Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Lizard Squad launches Tor 0day
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Lizard Squad launches Tor 0day

As I posted over here

If you are a Tor user it might be a good idea to pay attention to this.

Ref: http://gizmodo.com/hackers-who-shut-down-psn-and-xbox-live-now-attacking-t-1675331908


Uh oh. Lizard Patrol, the hacking group claiming responsibility for the Christmas attacks on PlayStation and Xbox Live, has announced a new target: Tor, the anonymous internet service.

The hacker group appears to be attempting to dominate Tor's relays to the point where it can comprise anonymity. Tor keeps you anonymous by bouncing your communications around a network of volunteer nodes. But if one group is controlling the majority of the nodes, it could be able to eavesdrop on a substantial number of vulnerable users. Which means Lizard Squad could gain the power to track Tor users if it infiltrates enough of the network.
So far, they have already established over 3000 relays, nearly half of the total number. That's very not good.


"Someone who claims to be a part of Lizard Squad has set up a large number of Tor relays. That's it," Runa A. Sandvik, an advocate with the Tor project, told me. That's all we know for sure so far.

Thanked by 1Droid
«13

Comments

  • netomxnetomx Moderator, Veteran

    There's always a back link to the vpsboard, right?

    On topic... I read that an hour ago, seems pretty bad :/ can you force to use some relays?

  • netomxnetomx Moderator, Veteran

    And every node is on US as I saw on that screenshot... Someone using CC IPs? :p

  • sons of bitches ...

  • Screw this, lets all run more relays...

  • but seriously, if they can create/control 3k tor relays, why shouldn't the NSA/FBI whatever be able to do the same?

    Thanked by 3netomx Pwner Mark_R
  • trexostrexos Member
    edited December 2014

    @netomx said:
    And every node is on US as I saw on that screenshot... Someone using CC IPs? :p

    mind giving me a link?
    nvm, found it: http://i.kinja-img.com/gawker-media/image/upload/s--wu5-oa4J--/c_fit,fl_progressive,q_80,w_636/i59cluysoihnz1m55qqv.jpg

  • netomxnetomx Moderator, Veteran

    @trexos said:
    mind giving me a link?

    I saw the screenshot on the title... The CC thing was a joke, I checked 1 IP and it says is Google Cloud... Nice to know what details do they use to sign up

  • trexos said: mind giving me a link?

    https://globe.torproject.org/#/search/query=lizard

    They will soon get the badexit flag and won't be used by clients, I don't think it's a big issue.

  • Yes, I can see why they would attack Tor (considering it's pretty much only used for illegal activities). But PSN and Xbox Live? What has PSN and Xbox Live ever done?

  • Hmm tor has been under threat the whole of this last month. Seems the whole system needs a rethink

  • @linuxthefish said:
    They will soon get the badexit flag and won't be used by clients, I don't think it's a big issue.

    I don't think that they would call (all of) their nodes lizard, would be stupid.

    @ub3rstar said:
    Yes, I can see why they would attack Tor (considering it's pretty much only used for illegal activities). But PSN and Xbox Live? What has PSN and Xbox Live ever done?

    I hope this is sarcasm.

    Thanked by 1ihatetonyy
  • LeeLee Veteran
    edited December 2014

    I really don't know much about Tor however is it not the case that this group has setup new relays? And as a result new relays can't be used as exits therefore this is really not an issue?

  • http://torstatus.blutmagie.de

    Seems some are pushing traffic already. Using Google's cloud, probably trails / promo codes. Not enough weight to exit traffic, but should be interesting what the s-kids try!

  • emgemg Veteran

    Here are some of my thoughts:

    • Where did Lizard Squad get 3000 relays?
    • Do they own them or do they belong to others (and are being used without permission)?

    • Let us assume that a government (or "The Government") already controls or monitors a sufficient number of relays so that they can de-anonymize TOR users. Could Lizard Squad's activities be improving the anonymity of TOR by making it more difficult for the government to de-anonymize users?

    • What if Lizard Squad finds evidence that a government has already compromised TOR? What would they do? Would they publish their findings? Would anyone believe them if they did?

    • What are Lizard Squad's motives for doing this?

    • Personal Statement:
      I do not agree with ub3rstar's assertion that TOR is "pretty much only used for illegal activities". With respect, I believe that he/she is jumping to conclusions.

    I know many people (and am aware of far more people) who use TOR for privacy and anonymity. None of them use TOR for illegal activity. Some work for the government and use it as a part of their jobs. Others use it for personal reasons. Still others face persecution if they were to use the open Internet.

