Hidden Services, Current Events, and Freedom Hosting

Around midnight on August 4th we were notified by a few people that a large number of hidden service addresses have disappeared from the Tor Network. There are a variety of rumors about a hosting company for hidden services: that it is suddenly offline, has been breached, or attackers have placed a javascript exploit on their web site.
A Hidden service is a server – often delivering web pages – that is reachable only through the Tor network. While most people know that the Tor network with its thousands of volunteer-run nodes provides anonymity for users who don´t want to be tracked and identified on the internet, the lesser-known hidden service feature of Tor provides anonymity also for the server operator.
Anyone can run hidden services, and many do. We use them internally at The Tor Project to offer our developers anonymous access to services such as SSH, IRC, HTTP, and our bug tracker. Other organizations run hidden services to protect dissidents, activists, and protect the anonymity of users trying to find help for suicide prevention, domestic violence, and abuse-recovery. Whistleblowers and journalists use hidden services to exchange information in a secure and anonymous way and publish critical information in a way that is not easily traced back to them. The New Yorker's Strongbox is one public example.
Hidden service addresses, aka the dot onion domain, are cryptographically and automatically generated by the tor software. They look like this http://idnxcnkne4qt76tg.onion/, which is our torproject.org website as a hidden service.
There is no central repository nor registry of addresses. The dot onion address is both the name and routing address for the services hosted at the dot onion. The Tor network uses the .onion-address to direct requests to the hidden server and route back the data from the hidden server to the anonymous user. The design of the Tor network ensures that the user can not know where the server is located and the server can not find out the IP-address of the user, except by intentional malicious means like hidden tracking code embedded in the web pages delivered by the server. Additionally, the design of the Tor network, which is run by thousands of volunteers, ensures that it is impossible to censor or block certain .onion-addresses.
The person, or persons, who run Freedom Hosting are in no way affiliated or connected to The Tor Project, Inc., the organization coordinating the development of the Tor software and research. In the past, adversarial organizations have skipped trying to break Tor hidden services and instead attacked the software running at the server behind the dot onion address. Exploits for PHP, Apache, MySQL, and other software are far more common than exploits for Tor. The current news indicates that someone has exploited the software behind Freedom Hosting. From what is known so far, the breach was used to configure the server in a way that it injects some sort of javascript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect user's computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based. We're investigating these bugs and will fix
them if we can.
As for now, one of multiple hidden service hosting companies appears to be down. There are lots of rumors and speculation as to what's happened. We're reading the same news and threads you are and don't have any insider information. We'll keep you updated as details become available.

EDIT: See our next blog post for more details about the attack.

Seth Schoen

August 06, 2013

Permalink

ok since i can not find anyother interactive forum on the topic right now i'll ask here, for 2 days now the only .onion link i can get to work is the one to tor homepage at the begining of this thread, anybody know whats going on, or where else i might look for info about this? i will check back in a little while

Seth Schoen

August 06, 2013

Permalink

Come on, if it only had as target window$' users, so this so "called" attack targeted noobs. It was more a homework done by the "FBI hackers" than a serious real life job.

Seth Schoen

August 06, 2013

Permalink

Well, tor hidden services(most of em) are officially compromised, so no one should use them. Any of those websites could have been hacked and maybe sending you more exploits. You guys couldn't even identify that there was an exploit until those sites went down. And the fact that tor exit nodes are blocked by most websites makes tor utterly useless for the common folk. The worse of it is the fact that tormail went down. If their data centers are in US or EU jurisdiction, they and all their users are pretty much f**ked. Adios to tor, it creates more problems than it solves. *deletes tbb*

Seth Schoen

August 06, 2013

Permalink

This is long overdue and welcomed news. As much as people play the privacy card, the truth is most of these hidden services are for illegal purposes. Freedom Hosting was basically a pedophile site in disguise with TOR being the enabler. Good riddance to the site and I could care less if TOR suffers bad publicity.

People who value safety over freedom, deserve neither. Usually they don't get them either. Better hope you don't find yourself in the situation where something you were born as is as heavily persecuted, or you may well be grateful for a few shadows to hide in.

Credit the NSA?

Why not credit Hitler, Stalin, Mao, and Pol Pot, while you are at it?

What NSA is helping to prepare for America, and the world, will be many times worse than all of them combined.

Total Information Awareness is total power, which is total control, which is total tyranny. No good can, or will come of it, but untold misery and death will.

No government, human being, or group of human beings deserves that kind of power, and history shows it WILL be abused, to the greatest extent possible, if allowed to.

The right to privacy does not exist to protect the guilty, but to protect the innocent, and to limit the power of government and other criminal operations.

