Silk Road forums

Discussion => Security => Topic started by: ascarabeus938 on August 03, 2013, 10:56 pm

Title: WARNING! Onion sites hosted by FH might be honeypots
Post by: ascarabeus938 on August 03, 2013, 10:56 pm
With the arrest of FreedomHosting founder there is a risk the sites hosted there are honeypots.
quote from http://www.reddit.com/r/onions/comments/1jmrta/founder_of_the_freedom_hosting_arrested_held/
Quote
This was just posted by the admin of the 4pedo board:

    UNKNOWN JAVASCRIPT IN THE BOARD PAGES POINTING TO IFRAME TO A VERIZON SERVER ON THE OPEN WEB!!!!!!! THEY ARE INSERTED BY FH! I WOULD CONSIDER FH COMPROMISED!!!! THEY ARE ALSO IN TLZ AND OTHER SITES PAGES!! STAY AWAY FROM ALL FH HOSTED SITES, including TLZ, LC, TORMAIL, ALL OF THESE ARE HOSTED ON FH!!!!!!!!!!!!!! ALL BOARDS HAVE BEEN DELETED TO PROTECT YOU!! IF THE BOARDS COME BACK UP, IT IS NOT ME RUNNING THE SITE ANYMORE, ALL ADMIN/MOD ACCOUNTS HAVE BEEN DELETED!!

The situation is serious. They got the owner of FH and now they're going after all of us! Half of the onion sites were hosted on FH! Disable JavaScript in your Tor browser for the sake of your own safety.
Quote
US authorities are seeking the extradition of a 28-year-old Irishman described in the High Court by an FBI special agent as "the largest facilitator of child porn on the planet."
Title: Re: WARNING! Onion sites hosted by FH might be honeypots
Post by: hielonite on August 03, 2013, 11:08 pm
Wow, even Tormail.. Great to hear that!

What is TLZ?
Title: Re: WARNING! Onion sites hosted by FH might be honeypots
Post by: DefyCode on August 03, 2013, 11:12 pm
Someone with the right hardware has a new opportunity to become the defacto hidden site hosting provider. It is unfortunate that we lost FH. Hopefully everyone kept their inboxes empty.
Title: Re: WARNING! Onion sites hosted by FH might be honeypots
Post by: GrimWaldo on August 03, 2013, 11:17 pm
TorMail? No Shit!?

Wow, that really blows... 'cause I had just recently found it and thought it would solve all of my anonymous e-mail issues.

So, who hosts SR?
Title: Re: WARNING! Onion sites hosted by FH might be honeypots
Post by: upthera on August 03, 2013, 11:40 pm
TorMail? No Shit!?

Wow, that really blows... 'cause I had just recently found it and thought it would solve all of my anonymous e-mail issues.

So, who hosts SR?

I haven't been able to get on TM for about three days now, has anyone? The welcome page came up a few times but no links were working and then even the TM home page was done...  ???  :-(   I've only tried logging in via Squirlmail as I almost never use JS and sometimes Squirellmail is a bit wonky compared w/roundcube. I like RC better and use it when not using tor for anything else.
Title: Re: WARNING! Onion sites hosted by FH might be honeypots
Post by: Jack N Hoff on August 03, 2013, 11:53 pm
Ooooh.  He is also the owner of OnionBank.

TorMail? No Shit!?

Wow, that really blows... 'cause I had just recently found it and thought it would solve all of my anonymous e-mail issues.

So, who hosts SR?

haven't been able to get on TM for about three days now, has anyone? I've only tried via Squirlmail as I almost never use JS ever and sometimes Squirellmail is a bit wonky compared w/roundcube. I like RC better and use it when not using tor for anything else.

Of course we haven't been able to.  FreedomHosting is down.
Title: Re: WARNING! Onion sites hosted by FH might be honeypots
Post by: tbart on August 04, 2013, 01:12 am
not sure if it was LE or Anonymous

http://www.geekosystem.com/tag/freedom-hosting/

Anonymous Takes Down Massive Child Pornography Server, Leaks Usernames

In a move that we can all get behind, hacker group Anonymous has announced that they have taken down a huge cache of child pornography and released 1,589 usernames of the website’s patrons. The action came as part of Operation Darknet, which targets illicit websites that are part of an unindexed and therefore unsearchable corner of the Internet.

