tor | Breaking Cybersecurity News | The Hacker News

A critical vulnerability in Tor — an encrypted anonymizing network considered to be one of the most privacy oriented service, which is used by online users in order to hide their activities from law enforcement, government censors and others — was probably being used to de-anonymize the identity of Tor users, Tor project warned on Wednesday. 115 MALICIOUS ToR RELAYS WERE DE-ANONYMIZING USERS According to a security advisory , Tor Team has found a group of 115 malicious fast non-exit relays (6.4% of whole Tor network), those were actively monitoring the relays on both ends of a Tor circuit in an effort to de-anonymize users. " While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected, " Tor said. When you use Tor anonymizing network, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit rela...

The Russian government is offering almost 4 million ruble which is approximately equal to $111,000 to the one who can devise a reliable technology to decrypt data sent over the Tor , an encrypted anonymizing network used by online users in order to hide their activities from law enforcement, government censors, and others. The Russian Ministry of Internal Affairs (MVD) issued a notice on its official procurement website, originally posted on July 11, under the title " шифр «ТОР (Флот)» " ;which translates as " cipher 'TOR' (Navy) " an open call for Tor-cracking proposals whose winner will be chosen by August 20. The MIA specifically wants researchers to “ study the possibility of obtaining technical information about users and users' equipment on the Tor anonymous network, ” according to a translated version of the Russian government’s proposal. Only Russian nationals and companies are allowed to take part in the competition " in o...

The critical zero-day security flaws, discovered in the privacy and security dedicated Linux-based Tails operating system by the researcher at Exodus Intelligence that could help attackers or law enforcements to de-anonymize anyone’s identity, actually lie in the I2P software that’s bundled with the Operating System. Exodus Intelligence has released some details and a video evidence that demonstrate an exploit against the found vulnerability unmasking an anonymous user of the Tails operating system. The researchers at Exodus claims they can use the vulnerability to upload malicious code to a system running Tails, execute the payload remotely, and de-anonymize the targeted users’ public IP address as well. Tails is a security-focused Debian-based Linux distribution and a suite of applications that can be carried on a USB stick, an SD card or a DVD. It keeps users’ communications private by running all connectivity through Tor , the network that routes traffic through ...

The critical zero-day security flaws has been discovered in the privacy and security dedicated Linux-based operating system “ Tails ” that could be used by an attacker to unmask your identity. Tails, which is been used and recommended by the global surveillance whistleblower Edward Snowden to remain Anonymous, has a suite of privacy applications and designed to keep users’ communications private by running all connectivity through Tor , the network that routes traffic through various layers of servers and encrypts data. But unfortunately, the highly secured OS has several critical zero-day vulnerabilities that could help attackers or law enforcements to de-anonymize anyone and allows to perform remote code execution , according to a researcher at Exodus Intelligence who uncovered the flaws but didn't publish the details about it. The Texas-based security firm, Exodus Intelligence , tweeted on Monday that it had found several remote code execution vulnerabilities i...

If a whistleblower discloses an activity to the public, then there should be a trust-based mechanism that ensure the protection of truth-tellers on an international level by hiding their identities. In an effort to provide this kind of service and security, Security experts grouped together to create a stealthy Internet Messenger (IM) and file transfer client, which is especially designed for whistleblowers. Dubbed as “ ‪invisible.im ” is an anonymous Instant Messenger (IM) that leaves no trace‬. The team behind the project called itself “ The Infosec A-Team ” which includes Metasploit Founder HD Moore , noted infosec and opsec experts The Grugq , an Australian security analyst Patrick Gray , and Richo . Invisible.im aims to serve the rigid anonymity needs of whistleblowers. The project website states: invisible.im was established to develop an instant messenger and file transfer tool that leaves virtually no evidence of conversations or transfers having occurred. Th...

We all are aware of the National Security Agency’s (NSA) mass surveillance program to track non-Americans. Thanks to former NSA contractor Edward Snowden, who provided confidential documents about the widely spread surveillance programs conducted by the government intelligence agency such as NSA and GCHQ. A recent story about NSA surveillance broke when a German public broadcaster ARD published that the Agency is using its surveillance program XKeyScore to target users who use encryption and traffic anonymizing software, including Tor Network for anonymous Web browsing and Linux-based Tails operating system in an effort to keep tracks of people outside the US. XKeyScore is a powerful NSA surveillance program that collects and sorts intercepted data, which came to limelight in documents leaked by former NSA contractor Edward Snowden last summer, but the greater detail in an investigation conducted by American security expert and Tor Project member Jacob Appelbaum , Aaron Gibsom, and...

