Delivery-Date: Thu, 20 Nov 2014 03:46:49 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id B84FB1E1000;
	Thu, 20 Nov 2014 03:46:47 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 0723032031;
	Thu, 20 Nov 2014 08:46:44 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 7011B3205A
 for <tor-talk@lists.torproject.org>; Thu, 20 Nov 2014 08:46:38 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id hBe2O1lMOFtJ for <tor-talk@lists.torproject.org>;
 Thu, 20 Nov 2014 08:46:38 +0000 (UTC)
Received: from mail-ig0-x235.google.com (mail-ig0-x235.google.com
 [IPv6:2607:f8b0:4001:c05::235])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 40C4D32031
 for <tor-talk@lists.torproject.org>; Thu, 20 Nov 2014 08:46:38 +0000 (UTC)
Received: by mail-ig0-f181.google.com with SMTP id l13so2641360iga.14
 for <tor-talk@lists.torproject.org>; Thu, 20 Nov 2014 00:46:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=o/dVslYvFo17hB6wnzm14OH25pLG5NC2zh499dfbNvI=;
 b=IbHqHx+VpE+V2Rf19QXQKikM9Fq+Gbml64XQkyatFXIpy4AJ2xCKYyyxyIEGULQAT6
 oRQtFxB/7WmWaZCW4JnXZs6xglT2fG68o1KQMcbv915llj6OA4nU+DqjTs974VvxKVR+
 GgJJtyLChVfM9MImY2vhTm0DyMP70s+dE3t6RaTuY5hImrrd2RI1VxhMvbsGjQ8CLbNF
 ggFHHhAC4QSTe1ys0d2wjxUxPU4+HPr+yN0BOzenlLAar2abvwLTnR9qbluK/8mwBjWG
 6IQaLkfQ4WaSu+hIuzwXlLQ9vvHMki8MoY4UtRcDR7aRj1xTpEHtVwav/SIPHdo+efSL
 Ksig==
MIME-Version: 1.0
X-Received: by 10.50.8.71 with SMTP id p7mr8378156iga.9.1416473195925; Thu, 20
 Nov 2014 00:46:35 -0800 (PST)
Received: by 10.107.160.78 with HTTP; Thu, 20 Nov 2014 00:46:35 -0800 (PST)
In-Reply-To: <CALmxuLbFH4YbD=9KtR46oBZ_Ti5Z5e=e78POBhQP4t_t-arnEA@mail.gmail.com>
References: <CAM95Lej7t8bWRzsTLGe6Egyxc81TtWNRKmOJ+kbg9mVn8Z5ueg@mail.gmail.com>
 <CAD2Ti29NrFLDVOQ0gvAqY7LAqiuFCcM_FBUF9dMpAk9A8hgq8A@mail.gmail.com>
 <CALmxuLbFH4YbD=9KtR46oBZ_Ti5Z5e=e78POBhQP4t_t-arnEA@mail.gmail.com>
Date: Thu, 20 Nov 2014 19:46:35 +1100
Message-ID: <CAM95Leh-o+MgNXWD5c1TJ_Eh_fW3LqJG0PDMQfzo+eLEN7nneg@mail.gmail.com>
From: Nik Cubrilovic <nikcub@gmail.com>
To: "tor-talk@lists.torproject.org" <tor-talk@lists.torproject.org>
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] 276 seized onion addresses from Operation Onymous
 identified - most are scam or clone sites
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Wednesday, 19 November 2014, IGNACIO GAGO PADRENY <igago@ucm.es> wrote:

> So it wasn't a DDoS attack? They just did it reverse style, instead of
> .onion->ip, they did ip-> .onion?
>
>
I'll have another post up about that soon, hopefully by early next week. We
have been speaking to a number of the administrators of seized sites to
work out what they had in common and what lead to them being discovered (on
that note, if you were or are the admin of a site that was seized and
haven't spoken to us yet, please get in touch - email, PGP and other
contact details are at https://www.nikcub.com/contact).

A large number of seized sites were IP -> onion,  some were onion -> IP,
but the method involved isn't a new groundbreaking Tor break or something
that can't be fixed with better documentation and awareness.

Apologies for being vague and teasing out the details, but want to be
certain before freaking people out or reassuring them.

If you're interested in details etc. as they come about follow along on
Twitter:

https://www.twitter.com/nikcub

Nik


-- 
Sent from Gmail Mobile
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

