Jump to content
Sign Up To Remove Ads!


This topic is now archived and is closed to further replies. Want this topic removed from the archive?


Researchers Discover Over 100 Tor Nodes Designed To Spy On Hidden Services

Recommended Posts

 rbear    240

These nodes -- ordinary nodes, not exit nodes -- sorted through all the traffic that passed through them, looking for anything bound for a hidden service, which allowed them to discover hidden services that had not been advertised. These nodes then attacked the hidden services by making connections to them and trying common exploits against the server-software running on them, seeking to compromise and take them over.

The researchers used "honeypot" .onion servers to find the spying computers: these honeypots were .onion sites that the researchers set up in their own lab and then connected to repeatedly over the Tor network, thus seeding many Tor nodes with the information of the honions' existence. They didn't advertise the honions' existence in any other way and there was nothing of interest at these sites, and so when the sites logged new connections, the researchers could infer that they were being contacted by a system that had spied on one of their Tor network circuits.

This attack was already understood as a theoretical problem for the Tor project, which had recently undertaken a rearchitecting of the hidden service system that would prevent it from taking place.

cont schneier

comment posted jic it disapears on schneier

Marco • July 8, 2016 4:44 PM

Well, actually I published a software for spotting malicious TOR nodes here :http://marcoramilli.blogspot.it/2015/12/spotting-malicious-node-relays.html?m=1

Maybe you could find it interesting..

Share this post

Link to post
Share on other sites
 rbear    240

more on this http://www.slyck.com/forums/viewtopic.php?t=72403 

 is distributed as a file converter application through reputable websites that offer Mac software. 

EasyDoc Converter

In the background, the application executes a shell script that installs multiple malicious components in a folder called “/Users/$USER/Library/.dropbox." The Dropbox name is used to make the malware harder to spot and has nothing to do with the legitimate Dropbox file synchronization software. 


Not sure about reputable websites that offer mac software, because I have found this in tons of p2p files/videos in the folders. Apparently you don't even have to click on easydoc converter as when its re-assembled, it seems to auto load. The message with the files say "for mac users" or some other message similar. I deleted the garbage on some files, I may have it laying around somewhere though as I don't always do that. I figured in the future I would just do a search and remove lots rather than manually each one. 

I noticed something was wierd when I seen the program and instructions and then even was like wth is this "/Users/$USER/Library/.dropbox"

while I have dropbox, (rarely used), I don't have it installed, so was immidiately suspicious. Also the machine the stuff is on is winblows 7. Not sure if the program could actually do anything to winblows machines, but it did put itself in /Users/$USER/Library/.dropbox  and there were other places I don't remember at the moment. 

Share this post

Link to post
Share on other sites
 Cryptic Mole    4,520

I very seldom use it anymore. Besides, most of the crap that's posted there is just that, crap! Half the links are inactive or take so long to load, they're not even worth the time and effort. That's not to say there's nothing good there, but you'll need to have the information for the site you're looking for as there are actually millions of private topic-specific databases that will show information that may not be available on the upper web.

That's where the drug dealers, assassins, and secret societies congregate, and most secret societies cannot even be reached via Tor browser, freenet, I2P, or any others. For those, special hardware is needed, and that's something that the average citizen knows very little about.

Warning: Stay Away! 

Share this post

Link to post
Share on other sites