On 09/07/2014 01:25 PM, blo...@openmailbox.org wrote: > On 2014-08-14 00:18, Roger Dingledine wrote: >> On Wed, Aug 13, 2014 at 10:06:00AM +0000, blo...@openmailbox.org wrote: >>> If it's possible for the owner of a hidden service (whether the FBI >>> or a regular person) to install malware which grabs visitors' IPs, >>> then what is stopping any hidden service owner from doing this? >> >> See >> https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html >> >> and >> https://blog.torproject.org/blog/tor-security-advisory-old-tor-browser-bundles-vulnerable >> >> plus all the discussion under it. >> >> Browser security is a big issue because there's so much surface area >> to secure. >> >> The defense is to stay up to date on your browser. It's not perfect >> but it sure does help (and it was sufficient in this case). >> >>> How, in this case, was it possible for the FBI to learn the IP >>> addresses of visitors to this hidden service? The Tor hidden server >>> page states that "In general, the complete connection between client >>> and hidden service consists of 6 relays: 3 of them were picked by >>> the client with the third being the rendezvous point and the other 3 >>> were picked by the hidden service." >>> >>> Can someone knowledgeable please explain how visitors to a Tor >>> hidden service can have their real IPs detected? >> >> In addition to the above links, you might also like >> https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-august-7th-2013 >> >> https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-august-14th-2013 >> >> https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting >> >> >> --Roger > > Thanks for these links. Illuminating reading. > > However, the story I referred to has nothing to do with Freedom Hosting. > > It refers to "Operation Torpedo" (get the joke: "tor" + "pedo"). > > Wired did a follow up to the original story on 26 August: > http://www.wired.com/2014/08/federal-cybersecurity-director-guilty-child-porn-charges/ > > > Original story (5 August): http://www.wired.com/2014/08/operation_torpedo/ > > As I mentioned, the original story has a link to the affidavit which > contains information about the FBI malware.
It's the same malware. Operation Torpedo _preceded_ the Freedom Hosting takedown. | From the perspective of experts in computer security and privacy, | the NIT is malware, pure and simple. That was demonstrated last | August, when, perhaps buoyed by the success of Operation Torpedo, | the FBI launched a second deployment of the NIT targeting more | Tor hidden services. | | This one—still unacknowledged by the bureau—traveled across the | servers of Freedom Hosting, an anonymous provider of turnkey Tor | hidden service sites that, by some estimates, powered half of | the Dark Net. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
