[tor-relays] Possible tor usage by Dragonfly aka Energetic Bear

no.thing_to-hide at cryptopathie.eu no.thing_to-hide at cryptopathie.eu
Tue Jul 29 19:06:59 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Manuel and many thanks for running an exit!

When I check your IP, I see the website with the hint at Tor (1). But
when I ask RIPE, I only get the info of your ISP Contabo without any
information about Tor (2). Perhaps it would help when inserting an
additional comment in the "remarks" field, like CCC does (3).

=> A question to other exit operators: Does it help, when the Whois
record contains an information about Tor? Or does the police contact
you anyway?

Best regards and stay wiretapped!

Anton

1) http://193.37.152.241
2) https://apps.db.ripe.net/search/query.html?searchtext=193.37.152.241
3) https://apps.db.ripe.net/search/query.html?searchtext=77.244.254.227
- -- 
no.thing_to-hide at cryptopathie dot eu
0x30C3CDF0, RSA 2048, 24 Mar 2014
0FF8 A811 8857 1B7E 195B 649E CC26 E1A5 30C3 CDF0
Bitmessage (no metadata): BM-2cXixKZaqzJmTfz6ojiyLzmKg2JbzDnApC



On 29/07/14 16:50, manuel at myops.de wrote:
> Hi,
> 
> today I received a registered mail by the BKA, the german federal 
> police, alerting me that some stuff related to the Dragonfly aka 
> Energetic Bear backdoor Oldrea/Havex could be traced back to one of
> my ips. The ip in questions is the one with which I run my tor exit
> node. I phoned the BKA and asked if they would be aware that 
> Dragonfly uses the tor network to connect to their C&C servers. At
> least the BKA-person at the phone wasn't aware.
> 
> Just thought to let you know.
> 
> Regards, M.
> 
> _______________________________________________ tor-relays mailing
> list tor-relays at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJT1/DRAAoJEMwm4aUww83w8lQH/0AVuhx4JrZE5XKqmtgRUXYo
Goy+VbyME7MmWLzXMivoxoZ/6VzlhXSwYHf+5WSYEgu+gGvqOqkAq7pBJ5vuy2/W
p33DTF1qjrzWIwa1Dzh/ggkgvriELD/GW1aaUaahQkGsIozogvfkoPcRs1aZVoBm
XH4UId308KPnrsknH/ni9ouOIQcD1pH668K84vQhkeebDythKGL/868vn/GqrCxq
zc154Ch9NMoOsZhx37JcdceTee8aBUS5EEl2Xt5zZF4m95+11L+cKPOPtR/YmASl
4bBv9Ba+PbeTi6zI/REHim/RgWCD5tOtLAcXDj4do1ijPwUlOmUq5dG+RgYJaCY=
=gzmS
-----END PGP SIGNATURE-----

More information about the tor-relays mailing list