[tor-talk] Wired Story on Uncovering Users of Hidden Services.
Griffin Boyce
griffin at cryptolab.net
Mon Sep 8 08:12:56 UTC 2014
Mirimir wrote:
>
> It's the same malware.
>
> Operation Torpedo _preceded_ the Freedom Hosting takedown.
>
> | From the perspective of experts in computer security and privacy,
> | the NIT is malware, pure and simple. That was demonstrated last
> | August, when, perhaps buoyed by the success of Operation Torpedo,
> | the FBI launched a second deployment of the NIT targeting more
> | Tor hidden services.
> |
> | This one—still unacknowledged by the bureau—traveled across the
> | servers of Freedom Hosting, an anonymous provider of turnkey Tor
> | hidden service sites that, by some estimates, powered half of
> | the Dark Net.
Some people also collected details around the malware and did a bit of
analysis. There is a better repository of this info, but I wasn't able
to find it in my notes. Here are some details:
https://gist.github.com/glamrock/6ecc6d6d193152c8ad9e
After a visitor was popped, their system would call back to the FBI's
server. Pretty straightforward. However, there are a couple of things
to note:
1) This is not the first time that Freedom Hosting had been taken down.
onionland folks had hacked them at various points. Among other reasons,
this leads me to believe that they didn't host anywhere near a majority
of the hidden services :P They're barely a blip.
2) People started pranking each other by distributing links to pages
with the payload. That, combined with the relatively mundane nature of
most FH-hosted hidden services, is probably why there haven't been a lot
of cases to come out of the FH takedown.
hope this helps!
Griffin
--
"I believe that usability is a security concern; systems that do
not pay close attention to the human interaction factors involved
risk failing to provide security by failing to attract users."
~Len Sassaman
More information about the tor-talk
mailing list