[liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud
Kyle Maxwell
kylem at xwell.org
Mon Aug 5 19:08:49 PDT 2013
According to THN[0] and several linked supporting sites from there
(particularly notable are analyses from Kenneth Buckler[1] and Vlad
Tsyrklevich[2]), the payload delivered the MAC address and Windows
hostname to 65.222.202.54[3]. I've read in public sources that that
address is assigned to SAIC but I have not seen any hard data on that.
[0]: http://thehackernews.com/2013/08/Firefox-Exploit-Tor-Network-child-pornography-Freedom-Hosting.html
[1]: https://code.google.com/p/caffsec-malware-analysis/source/browse/trunk/TorFreedomHosting/
[2]: http://tsyrklevich.net/tbb_payload.txt
On Mon, Aug 5, 2013 at 8:22 PM, <liberationtech at lewman.us> wrote:
> On Mon, Aug 05, 2013 at 06:18:02PM -0400, rjc at privacymaverick.com wrote 0.6K bytes in 0 lines about:
> : Does anybody have any indication on how the alleged operator of
> : Freedom Hosting was identified. Everybody seems to be focusing on
> : the javascript exploit but from what I've read, it appears that was
> : placed on the server after the alleged operator was taken down and
> : the operation compromised, or is my timing off?
>
> This is far more interesting to me than anything else. I've been
> wondering the same thing.
--
@kylemaxwell
More information about the liberationtech
mailing list