On 09/08/2014 02:12 AM, Griffin Boyce wrote: > Mirimir wrote: >> >> It's the same malware. >> >> Operation Torpedo _preceded_ the Freedom Hosting takedown. >> >> | From the perspective of experts in computer security and privacy, >> | the NIT is malware, pure and simple. That was demonstrated last >> | August, when, perhaps buoyed by the success of Operation Torpedo, >> | the FBI launched a second deployment of the NIT targeting more >> | Tor hidden services. >> | >> | This one—still unacknowledged by the bureau—traveled across the >> | servers of Freedom Hosting, an anonymous provider of turnkey Tor >> | hidden service sites that, by some estimates, powered half of >> | the Dark Net. > > > Some people also collected details around the malware and did a bit of > analysis. There is a better repository of this info, but I wasn't able > to find it in my notes. Here are some details: > https://gist.github.com/glamrock/6ecc6d6d193152c8ad9e > > After a visitor was popped, their system would call back to the FBI's > server. Pretty straightforward. However, there are a couple of things > to note: > > 1) This is not the first time that Freedom Hosting had been taken down. > onionland folks had hacked them at various points. Among other reasons, > this leads me to believe that they didn't host anywhere near a majority > of the hidden services :P They're barely a blip. > > 2) People started pranking each other by distributing links to pages > with the payload. That, combined with the relatively mundane nature of > most FH-hosted hidden services, is probably why there haven't been a lot > of cases to come out of the FH takedown. > > hope this helps! > Griffin
Also interesting is the fact that Magneto is a _Windows_ executable ;) -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
