Delivery-Date: Tue, 26 Jan 2016 20:36:10 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 10EAF1E0853;
	Tue, 26 Jan 2016 20:36:09 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id AE58938EFC;
	Wed, 27 Jan 2016 01:36:02 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 2990C38EF0
 for <tor-talk@lists.torproject.org>; Wed, 27 Jan 2016 01:35:59 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id BKQcQfV5pgef for <tor-talk@lists.torproject.org>;
 Wed, 27 Jan 2016 01:35:59 +0000 (UTC)
Received: from mail-ig0-x233.google.com (mail-ig0-x233.google.com
 [IPv6:2607:f8b0:4001:c05::233])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 06D9E38EEF
 for <tor-talk@lists.torproject.org>; Wed, 27 Jan 2016 01:35:59 +0000 (UTC)
Received: by mail-ig0-x233.google.com with SMTP id mw1so2347891igb.1
 for <tor-talk@lists.torproject.org>; Tue, 26 Jan 2016 17:35:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:from:date:message-id:subject:to:cc:content-type;
 bh=DL5XwBywd2BuB+jw++zizGsOzooS08g1ZTN4jOhbTNI=;
 b=r04izsIOobFkJSXRwPrc6JTLn9n11aUi6K0HWji512tgT2Dtm0PFDtC8WfXbC0Ja9i
 gazbDoCOLr6kIWE+mJBfzho/EbZGhl/4ruV/xG3O8xwsjigefJ8BU2CSyWZ2GcnYeloD
 glPsqMSdLeVa2/oyrn56JSfIFuLVCuZAepIvtxXmIMdzXqkeIPFpkQeKnWixkGJVJ6PZ
 uSFzyd7zuMEcHsFe3AsO3uPYXNdIIlTZVnFHFg7zSvfkXmnDgk+tyCymiij+xT4vW5Zd
 sd+KcnQOD4UEUrkTCNqMnEAlKYcENhkz/6yBRUvqB+gWkOANfYc6dAAeohCRYbvCYTcs
 eyhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc
 :content-type;
 bh=DL5XwBywd2BuB+jw++zizGsOzooS08g1ZTN4jOhbTNI=;
 b=Uy0xxar4PujG5rQ0kJr8UgHUPbDur8JrLgZ7bDlzrP6ic+frKBmgYFaBPpGSqOMKpt
 lZw97+KFxOAcSQNRZ0r9lG5XtE8XqJKyRRzNDpkq/tkoLpURaMKxqJ8ApYm1wwO2j6kF
 8m6hDhmYTzon5J/dE2RHkTft6dSzsZ70rXv75mi6UOs+Nm/+hbQ+1oIUQzlFAGoPRZkc
 0Fh2mrav3UBvOlseKgNwEEjWrAxLO8M2xcO0W6WsOl/3jj19FSgqbgNJoQ6g+W9T7KrX
 dk/yAAKSBx7RFW/rFhy3YlAY1iog5ZJXY6tvps4+14QBK63CVwmZdWH7hP9BdXlpq9zO
 6iEQ==
X-Gm-Message-State: AG10YOTdmqYNfkhfUAtYp1eN9wZkHJ7ar4wdHHdONRdfI8P29WJoeISRiNujY0yEXYaAFb+3ay+WenDdRTXP2w==
X-Received: by 10.50.142.103 with SMTP id rv7mr11269205igb.37.1453858556831;
 Tue, 26 Jan 2016 17:35:56 -0800 (PST)
MIME-Version: 1.0
Received: by 10.36.137.197 with HTTP; Tue, 26 Jan 2016 17:35:17 -0800 (PST)
From: grarpamp <grarpamp@gmail.com>
Date: Tue, 26 Jan 2016 20:35:17 -0500
Message-ID: <CAD2Ti2_XjXRBbFDUpw00LRo5o85VQ_Uq16Pmzvt7NU=hwFoZCw@mail.gmail.com>
To: tor-talk@lists.torproject.org
Cc: cypherpunks@cpunks.org
Subject: [tor-talk] Darknets: Full of onions, and eeps,
	and other wondrous things
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

> Email to tor-talk@ [0] made me wonder if (some of) these
> are run by the same people that have been trying to hijack
> Bitcoin transactions.  In the first step, they could enumerate
> services by crawling them

That would be useful to get an early start in the spamming / seeding
publication below.

> and setting up an impersonation
> site that has substituted Bitcoin addresses on it.

There's no need to 'mirror' or 'clone' or 'set up a site', the good ones
are just transparent cleartext proxies, one onion in front of another.
They can be timed, but don't fall to the dynamic content and
update differences that mirrors do.

Regardless, the last step is publication of the proxy. This is done in
wholesale on onionland services such as forums and the now tens of
wannabe 'hidden wikis', many of which are run by the same actors,
obviously adding to the attack surface. Users surf them, they and the
links looks legit, they get bookmarked and that's that till they somehow
find out. It's been going on that way for years. All onionland services
should be considered suspect, even email, syndication and storage.

> Finally, they are
> running malicious exists that rewrite onion domains to their own
> impersonation sites.

Exit rewriting is an easy way to skim another fraction of users without
needing to play with forums and wikis.

As interesting as why, is that there are so many.

Those willing to immerse themselves in the corners of onionland would
probably find some insight, at least for that which comes from there.

Topside ventures that reach down into onions would be different story.

Databasing, crime, anti-crime, covert stuff, games, research, hacking,
and even the overriding majority of everyday legitimate use by users
around the globe....

The story and scaling over time of all these aspects is becoming quite
interesting.

> [0] <https://lists.torproject.org/pipermail/tor-talk/2016-January/040038.html>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

