Anonymous Hack Tor Sites?

Stiffler2

As the Title suggests the Hacking group Anonymous have hacked into Tor and taken down freedom hosting which was apparently hosting CP on Tor.

Fair play to Anonymous Group for doing this but begs the question how could they have hacked it if Tor is Anonymous.

The nature of Tor is that you can host a website using their hidden services option and generates a .onion address so the question I have is how did they do this if the packets on Tor are completely encrypted including not just the packet but the headers of the packet as well.

Link = http://www.thewhir.com/web-hosting-news/102411_Hacker_Group_Anonymous_Targets_Web_Hosting_Firm_Over_Child_Porn_Claims

Bear in mind the sites in Tor are not available on the open internet and does not work in the same way the internet does in terms of routing etc..

What I have gotten from this hack is that basically Tor is not anonymous and basically you can be tracked on it regardless of what Tor tell you or what you've heard.

If Anonymous can hack and tell where a website is being hosted from then simply put it's not anonymous

Thoughts ??

Gee Bag

Ya wha'?

Andy-Pandy

Is Tor not a publisher that specialises is fantasy books?

Where To

So how does this affect the ordinary joe soap?

danniemcq

Finally a topic everyone can support Anon on.

well apart from the paedos but their opinion doesn't count so all is good!

billymitchell

Anybody......

minidazzler

where do i go from here wrote: »

So how does this affect the ordinary joe soap?

It doesn't what they did is a good thing.

TBH OP, I have no clue how they did it, but these guys are anything but retards, they tend to know what they are doing.

MungBean

Well if the hacked into the original site then regardless of how anonymous the host was they would know it wouldnt they seeing as they be on it ?

Oranage2

I should propably pre-reg as oranage3 so nobody else takes it after the hack.

Orando Broom

Tor was a Superhero from South Roscommon, no?

Kasabian

As I haven't a clue what the OP is on about I am left with no option but to ask.

What is this about? Enlighten me please.

strobe

There was a thread here.

http://www.boards.ie/vbulletin/showthread.php?p=75070055

Not sure if your question is answered in there. Worth a look.

It seems all they did was get a list of usernames...

Kasabian

strobe wrote: »

There was a thread here.

http://www.boards.ie/vbulletin/showthread.php?p=75070055

Not sure if your question is answered in there. Worth a look.

Ah now I see. This is good, is it not?

pickarooney

Stiffler2 wrote: »

As the Title suggests

That's a hell of an assumption!

copeyhagen

wrong section

strobe

Kasabian wrote: »

Ah now I see. This is good, is it not?

Well maybe not that good. I'd imagine that when the authorities get a lock on one of these sites they attempt to get identifying information on the people involved so that they can arrest them or gleam more information about other sites and people. In order to actually stop children being abused, break up paedophile rings and the like.

Anonymous just hacked in, copied down their user names, and then published them, meaning the people involved will no longer use the usernames or that site. For all we know Interpol were already investigating that site and now their operation is blown because Anonymous wanted some internet props.

Kasabian

strobe wrote: »

Well maybe not that good. I'd imagine that when the authorities get a lock on one of these sites they attempt to get identifying information on the people involved so that they can arrest them or gleam more information about other sites and people in order to actually stop children being abused, break up paedophile rings and the like.

Anonymous just hacked in, copied down their user names, and then published them, meaning the people involved will no longer use the usernames or that site. For all we know interpol were already investigating that site and now their operation is blown because Anonymous wanted some internet props.

So if Anonymous only took Usernames what was the point of the hack? Surely this is only giving the perverts that use these sites a warning that their info can be reached. Seems Anonymous haven't fully thought this through.

strobe

Kasabian wrote: »

So if Anonymous only took Usernames what was the point of the hack? Surely this is only giving the perverts that use these sites a warning that their info can be reached. Seems Anonymous haven't fully thought this through.

Do they ever? Like most things people do under the brand Anonymous, I'd imagine they are doing this is mainly just to see if they can, for the internet fame, and for the lulz.

But, you never know. I might not be giving them enough credit. They might have some long term goal and in a few weeks/months we will here how they managed to get the IP's of hundreds of paedos and give them to the cops... Wait and see I guess.

Kasabian

strobe wrote: »

Do they ever? Like most things people do under the brand Anonymous I'd imagine they are doing this is mainly just to see if they can, for the internet fame, and for the lulz.

Internet fame

That's funny, like a cute little puppy doing something stupid with a child on Youtube.

hatrickpatrick

Tor is Anonymous simply in that it's completely impossible for the server to know who the end user is and for the end user to know the IP of the server purely by connecting to it.

This falls down when the people running the secret websites don't configure their servers properly. Usually when a Tor site is traced, it was made possible by an error message which wasn't configured to hide server information - most servers show this info by default.

I'll give you an example: Supposing Boards was a hidden service. Supposing Boards was hosted on 127.0.0.1 (I know this is the localhost IP for everyone, I'm just too lazy to check what Boards' actual IP is)

Now imagine you get to Boards with something like hjkhlk2hj4kjhkjh.onion .

That's fine and that's hidden. But what if Boards develops a mysql error or an internal server error?
What if Boards admins haven't set up custom error messages?

Then you might get a page like
Error: Internal server error on 127.0.0.1 - no ErrorDocument was found to handle the request.

There you have your IP.

Alternatively, a MySQL error could reveal your host. Let's imagine the hidden Boards site was hosted by a host called www.host.ie.

