The Mental Militia Forums

Please login or register.

Login with username, password and session length
Pages: [1] 2   Go Down

Author Topic: TOR hacked by feds  (Read 7279 times)

BranchMaster

  • Guest
TOR hacked by feds
« on: August 05, 2013, 05:56:50 pm »

...
« Last Edit: October 11, 2013, 02:20:02 pm by BranchMaster »
Logged

da gooch

  • Mr. Badger? Only when need be
  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 6868
  • 32*25' N X 77*05' W X 060 Mag
Re: TOR hacked by feds
« Reply #1 on: August 05, 2013, 10:15:58 pm »

Here is another link to an article on the same hacking of Tor.

http://www.bbc.co.uk/news/technology-23573048

from the article:
A service accused of helping distribute child abuse images on a hidden part of the internet has been compromised.

Sites using service provider Freedom Hosting to deliver their material have had code added to their pages, which could be used to reveal the identities of people visiting them.
Logged
"Come and Take It"  Gonzales, Texas 1835

     III

Adventurer, Explorer, Inquiring Mind.

  • Given up.
  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 3222
Re: TOR hacked by feds
« Reply #2 on: August 06, 2013, 04:40:15 pm »

Here is another link to an article on the same hacking of Tor.

http://www.bbc.co.uk/news/technology-23573048

from the article:
A service accused of helping distribute child abuse images on a hidden part of the internet has been compromised.

Sites using service provider Freedom Hosting to deliver their material have had code added to their pages, which could be used to reveal the identities of people visiting them.

I'd go with this part:

Quote
The heart of the malicious Javascript is a tiny Windows executable hidden in a variable named ďMagneto.Ē A traditional virus would use that executable to download and install a full-featured backdoor, so the hacker could come in later and steal passwords, enlist the computer in a DDoS botnet, and generally do all the other nasty things that happen to a hacked Windows box.

But the Magneto code doesnít download anything. It looks up the victimís MAC address ó a unique hardware identifier for the computerís network or Wi-Fi card ó and the victimís Windows hostname. Then it sends it to the Virginia server, outside of Tor, to expose the userís real IP address, and coded as a standard HTTP web request.

Seems to me that people should really stay up to date on their updates.  Apparently the TOR Browser Bundle was what was being targeted, and given that TOR, these days has discontinued the proxy service as a networking service and is forcing the browser bundle, there is a dire need for an alternative.

I've written a few ideas in the past, one being a full proxying software that completely emulates a network interface and coopts the default interface, "fooling" the OS into accessing the software as though it was the primary network interface.  Such applications have existed for a long time, in various forms, not the least of which being a virus or ninety.

Just ideas, of course, but there is a dire need for better onion routing.

Also, to the parent host, TOR isn't the only culprit in this vulnerability, and firefox is blameless, the main issue is that the TOR browser bundle was running an older UNPATCHED version with KNOWN VULNERABILITIES!!!

As for you, Joe Bloggs, the first way they target you is to IDENTIFY YOU.  After that, they just send the CIA black bag team to your house, and they either black bag YOU, or compromise your house to where you have to think your thoughts outside the house just to be sure you're the only one privy to them.  That you keep your stuff off a computer or away from some network or another doesn't guarantee anonymity or privacy any more than using those services does.  Operating an insecure machine is dangerous, and this story simply proves that.  Having top notch security services does not fix security holes.  Using TOR does not fix jack shit if TOR forces an older browser bundle on you with known security holes.  These security updates should be on by default for the browser bundle, rather than being version locked.  That particular element dawned upon me a LONG time ago.  And contrary to popular belief, this is a simple deal... this shows massive effort (and likely massive EXPENSE) being exerted to catch ONE GUY!  Just imagine how expensive it would become if they had to go through this great length to catch anyone they target, be they innocent or guilty?  Suddenly, they'd have to pick their targets better, though, given their corruption, they'll be broke and homeless long before then.  Most importantly, however, this is a prime example of the fact that security is not a product you can buy.  It is a MINDSET, people.  Every tool you buy is crippled or enhanced in its effect by your mindset.  Buying antivirus doesn't make your computer secure.  Accessing the net via insecure software with known vulnerabilities, on the other hand, is just asking for trouble.
Logged
Understeer is when you hit the wall with the front of the car and oversteer is when you hit the wall with the rear of the car.
Horsepower is how fast you hit the wall, torque is how far you take the wall with you.

