Silk Road forums

Well, lots of technically proficient people could set up a similar service. I'm just saying I wouldn't use the old Tormail site if it came back online.

However, if technically proficient people are interested in running anonymous messaging services, they should build something different from email servers. I don't think email is the future of anonymous communication. We need a decentralized replacement that has no central point of failure like the Tormail / FH server.

In fact, I see decentralization as the future of all hidden services. A few months ago I wrote a speculative series of posts about a decentralized market that hosts product listings in something similar to Bitcoin's block chain. There is no central authority that runs the market, just as there is no central authority that controls Bitcoin transactions that are added to the block chain, but people could use any escrow service they like, and that's what SR could evolve into.

I agree it seems sloppy. People in that Cryptocloud thread that has been widely cited were saying they didn't think the NSA would be careless enough to hard code an IP address of one of their command and control servers. They would know obfuscation techniques. In other words, it could be some other national intelligence agency (not US based) or some other organization that wanted to frame the NSA. Then it seems like an amazing coincidence that the FBI is trying to extradite FH admin at the same time.

Another interpretation is that they planned to arrest FH admin and seize his server, or they didn't know the location of his server but knew how to hack it, so a couple of days before the arrest, they injected the malicious code to see how many free IP addresses they could get of people visiting CP sites.

There are still puzzling aspects to this story. I read the original article in the Irish newspaper, which you can find here:

http://www.independent.ie/irish-news/courts/fbi-bids-to-extradite-largest-childporn-dealer-on-planet-29469402.html

It says that FH admin was arrested Thursday, contrary to every other report I've read, which said Sunday.

Can anyone remember when exactly FH went offline? I'm thinking it was Tuesday or Wednesday of last week. Now why would that happen? Did LE seize the server before they arrested the operator? Surely they wouldn't do that or it would tip him off. Did they add the exploit to the server at that time? Maybe he discovered the exploit and took the server offline himself. I'd like to find the answers to these questions.

He's been in custody since his arrest, so when the maintenance page came up, that was definitely run by LE. If they didn't seize the server outright, they had enough control over it to add that page along with the exploit code.

Does anyone know how FH first became compromised? If the owner was somehow identified and tracked down through the deepweb then the implications are HUGE. If tracked down through human error or "real-world" police work as a result of (un)related off-line activity, then still bad news but not as much of a nightmare situation for us Roadies. I guess the question is, how did they get the guy? Anyone have info?

How was FH admin identified? Was the FH server seized? Those are the questions on everyone's mind. We are all waiting for answers. They have significant implications for the future of the Tor network.

Can someone PLEASE PM me a new mail server?

Check the Security subforum. A user named comsec posted a list of alternatives. As I argued there, ultimately we need a secure, decentralized messaging service, because email servers that interface with the public internet, even by proxy, have a much bigger attack surface. The convenience of sending messages to clearnet accounts isn't worth it.

Quote from: astor on August 06, 2013, 08:14 am

The FH server could be hosted anywhere in the world. Gathering the info off it will depend on local laws.

So if it's in Romania then the US would need to get permission from Romanian authorities to access the servers? So they may not have access to shit right now?

Yeah, basically. If the server is in Romania and it was seized, then it was likely seized by local authorities. I know the FBI has started playing global cop like with the raid on Kim Dotcom in New Zealand, but generally they aren't allowed to gallivant around and raid people or seize property in other countries where they have no authority. Of course, with something like CP, it may be easy to get local authorities to cooperate.

Actually, I take that statement back. The more I read about this case, the more suspicious I am that server wasn't actually seized.

It doesn't matter though. I would never use Tormail again.

The point is even if the Feds have the FH servers according to the Tormail main page is there is 'apparently' nothing stored on those servers.

Can anyone else please comment on this?

The public facing server that hosted the tormail.net and tormail.org web site and accepted emails sent to those domains, did not host any emails. It was a proxy to the hidden service. But if the hidden service ran on the FH server and the FH server was seized, then LE does have the emails.

Quote from: Nero on August 05, 2013, 10:28 pm

Are we sure that the only way to be exposed to the exploit is visiting an FH website while running a non-recent version of firefox/Tor on a Windows computer?

That seems way too specific for me to believe it.

Unless people who look up CP all use the same setup. It sounds like theyre just trying to round up the low hanging fruit because all of this is easily avoidable with even a modicum of electronic security.

It seems the vulnerability itself is exploited with javascript, so that is why only users with javascript enabled are affected. Who knows why they only targeted Windows, the same exploit works theoretically against Linux as well but the payload was analyzed and it makes several Windows specific OS calls and will not work on Linux. The attack is not a 0-day but rather an exploit that was published a little over a month ago, which explains why the most recent browser is not affected. It is entirely possible that they didn't want to release a 0-day for analysis, and most people using Tor are thought to be using outdated Browser Bundles on Windows. The attacker was probably pretty sure that whatever attack they used would be analyzed to hell and back by a shit ton of security researchers. Also, 0-day attacks are usually used for really really high priority targets, they are more likely to burn one of those on somebody who has like kidnapped a child and is holding them ransom, or a suspected terrorist, than they are somebody who is running even the biggest CP site in the world.

I would add, based on my reading of the exploit, that you would have had to visit the FH main onion address, the Tormail web site, and perhaps some specific CP sites hosted on FH. The exploit set a cookie and had to be run from each site you visited to update your Tor Browser cookies with a specific ID. I haven't seen any evidence that they served the exploit on all onion addresses that were hosted on FH.

I think the bigger issue for this community is all the intel they are going to gather from unencrypted Tormail messages.