Now supposing there is a MySQL error. The message you might see is "WARNING: Result is not a valid MySQL resource in host.ie/users/databases/boards"

Or

"Error: Too many connections, maximum allowed is 5 on server database.host.ie (Using password: yes)"

Or something like that.
Any of that will show you the true destination of the host.

Tor is safe from hackers, but it's not safe from incompetence on the host's end of things.

luckyfrank

Tor is just for peadoverts......... or so ive being told

hatrickpatrick

luckyfrank wrote: »

Tor is just for peadoverts......... or so ive being told

It's far more useful than that. I use it to bypass country restrictions on sites like YouTube, you know that irritating "This video contains content from ABC, who have blocked it in your country on copyright grounds", or "The BBC iPlayer is not available in the Republic Of Ireland", etc?

If you're clever with Tor you can get past all that. You can also use it to troll on websites you've been banned from*





*Mods: I've never done this on Boards, I swear

Squall19

Stiffler2 wrote: »

The nature of Tor is that you can host a website using their hidden services option and generates a .onion address so the question I have is how did they do this if the packets on Tor are completely encrypted including not just the packet but the headers of the packet as well.


Bear in mind the sites in Tor are not available on the open internet and does not work in the same way the internet does in terms of routing etc..

What I have gotten from this hack is that basically Tor is not anonymous and basically you can be tracked on it regardless of what Tor tell you or what you've heard.

If Anonymous can hack and tell where a website is being hosted from then simply put it's not anonymous

Thoughts ??

You worried OP?

Just kidding;)

It's those media attacks, pluggins, cookies etc:)

They are very evil.

All it takes is a server-side flaw to expose a server's ip address.

Example if a Tor user visits a page with a java applet designed to open a socket and simply ping a domain, if the user hasn't configured everything to be tunneled through Tor they they are busted and the real ip is exposed.

They gain some access to it's data.

Anyway

Don't rely on Tor to keep you anonymous.

I heard there are many ways to expose source addresses from a client/server on the Tor network.

People don't change, some have very bad browsing habits and Tor by itself is not enough, I use TOR a good bit and find it useful but I wouldn't feel 100% safe with it.

Its free;)

msg11

.onion ?

boards.onion kinda catchy.

The exit-nodes or whatever they are can be a gateway to finding the real identity.

For Forks Sake

Orando Broom wrote: »

Tor was a Superhero from South Roscommon, no?

No, that's Ming you're thinking of...

Stiffler2

hatrickpatrick wrote: »

Tor is Anonymous simply in that it's completely impossible for the server to know who the end user is and for the end user to know the IP of the server purely by connecting to it.

This falls down when the people running the secret websites don't configure their servers properly. Usually when a Tor site is traced, it was made possible by an error message which wasn't configured to hide server information - most servers show this info by default.

I'll give you an example: Supposing Boards was a hidden service. Supposing Boards was hosted on 127.0.0.1 (I know this is the localhost IP for everyone, I'm just too lazy to check what Boards' actual IP is)

Now imagine you get to Boards with something like hjkhlk2hj4kjhkjh.onion .

That's fine and that's hidden. But what if Boards develops a mysql error or an internal server error?
What if Boards admins haven't set up custom error messages?

Then you might get a page like
Error: Internal server error on 127.0.0.1 - no ErrorDocument was found to handle the request.

There you have your IP.

Alternatively, a MySQL error could reveal your host. Let's imagine the hidden Boards site was hosted by a host called www.host.ie.

Now supposing there is a MySQL error. The message you might see is "WARNING: Result is not a valid MySQL resource in host.ie/users/databases/boards"

Or

"Error: Too many connections, maximum allowed is 5 on server database.host.ie (Using password: yes)"

Or something like that.
Any of that will show you the true destination of the host.

Tor is safe from hackers, but it's not safe from incompetence on the host's end of things.

Interesting but how do they inject said sql packet into the hosting sites unpatched database. They don't know the ip address before they injected the sql and don't think you can do it via the URL link which still begs the question how was it done. I have been reading something about digitial signature hashes as how it was done but still trying to understand it.

Kasebian - Tor is the real internet, not the fake one !!

sgb

Just read the whole thread and have no idea what's it about

Can the mods not move it to the geek forum

im invisible

Kasabian wrote: »

That's funny, like a cute little puppy doing something stupid with a child on Youtube.

or so ive heard, not that id be into that kind of thing at all... :eek:

hatrickpatrick

Stiffler2 wrote: »

Interesting but how do they inject said sql packet into the hosting sites unpatched database. They don't know the ip address before they injected the sql and don't think you can do it via the URL link which still begs the question how was it done. I have been reading something about digitial signature hashes as how it was done but still trying to understand it.

Kasebian - Tor is the real internet, not the fake one !!

Why couldn't you do it using the URL?
.onion generally only hides the domain part.
In other words, if Boards was on Tor it could be iuherjkghkjfghdf.onion

But the page I'm on now would still be iuherjkghkjfghdf.onion/newreply.php?do=newreply&p=75129023

If there was an SQL injection on this page I could still exploit it by adding stiff to the URL. Again, it all depends on how the .onion is set up, and apparently it would seem many hosts are ridiculously careless about it.

When you think about it, most of the hacking attacks this year have been yes, partly down to the hackers being skilled, but also partly down to server administrators either being incredibly cocky or incredibly incompetent, or sometimes both (the most disastrous combination of traits, cocky and incompetent, as displayed by those who led our country into the economic toilet it's currently floating around in)

SteelyDanJalapeno

Hands up who else come on to correct the OP's spelling of "For" in the thread title.

Dyr

I think they created a GUI using visual basic to track an IP address or something

Swampy

Surely Tor could use Mjolnir to fight back.