2011-2012 Operation Torpedo: took down 3 sites ran by Aaron McGrath (Pedobook, Pedoboard, and TB2) It was the first FBI operation against Tor Hidden Services.
Tor is totally safe guys
Landon Torres
Other urls found in this thread:
dvidshub.net
mozilla.org
en.wikipedia.org
mozilla.org
lists.torproject.org
blog.torproject.org
motherboard.vice.com
dvidshub.net
thehackernews.com
dailydot.com
news.softpedia.com
trac.torproject.org
lists.torproject.org
en.wikipedia.org
blog.torproject.org
gnunet.org
gnunet.org
grepular.com
lists.torproject.org
twitter.com
Colton Adams
June 2013 Operation Roundtable: The DHS shut down a hidden service dedicated to webcam captures of juvenile boys. The admin Jonathan Johnson was caught when he tried send a piece of mail to a child through the U.S. Postal Service
dvidshub.net
Evan Bailey
August 2013 Feedom Hosting bust: A free no rules onion hosting service started in 2008. It hosted thousands of onions, notoriously Lolita City and 23 other CP sites. Owner Eric Eoin Marques was arrested in July 2013. The FBI embedded an 0lday firefox exploit on every site hosted by Freedom Hosting (mozilla.org
It was never revealed how the actual Freedom Hosting server was located but it hosted thousands of onions from 1 IP, probably a lucky correlation attack.
Benjamin Diaz
October 2013 Silkroad Bust: Ross William Ulbricht arrested, well known case, made many OPSEC mistakes
Aiden Howard
2014 The Love Zone (TLZ) bust: Australian's Task Force Argos was able to track down TLZ hidden service admin Shannon McCoole (skee) on google through his odd word misspellings and unusual greeting 'hiyas'. They arrested McCoole and ran the site for 6 months. Caught many users by embedded exploits in video files, including en.wikipedia.org
Justin Gonzalez
2014 PedoEmpire, Hurt2TheCore bust: admin Matthew David Graham aka Lux arrested. Had ties with Peter Scully. Matthew David Graham bought and leaked the Daisy's Destruction video to boost traffic to his websites.
Wyatt Nelson
2014 Operation Onymous (Silkroad 2, Doxbin, etc): Carnegie Mellon University used a sybil attack*, a confirmation attack and a bug in Tor's relay_early cell to uniquely tag lookups on malicous HSDirs. The particular confirmation attack they used was an active attack where the relay on one end injects a signal into the Tor protocol headers, and then the relay on the other end reads the signal. The FBI subpoeneda their research and deanonymised many hidden services, including Silkroad 2, Doxbin, and Pinkmeth. Most of the busted sites were clone/scam sites ran by 1 server.
Parker Martin
2015 Playpen bust: Steven Chase misconfigured his hidden server and anyone was able to connect via direct IP (192.198.81.106) for 2 weeks. A foregin law enforcement agency found the IP while doing full IPv4 scans and notified the FBI. Steven Chase uses his personal paypal account to pay for the server and SSHed from his home IP over 10 times.
Owen Cox
2016 Giftbox bust: SVG+JS exploit found on CP site giftbox, was quickly found and patched mozilla.org
Christopher Anderson
Does anyone who's not a pedoshit even use tor?
Aiden Rodriguez
Only about 4% of all Tor traffic is Hidden Services which is where the pedoshit is.
Blake Rivera
Tor actually detected this sybil attack lists.torproject.org
blog.torproject.org
Easton Nguyen
I don't know why, but over a million people use facebook's hidden service every month.
motherboard.vice.com
fortune.com/2016/04/22/facebook-tor-increase/
Ryan Bailey
Pedos are unbelievably retarded
Hunter Wood
government agents shilling on FB?
Why would anyone want to associate their FB account with tor.
Cooper Cruz
You left out this part:
After FBI took over the playpen server, they embedded a Tor Browser exploit and deanonymized over 5,000 users.
Elijah Taylor
How do you know all these stuff anyway
Ryan Moore
Holy shit that's some dedication
Brody Parker
The fuck's that?
Kayden Hill
The site had hundreds of members, they created fake profiles and looked for boys on omegle, skype, facebook, chatroulette, etc all day
Brody Richardson
Horny boys thinking they are talking to girls, most seemed to have come from skype
dvidshub.net
Adam Russell
Why hide the tags and md5 hash?
Isaiah Clark
Those are law enforcement released screen caps, so it probably included the victims skype username.
And I think you can search for files by md5 hashes on p2p networks.
Jordan Myers
The moral of the story is: It's hard to properly anonymise & secure a web server. Police rarely attack the anonymity networks themselves, but look for hosting mistakes and OPSEC failures. It doesn't matter what anonymity tool you use, the server will eventually be found.
