Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

Tormail servers pwned by"FBI" during FH bust

To stay ahead of new and evolving threats, cryptostorm has always looked out past standard network security tools. Here, we discuss and fine-tune our work in bringing newly-created capabilities and newly-discovered knowledge to bear as we keep cryptostorm in the forefront of tomorrow's network security landscape.
User avatar

Topic Author
Baneki
Posts: 49
Joined: Wed Jan 16, 2013 6:22 pm
Contact:

Tormail servers pwned by"FBI" during FH bust

Postby Baneki » Tue Jan 28, 2014 11:15 am

{direct link: tormail.cryptostorm.org}


FBI has cloned an entire Tormail server
It knows what you did last summer
By Chris Merriman | Mon Jan 27 2014, 17:18


AMERICAN TERRORISM FIGHTER the US Federal Bureau of Investigation (FBI) has a complete copy of a Tormail server and is using it in investigations.
Users of Tormail, a service that offered encrypted email, had its data copied late last year after the FBI successfully obtained a warrant as part of an investigation of child pornography.

However, it has now emerged that the FBI kept the data and is using it to investigate other unrelated crimes.

Tormail's privacy and anonymity was such that it is often used by visitors to the so-called "Dark Web", a hidden part of the internet that has at times been used for illegal activity.

Court papers filed in relation to a credit card fraud case show that the FBI evidence was built on information gained from the original seizure, taken as part of investigations into Freedom Hosting, a company specialising in anonymous hosting avaiable only over The Onion Router (TOR) anonymity protocol.

Websites hosted by Freedom Hosting end in the suffix .onion and allegedly have supported trade in child pornography, illegal drugs and other contraband.

According to Wired, Tormail remains defiant with a message on its home page reading, "We have no information to give you or to respond to any subpoenas or court orders. Do not bother contacting us for information on, or to view the contents of a Tormail user inbox, you will be ignored."

User avatar

Topic Author
Baneki
Posts: 49
Joined: Wed Jan 16, 2013 6:22 pm
Contact:

Wired reiterated blown FBI cover story - wtf?

Postby Baneki » Tue Jan 28, 2014 11:31 am

Wired, via Kevin Poulsen, has also written on this topic. Inexplicably, they're continuing to parrot the discredited "FBI did Torsploit" storyline... even after Snowden's leaks put a stake in the heart of that particular lie. Bizarre.

Our comment in reply:

The #Torsploit attack, which Kevin points out has no precedent in the history of FBI activities, matches to the letter the Tor attack scenarios pioneered by the NSA - attacks documented in black and white, thanks to Snowden, and thus impossible to sugarcoat entirely.

In sum, #Torsploit made use of NSA toolsets & the FBI was only a frontman-patsy for the technical attack. Now, of course, the NSA has been hidden in the shadows so everyone can pretend it was the "FBI" that was running this unprecedented attack on hidden services.

It wasn't, of course - it was the NSA. We even have the documents, courtesy Snowden, to show it:
viewtopic.php?f=14&t=3703

What's still mysterious is why folks find the need to continue the charade that the "FBI" is behind this, at a technological level. It's silly, and overtly disproven by direct documentary evidence. Yes, that's the cover story being spooned out by the United States of NSAmerica... it's bullshit, it's known to be bullshit, and it's not even credible bullshit at this point - thanks to Snowden.

For those of us who exist on the front lines of OpSec & tech security on a day-to-day basis, this is a major distinction - life and death, in some cases. It might seem pedantic to a journalist retired from the frontlines - but that's not the case for everyone.

Wired has never been known to be a font of U.S. disinformation previously... but, in this case, it's hard to see another cogent explanation for the continued, pandering effort to sell this "FBI" storyline in the face of uncontested documentary disconfirmation.

~ Baneki Privacy Labs

User avatar

Topic Author
Baneki
Posts: 49
Joined: Wed Jan 16, 2013 6:22 pm
Contact:

h/t @BrianKrebs

Postby Baneki » Tue Jan 28, 2014 11:58 am

Here's a link to the original reporting on the underlying story of a carder ring in Florida that's serving as convenient front for, err "was the way the FBI first got access to" (according to the Fed disinfo), the NSA/FBI fishing expedition within the Tormail data:

http://krebsonsecurity.com/2014/01/feds ... card-shop/


cryptostorm_ops
ForumHelper
Posts: 104
Joined: Wed Jan 16, 2013 9:20 pm
Contact:

Re: Tormail servers pwned by"FBI" during FH bust

Postby cryptostorm_ops » Tue Jan 28, 2014 1:02 pm

Roberson, Sean Complaint.pdf
(12.6 MiB) Downloaded 834 times

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re: Tormail servers pwned by"FBI" during FH bust

Postby Pattern_Juggled » Tue Jan 28, 2014 10:41 pm

Note dates, in regards to Torsploit & the publicly-pushed version of same from last August...

TorsploitTormail.png
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

Topic Author
Baneki
Posts: 49
Joined: Wed Jan 16, 2013 6:22 pm
Contact:

Re: Tormail servers pwned by"FBI" during FH bust

Postby Baneki » Tue Jan 28, 2014 10:49 pm

Chilling data point from OHV; this was, in hindsight, a hell of a leak - had FH been watching closely, they could have used this datum to escalate their risk assessment of circumstances enormously - not to mention Tormail users (who unfortunately didn't know their data was stored on a cheap dedi with a spam-friendly colo in France)...