    I use TOR for a variety of purposes, none of them illegal. I often use it to look up medical information for family members and friends. Sometimes I want to satisfy my personal curiosity about something in the news, but I would rather not let all the browser trackers know about my search. Sometimes I use it as a quick way to bypass firewall restrictions rather than adjusting the firewall for one special case. (There are better ways to do it, I know.)

    Thanked by 1k0nsl
  • LeeLee Veteran

    emg said: Personal Statement: I do not agree with ub3rstar's assertion that TOR is "pretty much only used for illegal activities". With respect, I believe that he/she is jumping to conclusions.

    ok, well "mostly used for illegal activities".

    It's the human way, we live in a crazy world where online crime is a massive industry, Tor facilitates that more than people just looking for privacy and anonymity.

    Of course it's opinion and nobody knows for sure given we can't see the breakdown of what it's used for.

    No doubt the paranoid romanian will be along to tell us everyone is wrong and opinions only count if they match his when it comes to Tor.

    Thanked by 2doughmanes Mark_R
  • The point in tor is anonymising who you are not securing what you access, and you should assume that http traffic at the other end can be seen by all.

    They won't be able to see the source user IP unless these nodes become entry nodes, which takes some time - someone will pick up that they are up to no good shortly.

  • J1021J1021 Member
    edited December 2014

    @linuxthefish said:
    The point in tor is anonymising who you are not securing what you access, and you should assume that http traffic at the other end can be seen by all.

    They won't be able to see the source user IP unless these nodes become entry nodes, which takes some time - someone will pick up that they are up to no good shortly.

    Who is responsible for picking up on this stuff?

  • kcaj said: Who is responsible for picking up on this stuff?

    The Directory Authority operators!

  • raindog308raindog308 Administrator, Veteran

    ub3rstar said: considering it's pretty much only used for illegal activities

    W1V_Lee said: ok, well "mostly used for illegal activities".

    You guys no doubt have some data to prove this...?

    W1V_Lee said: No doubt the paranoid romanian will be along to tell us everyone is wrong and opinions only count if they match his when it comes to Tor.

    Aw, I love that paranoid Romanian if you mean @Maounique

    Ooops...I accidentally invoked him.

  • linuxthefishlinuxthefish Member
    edited December 2014

    Reply from tor ops:

    Fortunately, they don't have the Fast flag, and their consensus weights are tiny because they are new and unmeasured. So they are not currently getting any exit traffic to log.

    We're working on removing them from the network before they become an actual threat.

  • emgemg Veteran

    @W1V_Lee said:
    ok, well "mostly used for illegal activities". [...]

    With respect, I disagree. I have reason to believe that TOR is used mostly for legal activities.

    Allow me to clarify that by "legal", I mean legal in most of the United States. There are countries where simply looking at websites that display "ordinary" pornography or statements contrary to official government policies is considered illegal and severely punished.

  • LeeLee Veteran

    raindog308 said: You guys no doubt have some data to prove this...?

    I can prove how selectively you read.

  • LeeLee Veteran

    @emg said:

    Indeed, and that is your opinion which is no more right or wrong than mine because it can't be proven either way.

    Thanked by 2ATHK Mark_R
  • @linuxthefish said:
    Reply from tor ops:

    We're working on removing them from the network before they become an actual threat.

    I already thought that. But what would have happened if they hadn't named these relays so obvious that the tor operator knew which relays are affected?

  • It is well known that if you control the majority of the relays, you're able to snoop on what people are doing. It's not a 0-day :/

    Thanked by 20xdragon ATHK
  • trexos said: I already thought that. But what would have happened if they hadn't named these relays so obvious that the tor operator knew which relays are affected?

    They are all in the same IP range, suspicious as hell lol, as well as the fact these skids can't do anything without bragging about it...

    Thanked by 1netomx
  • trexostrexos Member
    edited December 2014

    @linuxthefish

    You are totally right, I really hope that they get busted. Anyway, there are enough people who know better and are able to do so as well. Thats scary

  • emg said: Where did Lizard Squad get 3000 relays?

    Ever see the folks on here asking about Tor and wanting a $5 - 15/year VPS?

    Thanked by 2netomx Mark_R
  • W1V_Lee said: No doubt the paranoid romanian will be along to tell us everyone is wrong and opinions only count if they match his when it comes to Tor.

    You forgot the "jokes" and "stories" that are long, drawn out and don't assist in his rambling other than generating a higher word count like if he was paid by word count to ramble

  • @trexos said:
    linuxthefish

    You are totally right, I really hope that they get busted. Anyway, there are enough people who know better and are able to do so as well. Thats scary

    https://lists.torproject.org/pipermail/tor-consensus-health/2014-December/005381.html

Sign In or Register to comment.