Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)
On Sun, May 21, 2017 at 10:37 AM, grarpamp wrote: >> remember that they took the relay because >> a *victim* contacted it, not because they think the "guyz behind the >> software" did. > > Civil sue them for stupid thinking / false arrest confiscation, > loss of service and use, public tarnishment, bad training, etc. > >>> what can be interesting for police by unpluging those >>> guards relays ? > > Nothing. Well, off topic, unless they were researching confirmation > or partitioning attacks. > >> Typically that's why cops choose not to bother Tor relays -- because >> they know there will be nothing useful. >> That's actually why the torservers.net people suggest *not* using disk >> encryption. Having no barriers makes it much easier for the police to >> realize that there's nothing useful to them. > > This falling over may perhaps not be preferred by operators who like to > create wins in the crypto war. You want police to go get their warrants, > waste their time and money, just to prove nothing upon decrypt... > then you have higher recorded, thus marketable, percent of nothing > found among all forced decrypt cases. Instead of closer to 100% > of such cases just confirming already forgone criminal cases. > Having higher barriers and costs and demonstrably less fruit > ratio can make such seizures more unlikely in first place. Can they force an operator to decrypt, if he lives in other country which is non-US and non-EU (e.g. Russia or China)? Does it make sense to run nodes in countries you don't live in or visit? What happens if an operator themselves is anonymous? -- Best regards, Boris Nagaev ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)
> remember that they took the relay because > a *victim* contacted it, not because they think the "guyz behind the > software" did. Civil sue them for stupid thinking / false arrest confiscation, loss of service and use, public tarnishment, bad training, etc. >> what can be interesting for police by unpluging those >> guards relays ? Nothing. Well, off topic, unless they were researching confirmation or partitioning attacks. > Typically that's why cops choose not to bother Tor relays -- because > they know there will be nothing useful. > That's actually why the torservers.net people suggest *not* using disk > encryption. Having no barriers makes it much easier for the police to > realize that there's nothing useful to them. This falling over may perhaps not be preferred by operators who like to create wins in the crypto war. You want police to go get their warrants, waste their time and money, just to prove nothing upon decrypt... then you have higher recorded, thus marketable, percent of nothing found among all forced decrypt cases. Instead of closer to 100% of such cases just confirming already forgone criminal cases. Having higher barriers and costs and demonstrably less fruit ratio can make such seizures more unlikely in first place. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)
On Sun, May 21, 2017 at 09:12:39AM +0200, Petrusko wrote: > What will they find ? > A Debian who ask a password to unlock the system, or it will stop booting ? > Yeah, if police can read the system entirely, it looks like impossible > to find something about the guyz behind the wannacry software ? Correct. Not only that, but remember that they took the relay because a *victim* contacted it, not because they think the "guyz behind the software" did. > Tor is not logging anything else than informations about uptimes/nb > connections... what can be interesting for police by unpluging those > guards relays ? Typically that's why cops choose not to bother Tor relays -- because they know there will be nothing useful. But every so often there's a new cop that doesn't understand the Internet and just wants to collect all the computers at the IP addresses on his list. Hard to teach them all. > @aeris, do they ask you to uncrypt the volume ? (good luck to you...) > What can be the best ? Uncrypt the relay to help police when asking, > when this relay is only a relay and storing nothing else ? That's actually why the torservers.net people suggest *not* using disk encryption. Having no barriers makes it much easier for the police to realize that there's nothing useful to them. See also point two of https://blog.torproject.org/blog/trip-report-tor-trainings-dutch-and-belgian-police --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)
