Short update about the fake onion address attack: - Again, this is not a new phenomenon but larger scale: there is one attacker or a group of attackers who run about 300 fake onion sites.
- The attacker has automated the fake site production. These sites came online about simultaneously. - Comparison can be done easily at the moment: because the attacker is re-writing links on multiple onion directory sites we can compare the real directory site and the fake directory site. The changed links point to fake sites. - The first 5 letters are same between fake onion and real onion addresses. So, if the real site is ABCDEfg123456789.onion the fake on is ABCDEsomething12.onion. It is easy get an onion addresses where the first 5 letters are just as you want them to be. - The fake site acts as a transparent proxy for the real site: it is downloading the content from the real site and after some re-write showing it to the user who is visiting the site. We can sometimes see the Polipo HTTP proxy error on fake sites. - The attacker is re-writing some content, including bitcoin addresses and links to point fake sites - The attacker is gathering bitcoin money by spoofing those bitcoin addresses. - It is possible and even very likely that the attacker is gathering login credentials if you use the fake site instead of the real one. Greetings, Juha -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
