Silk Road forums
Discussion => Security => Topic started by: tbart on August 06, 2013, 04:26 am
-
is there a way, a paint by the numbers way, that the code literate folks could detail for the tech challenged folks to check their browsers or whatever to see if they were infected with whatever javascripts allowed in?
it sure would put a lot of folks mind at ease
-
the exploit only worked on Windows machines, and appeared to only have worked on older version of Tor Browser Bundle, as this exploit was fixed in 17.07. it built it's own binary, grabbed your MAC, IP and Hostname and then sent that off to the feds. then it left a cookie lying around to tell on you the next time you surfed outside of .onion land like using a Tor exit node. they both only lived for 30mins and deleted themselves so there's nothing to find now.
what version of TBB are you running (plus go into settings, disable javascript)
-
showing firefox 17.0.7, but running it on two different usb drives, and what odd, on one i have a "preferences" selection under "Edit" on the top taskbar and on the other, it's not there. ON the one with a "preferences" selection, i find "disable javascript" unselected, so i've been checking it, and in the Scripts options, i find "block java" checked and iFrame unchecked, so i check it
on the one without the "preferences selection" under Edit, in scripts options, i find "block iFrame" already selected as well as "block java"
both are 17.0.7
wtf?
-
Yes, my understanding is that it was a temporary exploit that didn't leave malware on the your computer. However, if you visited another site with the exploit code (most likely other FH cp sites), it would activate again, grab whatever cookies were there, and send them to the NSA again.
-
What could they do, anyway?
You accessed a webpage that said "Down for maintenance".
Not a website that contained smut.
Surely, you can't get into trouble for accessing a webpage that contains nothing but "Down for maintenance", even if it was a CP website.
All they have evidence is that you accessed a webpage that had nothing on it when you accessed it.
-
What could they do, anyway?
You accessed a webpage that said "Down for maintenance".
Not a website that contained smut.
Surely, you can't get into trouble for accessing a webpage that contains nothing but "Down for maintenance", even if it was a CP website.
All they have evidence is that you accessed a webpage that had nothing on it when you accessed it.
In the past FBI has set up pages that had nothing at all on them, told people they were CP, and then busted any poor soul who happened upon them. They don't need to catch you in the act of having CP or distributing CP to be able to raid you for CP, at the very least they can make a good case against you for intent to possess CP. The thing to realize about CP is that in the process of loading a single CP page you have essentially broken a few hundred laws. Automatically you are guilty of at least attempt to download CP, attempt to transport CP, attempt to possess CP. If there are perhaps fifty images of naked 16 year olds on the page, for every one of those you will be charged and end up with 50 counts of downloading CP, 50 counts of possession of CP, 50 counts of transporting CP, 50 counts of viewing CP. If they really want to fuck you they will probably add 50 counts of importing CP and 50 counts of causing CP to cross state lines.nIf you used a proxy they will tack on evading the police, etc. If you use a proxy like Tor they might even triple your counts of transporting CP * 3 or * 6 to take into account each Tor node you caused CP to move through. Seriously, doing god damn anything with any amount of CP at all can be stretched out into hundreds of charges, it is absurd. Clicking a single wrong hyperlink and you can easily find that you are facing hundreds or even thousands of felony charges punishable by 5 years in prison each. Almost everybody who is fucked with CP in any context is facing a potential life sentence because of this. Now you are not likely to actually get a life sentence for a few reasons. The first is because the prosecution will drop 399 of your 400 charges if you plead guilty to 1 one of them, and there is an extremely high chance that you will do this, so you will only get 5 years maybe. But it depends on the type of CP you have, the amount you have, what you did with it, etc. The truth of the matter is that in 99% of CP cases, you WILL get whatever sentence the prosecutor and judge decide you deserve, and if you take it to a jury trial you will probably get life in prison. That is how CP works. In the vast majority of CP cases, you are facing 0 to life, and at the total mercy of the prosecution and judge. If you take it to a Jury trial you will probably get close to life. The USA has the harshest penalties for CP in the entire world out of all countries where any porn at all is legal.
Not only that but you will likely spend your time in prison being raped, beaten, tortured and generally degraded. Many people who take their case to a jury trial are sentenced to a life time of rape and torture. It is probably part of the reason why a large percentage of people arrested with CP end up killing themselves before it makes it to trial. That and the fact that even if the plead guilty and only serve a decade in prison, they will be registered sex offenders for the rest of their lives, none of their friends will like them anymore, they will be humiliated in their communities, forced to live in tiny ever shrinking zones to the point that eventually a lot of them just end up homeless living under bridges or in sex offender ghettos that are most similar to the ghettos the Nazis made the Jews live in. Nobody will hire them, they are banned from using the internet in many cases despite most of them being heavy to very heavy internet users prior to their arrest, they are humiliated publicly all the time, where ever they go, for the rest of their miserable lives.
Seems pretty fucking harsh for looking at some naked 16 year olds who are legal to fuck, but death to the nonces ahhhhhhhhh /me rips his eyes out and stomps on them screaming death to the pedophiles rolling around on the ground foaming at the mouth
-
Most people are not running the older version of FF. Unless you ignore
"There is an update available" on the "Are you using Tor" opening page.