Hey, A random website (French speaking) about this unplug... https://www.nextinpact.com/news/104302-wannacrypt-nuds-tor-saisis-par-autorites-francaises.htm What will they find ? A Debian who ask a password to unlock the system, or it will stop booting ? Yeah, if police can read the system entirely, it looks like impossible to find something about the guyz behind the wannacry software ? Tor is not logging anything else than informations about uptimes/nb connections... what can be interesting for police by unpluging those guards relays ? @aeris, do they ask you to uncrypt the volume ? (good luck to you...) What can be the best ? Uncrypt the relay to help police when asking, when this relay is only a relay and storing nothing else ? I : > Did he not mean that it is well run yet did dopey things such as giving > outgoing ip address to the police which made no sense? > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)
Sure it makes sense. Here, these IPs are the bad guys, we found them, call the police. Ticket closed. Congratulation from some clueless CTO for the awesome and fast work. End of story. niftybunny ab...@to-surf-and-protect.net Where ignorance is bliss, 'Tis folly to be wise. Thomas Gray > On 21. May 2017, at 02:49, I wrote: > > Did he not mean that it is well run yet did dopey things such as giving > outgoing ip address to the police which made no sense? > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)
Did he not mean that it is well run yet did dopey things such as giving outgoing ip address to the police which made no sense? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)
Hi What was OVH reaction to this? Has your account been banned from using their services etc? Utterly pathetic move by the French company - its their own fault On 20 May 2017, at 16:20, aeris wrote: >> Could you please share some more information about the incident? > > From what I know and what I can speak about : > > A big and sensible French company was infected with Wannacry this 12/05. > After infection Wannacry starts a Tor client to join it C&C behind a .onion > address. And so connect to guard nodes (possibly bridges, directory > authorities and fallback directories can be affected too, or any Tor nodes > which can be joined directly by standard Tor client). > Sys admin of the infected company just flag all unknown *OUTGOING* traffic as > evil and report corresponding IP to cops. Which seized servers of big french > providers (OVH & Online at this time) on this list the 13 and 14/05. > > Regards, > -- > Aeris > Individual crypto-terrorist group self-radicalized on the digital Internet > https://imirhil.fr/ > > Protect your privacy, encrypt your communications > GPG : EFB74277 ECE4E222 > OTR : 5769616D 2D3DAC72 > https://café-vie-privée.fr/ > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)
On Saturday, 20 May 2017 17:31:25 CEST Anders Andersson wrote: > On Sat, May 20, 2017 at 5:20 PM, aeris wrote: > >> Could you please share some more information about the incident? > > > > From what I know and what I can speak about : > > > > A big and sensible French company was infected with Wannacry this 12/05. > > Sounds like you meant to write either "sensitive" or "insensible". > Sensible is not the word I would use to describe this company! :) Yes, 'sensible', like 'actually' and 'eventually', is a "false friend" whose meaning in English is different from that in just about every other European language (but the other languages are consistent with each other e.g. 'sensible' in French and 'sensibel' in German have the same meaning), which sometimes leads to confusion. Even more confusingly, 'insensible' is not the opposite of 'sensible' but rather means either 'imperceptible' or 'unconscious'. signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)
On Sat, May 20, 2017 at 5:20 PM, aeris wrote: >> Could you please share some more information about the incident? > > From what I know and what I can speak about : > > A big and sensible French company was infected with Wannacry this 12/05. Sounds like you meant to write either "sensitive" or "insensible". Sensible is not the word I would use to describe this company! :) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)
> Could you please share some more information about the incident? From what I know and what I can speak about : A big and sensible French company was infected with Wannacry this 12/05. After infection Wannacry starts a Tor client to join it C&C behind a .onion address. And so connect to guard nodes (possibly bridges, directory authorities and fallback directories can be affected too, or any Tor nodes which can be joined directly by standard Tor client). Sys admin of the infected company just flag all unknown *OUTGOING* traffic as evil and report corresponding IP to cops. Which seized servers of big french providers (OVH & Online at this time) on this list the 13 and 14/05. Regards, -- Aeris Individual crypto-terrorist group self-radicalized on the digital Internet https://imirhil.fr/ Protect your privacy, encrypt your communications GPG : EFB74277 ECE4E222 OTR : 5769616D 2D3DAC72 https://café-vie-privée.fr/ signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)
