TOR is hacked, Bitcoin is compromised

[FluffyMcDeath]

I've been running into a rash of sites down and there have been some big hiccoughs with some large hosts. Ubuntu forums went away for a week. kdenlive.org is MIA for a couple of weeks now. Those are just incidental to this story though. Someone hacked TOR to make it less annonymous - and guess who these hackers were - apparently it was the NSA. The darknet is not so dark.

And what about being able to trade outside of national currencies? Some of Snowdens leaked information has some wondering if Bitcoin isn't really an NSA honeypot.

 

[Robert]

Have to confess, I didn't see that coming with Bitcoin.

 

[JoBBo]

And what about being able to trade outside of national currencies? Some of Snowdens leaked information has some wondering if Bitcoin isn't really an NSA honeypot.

Just so this is more obvious for other readers, the linked 'article' was posted on a satirical website.

 

[FluffyMcDeath]

Just so this is more obvious for other readers, the linked 'article' was posted on a satirical website.

Hmm. It seemed one of the more concise pages on the topic so I didn't read too closely.
These guys seem to take it seriously and the page predates the one I linked before. They also link to a paper supposedly originating with the NSA that outlines a type of money that looks a lot like bitcoin. The creator of bitcoin remains an enigma.

 

[Glaucus]

I've been running into a rash of sites down and there have been some big hiccoughs with some large hosts. Ubuntu forums went away for a week. kdenlive.org is MIA for a couple of weeks now. Those are just incidental to this story though. Someone hacked TOR to make it less annonymous - and guess who these hackers were - apparently it was the NSA. The darknet is not so dark.

It's odd that the NSA would leave a calling card behind like that. As some comments attached to that article point out, it's very possible this is a piece of malware that sends data to a known government IP address but only to make it look like it's the government spying. It's really not that far fetched and probably more likely than the NSA making such a ridiculous booboo as stamping a return address on their malware. I mean, really. The NSA leaving that kind of a clue in their malware is like a submarine captain choosing to blast loud rock and roll music throughout the boat while silent running under enemy destroyers. Does not compute.

Having said that, I've always kinda assumed the FBI/NSA would be putting all sorts of effort into cracking into dark nets.

 

[Glaucus]

btw: The super paranoid should NOT be running flash/java/silverlight/javascript anyway.

 

[FluffyMcDeath]

The NSA leaving that kind of a clue in their malware is like a submarine captain choosing to blast loud rock and roll music throughout the boat while silent running under enemy destroyers.

Maybe it's like a submarine captain is the stoned out hippy cousin of a senator who needs a job but wouldn't know a submarine from a giant reefer. Some of these contractors, I don't know how they get the jobs - lowest bidder? Considering some of the outfits that were getting federal coin that turned out to have such poor net hygiene that they get hacked by script kiddies, I wouldn't be totally surprised. It would be odd to put an IP address of an NSA contractor in an exploit to make it look like the NSA was spying because then the NSA really would be getting contacted by the exploit so ... they'd be ABLE to spy even if it wasn't their exploit. OTOH, there are reasons why they would leave the IP in: a) lowest bidder, b) they want you to know, c) they don't care because either way it's good.

At a certain point you are going to have to contact some IP address you have control of. If you hacked some poor saps computer so you could have an unconnected IP to route through that would be pretty rude and pretty unreliable. It would be much worse to be discovered doing that than to hack pedos' browsers (even though the users aren't all pedos - but who's going to complain). And when the sap takes his system down because somehow it's bogged down with strange traffic there goes the pipe. Or worse, they sit around logging all the crap and then anyone can see what the NSA has been seeing.

Whatever address they had in there someone would have found the exploit and that would have been the end of the exploit no matter what. Might a well lay claim to it just to put users on notice that the NSA is gunning for them.

 

[faethor]

btw: The super paranoid should NOT be running flash/java/silverlight/javascript anyway.

You forgot Adobe!

 

[Glaucus]

You forgot Adobe!

Well, adobe owns flash now, but ya, pdf and shockwave and whatever else that company makes can be counted on being insecure (and over priced if it's not free).

 

[Glaucus]

Actually, even the not so paranoid should disable Java on their browsers (or even uninstall it). I need Java, but not while browsing so it's all disabled and I do that on other people's computers too. There's very little reason for Java and honestly now that it's an Oracle product I'm happy without it.

 

[Glaucus]

It seems that the NSA link may have more to do with the fact that the NSA is on everyone's mind and less about actual facts.

In face of scrutiny, researchers back off NSA “Torsploit” claim

Researchers who claimed they found a link between the Internet addresses used as part of malware that attacked Freedom Hosting's "hidden service" websites last week and the National Security Agency (NSA) have backed off substantially from their original assertions. After the findings were criticized by others who analyzed Domain Name System (DNS) and American Registry for Internet Numbers (ARIN) data associated with the addresses in question, Baneki Privacy Labs and Cryptocloud admitted that analysis of the ownership of the IP addresses was flawed. However, they believe the data that they used to make the connection between the address and the NSA may have changed between their first observation.

It may have been some other government agency like the FBI investigating Freedom Hostings ties to child porn. And they may gave had a warrant to eavesdrop even, who knows. According to this article, the owner of Freedom Hosting is up for child porn charges although it seems Freedom Hosting wasn't mentioned in court documents (aint that peculiar). But it's also possible that the FBI or any other police agency had nothing to do with digging up this dirt. It seems the Anonymous group has been busy attacking Freedom Hosting since at least 2011 and one of their goals was to dox it's users. Which by the way, may explain that malware recently found that sends data to some mystical IP address that some thought was the NSA. And maybe it was sent to the NSA or the FBI but the malware may have been planted there by some third party that was at war with child porn sites. In other words, it's possible that Anonymous leaked that data to an open port at the FBI in hopes of taking down their intended targets; child pornographers. That could be vigilante hackerism. And that raises all sorts of other interesting questions.

 

[FluffyMcDeath]

I couldn't find the thread where Speelwas talking about hacking SSL with proxies (man-in-the-middle) but this thread will do as it relates to Tor as well. Looks like the NSA could do man-in-the-middle attacks by being on the backbone and being the first machine to reply to a request. It looks like they could redirect connections they were intereted in and get back to the requestor ahead of the legitimate target ... or something like that. Once they'd done that they could attack the requesting machine with any one of a number of exploits.