[tor-talk] New to list and questions about exit nodes

DeveloperChris developerchris at rebel.com.au
Sat Nov 2 10:49:37 UTC 2013

It's a nice idea to suggest he joins the list.

I'll drop the hint, but this guy is not one to participate in online 
discussions in any meaningful fashion. He is very security conscious and 
does not have any form of traceable online presence as it is. But he may 
come in under a pseudonym.

Irrespective of his experience, one would be rather foolish to presume being 
within the Tor network doesn't open you to some sort of hactivity. Its like 
painting a big red target sign on your back and governments around the world 
will be trying to infiltrate any machine connected to Tor.

This is particularly obvious in the light of Snowden's revelations. Oops 
keyword! Did I mention my old car. Its a real old bomb (nuther keyword :)

Perhaps he was targeted in a sloppy manner and thus discovered the attacks. 
For my part I take him at his word. And to be honest we are unlikely to get 
much more than that out of him, he would consider anything else a security 


Please keep the replies civil. I know there is one in every crowd. Don't be 
that one.

On 02/11/2013 6:16 PM, Michael Wolf wrote:
> On 11/2/2013 2:33 AM, DeveloperChris wrote:
>> I got to speak with my acquaintance about his experience. Sadly It was
>> as bad but not as quick as I was told.
>> He told me within a three week period of setting up the tor exit node he
>> considered his entire internal network compromised as several of his
>> machines showed signs of being compromised. I didn't get to ask the
>> specifics of that. But knowing this person as I do when he says
>> compromised, it is not something you take lightly.
>> He reformatted and rebuilt every machine from known good sources and
>> sworn off Tor.
>> DC
> I'm still inclined to believe any compromise was unrelated to Tor.  If
> this was a Windows network, it is not unheard of for one machine to
> infect the rest.  The infection could have started on any of the
> machines over the 3 weeks (or even beforehand).  If it's a *nix
> network... having one machine compromised is plausible (however
> unlikely), but having an entire network compromise would suggest many
> serious mistakes were made.  The fact that he reformatted suggests these
> were Windows boxes (it makes little sense to reformat a *nix box unless
> you've been rooted... and I can't imagine an entire *nix network being
> rooted unless someone has REALLY screwed up).
> I think if this conversation is to progress beyond "Tor got someone's
> network hacked" <-> "No, it probably it didn't", we'll need some
> specifics.  Perhaps this associate should join the tor-talk list?
> Here's some specific information that would be relevant:
> * OS (Specific version):
> * Tor Version:
> * Specific evidence that Tor Exit was compromised (what was it doing,
> was there detected malware, what was the name of the malware, etc...):
> * Specific evidence that other network machines were infected (with same
> data as above... OS, running services, etc):
> * Specific evidence that the Tor Exit was the source of the compromise:
> I think until those facts are known, we're just spinning our wheels.

More information about the tor-talk mailing list