You may have nothing to hide, but everyone has something to protect, and the right to privacy is required to do so.

Seth Schoen

August 07, 2013

Permalink

1) Use GNU/Linux
2) Disable Javascript
3) Use a VPN over Tor
4) Fuck you Big Brother

Seth Schoen

August 07, 2013

Permalink

Does this affect only Windows computers? OR should Ubuntu Linux users format their computers?

Seth Schoen

August 07, 2013

Permalink

Please help.
If someone had not updated TOR since May (can be difficult in some countries/situations).
That someone had incriminating evidence on there tormail, evil government (I mean truly evil). Would you suggest something please.
Example that it is known that USA send info to there "friends" regardless if they are fair or not.
Someone please say if my mail is likely taken please.

Yes CATS team owned TorMail. What you should do:
1) Stay calm, drink some tee or beer, sit and try to remember if you somehow revealed YOUR real identity while using TM? This is very important!

2)
a) SO if YES, then it is bad, and you should prepare resonable answers+contact people who is competent in your local law.
b) If NO, you should take serious position, NEVER,NEVER even under pressure NEVER confirm your connection with that TM account. Even if they show you your hunted IP/HOSTNAME/MAC data.

3) Wipe your computer, better buy a NEW one, if your network hardware is PCI/USB based, destroy it.

P.s You can enforce point b) by default, but I assume this wont help you, as evindence may be too reliable like if they put you on record (traffic,phone,even real life), if you are from NATO country, be sure they will.

Under the circumstances it would be stupid and naive to think your TorMail contents are safe in any way. It's impossible to say who exactly has control of them, but those people are not likely to be your friends.

Seth Schoen

August 07, 2013

Permalink

I just want to know how the hell supposedly "hidden" tor onion servers could be specifically targeted and infected. Perhaps they aren't really "hidden" at all.

Why does no one seem to care about that issue, and its ramifications?

After all, if the servers had not been planted with the bug, then we wouldn't even be here having this conversation.

Who will want to use Tor "hidden" services when it looks like they might not be so "hidden" after all?

Yea. This is an excellent question.

Apparently Anonymous (the group) was able to hack that particular server a couple of years ago and remove cp content. The admin put it back and updated the site's security. So this is not the first time that that particular server has been compromised.

Since Freedom Hosting was indeed a hosting service, any users could upload content to the server. I guess that - the ability to place potentially malicious content on a server - is a natural weakness but I've read nothing to say that was done.

If Tor Project would run the Mail service the Tor Project could be forced to censor the service or it may be unlawful at all in their countries, as FH seems to be in prison for very much the same service.
If Tor Project would otherwise hide the location, company is already under the enormous personal pressure even if in their country such uncensored service could be lawful (which I think is not) and such service could harm the Tor software projects development even more.

Better look for the company from the country where they could at least have a time to warn publicity and decide to purge the data if they would be confronted and tried to be forced by surveillance, which I think could be forbidden in USA and EU now at all. Better to find a country where the company would not face prison so the cooperation would not be considered.
Maybe a trusted company in some country without the extradition conventions or with less is less dangerous for all than anonymous hoster
that is going to face more prison years than??? and distributed the exploit to all these people which are awaiting the same because he was running anonymous uncensored hosting in the country where it seems to be illegal

oh shit, these people might even do legally in their country and couldn't even know that the FH servers were used or be illegal elsewhere but they would be inspected etc. and then they could face the foreign laws for what they have done according to the database, maybe during tourism, maybe captured at home, what kind of stinky USSR 2.0 it turned to be

Anybody has the list of FH sites so they could be avoided if they suddenly became awake again?

The FH admin was behind Onion Bank. He could also have been behind Tor Mail. Notice the similarity in name structure? "Tor Mail"? "Onion Bank"? If Tor Mail reappears there is no way you could know if it was run by LEA. If they restore with your account intact you will know for sure they are NSA/LEA honeypot.

Seth Schoen

August 08, 2013

Permalink

It will be interesting to see how this plays out in US Courts considering the Communications Decency Act says FH's admin would not be responsible. You and I both know that FH admin knew about the content and condoned it, and I'd like to see him do 30 years in jail... but the feds will have to go up against their own law to gain a conviction.

30 years in jail for pictures he didn't even produce nor upload anywhere? You americans are really phobic about sex at almost a laughable level, especially considering that "the children" are your last thought when it comes to shoot, torture (both psychologically and physically) or trial them like adults.

Seth Schoen

August 08, 2013

Permalink

ALERT!: independent email provider forced to shutdown before betraying user's Constitutional rights:
---------------------------------------------------------------------------------------
August 8, 2013
My Fellow Users,

I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on--the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.
What’s going to happen now? We’ve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.
This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.

