Lizard Squad launches Tor 0day

[ChrisM]

If you are a Tor user it might be a good idea to pay attention to this. 

http://gizmodo.com/hackers-who-shut-down-psn-and-xbox-live-now-attacking-t-1675331908

 

Uh oh. Lizard Patrol, the hacking group claiming responsibility for the Christmas attacks on PlayStation and Xbox Live, has announced a new target: Tor, the anonymous internet service.



The hacker group appears to be attempting to dominate Tor's relays to the point where it can comprise anonymity. Tor keeps you anonymous by bouncing your communications around a network of volunteer nodes. But if one group is controlling the majority of the nodes, it could be able to eavesdrop on a substantial number of vulnerable users. Which means Lizard Squad could gain the power to track Tor users if it infiltrates enough of the network.

So far, they have already established over 3000 relays, nearly half of the total number. That's very not good.

"Someone who claims to be a part of Lizard Squad has set up a large number of Tor relays. That's it," Runa A. Sandvik, an advocate with the Tor project, told me. That's all we know for sure so far.

 

[hzr]

There are no implications on tor anonymity at this time, because new relays are not permitted to exit.

Someone is misusing the word 0day badly.

Awful journalism all around.

 

[Flapadar]

I had a check a while ago, and they're only relaying about 30kbps of traffic. 

https://trac.torproject.org/projects/tor/wiki/doc/badRelays

Not going to be an issue. If they start getting traffic people can just mark their relays as bad and move on with their life. 

 

[drmike]

I had a check a while ago, and they're only relaying about 30kbps of traffic. 

https://trac.torproject.org/projects/tor/wiki/doc/badRelays

Not going to be an issue. If they start getting traffic people can just mark their relays as bad and move on with their life. 

Well, new relays get no traffic really for days.  Give them a week and they'll be getting a chunk of traffic.

Long have said this was an issue and why I don't support Tor anymore.  Just said it in past 48 hours on here.

This is far from the first time that lots of end nodes under an intent group. Ho hum.

As far as folks marking their relays as bad, unless Tor, leadership, etc. does this network wide, it won't matter to large percentage of folks who blindly use Tor.  Nothing stopping anyone from running Exit nodes that aren't easily identified as a malicious group activity.

 

[hzr]

I had a check a while ago, and they're only relaying about 30kbps of traffic. 

https://trac.torproject.org/projects/tor/wiki/doc/badRelays

Not going to be an issue. If they start getting traffic people can just mark their relays as bad and move on with their life. 

For some reason I don't actually think this googlecloud+aws capacity was legitimately paid for, and it's probably going to be terminated before it even gets close to hitting the 80+ days required for exit relays to get full trust

 

[RTGHM]

I love how it's called a "0day" when all it is, is very simply a bunch of kids who carded a few servers and put tor relays up.  In addition, the "leader" who launched the big attack, Vinnie Omari is literally a 22 year old UK guy, whom I have his cell #, and he's a pretty chill guy. He only launched the attack because he's looking for a job and wanted to prove he know's what he is doing. 

If anyone heard the radio interview, I was laughing my ass off when Vinnie said "I have a 10 year old brother who said he couldn't play minecraft because everything was down and I told him it'll probably be up soon " the reporter responds with "you didn't have the balls to say I'm the idiot who took it down?"

 

[k0nsl]

To prove what he's doing? I don't believe launching DDoS attacks is a complicated task or requires any particular "know-how", really. Anybody can do it. It's also illegal in most countries: so if he's longing to mop the floors of a prison somewhere in the UK, for a few quid a month (or whatever the pay-out rate is in the UK), then he's really doing a good job on "getting there". Meh..

I love how it's called a "0day" when all it is, is very simply a bunch of kids who carded a few servers and put tor relays up.  In addition, the "leader" who launched the big attack, Vinnie Omari is literally a 22 year old UK guy, whom I have his cell #, and he's a pretty chill guy. He only launched the attack because he's looking for a job and wanted to prove he know's what he is doing. 

If anyone heard the radio interview, I was laughing my ass off when Vinnie said "I have a 10 year old brother who said he couldn't play minecraft because everything was down and I told him it'll probably be up soon " the reporter responds with "you didn't have the balls to say I'm the idiot who took it down?"

 

[RTGHM]

He is on Sky News Network live at noon EST (5-6PM London, UK time). Launching DDoS isn't complicated at all - the matter of the fact is, he just bruteforced some servers, and uploaded a perl script to launch an attack. Skills required? None.

He is boasting how Sky News offered him a job while he was in the waiting room.

To prove what he's doing? I don't believe launching DDoS attacks is a complicated task or requires any particular "know-how", really. Anybody can do it. It's also illegal in most countries: so if he's longing to mop the floors of a prison somewhere in the UK, for a few quid a month (or whatever the pay-out rate is in the UK), then he's really doing a good job on "getting there". Meh..

 

[k0nsl]

Did he accept the offer?  :lol:

 

[Joshua-Epic]

LizardSquad is just asking for problems considering even larger hacking groups are now targeting them for their stupid decisions. In all honesty, how does taking down PSN and XboxLive get you anywhere? All your doing is pissing off a bunch of video gamers on the holiday. Thats about it. As far as Lizard Squad controlling Tor servers, as another user mentioned, they were probably paid for with bogus credit cards and fake information and will most certainly be shut down soon anyways. 

 

[GIANT_CRAB]

Oh yes. The news and media reported that they have hacked PSN and Xbox network using DDoS. They must be some really professional, scary and elite hackers. Oh look, they're probably going to get really buttmad after seeing my post here and dox me and give me some free publicity on their Twitter.