Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- We are...
- _____ _________
- / _ \ ____ ____ ____ / _____/ ____ ____
- / /_\ \ / \ / _ \ / \ \_____ \_/ __ \_/ ___\
- / | \ | ( <_> ) | \/ \ ___/\ \___
- \____|__ /___| /\____/|___| /_______ /\___ >\___ >
- \/ \/ \/ \/ \/ \/
- //Laughing at your security since 2012*
- =================================================================================================
- Official Members: Mrlele - AnonSec666 - 3r3b0s - d3f4ult - 4prili666h05t - Hannaichi - ap3x h4x0r
- - Gh05tFr3ak - xCyb3r 3vil7 - spider64
- =================================================================================================
- When i say not safe, i mean for the web service itself; not necesaryily the users. If you have good OpSec and encrypt all connections
- with PGP and dont connect directly to Tor you should be safe. However, a Tor Hidden Services actual physical servers location may not be...
- Anyone who is reading this and has programming skills i beg you to please help with the OpenBazaar Beta as i see it is the future of
- invincible p2p marketplaces. https://github.com/OpenBazaar/OpenBazaar
- Between the malicious NSA Tor Nodes, Tortilla tool and Metadata Heuristics; Tor has become increasingly less secure. Now recently i have comes across some information (thanks to 'nachash' @loldoxbin) about possible way for FBI/NSA to possibily deanonimize a .onion Hidden Services original IP Address. So far its not 100% confirmed but the evidence is very strong given logs, uptimes(thanks to tor-dev), and traffic graphs that this is possible.
- "Apparently the DDoS attack was an attempt to force connections to the site’s various .onion addresses to follow paths that went over Tor network nodes set up by law enforcement. By filling up the “circuits” through secure Tor network nodes, law enforcement operatives could have made it possible to connect to the services only through Tor routing servers they controlled—allowing them to see the real Internet Protocol address of the server hosting them.
- From August 21 to August 28, the logs show a wave of requests that include text proceeded by %5C%22—which in PHP requests would be parsed as a quotation mark by PHP code. Trailing the “escaped” quote, the requests include what appear to be URLs for websites such as Twitter and Hack Forums. However, those websites were actually loaded with fake subdirectories such as “/old/code/fail”: "
- [+] Doxbin Picture of Log from DDoS Crawler [+]
- https://anonfiles.com/file/caf74d4f9ae27093631c7d10754a85a7
- The kid who started doxbin had a similar theory that I'm just going to paste verbatim:
- <founder> ANYWAY
- <founder> i think
- <nachash> CONTINUE
- <founder> the attack
- <founder> was to DoS you
- <founder> until you created circuits
- <founder> entirely made of dickbleedable nodes
- <founder> and then dickbleeding them
- <nachash> but the server
- <nachash> got seized
- <founder> yeah, the IP was discovered by dickbleed though
- <founder> the entire circuit was leaking info
- <nachash> lol, did you just reproduce this?
- <founder> not yet, i'll be trying
- <nachash> Do you mind if I share this with tor devs?
- <founder> go ahead
- <founder> its just a theory at the moment
- Doxbin went down on November 6, the same day that Silk Road 2.0 was seized, at or before 1 PM UTC, nachash wrote:
- “I checked the most current Doxbin onion and attempted to ssh into the box every couple of hours for around the first 24 hours, until a friend pointed out that one of the old Doxbin onions was serving up the Silk Road 2.0 seizure page. At the time, the main onion was serving up some 404 page (Which I expected to eventually point to some sort of honeypot, but the pigs really let me down on that one), while other onions were unresponsive. This had changed by the next day, when all the onions from the Doxbin box were pointed to the seizure page. The speculation has been that the cops were adding onions one at a time, and my personal experience supports that. Police who are dedicated to seizing and taking control of hidden services are still struggling with managing a torrc file [the Tor service configuration file] efficiently. Go figure."
- [+] Doxbin & SilkRoad Uptime Logs thanks to a tor-dev [+]
- http://pastebin.com/pVxQDS9u
- http://pastebin.com/jQvgz0VF
- [+] Doxbin Traffic Graph [+]
- https://anonfiles.com/file/875668461a7ded9c7402fec364e593b3
- I think its safe to say that this same technique was used abroad throughout entire "Operation Onymous"...
- While Tor is an amazing tool for share information and standing up to oppressive governments, i think
- recent events have made it clear that a Tor Hidden Service Server's IP address can be found even with
- the best OpSec. As weev from GoastSec puts it:
- "@rabite @loldoxbin had the best opsec of any public Tor hidden service operator I’ve ever seen.
- His just got seized. Feds obviously broke Tor."
- It may be time to move to something more secure such a p2p technology like i2p and now markets like OpenBazaar \!/
- Or at least not hosting the servers in the United States... -__-
- [+] Sources [+]
- https://lists.torproject.org/pipermail/tor-dev/2014-November/007731.html
- http://arstechnica.com/security/2014/11/silk-road-other-tor-darknet-sites-may-have-been-decloaked-through-ddos/
- https://blog.torproject.org/blog/thoughts-and-concerns-about-operation-onymous
- https://github.com/OpenBazaar/OpenBazaar
- https://openbazaar.org/
- https://geti2p.net/en/
- https://github.com/CrowdStrike/Tortilla
- www.crowdstrike.com/tortilla/Tortilla_v1.1.0_Beta.zip
- [+] More Tor De-anonymization Research [+]
- http://freehaven.net/anonbib/cache/sniper14.pdf - "The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network"
- http://fc14.ifca.ai/papers/fc14_submission_152.pdf - "Short Paper: Challenges in protecting Tor hidden services from botnet abuse"
- http://www.robgjansen.com/publications/kist-sec2014.pdf - "Never Been KIST: Tor’s Congestion Management Blossoms with Kernel-Informed Socket Transport"
- http://freehaven.net/anonbib/cache/ccs2013-pctcp.pdf - "... 10,000+ sockets active in fast exits"
- http://www.f-secure.com/weblog/archives/00002764.html
- http://thestack.com/chakravarty-tor-traffic-analysis-141114
- [+] New Tor Hidden Service Build in Process [+]
- https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/224-rend-spec-ng.txt
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement