Delivery-Date: Sun, 21 Dec 2014 15:17:40 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,TVD_PH_BODY_ACCOUNTS_PRE,T_DKIM_INVALID,
	UNPARSEABLE_RELAY,URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id A00D91E0421;
	Sun, 21 Dec 2014 15:17:38 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id C81183269B;
	Sun, 21 Dec 2014 20:17:34 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 5425B3269D
 for <tor-talk@lists.torproject.org>; Sun, 21 Dec 2014 20:17:31 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id UTTauA4T-jo4 for <tor-talk@lists.torproject.org>;
 Sun, 21 Dec 2014 20:17:31 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 1735F32658
 for <tor-talk@lists.torproject.org>; Sun, 21 Dec 2014 20:17:31 +0000 (UTC)
Received: from berryeater.riseup.net (berryeater-pn.riseup.net [10.0.1.120])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id 6109340C74
 for <tor-talk@lists.torproject.org>; Sun, 21 Dec 2014 20:17:28 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1419193048; bh=mWVsxS8UK+TLfB4Q7h/y41wOn9LSIk/6EJKw4KSFR1U=;
 h=Date:From:To:Subject:From;
 b=pVUWbda1yW32ndJMurWwyLSinhRugMB7SLBKaMU1Q5KApqiDrazAy16W+IdtHcWpb
 b/pYGPgf9GnBeE1O/MxoCFPVCjNScszfPSL30vsHUQcOgsFYE7lDowYl5LDLdJpBmb
 7kMre2Pqe0zdN+/f/y8KhGB7q2Kd/ZcXoCgJtaN4=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: thomaswhite) with ESMTPSA id 68A6740ED2
Message-ID: <54972AD3.8070005@riseup.net>
Date: Sun, 21 Dec 2014 20:17:23 +0000
From: Thomas White <thomaswhite@riseup.net>
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
X-Virus-Scanned: clamav-milter 0.98.5 at mx1
X-Virus-Status: Clean
Subject: [tor-talk] Warning: Do NOT use my mirrors/services until I have
 reviewed the situation
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Dear all,

Many of you by now are probably aware than I run a large exit node
cluster for the Tor network and run a collection of mirrors (also ones
available over hidden services).

Tonight there has been some unusual activity taking place and I have
now lost control of all servers under the ISP and my account has been
suspended. Having reviewed the last available information of the
sensors, the chassis of the servers was opened and an unknown USB
device was plugged in only 30-60 seconds before the connection was
broken. From experience I know this trend of activity is similar to
the protocol of sophisticated law enforcement who carry out a search
and seizure of running servers.

Until I have had the time and information available to review the
situation, I am strongly recommending my mirrors are not used under
any circumstances. If they come back online without a PGP signed
message from myself to further explain the situation, exercise extreme
caution and treat even any items delivered over TLS to be potentially
hostile.

The mirrors in concern are:

https://globe.thecthulhu.com
https://atlas.thecthulhu.com
https://compass.thecthulhu.com
https://onionoo.thecthulhu.com

http://globe223ezvh6bps.onion
http://atlas777hhh7mcs7.onion
http://compass6vpxj32p3.onion

77.95.229.11
77.95.229.12
77.95.229.14
77.95.229.16
77.95.229.17
77.95.229.18
77.95.229.19
77.95.229.20
77.95.229.21
77.95.229.22
77.95.229.23
77.95.224.187
89.207.128.241
5.104.224.15
128.204.207.215


I will do my best to keep this list updated on the situation as it
develops. If any of the mirrors or IPs do come back online, I would
welcome anyone who is capable of doing so checking for any malicious
code to ensure they are not used to deploy any kind of state
malware/attacks against users should my theory prove to be the case.

At this moment in time I am under no gagging orders or influence from
external parties/agencies. If no update is provided within 48 hours
you may draw your own conclusions.

Regards,
T


- -- 
Activist, anarchist and a bit of a dreamer.

Current Fingerprint: E771 BE69 4696 F742 DB94 AA8C 5C2A 8C5A 0CCA 4983
Key-ID: 0CCA4983
Master Fingerprint: DDEF AB9B 1962 5D09 4264 2558 1F23 39B7 EF10 09F0
Key-ID: EF1009F0

Twitter: @CthulhuSec
XMPP: thecthulhu at jabber.ccc.de
XMPP-OTR: 4321B19F A9A3462C FE64BAC7 294C8A7E A53CC966
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUlyrRAAoJEFwqjFoMykmDmDUP/RQuzugIWZSg/otUXLEvZCNd
V7NIxwZKml0OLmkxvUDbNaCSaKk2aszrDY4n6f9T+SZExnkTJJ7VmObctwNgOhgj
XNPiR6jwqoUrvPIWHLShixZwMwrL8bjhz6QhFRZjXCh3dcXil5AeXghw/bjv5N0W
Ad05zEoVaPJLJP74W0jNZiRDTNzCvkzJn5r9idW07P83nXLOQaU9F//6+tyl5R52
1kQCx6Hoc6qDEopYpbT4gQ7BunOUZ+RaSk4XS7gxo8Qm3c7RBVI0niJRRwvvJ1Yn
oJ5pQIXuCcKqxWTla48QIdR13vGAFbgvZcJpPY/lqtGTOImWyp7ExIvQVd7Le1K7
Nu1eI0Ks+76cpFFord7BmendsgR8IDGbsmGQD8k69n/RIcbO3mMHIkYHx54pvIvH
3qjClNcspFSDfhb494T0iB/yap/0Aht4dke1zFfahinqqsSgCQIanZYC0wFeRjzU
4esTMEXZ+ZfsFRQIYy5VeFWVOO0wKekM+O4UBzIjwcQ39a/c1rqz9Z17OT7xZTYU
a0JsV9K71KM9AirrBRcKCCaoBoMCqaAomxb3Jcp3NzQcBw5jTd+SUDch7SC2SiyD
SDN9rJTf8iHyY4YeoI1dyQR32+BZjxRM+AhgsviAb3vkfncMTIKhPY9U6dhEa/NN
e9/8R2OWu1CaXAKp0/BI
=GZKT
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