The implication here is, the Feds and the NSA have every piece of Tormail saved on FH's servers, and the IP addresses of those that used it. If you used PGP to encrypt your messages, you probably have nothing to worry about.
Basically, if you have taken all of the suggested precautions that are given to a casual user, you probably have nothing to worry about. Actually, it doesn't even have to be all of them. If you were running an older version of FF but had javascript disabled, you are probably OK.
And don't forget YOU are responsible for your own security and anonymity on Tor.
That's just my 2 cents on how I see it as of right now. This could all change as the day/week progresses.
-
Most people are not running the older version of FF. Unless you ignore
"There is an update available" on the "Are you using Tor" opening page.
The implication here is, the Feds and the NSA have every piece of Tormail saved on FH's servers, and the IP addresses of those that used it. If you used PGP to encrypt your messages, you probably have nothing to worry about.
Basically, if you have taken all of the suggested precautions that are given to a casual user, you probably have nothing to worry about. Actually, it doesn't even have to be all of them. If you were running an older version of FF but had javascript disabled, you are probably OK.
And don't forget YOU are responsible for your own security and anonymity on Tor.
That's just my 2 cents on how I see it as of right now. This could all change as the day/week progresses.
I just wanted to correct a detail: if the feds raided TorMail's mail servers, they would have the mails, but NOT their IPs.
Hidden Services goes both ways, neither the server nor the client knows who they are and where they are located.
-
Most people are not running the older version of FF. Unless you ignore
"There is an update available" on the "Are you using Tor" opening page.
The implication here is, the Feds and the NSA have every piece of Tormail saved on FH's servers, and the IP addresses of those that used it. If you used PGP to encrypt your messages, you probably have nothing to worry about.
Basically, if you have taken all of the suggested precautions that are given to a casual user, you probably have nothing to worry about. Actually, it doesn't even have to be all of them. If you were running an older version of FF but had javascript disabled, you are probably OK.
And don't forget YOU are responsible for your own security and anonymity on Tor.
That's just my 2 cents on how I see it as of right now. This could all change as the day/week progresses.
I just wanted to correct a detail: if the feds raided TorMail's mail servers, they would have the mails, but NOT their IPs.
Hidden Services goes both ways, neither the server nor the client knows who they are and where they are located.
Thank you! This is what I kept wondering about. Everyone seems all in a panic because the feds have our emails and our IP's. And while yes, they might have both of those things, there wouldn't be any possible way to put them together. Because the IP they gained from the injected code would not be the IP associated with any Tormail messages, because your IP while sending those messages was always masked because you were using Tor. Right?
-
As far as I know, you are correct.
-
Most people are not running the older version of FF. Unless you ignore
"There is an update available" on the "Are you using Tor" opening page.
The implication here is, the Feds and the NSA have every piece of Tormail saved on FH's servers, and the IP addresses of those that used it. If you used PGP to encrypt your messages, you probably have nothing to worry about.
Basically, if you have taken all of the suggested precautions that are given to a casual user, you probably have nothing to worry about. Actually, it doesn't even have to be all of them. If you were running an older version of FF but had javascript disabled, you are probably OK.
And don't forget YOU are responsible for your own security and anonymity on Tor.
That's just my 2 cents on how I see it as of right now. This could all change as the day/week progresses.
I just wanted to correct a detail: if the feds raided TorMail's mail servers, they would have the mails, but NOT their IPs.
Hidden Services goes both ways, neither the server nor the client knows who they are and where they are located.
Oh right. My bad. But you could have info about yourself somewhere in your Tormail account. Like, if you have a sent mail with your clearnet email address on it.
-
the exploit depended upon javascript to open an iframe which then opened a malicious URL hosted on LE server. this URL attempted 2 exploits, one another javascript exploit, and a heap spray exploit. as said above it just phoned home by grabbing identifying information and reporting it to the malicious server, and creating that cookie which it used to access the iframe URL. if you had javascript disabled, you are unaffected. if you were on the latest browser bundle, you were also unaffected. no malware was installed. still, take this as a classic example of things to come. side channeling is now the norm. simply using the browser bundle is not enough. this is sloppy work by the NSA IMO and shows that they didn't care all that much. it is most likely a psyops campaign to scare people off tor + the info they did gather has now been funneled into their massive data vacuum cleaner for further statistical analysis and future reference.
-
I agree it seems sloppy. People in that Cryptocloud thread that has been widely cited were saying they didn't think the NSA would be careless enough to hard code an IP address of one of their command and control servers. They would know obfuscation techniques. In other words, it could be some other national intelligence agency (not US based) or some other organization that wanted to frame the NSA. Then it seems like an amazing coincidence that the FBI is trying to extradite FH admin at the same time.
Another interpretation is that they planned to arrest FH admin and seize his server, or they didn't know the location of his server but knew how to hack it, so a couple of days before the arrest, they injected the malicious code to see how many free IP addresses they could get of people visiting CP sites.