Delivery-Date: Sun, 09 Nov 2014 11:49:11 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 59BDD1E0939;
	Sun,  9 Nov 2014 11:49:09 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 0D071319CD;
	Sun,  9 Nov 2014 16:49:00 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id C88DE318D8
 for <tor-talk@lists.torproject.org>; Sun,  9 Nov 2014 16:48:56 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 05MP2gkaNJ5g for <tor-talk@lists.torproject.org>;
 Sun,  9 Nov 2014 16:48:56 +0000 (UTC)
Received: from jessica.everdot.org (unknown [IPv6:2001:470:1f0b:1c12::1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 8BBDF319C8
 for <tor-talk@lists.torproject.org>; Sun,  9 Nov 2014 16:48:56 +0000 (UTC)
Received: from mail.everdot.org (primail.everdot.org [IPv6:2001:470:dc2e:5::2])
 (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by jessica.everdot.org (Postfix) with ESMTPS id 09471FA07AE
 for <tor-talk@lists.torproject.org>; Sun,  9 Nov 2014 17:48:52 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
 by mail.everdot.org (Postfix) with ESMTP id BDF719122CDC
 for <tor-talk@lists.torproject.org>; Sun,  9 Nov 2014 17:48:51 +0100 (CET)
X-Virus-Scanned: amavisd-new at everdot.org
Received: from mail.everdot.org ([127.0.0.1])
 by localhost (everdot.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id eKAZ0Q4fIlop for <tor-talk@lists.torproject.org>;
 Sun,  9 Nov 2014 17:48:48 +0100 (CET)
Received: from meilong (unknown [IPv6:2001:470:dc2e:2:480a:9650:c7cb:ce6])
 (using SSLv3 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
 (No client certificate requested)
 by mail.everdot.org (Postfix) with ESMTPSA id DA0C69122CDA
 for <tor-talk@lists.torproject.org>; Sun,  9 Nov 2014 17:48:47 +0100 (CET)
Date: Sun, 9 Nov 2014 17:48:36 +0100
From: =?ISO-8859-1?B?1nl2aW5k?= Saether <oyvinds@everdot.org>
To: tor-talk@lists.torproject.org
Message-ID: <20141109174836.33499e66@meilong>
In-Reply-To: <CAJVRA1SK30JM0URVOmhnXcU0kH_sXWVB2ZQPSKQT_vv6kQ4pfQ@mail.gmail.com>
References: <20141106180756.42a2541d@meilong> <20141107150403.29f9e51e@meilong>
 <CAJVRA1SK30JM0URVOmhnXcU0kH_sXWVB2ZQPSKQT_vv6kQ4pfQ@mail.gmail.com>
X-Mailer: Claws Mail 3.10.1 (GTK+ 2.24.24; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Subject: Re: [tor-talk] Operation Onymous against hidden services,
 most DarkNet markets are down
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============3488492295538365023=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

--===============3488492295538365023==
Content-Type: multipart/signed; micalg=pgp-sha1;
 boundary="Sig_/WK=EUyY1DYBg_Wb_2fzdYYq"; protocol="application/pgp-signature"

--Sig_/WK=EUyY1DYBg_Wb_2fzdYYq
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

> i'm going to laugh if the "technological breakthrough" is a DoS
> slowing Tor enough you restart it. then they watch to see who (serving
> up the appropriate amount of more traffic out than in) just restarted
> Tor.
> all signs point to modified slowloris with a limited set of suspects.

We can not really know exactly how they did it but one thing is
interesting:

=46rom doxbin and others we know that they in many cases just grabbed the
servers and closed the hidden services without arresting those behind
them. It appears this depends on what OPSEC they were using.

This is interesting because it makes it very clear that they are
finding and taking down the hidden services first and then they look at
the hardware they stole and the server bills and so on and try to figure
out who was behind them.

=46rom what I have read the last few days there is absolutely no doubt in
my mind that they can in fact find the physical location of Tor hidden
services and that they do this first and try to find out who is behind
them later. It also seems clear that some parts of organized crime
networks like the FBI and Europol want to prevent otherwise because
their capability of finding hidden services makes future arrests so
easy.

As for those hidden services that was not taken down: My guess is that
they are either hosted outside the United States of Fascism and the
Fascist Union or honeypots.

> best regards,
>   coder 'cointelpro' man

best regards =D6yvind,
GNU World Order gang member

--Sig_/WK=EUyY1DYBg_Wb_2fzdYYq
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlRfmu0ACgkQNBSJHnwv/KqICwCggQq5bSOjgqpu9DisFDepzY3u
gPEAnj9OAnyY6NkKhoDnupjsdmGYAXfg
=05N+
-----END PGP SIGNATURE-----

--Sig_/WK=EUyY1DYBg_Wb_2fzdYYq--

--===============3488492295538365023==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============3488492295538365023==--