English translation:
29/07/2013, 19h22
The new contract dedicated server

Hello,

We update the contract dedicated server

to change the rules of use: - Since the introduction of anti-DDoS protection we allow hosting camfrog server on our network. We have the infrastructure to deal with these attacks is some size, duration or type of attack. contrast, in recent months, we have had several legal cases related to the use of several discrete networks the case of pedo and will now ban as well as all systems anonymization. This increases the fraudulent use of our network and the number of legal requisition monthly result on Contract: Clause 7.5 evolves. - We evolve ways and tools to fight against spam is generated by our network. We are working on a system that can block an IP that spamming before it sends spam too and do blacklisted. The work will take a few weeks, but the contract already explains what we will do, how and when. Impact on Contract: - deleting spam provisions in Article 7 - new article 8: Measures to fight against the spamming from OVH network - We just upgrade our network and 5Tbps we evolved bandwidth limitations by servers. Consequence on Contract: Removing old Article 8 on the bandwidth - We will go free BETA protections against attacks. The anti-DDoS service allows you to protect and improve the availability of your infrastructure. Consequence on Contract: - New Article 9: Mitigation (measures against ddos attacks and backs) - The new range of KS offers personal servers . As such, we prohibit resale and we limit ourselves to 3 servers per person or entity. For this type of use, there is no need for more servers, and if there is need, we must go to the SP range is now available especially Also, KS is available only for citizens of the EU. For all other countries, ie outside of Europe, we offer the SP / EG / MG / HG. Consequence on Contract: Amendment Annex 1 on the OVH range integration ban resale, limited to nationals EU ( the particulars of the order). More: http://www.ovh.com/fr/support/docume...dedie_2013.pdf When connecting to the manager, you have the invitation to accept the new contract with the diff between your old contract and the new. The old contract runs until the renewal date and you will have to accept the new contract at renewal or before you enter the manager. This is common sense measures that prevent the abuses that can jeopardizing supply for technical reasons as economic. Sincerely Octave


The original French:
29/07/2013, 19h22
Le nouveau contrat de serveur dedie

Bonjour,

Nous mettons à jour le contrat de serveur dédié
pour évoluer les règles d'utilisation:

- Depuis la mise en place de protection anti-DDoS
nous autorisons l'hébergement de serveur camfrog
sur notre réseau. Nous avons les infra pour faire
face à ces attaques quelques soit la taille, la
durée ou le type de l'attaque.
A l'opposé, depuis quelques mois, nous avons eu
plusieurs affaires juridiques lié à l'utilisation
de plusieurs réseaux TOR dans le cas de la pedo
et on va désormais l'interdire au même titre que
tous les systèmes d'anonymisation. Cela augmente
l'utilisation frauduleuse de notre réseau et le
nombre de réquisition juridique chaque mois

Conséquence sur le contrat:
La clause 7.5 évolue.

- Nous évoluons la manière et les outils pour lutter
contre le spam qui est génère par notre réseau.
Nous travaillons sur un système qui permet de
bloquer une IP qui spamme avant qu'elle n'envoie
trop de spams et se fasse blacklistée. Les travaux
vont prendre encore quelques semaines, mais le
contrat explique déjà ce que nous allons faire,
comment et quand.

Conséquence sur le contrat:
- suppression dispositions relatives au spam dans l'article 7
- nouvel article 8 : Mesures de lutte contre l'envoi de spam
depuis le réseau OVH

- Nous venons d'upgrader notre réseau à 5Tbps et
nous avons évolué les limitations de bande passante
par serveurs.

Conséquence sur le contrat:
Suppression ancien article 8 relatif à la Bande passante

- Nous allons passer en BETA gratuit les protections
contre les attaques. Le service anti-DDoS vous permet
de se protéger et améliorer la disponibilité de vos
infrastructures.

Conséquence sur le contrat:
- Nouvel article 9 : Mitigation (mesures de lutte contre
les attaques dos et ddos)

- La nouvelle gamme de KS propose les serveurs personnels.
A ce titre, nous interdisons leur revente et nous
limitons à 3 serveurs par personne physique ou morale.
Pour ce type d'utilisation, il n'y a pas besoin de plus
de serveurs, et s'il y a besoin, il faut passer sur la
gamme SP qui est désormais particulièrement accessible
Aussi, le KS est disponible uniquement pour les ressortissants
de l'UE. Pour tous les autres pays, c'est à dire hors
de l'Europe, nous proposons le SP/EG/MG/HG.

Conséquence sur le contrat:
Modification annexe 1 relative à la gamme Kimsufi
Intégration interdiction revente, limitée aux ressortissants
UE (les mentions de la commande).

En savoir plus:
http://www.ovh.com/fr/support/docume...dedie_2013.pdf

Lors de la connexion dans le manager, vous avez l'invitation
à accepter le nouveau contrat avec le diff entre votre
ancien contrat et le nouveau. L'ancien contrat court jusqu'à
la date de renouvellement et vous allez devoir accepter le
nouveau contrat lors du renouvellement ou avant si vous
entrez dans le manager.

Il s'agit de mesures de bon sens qui permettent d'éviter
les abus qui peuvent remettre en cause l'offre pour de
raisons techniques comme économiques.

Amicalement

Octave



Screenshot, as of 12:46pm EST 28 January 2014 (because we learned the hard way...):
OHV.png

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

OVH's "advanced security incident" 31 July 2013

Postby Pattern_Juggled » Sun Feb 02, 2014 9:23 am

The plot thickens...
(h/t @lamoustache for this lead):

tormail_ovh.png
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f


Return to “cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity”

Who is online

Users browsing this forum: No registered users and 1 guest

Login