And people who run illegal sites are dumb.
Isaac Fisher
This is why people shoot cops.
Robert Russell
Fun Fact: former tor project member and developer of the now discontinued tor Vidalia program, Matt Edman, wrote the Tor Browser exploit used in the 2012 Pedobook, Pedoboard, and TB2 case.
thehackernews.com
Aiden Edwards
...
Gabriel Johnson
...
Samuel Foster
The majority of nodes with high exit probability are run by non-profits and organization known by Tor. A global adversary like the NSA or GCHQ doesn't need to run nodes. Assuming they are a global adversary, they can simply monitor all internet activity and see the same information without personally running relays.
Jacob Bennett
fuck off
Alexander Thomas
...
Chase Taylor
fuck off you pathetic faggot
Jack Ortiz
The Carnegie Mellon University attack was actually against the Tor network itself.
If a hidden service wasn't manually selecting semi-trustworthy entry guards. they could have been deanonymised if they were unlucky and selected a CMU controlled entry guard + CMU HSDIr
Correlation attacks in the real world don't work well because of false positives, but because of the relay early exploit, it was 100% certain.
Jeremiah Rivera
...
Jeremiah Anderson
Fair enough, that attack is the only one of any note.
Brody Russell
Go home schlomo.
Chase Lopez
...
Ian Campbell
How are firefox exploits not of note?
99% of Tor users will be using Firefox/Tor Browser. Less than 1% will have mitigations like qubes, whonix or physically isolated tor-enforced firewalls.
Christian Richardson
What is it?
Hudson Cox
I use `torify qutebrowser`.
No, my point is that Tor isn't broken. If Firefox had chrome-like sandboxing this wouldn't be an issue, I don't know why TBB wasn't chromium-based in the first place.
Landon Lopez
kek he is on the first page if you search 'hiyas' on google
Jackson Walker
Network Investigative Technique, it's malware/browser exploits, they use NIT in warrants to deceive judges into signing offing without understanding what the word means.
Matthew King
isn't that's a bad idea? You stand out from most users. The point of using of Tor Browser is so that everyone has the same fingerprint.
Easton Smith
Blake Benthall is a fucking idiot.
He gave an IN-PERSON interview to a journalist, while his Silkoad 2 site was still operational.
Isaac Green
Not really, people know I'm using qutebrowser but for it to matter I'd have to assume I'm the only one doing that and that I'm some how traceable through not posting on anything
Michael Rodriguez
Oh my god... This has been done to my friend when he was like 12. Man, I didn't want to break him by telling him he was baited by a pedo.
Jonathan Williams
I count one actual exploit against Tor's network in OP's list and the way CMU went about it was potentially illegal. That's a pretty good track record for the 10 years Tor's been running. Very few other projects can claim the same.
Also, OP is a shill.
Tor Browser wasn't Chromium based from the beginning due to the near impossibility of de-pozzing Google from it.
trac.torproject.org
Next version of Tor Browser will come with application level sandboxing. It's still early alpha right now.
lists.torproject.org
Nathan Turner
They actually have sophisticated loops of prerecorded women.
the videos are a seamless idle loop that constantly repeats. They can give commands like a thumbs up or or a wave and it reverts back to the idle loop.
Ayden Nguyen
I'm sure the pedoshits were arrested, your 'friend' can take solace in that
Jayden Jones
Have you been on any mobile app used primarily used been teens?
There are thousands of predators on there. It would be impossible to arrest them all. It's a huge problem.
Anthony Rivera
Dude, I have been to shady apps and discords that were mainly used by underaged people. Mostly gay or bi, since that's what I looked for in a chat app, I wanted to talk to other fags. There are people who can be asked for pics or anything and there are no logs of it ever happening and people don't speak about it, so it likely never gets out. Like, they were always way too open about everything, not understanding how the internet works. If a predator would use an app like that, it would be as easy as a few PMs
I would bet my last penny that the guy who did that to him is still rolling out face accounts instead of rotting in jail.
Lucas Lopez
...
Henry Gonzalez
...
Mason Scott
With some basic fingerprinting they can link your torified qutebrowser to your regular qutebrowser, just from visiting pages. Same browser, same window size, same fonts installed, same plugin details, same operating system - all those things add up.
And that's assuming you use a separate browser profile for Tor. Do you? If you run just "qutebrowser" and just "torify qutebrowser" you share cookies and local storage, which makes de-anonymizing you easy for even the dumbest tracker. A solution to that is running qutebrowser with a different basedir ("qutebrowser --basedir /path/to/alternate/basedir" or "qutebrowser --temp-basedir" for a completely clean slate every time), but you shouldn't use qutebrowser for this in any case. It destroy most of what you gain from using Tor.
