[tor-talk] Regarding the Hacking Team leak and the "TOR interception" (all uppercase Tor obviously)

chloe chloe at countermail.com
Tue Jul 7 15:26:37 UTC 2015


Hello,

how would this method work if an infected client tries to visit a hidden 
service?

Regards,
Chloe

aka skrev den 7/7/2015 16:52:
> Nothing special, they try to infect the machine using browser exploits
> while the victim surfs without Tor. The malware then manually installs
> an ssl cert and redirects the browser proxy from 127.0.0.1:9050 to
> evilguys.com:9050, which does ssl interception with that installed ssl
> cert. At the time of leak only browsers on mac and internet explorer on
> windows were supported, because they used registry keys to change proxy
> settings...
> Their attack currently doesn't work on TBB, not because it's securer,
> but because Hacking Team is incapable to program proper
> pre-encryption-interception on the victim machine. If your computer is
> infected ALL your traffic CAN be intercepted by definition, it just
> takes some *able* malware developers to implement it.
> Fun fact: old, public source malware like ZeuS is able to intercept all
> encrypted traffic in internet explorer and firefox (including TBB).
> So don't panic if hipsters like jacob post pdfs without
> reading/understanding them.




More information about the tor-talk mailing list