Rarick

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 7795
  • Rarick in the Gulch-O-Dome did decree.......
Re: TOR hacked by feds
« Reply #3 on: August 07, 2013, 05:35:32 am »

A newer Firefox version patched the vulnerability, but The govt did what hackers do and did a zero day exploit to identify and track TOR users for "The Children" while also identifying other possible targets.  I wonder if the recent prepper/ fredom sites going down recently were investigative in nature?  Consider that a lot of folks used TOR visiting those sites.........
Logged
........Duct tape is like the force, it has a light side, a darkside and holds the universe together.¬  It is theoretically reinforced with strings too.¬  (The dome has a darkside, lightside and strings of rebar for reinforcement too!)
-------------------------------------------
Most of the time news is about the same old violations of the first principles of consent and golden rule with a dash of force thrown in........ with just enough duct tape to be believable.

gunslinger598

  • Guest
Re: TOR hacked by feds
« Reply #4 on: August 07, 2013, 08:26:45 am »

I've also been wondering about  all the sights going  down for the same reason.

The other thing is the number of deaths to reporters and hackers. One I read about a few days ago a 35 yr old who was set to demonstrate how a pace maker could be hacked.

I'm also  wondering about the president's trip to Russia. Where they are securing Snowden. A thought that it could be part of the plan. It's impossible to trust anything from any government.
Logged

Adventurer, Explorer, Inquiring Mind.

  • Given up.
  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 3222
Re: TOR hacked by feds
« Reply #5 on: August 07, 2013, 08:42:30 am »

A newer Firefox version patched the vulnerability, but The govt did what hackers do and did a zero day exploit to identify and track TOR users for "The Children" while also identifying other possible targets.  I wonder if the recent prepper/ fredom sites going down recently were investigative in nature?  Consider that a lot of folks used TOR visiting those sites.........
But it wasn't a ZERO DAY.  ZERO DAY means unknown, not unpatched.  The security holes were not unknown.  The firefox ones, as far as I read, were long patched.  The TOR Browser Bundle was still using an older version of Aurora (that's the one they actually use, the experimental Firefox variant is called Aurora) and the version of Aurora bundled with the TBB wasn't updated.  Hence it wasn't a ZERO DAY, it was a known flaw, and easily used as an exploit on a version frozen distributed older package.

And how often do people update their software?  Even people who are "security minded?"

As I've said, I take more beef with those folks at TOR no longer distributing their .XPI button for firefox and forcing use of the TBB.  I called this way back when they decided to only use the TBB.  We'll see if they fix that issue or just update the TBB more often?
Logged
Understeer is when you hit the wall with the front of the car and oversteer is when you hit the wall with the rear of the car.
Horsepower is how fast you hit the wall, torque is how far you take the wall with you.

Rarick

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 7795
  • Rarick in the Gulch-O-Dome did decree.......
Re: TOR hacked by feds
« Reply #6 on: August 07, 2013, 10:37:15 am »

Obama cancelled his trip, "He but hurtz".....

Logged
........Duct tape is like the force, it has a light side, a darkside and holds the universe together.¬  It is theoretically reinforced with strings too.¬  (The dome has a darkside, lightside and strings of rebar for reinforcement too!)
-------------------------------------------
Most of the time news is about the same old violations of the first principles of consent and golden rule with a dash of force thrown in........ with just enough duct tape to be believable.

IrishPyroWolf1994

  • Full Member
  • ***
  • Offline Offline
  • Posts: 506
  • Don't Tread on Me!
Re: TOR hacked by feds
« Reply #7 on: August 07, 2013, 10:07:37 pm »

A strong alternative to Tor would be nice, though I'm not aware of any current possibilities aside from I2P, which I admit I'm a bit cautious about it's potential to be a good competitor with Tor.
Logged

ZooT_aLLures

  • Administrator
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 7956
    • http://www.thepriceofliberty.org
Re: TOR hacked by feds
« Reply #8 on: August 08, 2013, 12:56:00 am »

Quote
I admit I'm a bit cautious about it's potential to be a good competitor with Tor.

So build one yourself......................geezus..........it's all open source
Logged
Even some cowboy and indian outlaws in the 1800's eventually stopped sleeping under buffalo skins, and came to town to entertain paying customers. For some I imagine the bruising of their ego never healed.

We all have some scar tissue that never lets us completely forget the intent of the adventure.

Adventurer, Explorer, Inquiring Mind.

  • Given up.
  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 3222
Re: TOR hacked by feds
« Reply #9 on: August 08, 2013, 10:59:22 am »

Quote
I admit I'm a bit cautious about it's potential to be a good competitor with Tor.

So build one yourself......................geezus..........it's all open source

It is a priorities thing.  Most people have regular day jobs.  Day jobs are done the way they are so you don't have time to get anything done after you do the self and family maintenance thing.  Us single guys can say so, but most family guys and business guys (that includes single guys) run out of time a lot quicker.