Using qutebrowser with Tor might be okay if you have a weak requirement for anonymity (definitely nothing illegal, for a start), use a different basedir and tweak the settings a bit. They will link your different Tor sessions together but they might not link it to your regular qutebrowser.
:set content allow-javascript false:set content cookies-store false:adblock-update
David Harris
I only use qutebrowser for tor, no cookies, and it doesn't have plugins anyway.
John Clark
Know where I can find one?
Kevin Reed
There's some information panopticlick scrapes that it calls "plugins". Didn't know what else to call it.
Why don't you use it for normal browsing? Do you just do everything over Tor, or do you use another browser for that?
Luke King
...
Colton Harris
Yes goy, keep using tor, there is nothing we can do!
Parker Lopez
If you claim they can, let's see some proof then, shill.
Aiden Morales
/thread
TOR had a browser exploit 3 years ago lol, network is fine. TOR isn't responsible for dumb pedos.
Alexander Rogers
So in none of these cases Tor was actually compromised. Nice fearmongering, OP. Go back to reddit.
Brandon Gray
I browse normally through a pimped-out Icecat, obviously
Kayden Morris
That gentleman sounds like a very bitter person. What's that video?
Nathaniel Robinson
Steven Chase is next level stupid
Blake Nelson
...
Mason Sullivan
Tor Browser is based on firefox, and firefox is complex software with insane attack surface.
Pretty much any agency with a budget can buy an 0day for firefox. If your only defense is the the browser then you'll be fucked if you're a significant target.
Aaron James
I have my Tor browser VM on a isolated PVLAN port, and a second VM with two interfaces, one to the internet, and the second as a promiscuous PVLAN port, with the second VM doing NAT. Pretty sure i'm immune to browser exploits so long as I dont do something retarded like log in to my gmail account.
lol no
Levi Anderson
Eric Eoin Marques
Does the Asperger defense work?
I wonder how many years he will get? All he did was host Tormail and Freedom Hosting. FH allowed anyone to sign up for free PHP+MYSQL hosting. The problem was he never moderated content so it was sometimes used for CP.
I ran a few legitimate sites on freedom hosting myself.
Grayson Hall
He let sites like en.wikipedia.org
He was a stupid libertraian that had a disclaimer "I"m not responisble for any of the content hosted"
Oliver Flores
That really should be enough though. Or do you think the post office should be legally responsible for any and all illegal crap that gets sent via mail?
Samuel Miller
If he deleted sites after he was made aware of illegal content, he would be protected under safe harbor, but he continued to let them run.
Evan Moore
I'm more surprised by the fact it's real. is it that bad?
Andrew Thompson
...
Grayson Reed
Well what is it fag
Bentley Sullivan
...
Elijah Gonzalez
Prosecutors told the court that Scully allegedly directed a video called ‘Daisy’s Destruction’ where a baby girl was tortured by a masked and naked woman.
It allegedly showed the baby girl being tied upside down by her feet, sexually assaulted and beaten.
In the series of videos, she is whipped and assaulted with sex toys by Peter Scully’s girlfriend – who he met when she herself was a child prostitute.
According to the Sydney Morning Herald, the footage was so horrific police called it ‘the worst we have encountered in our years campaigning against child pornography.’
Reports that the video feature ‘Daisy’ being killed are inaccurate – while human remains were discovered at one of Peter Scully’s homes, the girl from the film was rescued alive.
The videos were streamed via a paedophile website which hosted torture videos, called Hurt 2 The Core – which boasted 15,000 videos downloads daily.
The worst paedophiles – those who uploaded their own material – gained access to a Producer’s Lounge, with the most offensive material.
Among those was Peter Scully.
Austin Lee
ewwwwww didn't need to know that
Alexander Lopez
...
Asher James
Anyone know what happenend to Hoarder's Hell and OPVA2?
Hunter Gutierrez
to disassociate their physical location?
Liam Allen
There, summed up the thread for you.
Jacob Appelbaum dindu nuffin, he a good boy. Maybe if Tor went back to fixing their shit instead of cultivating the next generation of celebrity tech activists, they'd actually get shit done. Thanks, women in tech!
Lucas Cox
You forgot
Agree they got more stuff done more quickly before the SJW invasion but they are still making progress. The application sandboxing in the next version for example will help mitigate many of the browser attacks.
Parker Flores
OPVA2 shut down a a month or 2 after the Freedom Hosting bust, the admin felt it wasn't worth the risk.
