Silk Road forums
Discussion => Security => Topic started by: flwrchlds9 on January 04, 2013, 04:28 am
-
Others should know by now, but did not see forum topic on it.
Either OnionImageUploader was always run by Dutch police, or it was captured/compromised by Dutch police.
All old images are now in possession of Dutch police.
xfq5l5p4g3eyrct7.onion
Any other have more info on this?
-
Being a .onion site, if it was captured/compromised this would be a big concern, HOW did they capture it?
Text from site;
"This site is under criminal investigation by the Dutch National Police.
You are not anonymous. We know who you are.
The production, distribution and possesion of child pornography are serious crimes.
All information gathered in this criminal investigation will be shared with the appropriate
authorities."
-
They didn't capture it. Onion Image Uploader is hosted on Freedom Hosting and all the other sites are fine. FH is still up and hasn't been seized or compromised. Either Dutch LE hacked OIU or a random hacker did and uploaded those pics for the lulz.
By the way, this is like last year's news.
-
Hey astor, I saw your link that you posted in the other thread in the off topic section. Wondering which image hosting site you recommend from that list?
-
If the police hack a site where people are doing illegal things - they do not tell you.
Why the fuck would they let you know? To give you time to burn your laptop, so that they can't charge you with jack shit.
It is silly to think it was LE, and if it was LE they have fucking gone full retard here.
It was probably just some hacker who wanted some lulz.
-
Last year as in 2 weeks ago in 2012? lol
yes, we said everyone should know by now, but it doesn't seem like everyone did and posted to see if anyone has anymore info.
If the police hack a site where people are doing illegal things - they do not tell you.
Why the fuck would they let you know? To give you time to burn your laptop, so that they can't charge you with jack shit.
It is silly to think it was LE, and if it was LE they have fucking gone full retard here.
It was probably just some hacker who wanted some lulz.
They might have been using it for a honeypot for months, or may have captured it a year ago... then they are done with the "operation" and they shut it down. seen it happen before, so anything is possible. Open discussion.
-
Bumping this for further discussion.
-
Hey astor, I saw your link that you posted in the other thread in the off topic section. Wondering which image hosting site you recommend from that list?
OIU is hacked. Mixie's server has been down for a few days, so ImgZapr is inaccessible. IMGuru is buggy and keeps returning "invalid file type" errors. I've been recommending QicPic
http://xqz3u5drneuzhaeo.onion/users/qicpic/
Which btw is also hosted on FH and works fine... at least until someone uploads a bunch of cp and it gets hacked. :)
-
Being a .onion site, if it was captured/compromised this would be a big concern, HOW did they capture it?
Text from site;
"This site is under criminal investigation by the Dutch National Police.
You are not anonymous. We know who you are.
The production, distribution and possesion of child pornography are serious crimes.
All information gathered in this criminal investigation will be shared with the appropriate
authorities."
Being hosted on a .onion pseudo top level domain does not provide immunity from having one's server hacked. If the back end server has vulnerabilities, they can (and usually will) be exploited. As far as the police 'warning' goes, another poster that said it was some hackers out for lulz is probably correct. Police usually don't advertise their operations in this way.
NC
-
Once a hidden service is hacked the private key for the hidden service can be captured.
Once you have this private key you can essentially steal the domain and point it to any server.
It is possible that the site was compromised by another channel and then the private key was taken and used to serve different images.
-
Once a hidden service is hacked the private key for the hidden service can be captured.
Not necessarily. It depends on the type of hack. It's possible to hack a web server through a PHP exploit (which is what the OIU hack appears to be) without rooting the box. The attacker would never have privileges beyond that of the web server and could not read directories that are inaccessible to the web server.
Hidden service private keys are kept in /var/lib/tor, which is read protected and thus limited to root and the tor user (debian-tor on Debian and Ubuntu). The web server user (usually www-data) can't read that folder.
-
Once a hidden service is hacked the private key for the hidden service can be captured.
Not necessarily. It depends on the type of hack. It's possible to hack a web server through a PHP exploit (which is what the OIU hack appears to be) without rooting the box. The attacker would never have privileges beyond that of the web server and could not read directories that are inaccessible to the web server.
Hidden service private keys are kept in /var/lib/tor, which is read protected and thus limited to root and the tor user (debian-tor on Debian and Ubuntu). The web server user (usually www-data) can't read that folder.
Of course, that is why I said can be, not will be. I did not mean to suggest that any hack could reveal this key.
A clever person would run tor on a completely different machine so that if the frontend is even hacked the tor server would not be vulnerable.