Just a few hours ago, the Official website of the  Tails Operating System  has been hacked and it appears that a self-proclaimed 17-year old hacker breached and defaced it. Tails is a Linux-based highly secure Operating System, specially designed and optimized to preserve users' anonymity and privacy. Hacker, who named himself " Sum guy ", managed to access the website as administrator and edited the homepage content with the following message: You has been haxoredeszed by sum dumb 17 year old by accident... Sorry about that please forgive me! I accidentally logged myself in as someone important and changed the site, not knowing that what I was changing would save! So sorry about that... I hope you have a backup, Oh and btw I love your OS! Yours sincerely, Sum guy And before I leave, Hi ed... and zoin Defaced Link:  https://tails.boum.org/index.en.html . However, all other pages on the Tails website are working just fine, but at this moment ...

Last October, the ‘ Silk Road ’ story broke when its owner Ross William Ulbricht , a 29-year-old who allegedly created and managed the Silk Road underground website, was arrested by the Federal Bureau of Investigation (FBI). The police seized the website that was considered one of the most popular Underground places on the Internet for buying drugs and other illicit goods and services. Just some days after the Shutdown of Silk Road , Authorities in Britain, Sweden, and the United States arrested eight more vendors who dedicatedly used to sell illegal drugs on Silk Road. Yesterday, Cornelis Jan Slomp , a 22-year old Dutch man who allegedly used the Silk Road underground black market website to sell illegal drugs for bitcoins worth millions of dollars has agreed to plead guilty in Chicago federal court to federal drug conspiracy charge filed against him, according to a statement issued by U.S. Attorney Zachary T. Fardon in Chicago and Slomp’s lawyer. FBI CASHING OUT ...

We often talk about Underground communities, illegal websites or black markets, but as they are ‘Underground’ in nature i.e. Hidden websites running under Onion Network, many of us don't know how to reach the one we are searching for and if hopefully found, then its difficult to figure out a trustworthy vendor. Underground websites offer illegal high quality drugs or rifles, hacking tools, or any illegal services, until now you needed to type long, complex and specific Tor browser URLs directly into the browser which is quite difficult and sometimes the sites change their addresses which makes more difficult to navigate. Not any More! As the first search engine, ‘ Grams ’ ( https://grams7enufi7jmdl.onion ) for online underground Black Markets has been launched in Beta last week, that lets anyone to easily find illegal drugs and other contraband online in an easier way ever and it's pretty fast like Google Search Engine. You don't need to do anything, just li...

Half of the Internet fall victim to the biggest threat, Heartbleed bug and even the most popular online anonymity network Tor is also not spared from this bug. Tor is one of the best and freely available privacy software, runs on the network of donated servers that lets people communicate anonymously online through a series of nodes that is designed to provide anonymity for users and bypass Internet censorship. When you use the Tor software, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit relay or nodes, which can be anywhere in the world. An Exit relay is the final relay that Tor encrypted traffic passes through before it reaches its destination. But some of these Tor exit nodes are running on the servers with the affected version of OpenSSL installed which are vulnerable to the critical Heartbleed Flaw. This means an attacker can grab the hidden information from the Tor network which is actually restricte...

Twitter , the biggest Social Media platform used for vital communication is now banned in Turkey from the last few days, after Prime Minister Recep Tayyip Erdoğan promised to root out the social media service during an election rally this week with the help of a court order. “ Twitter and so on, we will root them out. The international community can say this or that – I don’t care. They will see the power of the Turkish Republic .” After the ban imposed on Twitter late on Thursday, millions of Turkey users began using Google’s DNS service to bypassing censorship, that briefly helped Turks stay connected to Twitter. Turkey Government is trying to close all the possible loopholes that had allowed users to circumvent the ban and finally today the authorities have also blocked the Google DNS service (8.8.8.8 and 8.8.4.4), However the number of tweets jumped 138% in the last 24 Hours and almost 2.5 million tweets have been posted from the country after the ban imposed...