Hi, aeris: > Currently, my server hosting kitten1 and kitten2 (tor guard and fallback > directory) is under seizure since 14/05 11h. Sorry to hear that! Could you please share some more information about the incident? Thanks, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get&search=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)
>> I don't know any context or background but if you fear this could happen >> to you again, I recommend to use tor's OfflineMasterKey feature (without >> copying the master key to the server) with a short keylifetime (i.e. 7 >> days), especially if it is a fallback dir >> (which requires a tor source code change to remove it). > > Thanks for this feature, I don't know it ! If you want to use it you likely want to automate that especially with a keylifetime of < 30days because copying around files manually every week is no fun. ansible-relayor does that out of the box for you ;) https://github.com/nusenu/ansible-relayor >> Could you also confirm the relay fingerprints (in addition to the >> nicknames)? > > kitten1 86E78DD3720C78DA8673182EF96C54B162CD660C > kitten2 2EBD117806EE43C3CC885A8F1E4DC60F207E7D3E thanks for the fingerprints. Did you shutdown kitten3/4 (yoda.imirhil.fr) 3F5D8A879C58961BB45A3D26AC41B543B40236D6 6FB38EB22E57EF7ED5EF00238F6A48E553735D88 yourself? (last seen Monday 2017-05-15 11:00) or did Online SAS cancel this second VPS after the first one got seized? thanks, nusenu -- https://mastodon.social/@nusenu https://twitter.com/nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)
> I don't know any context or background but if you fear this could happen > to you again, I recommend to use tor's OfflineMasterKey feature (without > copying the master key to the server) with a short keylifetime (i.e. 7 > days), especially if it is a fallback dir > (which requires a tor source code change to remove it). Thanks for this feature, I don't know it ! > Could you also confirm the relay fingerprints (in addition to the > nicknames)? kitten1 86E78DD3720C78DA8673182EF96C54B162CD660C kitten2 2EBD117806EE43C3CC885A8F1E4DC60F207E7D3E Regards, -- Aeris Individual crypto-terrorist group self-radicalized on the digital Internet https://imirhil.fr/ Protect your privacy, encrypt your communications GPG : EFB74277 ECE4E222 OTR : 5769616D 2D3DAC72 https://café-vie-privée.fr/ signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)
> Currently, my server hosting kitten1 and kitten2 (tor guard and fallback > directory) is under seizure since 14/05 11h. > Private key are under encrypted volume and may be protected, but please > revoke > immediatly kitten1 & kitten2 tor node. > Those nodes are also fallback directory. I don't know any context or background but if you fear this could happen to you again, I recommend to use tor's OfflineMasterKey feature (without copying the master key to the server) with a short keylifetime (i.e. 7 days), especially if it is a fallback dir (which requires a tor source code change to remove it). Could you also confirm the relay fingerprints (in addition to the nicknames)? thanks, nusenu -- https://mastodon.social/@nusenu https://twitter.com/nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)
On Mon, May 15, 2017 at 12:21:36PM +0200, aeris wrote: > Currently, my server hosting kitten1 and kitten2 (tor guard and fallback > directory) is under seizure since 14/05 11h. > Private key are under encrypted volume and may be protected, but please > revoke > immediatly kitten1 & kitten2 tor node. > Those nodes are also fallback directory. Thanks Aeris. I've already revoked those two fingerprints on moria1, after we talked in irc. The other directory authorities will revoke them when they update and/or notice. --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)
Dear Tor Project, Currently, my server hosting kitten1 and kitten2 (tor guard and fallback directory) is under seizure since 14/05 11h. Private key are under encrypted volume and may be protected, but please revoke immediatly kitten1 & kitten2 tor node. Those nodes are also fallback directory. Regards, -- Aeris https://imirhil.fr/ Protégez votre vie privée, chiffrez vos communications GPG : EFB74277 ECE4E222 OTR : 5769616D 2D3DAC72 https://café-vie-privée.fr/ signature.asc Description: This is a digitally signed message part. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays