Kitten1 and kitten2 compromised (guard/hs/fallback directory)
Dear Tor Project, Currently, my server hosting kitten1 and kitten2 (tor guard and fallback directory) is under seizure since 14/05 11h. Private key are under encrypted volume and may be protected, but please revoke immediatly kitten1 & kitten2 tor node. Those nodes are also fallback directory. Regards, -- Aeris https://imirhil.fr/ Protégez votre vie privée, chiffrez vos communications GPG : EFB74277 ECE4E222 OTR : 5769616D 2D3DAC72 https://café-vie-privée.fr/
On Mon, May 15, 2017 at 12:21:36PM +0200, aeris wrote:
Currently, my server hosting kitten1 and kitten2 (tor guard and fallback directory) is under seizure since 14/05 11h. Private key are under encrypted volume and may be protected, but please revoke immediatly kitten1 & kitten2 tor node. Those nodes are also fallback directory.
Thanks Aeris. I've already revoked those two fingerprints on moria1, after we talked in irc. The other directory authorities will revoke them when they update and/or notice. --Roger
Currently, my server hosting kitten1 and kitten2 (tor guard and fallback directory) is under seizure since 14/05 11h. Private key are under encrypted volume and may be protected, but please revoke immediatly kitten1 & kitten2 tor node. Those nodes are also fallback directory.
I don't know any context or background but if you fear this could happen to you again, I recommend to use tor's OfflineMasterKey feature (without copying the master key to the server) with a short keylifetime (i.e. 7 days), especially if it is a fallback dir (which requires a tor source code change to remove it). Could you also confirm the relay fingerprints (in addition to the nicknames)? thanks, nusenu -- https://mastodon.social/@nusenu https://twitter.com/nusenu_
I don't know any context or background but if you fear this could happen to you again, I recommend to use tor's OfflineMasterKey feature (without copying the master key to the server) with a short keylifetime (i.e. 7 days), especially if it is a fallback dir (which requires a tor source code change to remove it).
Thanks for this feature, I don't know it !
Could you also confirm the relay fingerprints (in addition to the nicknames)?
kitten1 86E78DD3720C78DA8673182EF96C54B162CD660C kitten2 2EBD117806EE43C3CC885A8F1E4DC60F207E7D3E Regards, -- Aeris Individual crypto-terrorist group self-radicalized on the digital Internet https://imirhil.fr/ Protect your privacy, encrypt your communications GPG : EFB74277 ECE4E222 OTR : 5769616D 2D3DAC72 https://café-vie-privée.fr/
I don't know any context or background but if you fear this could happen to you again, I recommend to use tor's OfflineMasterKey feature (without copying the master key to the server) with a short keylifetime (i.e. 7 days), especially if it is a fallback dir (which requires a tor source code change to remove it).
Thanks for this feature, I don't know it !
If you want to use it you likely want to automate that especially with a keylifetime of < 30days because copying around files manually every week is no fun. ansible-relayor does that out of the box for you ;) https://github.com/nusenu/ansible-relayor
Could you also confirm the relay fingerprints (in addition to the nicknames)?
kitten1 86E78DD3720C78DA8673182EF96C54B162CD660C kitten2 2EBD117806EE43C3CC885A8F1E4DC60F207E7D3E
thanks for the fingerprints. Did you shutdown kitten3/4 (yoda.imirhil.fr) 3F5D8A879C58961BB45A3D26AC41B543B40236D6 6FB38EB22E57EF7ED5EF00238F6A48E553735D88 yourself? (last seen Monday 2017-05-15 11:00) or did Online SAS cancel this second VPS after the first one got seized? thanks, nusenu -- https://mastodon.social/@nusenu https://twitter.com/nusenu_
Hi, aeris:
Currently, my server hosting kitten1 and kitten2 (tor guard and fallback directory) is under seizure since 14/05 11h.
Sorry to hear that! Could you please share some more information about the incident? Thanks, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get&search=0x5FBF70B1D1260162
Could you please share some more information about the incident?
From what I know and what I can speak about : A big and sensible French company was infected with Wannacry this 12/05. After infection Wannacry starts a Tor client to join it C&C behind a .onion address. And so connect to guard nodes (possibly bridges, directory authorities and fallback directories can be affected too, or any Tor nodes which can be joined directly by standard Tor client). Sys admin of the infected company just flag all unknown *OUTGOING* traffic as evil and report corresponding IP to cops. Which seized servers of big french providers (OVH & Online at this time) on this list the 13 and 14/05. Regards, -- Aeris Individual crypto-terrorist group self-radicalized on the digital Internet https://imirhil.fr/ Protect your privacy, encrypt your communications GPG : EFB74277 ECE4E222 OTR : 5769616D 2D3DAC72 https://café-vie-privée.fr/
On Sat, May 20, 2017 at 5:20 PM, aeris <aeris+tor@imirhil.fr> wrote:
Could you please share some more information about the incident?