I saw a lot of people bitch and moan about "so do something" but its ironic how much time most of us waste after work merely because work is often monotonous and tiring, mentally.  People on salaries or pensions from government don't realize this, since they aren't stuck having to chase productive business opportunities every minute of every day, haggle, advertise, sell and WORK.

That's the point of OSS projects, Zoot.  Not just to open it up to whomever, but to find people willing to pick up or continue a thread when or at times when the originator or other contributors are tired.  Unless you're paid or expect to be paid for the project, it's a tough cookie to work on without any reward but ego.  For me, ego doesn't do it.  Functionality does.  Problem is, I'm also trying to make payments on things, taxes, etc.  I have two businesses to put together and keep together on a shoestring budget + taxes, of course.  "Free Country" and all those other lies.  I don't want to deal with the thieves, but I know how the world works, as long as thievery is worshiped if done by "divinely mandated thieves," one is forced to put up with them.  You, as I recall, have quite some familiarity with the evils of government as well.

If Microsoft went bankrupt tomorrow and its major stock holders cashed out and ran out of the country overnight, Windows users would be shit out of luck.  Until someone tried to open up the source, good luck.  *nix users are luckier in that aspect, in that if ubuntu, red hat and many other companies went under, the source is out there, someone is likely to form a private project, as form every month, to customize/fix/pick up on an existing project.

These systems are resilient because they aren't dependent on any one contributor.  I used to be a programmer, you became one, I know a few others.  What's our common thread?  Those who can't, don't have time to pick it up and become able to, those of us who can, don't have time to sit down, think it through, get a team together and keep it updated.

Don't forget, once its out, you have to maintain it.  That's harder than coming up with it.  Flaws get found, you have to rebuild it periodically to fix them, the flaws may be from OS interaction, rather than your product.

Its a bitch, and all of us who ran or worked in any kind of NOC environment, know this.
Logged
Understeer is when you hit the wall with the front of the car and oversteer is when you hit the wall with the rear of the car.
Horsepower is how fast you hit the wall, torque is how far you take the wall with you.

knobster

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 4059
  • Come and take!
Re: TOR hacked by feds
« Reply #10 on: August 08, 2013, 11:27:05 am »

+1 Destin

There are days I'm lucky to spend even 5 minutes prepping or working towards self-reliance.

I won't bitch and complain about it as I've made all the choices to bring me to the point I'm at now.
Logged
You will not rise to the occasion; you will default to your level of training.
In God we trust, everyone else bring data.

ZooT_aLLures

  • Administrator
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 7956
    • http://www.thepriceofliberty.org
Re: TOR hacked by feds
« Reply #11 on: August 09, 2013, 12:05:33 am »

Quote
Those who can't, don't have time to pick it up and become able to, those of us who can, don't have time to sit down, think it through, get a team together and keep it updated.

well if folks truly wanted it they'd have it by hook or crook.

They'd either build it themselves or hire someone else to do it..............that's the way things work........

Quote
I used to be a programmer, you became one, I know a few others.

Who?...........me?..........I'm a factory worker......not a programmer.
Logged
Even some cowboy and indian outlaws in the 1800's eventually stopped sleeping under buffalo skins, and came to town to entertain paying customers. For some I imagine the bruising of their ego never healed.

We all have some scar tissue that never lets us completely forget the intent of the adventure.

shoulderthingthatgoesup

  • Consenting Adult
  • Newbie
  • *
  • Offline Offline
  • Posts: 20
  • Smile
Re: TOR hacked by feds
« Reply #12 on: October 10, 2013, 06:57:47 pm »

All those suckers that were buying things (contraband) on The Silk Road are going to be screwed in one way or the other.
Logged
I'm OK. You're OK.

IrishPyroWolf1994

  • Full Member
  • ***
  • Offline Offline
  • Posts: 506
  • Don't Tread on Me!
Re: TOR hacked by feds
« Reply #13 on: November 04, 2013, 08:02:29 pm »

Quote
I admit I'm a bit cautious about it's potential to be a good competitor with Tor.

So build one yourself......................geezus..........it's all open source

I would except for one teensy little problem... I know NOTHING on how to build a new software program, other than I need to use one of the "programming languages" like Python or Ruby. I've been meaning to learn but that's easier said than done when you're busy trying to find a job.
Logged

SMurfy

  • Newbie
  • *
  • Offline Offline
  • Posts: 6
Re: TOR hacked by feds
« Reply #14 on: December 26, 2013, 10:44:33 pm »

It is what it it is..... Prevent foolishness, create alternatives.
Logged
Pages: [1] 2   Go Up