News and Happenings
Tor-Based Dark Web Email Service Targeted by Government Spies
Submitted by Nasyr, 25-04-2015, 02:19 PM, Thread ID: 3210
Thread Closed
The administrator of the popularDarknet email service,SIGAINT, is warning its users that the email service has become a target of a suspected law enforcement agency who tried to compromise it.
About a week ago, SIGAINT has been targeted by an attacker who tried to hack the service by using nearly70 bad Tor exit nodes, one of the service's administrator informed its users via the tor-talk mailing list on Thursday.
Before jumping on the news,Lets first understand what are Exit Nodes?
As I said, SIGAINT usesTOR anonymization networkwhich means when an email sent from one user to any destination, the email routed through multiple relays/nodes that actually aren't aware of the sender's identity.
The last machine that processes the email known as a Tor exit relay or Tor exit node.
The end user who receives that email can see the IP of the exit node instead of the IP address of the original sender.
And this is how, SIGAINT allows you to send and receive emails without revealing your actual identity or location.
Though exit relays are the last "hops" in the Tor network and are the only IP addresses appear as the origin of the connection, they pull the attention of the government and the law enforcement agencies.
Is Law Enforcement interested in Spying SIGAINT Services?
SIGAINT is an email service that resides mostly in TOR anonymization network. The service aims at providing email privacy to dark web users including security-conscious journalists, rebels living in repressive regimes and even criminals.
SIGAINT email service may be one of those Tor anonymizing services to become a recent target of a suspected intelligence service attack.
70 Malicious Tor Exit Nodes Found
One of the administrators of the services announced Thursday that SIGAINT became the target of a cyber attack. Initially, it was believed that someone tried to hack the service using 58 malicious Tor exit nodes. However
...Philipp Winter, who is the member of the Tor Project, discovered 12 more bad exit nodes, resulting in a total of 70 malicious exit relays.
"So apparently we have drawn attention to our humble little email service that mostly lives inside of the Tor network," the admin wrote ina mailing listpost. "The attacker had been trying various exploits against our infrastructure over the past few months."
All bad relays have been blacklisted by the admins and at the moment they no longer represent a risk.
Although the SIGAINT admin believes that there may be even more bad exit nodes targeting Tor services.
MITM attacks on SIGAINT users:
Basically, the attackers were acting as a"man in the middle" (MITM)when SIGAINT users connected to the sigaint.org site through one of the 70 bad exit nodes, allowing them to spy on SIGAINT users.
SIGAINT admin also believes that the infrastructure of the service has not been affected. However, some users passwords may have been compromised.
Quote:"We are confident that they didn't get in,"the advisory states."It looks like they resorted to rewriting the .onion URL located on sigaint.org to one of theirs so they could MITM [man-in-the-middle] logins and spy in real-time."
It isnt clear how many SIGAINT users targeted in the attack, but the admin said the attacker seems to collect users' passwords, as they get complaints about hijacked accounts which is less than one for 42,000 users every 3 months.
Now What SIGAINT is going to do?
According to the admin, SIGAINT is considering toturn encryption onor removing the.onion URLfrom the sigaint.org page.
Although adding SSL support to the regular website would not help too much, it would make it difficult for attackers to run an attack.
What could you do to protect against the attack?
There is no way for users to be complete safer. However, all the users who visited the Sigaint.org website to search the dark web links are advice to change their passwords as soon as possible.
Who is behind the attack?
The SIGAINT admin thinks that "some agency" was likely behind the recent attack, given the number of malicious nodes the attackers were using and other strange circumstances.
Taking to Motherboard, the SIGAINT administrator said the strange circumstances were that for almost a month prior to the attack, they did not receive any law enforcement requests though they normally receive around one a week.
However, Who was behind this attack remains a mystery yet.
Please read the award requirements here before applying for them.
Rules and Regulations | Support Section | How to use Hide Tags
Don't message me to join a group, simply request to join one here.
Rules and Regulations | Support Section | How to use Hide Tags
Don't message me to join a group, simply request to join one here.
Users browsing this thread: 1 Guest(s)