From what I know and what I can speak about :
A big and sensible French company was infected with Wannacry this 12/05.
Sounds like you meant to write either "sensitive" or "insensible". Sensible is not the word I would use to describe this company! :)
On Saturday, 20 May 2017 17:31:25 CEST Anders Andersson wrote:
On Sat, May 20, 2017 at 5:20 PM, aeris <aeris+tor@imirhil.fr> wrote:
Could you please share some more information about the incident?
From what I know and what I can speak about :
A big and sensible French company was infected with Wannacry this 12/05.
Sounds like you meant to write either "sensitive" or "insensible". Sensible is not the word I would use to describe this company! :)
Yes, 'sensible', like 'actually' and 'eventually', is a "false friend" whose meaning in English is different from that in just about every other European language (but the other languages are consistent with each other e.g. 'sensible' in French and 'sensibel' in German have the same meaning), which sometimes leads to confusion. Even more confusingly, 'insensible' is not the opposite of 'sensible' but rather means either 'imperceptible' or 'unconscious'.
Did he not mean that it is well run yet did dopey things such as giving outgoing ip address to the police which made no sense?
Sure it makes sense. Here, these IPs are the bad guys, we found them, call the police. Ticket closed. Congratulation from some clueless CTO for the awesome and fast work. End of story. niftybunny abuse@to-surf-and-protect.net Where ignorance is bliss, 'Tis folly to be wise. Thomas Gray
On 21. May 2017, at 02:49, I <beatthebastards@inbox.com> wrote:
Did he not mean that it is well run yet did dopey things such as giving outgoing ip address to the police which made no sense?
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hey, A random website (French speaking) about this unplug... https://www.nextinpact.com/news/104302-wannacrypt-nuds-tor-saisis-par-autori... What will they find ? A Debian who ask a password to unlock the system, or it will stop booting ? Yeah, if police can read the system entirely, it looks like impossible to find something about the guyz behind the wannacry software ? Tor is not logging anything else than informations about uptimes/nb connections... what can be interesting for police by unpluging those guards relays ? @aeris, do they ask you to uncrypt the volume ? (good luck to you...) What can be the best ? Uncrypt the relay to help police when asking, when this relay is only a relay and storing nothing else ? I :
Did he not mean that it is well run yet did dopey things such as giving outgoing ip address to the police which made no sense?
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
On Sun, May 21, 2017 at 09:12:39AM +0200, Petrusko wrote:
What will they find ? A Debian who ask a password to unlock the system, or it will stop booting ? Yeah, if police can read the system entirely, it looks like impossible to find something about the guyz behind the wannacry software ?
Correct. Not only that, but remember that they took the relay because a *victim* contacted it, not because they think the "guyz behind the software" did.
Tor is not logging anything else than informations about uptimes/nb connections... what can be interesting for police by unpluging those guards relays ?
Typically that's why cops choose not to bother Tor relays -- because they know there will be nothing useful. But every so often there's a new cop that doesn't understand the Internet and just wants to collect all the computers at the IP addresses on his list. Hard to teach them all.
@aeris, do they ask you to uncrypt the volume ? (good luck to you...) What can be the best ? Uncrypt the relay to help police when asking, when this relay is only a relay and storing nothing else ?
That's actually why the torservers.net people suggest *not* using disk encryption. Having no barriers makes it much easier for the police to realize that there's nothing useful to them. See also point two of https://blog.torproject.org/blog/trip-report-tor-trainings-dutch-and-belgian... --Roger
remember that they took the relay because a *victim* contacted it, not because they think the "guyz behind the software" did.
Civil sue them for stupid thinking / false arrest confiscation, loss of service and use, public tarnishment, bad training, etc.
what can be interesting for police by unpluging those guards relays ?
Nothing. Well, off topic, unless they were researching confirmation or partitioning attacks.
Typically that's why cops choose not to bother Tor relays -- because they know there will be nothing useful. That's actually why the torservers.net people suggest *not* using disk encryption. Having no barriers makes it much easier for the police to realize that there's nothing useful to them.
