ..... still going
P2P like guntella 2 network .... still going

the only one i can think of that they managed to put a full stop to is ...napster
as usual there will be someone out there with the next big thing or a new trick to avoid those who wish to do harm to the internet maybe tor2

at the end of the day they have hit there target with a scatter gun taking offline both legal and illegal targets (there good at this) we want to kill 1 person lets blow up the entire country.... hmm and you wonder why the world dosnt like you spying on them

im not going to keep this secret for the most part im happy they got FH and took alot of sites offline but i also wish they would be a bit more intelligent about things

i hope between this guy and kim dotcom they make a massive lawsuite and sue the pants off the FBI and US as a whole
all this dosnt help when the "OBAMA" powers decide to unblock a lawsuite against APPLE for infringing Samsung's Patents... really good of them to stand in when its and AMERICAN company thats lost yet something like BP there against helping


im also intrested in this part
FBI Hidden Service in connection with the JavaScript exploit:
7ydnpplko5lbgfx5

so if everyone blocks this in the TOR relays then there little project will be taken offline???



MrHempstock
Full Member
***
Offline Offline

Activity: 140
Merit: 100


"Don't worry. My career died after Batman, too."


View Profile
August 05, 2013, 02:00:38 AM
 #3

From OpenWatch:

"The execution of malicious JavaScript inside the Tor Browser Bundle, perhaps the most commonly used Tor client, comes as a surprise to many users. Previously, the browser disabled JavaScript execution by default for security purposes, however this change was recently reverted by developers in order to make the product more useful for average internet users. As a result, however, the applications has become vastly more vulnerable to attacks such as this...

    ...We expect there will be a deeper technical analysis of the malware in the coming days as security researchers examine it in greater detail. Since the attack was designed at Firefox for Windows, which the Tor Browser Bundle is based upon, it seems likely that this is not a random occurance, and that the malware is designed specifically designed to compromise the identities of anonymous internet users. Although this would be a victory for the FBI against child pornographers who use the Tor network, it could also mean a serious security breach for international activists and internet users living in repressive states who use the services to practice online free speech.

OpenWatch has been in the early stages of designing a new alternative to Freedom Hosting, called OnionCloud, to allow anonymous Heroku-like application hosting. Developers interested in this idea and other OpenWatch technologies are invited to join the discussion by joining the openwatch-dev mailing list by sending an email to openwatch-dev+subscribe@googlegroups.com"

BTCitcointalk 1%ers manipulate the currency and deceive its user community.
QuantumKiwi
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250



View Profile WWW
August 05, 2013, 02:21:25 AM
 #4

FBI once again stepping way too far over the line of " justice ".


Starting your own website?
CLOUD Hosting from $4.95/0.05BTC!
Nik1ab
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500


freedomainradio.com


View Profile
August 05, 2013, 06:25:23 PM
 #5

FBI once again stepping way too far over the line of " justice ".


That's my opinion also. The USA just take down everything that they don't like, now it's TOR.

No signature ad here, because their conditions have become annoying.
QuantumKiwi
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250



View Profile WWW
August 05, 2013, 10:59:08 PM
 #6

a fine example of the FBI stepping too far, is Kim Dot Com's raid here in New Zealand. FBI pushed NZ police to the limit, so much to the limit that warrants and search warrants were invalid and now the judges of our justice system here in NZ are cleaning up the mess from the FBI and NZ police.

Kim dotcom has won essentially, now the FBI are trying their last attempts at getting him.


Starting your own website?
CLOUD Hosting from $4.95/0.05BTC!
vm1990
Legendary
*
Offline Offline

Activity: 1540
Merit: 1002



View Profile
August 06, 2013, 11:12:06 AM
 #7

a fine example of the FBI stepping too far, is Kim Dot Com's raid here in New Zealand. FBI pushed NZ police to the limit, so much to the limit that warrants and search warrants were invalid and now the judges of our justice system here in NZ are cleaning up the mess from the FBI and NZ police.

Kim dotcom has won essentially, now the FBI are trying their last attempts at getting him.



not to mention the fact that data had been erased forever affecting alot of people who used the services legaly and for business because the FBI are to STUPID to pay bills

at the end of the day theres on way i want to see the world all of us united from China, Russia, North Korea the lot and little old US sat in a corner where they dont even have the right to speak until spoken to....

there too big for there own damn good and there to stupid to realize the whole world dosnt follow there rules...

defaced
Legendary
*
Offline Offline

Activity: 2198
Merit: 1014


Franko is Freedom


View Profile WWW
August 06, 2013, 10:28:48 PM
 #8

This is indeed pretty wild.

