Bitcoin Forum
June 16, 2024, 08:53:20 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Half of all TOR sites compromised, SR affected??? (xpost from reddit)  (Read 2941 times)
Spekulatius (OP)
Legendary
*
Offline Offline

Activity: 1022
Merit: 1000



View Profile
August 04, 2013, 05:12:34 PM
 #1

http://www.reddit.com/r/Bitcoin/comments/1joli2/breaking_half_of_tor_sites_compromised_including/
tclo
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500



View Profile
August 04, 2013, 08:21:33 PM
 #2

Yeah this isn't good and should be interesting to see how it shakes out for BTC.
keewee
Legendary
*
Offline Offline

Activity: 1025
Merit: 1000



View Profile
August 04, 2013, 09:54:34 PM
 #3

I agree, it will be interesting to see where this goes. I think the information that TORMail was included in the compromise will be giving a few people some anxious moments

1keewee2vRp63UWvPBynT55ZYw6SUCKDB
Elwar
Legendary
*
Offline Offline

Activity: 3598
Merit: 2386


Viva Ut Vivas


View Profile WWW
August 04, 2013, 09:56:50 PM
 #4

I wonder if the FBI would even have the infrastructure in place to confiscate all of SR's bitcoins.

One person in the loop knows the private key and they are suddenly rich.

First seastead company actually selling sea homes: Ocean Builders https://ocean.builders  Of course we accept bitcoin.
hitndahedfred
Newbie
*
Offline Offline

Activity: 55
Merit: 0


View Profile
August 05, 2013, 01:59:57 AM
 #5

You ARE aware that one of the minds behind TOR is/was one of "them",,right?

One of those who lived in one of the many, possibly several of the "acronym" companies.

Look who developed it and their beginnings.

I BELIEVE in litecoin/bitcoin as superior alternative "currencies".

BUT

I also believe that TOR, like Kazzaa and Morpheus and Limewire, it was put there to entrap users.

Yea I am paranoid, and you should be too.

wtfvanity
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500


WTF???


View Profile
August 05, 2013, 05:23:18 PM
 #6

When did tormail go down?

SR never went down, and where does this half number come from?

Tor sites that were hosted with that one dude, which had tons of CP on it, were compromised...

A lot of FUD on that post.

          WTF!     Don't Click Here              
          .      .            .            .        .            .            .          .        .     .               .            .             .            .            .           .            .     .               .         .              .           .            .            .            .     .      .     .    .     .          .            .          .            .            .           .              .     .            .            .           .            .               .         .            .     .            .            .             .            .              .            .            .      .            .            .            .            .            .            .             .          .
acoindr
Legendary
*
Offline Offline

Activity: 1050
Merit: 1002


View Profile
August 05, 2013, 07:41:14 PM
 #7

So I just looked into this, not thoroughly so someone please correct me where wrong, but have the following assessment.

The FBI conducted a successful operation against a big person in the Tor world named Eric Eoin Marques who runs a company called Host Ultra Limited. They are trying to extradite Eric to the US to face charges. I'm guessing Eric either distributed directly, or hosted sites dealing in child pornography. Apparently he was conducting business as a Tor Hidden Service.

Now, Tor Hidden Services is different than using Tor normally. Tor Hidden Services is what allows Silk Road to operate because the server itself can gain anonymity while still handling incoming client requests.

What is not readily apparent (to me) is how the FBI found Eric's servers, and what was done with them. It could be that his servers were found with investigative methods outside Tor. However, there does appear to be a way to de-anonymize servers using Hidden Services revealed in the following paper at a security symposium in May 2013:

Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization

I only read the first couple pages but have no reason to doubt the claims. Whether or not the FBI used similar exploits for this case isn't apparent, but I'd say Silk Road looks vulnerable unless and until there is a patch or re-work of the Hidden Services protocol.
evolve
Hero Member
*****
Offline Offline

Activity: 700
Merit: 500


daytrader/superhero


View Profile
August 05, 2013, 07:50:53 PM
 #8


Yea I am paranoid


Yes, yes you are.


Better stop using the internet too, considering it was primarily developed by DARPA/DOD (probably as a plot to monitor your porn usage). If you are going to be crazy, you might as well take it all the way.
Damnsammit
Sr. Member
****
Offline Offline

Activity: 406
Merit: 250



View Profile
August 05, 2013, 08:13:03 PM
 #9

Well damn it.  I was going to look for some ayahuasca on SR today, but I guess I will just consult my local shaman Sad
FreedomCoin
Hero Member
*****
Offline Offline

Activity: 675
Merit: 507


Freedom to choose


View Profile
August 05, 2013, 08:16:26 PM
 #10


Yea I am paranoid


Yes, yes you are.


Better stop using the internet too, considering it was primarily developed by DARPA/DOD (probably as a plot to monitor your porn usage). If you are going to be crazy, you might as well take it all the way.

pruddy much, the first internet was a government intranet.

the TOR scare is related to people not hardening their TorBrowsers... disable JS/enable NS.

justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1009



View Profile
August 06, 2013, 05:47:20 PM
 #11

I agree, it will be interesting to see where this goes. I think the information that TORMail was included in the compromise will be giving a few people some anxious moments
Anybody who was using Tormail should have been encrypting their messages anyway.
countryfree
Legendary
*
Offline Offline

Activity: 3052
Merit: 1047

Your country may be your worst enemy


View Profile
August 06, 2013, 10:13:35 PM
 #12

More info here:

http://www.independent.ie/irish-news/courts/fbi-bids-to-extradite-largest-childporn-dealer-on-planet-29469402.html

and more tech in this article:

http://siliconangle.com/blog/2013/08/06/darknet-freedom-hosting-sites-shutdown-led-by-fbi-exploit-use-against-tor-network/

From what I understand, the privacy of the TOR network has been kept. What went wrong was that some users were using an old browser, but that doesn't explain what led the FBI to Eric Eoin Marques, who was assuredly aware that using an old browser isn't safe.

I used to be a citizen and a taxpayer. Those days are long gone.
trilightzone.org
Newbie
*
Offline Offline

Activity: 47
Merit: 0



View Profile WWW
August 07, 2013, 02:37:07 AM
 #13

From a pure technical point of view;

- they got a list of specific onion websites to target
- analyse and exploit a weakness in the website coding (think of sql injection etc)
- gain access to at least the privilege level of the webservice (like apache etc)
- from there they can easily lookup the IP and other details of the system and manipulate / load custom code

Especially if those websites are concentrated on a few systems sharing common weaknesses in their website code.

threeip
Full Member
***
Offline Offline

Activity: 154
Merit: 100



View Profile WWW
August 07, 2013, 05:30:37 AM
 #14

There was a black hat hacker, recently arrested (by uniformed police) within fifteen minutes of logging into irc from a coffee shop. One time not using Tor. Fifteen minutes.

Granted he was probably already on a 'List', and server hacks can be used, but when your phone inadvertently connects to 'attwifi' at Starbucks, you can be found.

I thought Host Ultra Limited was also Freedom Hosting or no?

As for silk road, I'd be very fucking surprised if they were paying pedohost for their services. With SR income they could easily have a front company/servers for it under a watchful eye.

(Hi FBI in this thread Wink

ส็็็็็็็็็็็็็็็็็็็็็็็็็ GPG:2AFD99BB ಠ_ಠ mon
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!