This falling over may perhaps not be preferred by operators who like to create wins in the crypto war. You want police to go get their warrants, waste their time and money, just to prove nothing upon decrypt... then you have higher recorded, thus marketable, percent of nothing found among all forced decrypt cases. Instead of closer to 100% of such cases just confirming already forgone criminal cases. Having higher barriers and costs and demonstrably less fruit ratio can make such seizures more unlikely in first place.
On Sun, May 21, 2017 at 10:37 AM, grarpamp <grarpamp@gmail.com> wrote:
remember that they took the relay because a *victim* contacted it, not because they think the "guyz behind the software" did.
Civil sue them for stupid thinking / false arrest confiscation, loss of service and use, public tarnishment, bad training, etc.
what can be interesting for police by unpluging those guards relays ?
Nothing. Well, off topic, unless they were researching confirmation or partitioning attacks.
Typically that's why cops choose not to bother Tor relays -- because they know there will be nothing useful. That's actually why the torservers.net people suggest *not* using disk encryption. Having no barriers makes it much easier for the police to realize that there's nothing useful to them.
This falling over may perhaps not be preferred by operators who like to create wins in the crypto war. You want police to go get their warrants, waste their time and money, just to prove nothing upon decrypt... then you have higher recorded, thus marketable, percent of nothing found among all forced decrypt cases. Instead of closer to 100% of such cases just confirming already forgone criminal cases. Having higher barriers and costs and demonstrably less fruit ratio can make such seizures more unlikely in first place.
Can they force an operator to decrypt, if he lives in other country which is non-US and non-EU (e.g. Russia or China)? Does it make sense to run nodes in countries you don't live in or visit? What happens if an operator themselves is anonymous? -- Best regards, Boris Nagaev
On 2017-05-20 18:07, Chris Kerr wrote:
Yes, 'sensible', like 'actually' and 'eventually', is a "false friend" whose meaning in English is different from that in just about every other European language (but the other languages are consistent with each other e.g. 'sensible' in French and 'sensibel' in German have the same meaning), which sometimes leads to confusion. Even more confusingly, 'insensible' is not the opposite of 'sensible' but rather means either 'imperceptible' or 'unconscious'.
I have mused about this myself. The most curious thing is that English is not even consistent with itself here. Think about the title of a famous enlightenment era novel. The meaning of the nouns is precisely inverted from the adjectives. -- Please *no* private Cc: on mailing lists and newsgroups Personal signed mail: please _encrypt_ and sign Don't clear-text sign: http://primate.net/~itz/blog/the-problem-with-gpg-signatures.html
On Sun, May 21, 2017 at 5:16 PM, Ian Zimmerman <itz@primate.net> wrote:
On 2017-05-20 18:07, Chris Kerr wrote:
Yes, 'sensible', like 'actually' and 'eventually', is a "false friend" whose meaning in English is different from that in just about every other European language (but the other languages are consistent with each other e.g. 'sensible' in French and 'sensibel' in German have the same meaning), which sometimes leads to confusion. Even more confusingly, 'insensible' is not the opposite of 'sensible' but rather means either 'imperceptible' or 'unconscious'.
I have mused about this myself. The most curious thing is that English is not even consistent with itself here. Think about the title of a famous enlightenment era novel. The meaning of the nouns is precisely inverted from the adjectives.
Inflammable means flammable? What a country!
Anders Andersson wrote:
On Sun, May 21, 2017 at 5:16 PM, Ian Zimmerman <itz@primate.net> wrote:
I have mused about this myself. The most curious thing is that English is not even consistent with itself here. Think about the title of a famous enlightenment era novel. The meaning of the nouns is precisely inverted from the adjectives.
Inflammable means flammable? What a country!