Fortune Favors the Brave
Borderless CharityEXPANSEEXRAllergy FinderFranko Is Freedom
redzero36
Member
**
Offline Offline

Activity: 75
Merit: 10



View Profile
August 07, 2013, 03:06:58 AM
 #9

One more reason to add to my list of reasons to move out of murrica.  Thanks for sharing.

theymos
Administrator
Legendary
*
Offline Offline

Activity: 5376
Merit: 13372


View Profile
August 07, 2013, 03:21:04 AM
 #10

I hope the FBI releases detailed information about how they traced the hidden service. There are many known practical attacks against Tor hidden services, but AFAIK none of them have ever been used in a real criminal case.

I wouldn't be caught dead running an illegal hidden service. The people who used Freedom Hosting instead of running hidden services themselves were smart -- someone else got caught instead of them.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Kluge
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1015



View Profile
August 07, 2013, 05:04:06 AM
 #11

There're so many implications from this - too many to cover all in-depth.

Near-term, it'll be interesting to see if even Ireland considers standing up to a USG extradition demand request after the rather powerful blow against the USG by the Russian gov't. Two high-profile extradition requests denied in a row would be the biggest win for national sovereignty in my memory, and an incredible blow to USG prestige internationally (it may also be interpreted as an act of defiance by the Irish government against the UK). Interestingly, Marques actually looked into fleeing to Russia (allegedly out of curiosity about Snowden). Putin's challenge (perhaps to be joined!) to the idea of a USG hegemony is one of the most exciting conflicts of our time, I think.

Weakening governments' power (especially when governments act as if the entire world's in their jurisdiction) is probably as essential to Internet privacy as strengthening the tools used to accomplish it.
Nik1ab
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500


freedomainradio.com


View Profile
August 07, 2013, 05:05:41 AM
 #12

True words...

No signature ad here, because their conditions have become annoying.
cryptasm
Legendary
*
Offline Offline

Activity: 997
Merit: 1002


Gamdom.com


View Profile WWW
August 07, 2013, 03:41:20 PM
 #13

I'm all up for cracking down on paedos but this has gone way too far. I predict WW3 if they try to take down SR.
FiatKiller
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250


View Profile
August 07, 2013, 04:35:24 PM
 #14

Well, the reality is that drugs will soon be legalized anyways and that will kill silkroad and BTC mostly.

LTC: LdxgJQLUdr8hZ79BV5AYbxkBUdaXctXAPi
MoonCoin Gambling: https://coin-horse.com/MON/
Kluge
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1015



View Profile
August 07, 2013, 05:29:14 PM
 #15

Well, the reality is that drugs will soon be legalized anyways
Huh

Legalized where? US states which've "legalized" weed still have it multitudes more heavily regulated than alcohol (allowing more federal raids than ever), while new drugs are constantly being criminalized, and the DEA and related LEOs are still targeting parties involved with existing drugs as harshly as ever.
FiatKiller
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250


View Profile
August 07, 2013, 06:19:42 PM
 #16

I think at the federal level it will change within 5-10 years. The writing is on the wall because of how much money and lives it costs for the drug war. Alcohol is way worse than pot with how it's proven to kill brain cells, cause liver problems, and drunk driving. I'd rather have a pothead behind the wheel anyday. It would also destroy the criminal element behind pot.

LTC: LdxgJQLUdr8hZ79BV5AYbxkBUdaXctXAPi
MoonCoin Gambling: https://coin-horse.com/MON/
vm1990
Legendary
*
Offline Offline

Activity: 1540
Merit: 1002



View Profile
August 07, 2013, 06:23:51 PM
 #17

I think at the federal level it will change within 5-10 years. The writing is on the wall because of how much money and lives it costs for the drug war. Alcohol is way worse than pot with how it's proven to kill brain cells, cause liver problems, and drunk driving. I'd rather have a pothead behind the wheel anyday. It would also destroy the criminal element behind pot.

and if the government was really smart stick a small tax on it and they get paid to watch people go off the wall just like friday night and drunk people.... ahhhh fun times

TiagoTiago
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


Firstbits.com/1fg4i :)


View Profile
August 12, 2013, 10:07:55 PM
 #18

I'm all up for cracking down on paedos but this has gone way too far. I predict WW3 if they try to take down SR.
The thing is they didn't go after the child rapists, they attacked the people offering evidence against the criminals.

(I dont always get new reply notifications, pls send a pm when you think it has happened)

Wanna gimme some BTC/BCH for any or no reason? 1FmvtS66LFh6ycrXDwKRQTexGJw4UWiqDX Smiley

The more you believe in Bitcoin, and the more you show you do to other people, the faster the real value will soar!

Do you like mmmBananas?!
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!