[tor-relays] Grizzly Steppe

rush23 at gmx.net rush23 at gmx.net
Mon Jan 2 09:57:32 UTC 2017 

By the way Jerry Gamblin checked the list against the tor exit nodes and found 191 that have been used in this hacking...
There you can find his thread with the whole listing..

https://twitter.com/JGamblin/status/814627227656683521

Regards 
0x23

Am 2. Januar 2017 09:39:50 MEZ schrieb tor-relays-request at lists.torproject.org:
>Send tor-relays mailing list submissions to
>	tor-relays at lists.torproject.org
>
>To subscribe or unsubscribe via the World Wide Web, visit
>	https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>or, via email, send a message with subject or body 'help' to
>	tor-relays-request at lists.torproject.org
>
>You can reach the person managing the list at
>	tor-relays-owner at lists.torproject.org
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of tor-relays digest..."
>
>
>Today's Topics:
>
>   1. Re: Grizzly Steppe (Rana)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Mon, 2 Jan 2017 10:39:40 +0200
>From: "Rana" <ranaventures at gmail.com>
>To: <tor-relays at lists.torproject.org>
>Subject: Re: [tor-relays] Grizzly Steppe
>Message-ID: <03ed01d264d3$c4700b40$4d5021c0$@gmail.com>
>Content-Type: text/plain; charset="utf-8"
>
>My bet is that the recorded IP address dates back to the days when your
>node
>was an exit. Naturally the Russian hackers have used Tor, probably in
>tandem
>with a VPN - it would have been stupid of them not to, and stupid they
>are
>not. 
> 
>And you are right - now the US government will blame Tor exit operators
>for
>the sheer stupidity of email operators in political shops such as DNC
>that
>do not force their users to encrypt email end to end. PGP is too much
>trouble for them.
> 
>If I am right there is nothing you can do now, you have already closed
>the
>exit. If they pressure you, migrate your relay to another IP.
> 
>Rana
> 
>From: tor-relays [mailto:tor-relays-bounces at lists.torproject.org] On
>Behalf
>Of Dr Gerard Bulger
>Sent: Monday, January 02, 2017 10:15 AM
>To: tor-relays at lists.torproject.org
>Subject: [tor-relays] Grizzly Steppe
> 
>I ran an exit node, but gave up after too many abuse reports that
>annoyed my
>ISP.  So I turned al exit ports off, and reports stopped as a rely.   
>After
>months and many terabytes of data I get an abuse complaint that my tor
>IP
>has been used for espionage. 
> 
>"NCSC have been made aware of a report and associated malicious
>indicators
>released by the United States Government relating to malicious cyber
>activity. A copy if the report and indicators can be found at the
>following
>link:-
>https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicio
>us-Cyber-Activity
>Details within this report indicate network assets which may have been
>compromised or associated with malicious activity. We have identified
>the
>following IP address from this report as x.x.x.x   As a minimum, it is
>recommended that you check systems and any available logs concerned
>with the
>above addresses for indications of malicious activity"
>
>There are no other details as to HOW my tor relay is being used.  The
>espionage seems to relay on the stupidity of recipients on receiving
>emails
>asking for passwords.  I am not sure HOW ISP or relay service can stop
>that.
>Or is it that my relay was being used to transfer the data?
> 
>I assume my IP was found by way of a DNS leak which I need to look
>into.
>There is nothing else I can do as a relay to stop this or is there?
> 
>Gerry
> 
> 
> 
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL:
><http://lists.torproject.org/pipermail/tor-relays/attachments/20170102/5fcbf7d5/attachment.html>
>
>------------------------------
>
>Subject: Digest Footer
>
>_______________________________________________
>tor-relays mailing list
>tor-relays at lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
>------------------------------
>
>End of tor-relays Digest, Vol 72, Issue 4
>*****************************************

-- 
Diese Nachricht wurde von unterwegs versendet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170102/0ce47479/attachment.html>

More information about the tor-relays mailing list