As I understand it (from a United States perspective) the word "inflammable" derives from "likely to burst into flames". So yes, inflammable = flammable != unflamable (which is not a word; the opposite of flammable is nonflammable) Once upon a time it was common in this country for safety warnings to use the word inflammable (e.g. "inflammable -- no smoking"). But because of the tendency to cause the confusion noted above, these days the word "flammable" is almost always used instead for warnings. If you are looking for consistency and simple rules you can't do much worse than English! Jim
I was told in 1955 that "flammable" was invented to put on trucks because so many people - including many truck drivers - thought that inflammable meant "not flammable". Like independent vs. dependent, indivisble vs. divisible etc. Sent with [ProtonMail](https://protonmail.com) Secure Email. -------- Original Message -------- Subject: Re: [tor-relays] Doing the english [Was: Kitten1 and kitten2 compromised (guard/hs/fallback directory)] Local Time: May 21, 2017 11:22 AM UTC Time: May 21, 2017 3:22 PM From: pipatron@gmail.com To: tor-relays@lists.torproject.org On Sun, May 21, 2017 at 5:16 PM, Ian Zimmerman <itz@primate.net> wrote:
On 2017-05-20 18:07, Chris Kerr wrote:
Yes, 'sensible', like 'actually' and 'eventually', is a "false friend" whose meaning in English is different from that in just about every other European language (but the other languages are consistent with each other e.g. 'sensible' in French and 'sensibel' in German have the same meaning), which sometimes leads to confusion. Even more confusingly, 'insensible' is not the opposite of 'sensible' but rather means either 'imperceptible' or 'unconscious'.
I have mused about this myself. The most curious thing is that English is not even consistent with itself here. Think about the title of a famous enlightenment era novel. The meaning of the nouns is precisely inverted from the adjectives.
Inflammable means flammable? What a country! _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Also explained by British dictionary: https://www.merriam-webster.com/words-at-play/flammable-or-inflammable Cheers On Wed, 24 May 2017 at 02:03 Torix <torix@protonmail.com> wrote:
I was told in 1955 that "flammable" was invented to put on trucks because so many people - including many truck drivers - thought that inflammable meant "not flammable". Like independent vs. dependent, indivisble vs. divisible etc.
Sent with ProtonMail <https://protonmail.com> Secure Email.
-------- Original Message -------- Subject: Re: [tor-relays] Doing the english [Was: Kitten1 and kitten2 compromised (guard/hs/fallback directory)] Local Time: May 21, 2017 11:22 AM UTC Time: May 21, 2017 3:22 PM From: pipatron@gmail.com To: tor-relays@lists.torproject.org
On Sun, May 21, 2017 at 5:16 PM, Ian Zimmerman <itz@primate.net> wrote:
On 2017-05-20 18:07, Chris Kerr wrote:
Yes, 'sensible', like 'actually' and 'eventually', is a "false friend" whose meaning in English is different from that in just about every other European language (but the other languages are consistent with each other e.g. 'sensible' in French and 'sensibel' in German have the same meaning), which sometimes leads to confusion. Even more confusingly, 'insensible' is not the opposite of 'sensible' but rather means either 'imperceptible' or 'unconscious'.
I have mused about this myself. The most curious thing is that English is not even consistent with itself here. Think about the title of a famous enlightenment era novel. The meaning of the nouns is precisely inverted from the adjectives.
Inflammable means flammable? What a country! _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
saluton On 05/21/2017 11:16 AM, Ian Zimmerman wrote:
I have mused about this myself. The most curious thing is that English is not even consistent with itself here.
if you expect a language to be consistent, learn esperanto. english is a mélange of bad habits, ancient history and colonial leftovers ... it is trivially easy to find internal contradictions and all the irrationality between elements that you would find in a junk drawer. but don't let me stop you- it helps to distract from the orange strongman-wannabe ...
Hi What was OVH reaction to this? Has your account been banned from using their services etc? Utterly pathetic move by the French company - its their own fault On 20 May 2017, at 16:20, aeris <aeris+tor@imirhil.fr> wrote:
Could you please share some more information about the incident?
From what I know and what I can speak about :
A big and sensible French company was infected with Wannacry this 12/05. After infection Wannacry starts a Tor client to join it C&C behind a .onion address. And so connect to guard nodes (possibly bridges, directory authorities and fallback directories can be affected too, or any Tor nodes which can be joined directly by standard Tor client). Sys admin of the infected company just flag all unknown *OUTGOING* traffic as evil and report corresponding IP to cops. Which seized servers of big french providers (OVH & Online at this time) on this list the 13 and 14/05.
Regards, -- Aeris Individual crypto-terrorist group self-radicalized on the digital Internet https://imirhil.fr/
Protect your privacy, encrypt your communications GPG : EFB74277 ECE4E222 OTR : 5769616D 2D3DAC72 https://café-vie-privée.fr/ _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
participants (18)
-
Aeris -
aeris
-
Anders Andersson -
Chris Kerr -
grarpamp -
I -
Ian Zimmerman -
jah knee -
Jim -
Nagaev Boris -
niftybunny -
nusenu -
Petrusko -
r1610091651 -
Roger Dingledine -
Sec INT -
Torix -
Vasilis