The server in question is owned by Freedom Hosting, and apparently services over 40 child pornography websites. The largest of these, disturbingly called Lolita City, was said to contain over 100gb of child pornography.

Interestingly, the Anonymous hack is extremely well documented. In two separate Pastebin posts, the hackers involved provide a timeline of events, as well as some of the methodologies they used in tracking and taking down the servers.

According to their timeline, the hackers first became aware of Lolita City while leading a related campaign against a portion of the Hidden Wiki which included links to child pornography. While working to suppress the Hidden Wiki for linking to child pornography, the group turned their attentions to the websites linked on the Wiki. Through their investigations, they discovered that many of the sites shared a similar “fingerprint” in that they were supported and hosted by a company called Freedom Hosting.

The group then issued an ultimatum to Freedom Hosting to remove the content, or be shut down through their attacks. Freedom Hosting refused, and has since been the target of the hacker’s ire.

While attacks by the hacker group have often been divisive, going after the supporters of child pornography is something that is hard to criticize. In fact, this might be the best application of the groups’ talents; an intersection of Internet knowledge and the ability to carry out electronic attacks. Of course, preventing child pornography from being moved around the Internet doesn’t stop the predators that created the materials. Hopefully, law enforcement will take up the information gleaned by the group and start making some arrests.

(via Security News Daily, Examiner)
Title: Re: WARNING! Onion sites hosted by FH might be honeypots
Post by: Jack N Hoff on August 04, 2013, 01:25 am
not sure if it was LE or Anonymous

No Tbart.  Anonymous did that a couple years ago...
Title: Re: WARNING! Onion sites hosted by FH might be honeypots
Post by: tbart on August 04, 2013, 01:36 am
insert sound of me smacking self on back of head ::)
Title: Re: WARNING! Onion sites hosted by FH might be honeypots
Post by: maxieBB on August 04, 2013, 02:34 am
What's-up with tormail? I CAN'T GET ON!!! I'm expecting an important message from the President!!  How can I give him instructions if I can't get on?
Ooooh.  He is also the owner of OnionBank.

TorMail? No Shit!?

Wow, that really blows... 'cause I had just recently found it and thought it would solve all of my anonymous e-mail issues.

So, who hosts SR?

haven't been able to get on TM for about three days now, has anyone? I've only tried via Squirlmail as I almost never use JS ever and sometimes Squirellmail is a bit wonky compared w/roundcube. I like RC better and use it when not using tor for anything else.

Of course we haven't been able to.  FreedomHosting is down.
Title: Re: WARNING! Onion sites hosted by FH might be honeypots
Post by: HCeline on August 04, 2013, 03:22 am
who hosts the road or these forums?
Title: Re: WARNING! Onion sites hosted by FH might be honeypots
Post by: DrMDA on August 04, 2013, 04:35 am
who hosts the road or these forums?

A guy named Bruce Cambell in Shreveport, Louisiana hosts, owns, and operates SR. I forget his phone number and address, it's on the web though, just google it.
Title: Re: WARNING! Onion sites hosted by FH might be honeypots
Post by: livestr0ng on August 04, 2013, 04:44 am
I have a tormail account. What does this mean for me? I don't really ever use it. Should/can I delete it? Thanks in advance to anybody that helps me.
Title: Re: WARNING! Onion sites hosted by FH might be honeypots
Post by: HeatFireFlame on August 04, 2013, 01:28 pm
They most probably are now. Also , Tormail is a major onion site, Im shocked they managed to take it down, Could we be next? Seriously, Can anybody technical get involved here and tell me what the script is?

there are around 10 threads about FH down, But what about us, If they can take down tormail, Can they touch the road?
Title: Re: WARNING! Onion sites hosted by FH might be honeypots
Post by: frank88 on August 04, 2013, 01:44 pm
who hosts the road or these forums?

