[liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud

Tue Aug 6 07:18:58 PDT 2013

But, this is the Firefox / Tor Browser Bundle exploit.

The question is how FBI gained access to Freedom Hosting? What kind of 
exploits did they use?

Pavol

On Mon, Aug 05, 2013 at 09:08:49PM -0500, Kyle Maxwell wrote:
> According to THN[0] and several linked supporting sites from there
> (particularly notable are analyses from Kenneth Buckler[1] and Vlad
> Tsyrklevich[2]), the payload delivered the MAC address and Windows
> hostname to 65.222.202.54[3]. I've read in public sources that that
> address is assigned to SAIC but I have not seen any hard data on that.
> 
> [0]: http://thehackernews.com/2013/08/Firefox-Exploit-Tor-Network-child-pornography-Freedom-Hosting.html
> [1]: https://code.google.com/p/caffsec-malware-analysis/source/browse/trunk/TorFreedomHosting/
> [2]: http://tsyrklevich.net/tbb_payload.txt
> 
> On Mon, Aug 5, 2013 at 8:22 PM,  <liberationtech at lewman.us> wrote:
> > On Mon, Aug 05, 2013 at 06:18:02PM -0400, rjc at privacymaverick.com wrote 0.6K bytes in 0 lines about:
> > : Does anybody have any indication on how the alleged operator of
> > : Freedom Hosting was identified. Everybody seems to be focusing on
> > : the javascript exploit but from what I've read, it appears that was
> > : placed on the server after the alleged operator was taken down and
> > : the operation compromised, or is my timing off?
> >
> > This is far more interesting to me than anything else. I've been
> > wondering the same thing.
> 
> --
> @kylemaxwell
> --
> Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

-- 
______________________________________________________________________________
[Pavol Luptak, Nethemba s.r.o.] [http://www.nethemba.com] [tel: +421905400542]