[tor-talk] Wired Story on Uncovering Users of Hidden Services.
Mirimir
mirimir at riseup.net
Mon Sep 8 08:27:06 UTC 2014
On 09/08/2014 02:12 AM, Griffin Boyce wrote:
> Mirimir wrote:
>>
>> It's the same malware.
>>
>> Operation Torpedo _preceded_ the Freedom Hosting takedown.
>>
>> | From the perspective of experts in computer security and privacy,
>> | the NIT is malware, pure and simple. That was demonstrated last
>> | August, when, perhaps buoyed by the success of Operation Torpedo,
>> | the FBI launched a second deployment of the NIT targeting more
>> | Tor hidden services.
>> |
>> | This one—still unacknowledged by the bureau—traveled across the
>> | servers of Freedom Hosting, an anonymous provider of turnkey Tor
>> | hidden service sites that, by some estimates, powered half of
>> | the Dark Net.
>
>
> Some people also collected details around the malware and did a bit of
> analysis. There is a better repository of this info, but I wasn't able
> to find it in my notes. Here are some details:
> https://gist.github.com/glamrock/6ecc6d6d193152c8ad9e
>
> After a visitor was popped, their system would call back to the FBI's
> server. Pretty straightforward. However, there are a couple of things
> to note:
>
> 1) This is not the first time that Freedom Hosting had been taken down.
> onionland folks had hacked them at various points. Among other reasons,
> this leads me to believe that they didn't host anywhere near a majority
> of the hidden services :P They're barely a blip.
>
> 2) People started pranking each other by distributing links to pages
> with the payload. That, combined with the relatively mundane nature of
> most FH-hosted hidden services, is probably why there haven't been a lot
> of cases to come out of the FH takedown.
>
> hope this helps!
> Griffin
Also interesting is the fact that Magneto is a _Windows_ executable ;)
More information about the tor-talk
mailing list