A guy named Bruce Cambell in Shreveport, Louisiana hosts, owns, and operates SR. I forget his phone number and address, it's on the web though, just google it.
can't they arrest this guy too?
Title: Re: WARNING! Onion sites hosted by FH might be honeypots
Post by: medicineman684 on August 04, 2013, 02:40 pm
can't they arrest this guy too?

They could, except he's a fictional character in a joke.

mm
Title: Re: WARNING! Onion sites hosted by FH might be honeypots
Post by: DanDanTheIceCreamMan on August 04, 2013, 02:50 pm
subbed
Title: Re: WARNING! Onion sites hosted by FH might be honeypots
Post by: envioso on August 04, 2013, 04:20 pm
you guys need to disable javascript. if those guys had it disabled the side channel javascript is useless.
even better ISOLATE. USE WHONIX. isolated out of the box. fuck a side channel.
Title: Re: WARNING! Onion sites hosted by FH might be honeypots
Post by: mito on August 04, 2013, 09:59 pm
it's over!!!!!
Title: Re: WARNING! Onion sites hosted by FH might be honeypots
Post by: comsec on August 04, 2013, 10:32 pm
you guys need to disable javascript. if those guys had it disabled the side channel javascript is useless.
even better ISOLATE. USE WHONIX. isolated out of the box. fuck a side channel.

Except whonix has wifi enabled, and the US busted the entire Chinese hacker team ATP1 in December 2012 by smashing through the browser using BeEF then activated wifi to find their location, even though they were using virtual machines for Metasploit framework.

Travis Goodspeed has also made fake emulated devices to exploit the linux kernel's old device drivers that are still in there from the 1990s. He injects a python program, which then auto mounts the device with emulated firmware that requests 300mb memory instead of SCSI standard 250mb memory and overflows the kernel  presenting him with full memory page leaks from the host system. Grsec prevents this, which whonix is not using. He also experimented with emulated HDD firmware he can fool the O/S into connecting to and root the disc even after reboots. Read his blogs sometime and chaos computer congress presentations they're pretty interesting what you can with firmware emulation/hacking to jump all over the system regardless of software isolation.

Hardened Gentoo Whonix exists but it's out of date and unmaintained.

tl;dr

- disable auto mount
- disable wifi
- disable javascript in TBB and java plugins
- patch w/Grsec
Title: Re: WARNING! Onion sites hosted by FH might be honeypots
Post by: HeatFireFlame on August 04, 2013, 11:02 pm
you guys need to disable javascript. if those guys had it disabled the side channel javascript is useless.
even better ISOLATE. USE WHONIX. isolated out of the box. fuck a side channel.

Except whonix has wifi enabled, and the US busted the entire Chinese hacker team ATP1 in December 2012 by smashing through the browser using BeEF then activated wifi to find their location, even though they were using virtual machines for Metasploit framework.

Travis Goodspeed has also made fake emulated devices to exploit the linux kernel's old device drivers that are still in there from the 1990s. He injects a python program, which then auto mounts the device with emulated firmware that requests 300mb memory instead of SCSI standard 250mb memory and overflows the kernel  presenting him with full memory page leaks from the host system. Grsec prevents this, which whonix is not using. He also experimented with emulated HDD firmware he can fool the O/S into connecting to and root the disc even after reboots. Read his blogs sometime and chaos computer congress presentations they're pretty interesting what you can with firmware emulation/hacking to jump all over the system regardless of software isolation.

Hardened Gentoo Whonix exists but it's out of date and unmaintained.

tl;dr

- disable auto mount
- disable wifi
- disable javascript in TBB and java plugins
- patch w/Grsec

Thanks for the info. I remember when ATP1 got busted.
Maybe you should type how to disable all of those things for everyone who might not know :)
Title: Re: WARNING! Onion sites hosted by FH might be honeypots
Post by: envioso on August 04, 2013, 11:44 pm
unlikely they would go to such lengths to bust some drug users. and probably impossible to exploit en-masse like the javascript side channel. either way its much much safer than browser bundle. of course, hacking anything is always possible.