[tor-talk] Regarding the Hacking Team leak and the "TOR interception" (all uppercase Tor obviously)

aka akademiker1 at googlemail.com
Tue Jul 7 14:52:05 UTC 2015


Nothing special, they try to infect the machine using browser exploits
while the victim surfs without Tor. The malware then manually installs
an ssl cert and redirects the browser proxy from 127.0.0.1:9050 to
evilguys.com:9050, which does ssl interception with that installed ssl
cert. At the time of leak only browsers on mac and internet explorer on
windows were supported, because they used registry keys to change proxy
settings...
Their attack currently doesn't work on TBB, not because it's securer,
but because Hacking Team is incapable to program proper
pre-encryption-interception on the victim machine. If your computer is
infected ALL your traffic CAN be intercepted by definition, it just
takes some *able* malware developers to implement it.
Fun fact: old, public source malware like ZeuS is able to intercept all
encrypted traffic in internet explorer and firefox (including TBB).
So don't panic if hipsters like jacob post pdfs without
reading/understanding them.


More information about the tor-talk mailing list