The admin of Hoarder's Hell was friends with co-admin Skee (Shannon McCoole), Task Force Argos shut it down.
Jeremiah Brooks
Probably because removing the botnet from chromium is a nigh-impossible task, and it's the sort of think that sort of has to be done if you're trying to create an anonymous browser.
John Sanchez
I don't think anyone thinks TOR is perfect but the D&C levels are ridiculous. It's almost trivial to point out flaws in a system and convince people that it's not worth using at all. That's fine if there's a superior solution but there isn't one.
As pointed out, very few attacks are directed at the service itself because it's insanely difficult. It's easier to use the methods that people ignore whenever TOR comes up: Attack the browser, attack your target's shitty opsec/comsec/etc., attack the open development methods by inserting in sneaky backdoors and hoping nobody notices (Vidalia), attack the development team by siccing SJWs on them (Appelbaum), and spread D&C in communities with low technical knowledge but a great desire for opsec (Holla Forums).
has it right for the most part. The door analogy is good; the metaphor only fails when discussing the CMU sybil attack. Even then, the argument still stands - "one locksmith managed to pick a lock once so locks are worthless." The metaphor only fails because software can be updated but locks can't. (At least I think the TOR team had a solution for this.)
John Morales
The CMU sybil/tagging exploit attack was so successful because Tor's hidden service design is shitty. Every onion address advertises to 5 new HSDir replays a day. HSDir relays are the cheapest servers to run and get a stable flag
Tor is pretty good as a clearnet IP obfuscater, but I'd stick with eepsites for 'darknet' sites. I wouldn't use Tor hidden services until their revamped hidden services come out.
John Moore
Vidalia was never backdoored/attacked, the FBI just used a former Vidalia developer as a contractor to write the Firefox/Tor Browser exploit. This was in 2012, the 3 sites ran by Aaron McGrath (Pedobook, Pedoboard, and TB2)
He basically just used metasploit's "Decloaking Engine" module.
Blake Howard
lol, the acting director of cyber security at the state deperatment has shitty OPSEC
RIP ptasseater
Christopher James
Mason Watson
...
Kevin Mitchell
...
Jacob Martinez
This is the best part, they had to pry him from his laptop.
Joshua Murphy
Looked like a MTG/Yu-gi-oh card folder in the thumbnail.
Andrew Peterson
What did this guy do at his job?
Jayden Cooper
Because Facebook isn't allow in a long list of countries.
Noah Perez
The I2P don't works better than Tor in point of hidden services?
Angel Torres
i2p eepsites are better than hidden services.
Hidden Services are a tacked on feature. Tor Project has been saying a HS revamp is coming soon.
Eli Morgan
...
Owen Nelson
What about this guide:
grepular.com
Parker Lee
the absolute madman
James James
Didn't TOR get a lot of members with jewish surnames and a rabbi last year?
Easton Martinez
if tor isn't safe, what are we supposed to use?
Jaxon Gutierrez
Tor. Don't care for the retarded scare tactics spouted by retards who don't know what they're talking about. Tor has rules and guidelines which you should follow, such as not enabling Javascript, and all these arrests and captures have nothing to do with Tor itself, but with retards not caring to follow instructions.
Imagine someone claiming that seatbelts in cars never saves lives. The retard would bring up many cases where people died in a car with seatbelts, but fails to mention that the people didn't use them at the time of the accident. The idiot would claim the seatbelts didn't do their job because they existed in the car while the person who didn't use them died.
Or imagine if someone claiming that locks on doors don't help to prevent keeping intruders out by stating that many people with locks on their doors have had their homes broken in to. Once again the idiot would leave out the fact that the homes with locks which were broken in to, didn't actually ever follow instructions and turn the lock which would then actually lock the door.
Easton Morris
People are unbelievably retarded, pedo or otherwise, but most people are not being hunted down for what they get off to.
Colton Myers
It's better than nothing and will work in most cases, but it's a trivial thing for the US gov to control more than half of exit points, allowing them to trace at least some traffic. I wouldn't trust TOR for anything high-profile.
Andrew Perry
/this
People are overwhelmingly mentally retarded. Sad!
Its good for nothing actually, I wouldn't trust something shilled by CNN ten years ago. Anderson Cooper interned at the CIA. What else do you need to know?
Luis Rogers
That's not the right word. If 3000 nodes suddenly appeared all named totally-not-cia, it would be pretty suspicious. There's a relatively good discussion in this thread.
lists.torproject.org
Tor is a good defense for most threat models. If you have extraordinary requirements you may want to layer it or get off the interwebs entirely. If you're at that point you should also start sweeping for hidden cameras/bugs.
Adrian Walker
Thanks OP
Xavier Baker
Thanks OP