Sincerely,
Ladar Levison
Owner and Operator, Lavabit LLC
http://lavabit.com/
----------------------------------------------------------------------------------------------------

Seth Schoen

August 08, 2013

Permalink

wate so these websites will never be online again? & also what about our things we were signed up to toe cops gunna see every thing :( FUCK!

Seth Schoen

August 08, 2013

Permalink

If I had Js disable from the browser TBB old version but not disable in Noscript am I vulnerable?

Seth Schoen

August 08, 2013

Permalink

I was on a board on FH , with this script they can know only I was at that board or even which post I have sent? Please clarify me this.

Seth Schoen

August 09, 2013

Permalink

I’ve been watching this discussion closely over the past few weeks and I am confused as to the nature of the Freedom Host servers being Identified (Traced to physical address). I know everyone has been talking about child Porn sites and the JavaScript exploit but has anyone considered how these servers were traced. I know that the Guy was accepting Bitcoins donations and may have been involved with the Onion Bank but could it really be that simple? Could Bitcoins be traced to a real World Bank account and therefore a real person? I noticed that more and more sites, legal and otherwise are accepting Bitcoins lately and I can’t help but think that this could be a major risk factor to the Anonymity of this community. And now this morning I see that LavaBit has pulled down the shutters rather than allow US Government access to its systems (http://www.theguardian.com/technology/2013/aug/08/lavabit-email-shut-do…). It’s hard not to think that this is all a concerted effort by NSA / Government attempts to attack and shut down the entire Anonymity Community and the services that it offers to the world.

More questions than Answers.

Undoubtedly the powers that be "followed the money". In one article they note how this guy transferred large sums of money to Romania.

Somewhere along the line, the guy had to take possession of his illgotten gains - and they were watching. After that - they nail him, he spills the beans and gives out passwords to the servers, they insert the exploit, and that's that.

Nobody has content_1.html? Wonder if that was a dead end, and versions under v17, and especially stand alone versions, got away? How would we know?

I read one place that all attempts to retrieve content_1.html failed. From some other things I read the code was quite obfuscated and small changes (fake earlier version perhaps) would make it fail completely. However you would think someone could just capture the entire conversion with a stock older browser.

Seth Schoen

August 10, 2013

Permalink

This is not about Child Porn, don't be silly, sadly, US doesn't give a f*ck about Child porn, they wanted Tormail, first Lavabit, now tormail, they are just, wow, mad. Incredible.

Seth Schoen

August 12, 2013

Permalink

With regard to hidden services, what about all that "we are prepared to replace any server taken offline..." mumbo jumbo? Was TOR just bluffing and the FBI called it? Where is the new hidden service to replace the one taken offline?

Then maybe Google, Yahoo, GoDaddy should read the minds of their millions of users who daily use their products for neafarious purposes. It's like saying the "Internet" should be cleaned up - keep dreaming.

Seth Schoen

August 12, 2013

Permalink

The bugs are in the hardware now, there is no privacy. Never was. Since day one, this whole last decade was about implementing monitors. The questions is wither or not your on the list of Freethinkers, Militants, or Domestic Terrorists. Long before Marshall Law or a War, all the "listed" people will be removed from the equation.

"Long before Marshall Law or a War, all the "listed" people will be removed from the equation."

Looks like you meant MARTIAL law.

(The Marshall PLAN, was the program of rebuilding Europe after WWII, named after U.S. Sec. of State George C. Marshall)

Seth Schoen

August 16, 2013

Permalink

Leaving Tor bundle 'wide open' when you install it was a gift to the Nazi Spy Agency.

An anonymity software that betrays its users identity because it comes out of the box with javascript switched on is asking to be compromised.

Obviously or deliberately stupid.

Is it "user friendly" for anonimty software to NOT be anonymous ?

Moving to another system http://code.google.com/p/phantom/

Actually, the principle employed in this exploit is based on the note in the phantom paper, p. 65, note 3 under weaknesses.

Seth Schoen

August 17, 2013

Permalink

Somebody needs to get word to Mr. Marques attorney: The FBI/USDOJ has lied to the Irish Courts. They've been after TorMail since Wikileaks started, and they accelerated their efforts after Edward Snowden popped up. TorMail is also hosted by Freedom Hosting. They've been networking with the usual anonymous vigilante cowards for years/months to upload the illegal material to the servers so it looks good on paper and they could file false charges for extradition. Mr. Marques had little if any control over the material uploaded to the servers - that's how most Hosting systems work.