[Tor2web-talk] CryptoLocker: How to best deal with them?

[Fabio Pietrosanti - lists]

That's an example of CryptoLocker blackmailing page
http://kpai7ycr7jxqkilp.onion/

>From abuse at cogenco.com http://paytordmbdekmizq.onion, including a vanity
name!

I understand that adding blocks may increase our liability, but given
the widespread of cryptolocker blackmailing people, the "seriousness" of
the abuse create a threat to the Tor2web server sustainability.

Now there's an exchange in progress with the ISPs, because sounds like
that some abuse department, didn't properly reported the "offending
URL", so one server has been taken down.

It would be nice to have very short term fixes, like fixing just
cryptolocker blocking with a couple of hard-coded signatures?

I also definitively agree that such an "improved" abuse reporting system
would be useful, we probably need improvements to most of the web-pages.

We've been brainstorming to implement something like that, to provide
very useful information, explaining everything possible, what do you think?
https://docs.google.com/document/d/1cbXZbDKwgePsWToXfxmlko5CHPLmMOONBkbxbxQh1Zg/edit?usp=sharing

Fabio

On 11/5/14 11:31 PM, Virgil Griffith wrote:
>
> If they keep changing their hidden service ID it's going to be hard to do.
>
> Doing something proactive mildly increases our legal liability in
> future.  Perhaps a more formal system of people submitting abusive
> URLs so that they can be blocked by us directly from a browser-based
> admin interface.
>
> On Nov 5, 2014 2:01 PM, "Fabio Pietrosanti - lists"
> <lists at infosecurity.ch <mailto:lists at infosecurity.ch>> wrote:
>
>     Hi all,
>
>     sounds like the CryptoLocker is causing some major issue to Tor2web,
>     with takedown and hardcore abuses to/from ISPs.
>
>     Now, what's the best strategy to deal with them?
>
>     They change quite often the TorHS, so it doesn't work to filter
>     them all
>     using current blocklist.
>
>     We may look for implementing content filtering based on Regexp
>     https://github.com/globaleaks/Tor2web-3.0/issues/151 , but it may have
>     some important performance issue (and cryptolocker guys would
>     anyway try
>     to bypass it).
>
>     So, from a real-world perspective, ideas on how to better deal
>     with such
>     issue?
>
>     --
>     Fabio Pietrosanti (naif)
>     HERMES - Center for Transparency and Digital Human Rights
>     http://logioshermes.org - http://globaleaks.org -
>     http://tor2web.org - http://ahmia.fi
>
>
>     _______________________________________________
>     Tor2web-talk mailing list
>     Tor2web-talk at lists.tor2web.org <mailto:Tor2web-talk at lists.tor2web.org>
>     http://lists.globaleaks.org/mailman/listinfo/tor2web-talk
>
>
>
> _______________________________________________
> Tor2web-talk mailing list
> Tor2web-talk at lists.tor2web.org
> http://lists.globaleaks.org/mailman/listinfo/tor2web-talk

-- 
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org - http://ahmia.fi

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.globaleaks.org/pipermail/tor2web-talk/attachments/20141106/38d1c4a1/attachment.html>