Tor network offers users browse the Internet anonymously and is mostly used by activists, journalists to conceal their online activities from prying eyes. But it also has the Dark side, as Tor is also a Deep Web friendly tool that allows hackers and cyber criminals to carry out illicit activities by making themselves anonymous. Kaspersky security researcher reported that Tor network is currently being used to hide 900 botnet and other illegal hidden services, through its 5,500 plus nodes i.e. Server relays and 1,000 exit nodes i.e. Servers from which traffic emerges. These days, Cyber criminals are hosting malware’s Command-and-control server on an anonymous Tor network to evade detection i.e., difficult to identify or eliminate. Illegal use of the Tor network boosted up after the launch of the most popular underground Drug Market - Silk road  that also offered arms and malware to their users against Bitcoin , one of the popular crypto currency . ChewBacca , a po...

We are living in an era of Mass Surveillance,  conducted by the Government Agencies like the NSA and GCHQ, and we ourselves gave them an open invitation as we all have sensors in our pockets that track us everywhere we go i.e. Smartphone. Encryption and security are more important today than any other time in our history. So, the best proactive way to keep your tracks clear is - Always use only trusted privacy tools and services . The same folks behind the Anonymity Tool, Tor Browser Bundle is currently working on a new Privacy tool called ' Tor Instant Messaging Bundle ' (TIMB), that will help you with encrypted communication to keep your online conversations private. The Tor is the free software that lets users browse the Internet anonymously and mostly used by activists, journalists and to conceal their online activities from prying eyes. Tor Instant Messaging Bundle, or TIMB is a real time anonymous chat system, that will simply route all of your chat da...

We use our Smartphone devices to do almost everything, from Internet Banking to Sharing private files and at the same pace, the mobile malware sector is also growing. The number of variants of malicious software aimed at mobile devices has reportedly risen about 185% in less than a year.  Security researchers have observed a growth in the numbers of computer malware families starting to use TOR-based communications, but recently the Security Researchers at anti-virus firm Kaspersky Lab have spotted  the world's first Tor-Based Malware for Android Operating system. The Android Malware dubbed as ' Backdoor. AndroidOS .Torec.a ', using Tor hidden service protocol for stealth communication with Command-and-Control servers. Researchers detected that the Trojan is running from .Onion Tor domain and working on the functionality of an open source Tor client for Android mobile devices, called ' Orbot ', thus eliminating the threat of the botnet bein...

After Silk Road , another underground online marketplace ' Utopia ' has been seized by Dutch National Police ,  where users could buy illegal drugs and guns for home delivery. The police started their investigation under Codename ' Operation Commodore ' in 2013,   and finally  seized Utopia's Germany-based servers and arrested total 5 suspects for running this marketplace. One arrested in  Germany and  other four suspects, aged 29 to 46, were detained in The Netherlands.  Two of them had also been involved in another similar underground website ' Black Market Reloaded ', which was closed in December 2013. Utopia  reportedly launched only last week ( https://ggvow6fj3sehlm45.onion/ ),  intended to become a direct competitor of the Silk Road, was  a ' d ark web ' website, which is accessible only by using Tor anonymity software. The website is now displaying a message:  " This hidden ...

After the massive data breaches at U.S retailers Target and Neiman Marcus in which financial credentials of more than 110 million and 1.1 million customers were compromised respectively, shows that the Point of Sale (POS) system has become a new target for the cyber criminals. Despite the BlackPOS malware of Point of Sale (POS) system that comes out as the major cause of these data breaches, malware writers are upgrading and developing more Trojans to target POS system. In December, the security researchers at anti-virus firm Kaspersky Lab discovered a Tor-based banking trojan , dubbed " ChewBacca ", that was initially categorized as a Financial trojan, but recently security researchers at RSA have uncovered that 'ChewBacca' is also capable of stealing credit card details from point of sale systems. ‘ ChewBacca ’, a relatively new and private Trojan, used in the 11 countries as a POS malware is behind the electronic theft. ChewBacca communicat...

Over the past several months, it has become clear that the Internet and our Privacy have been fundamentally compromised. A Private search engine DuckDuckGo claims that when you click on one of their search results, they do not send personally identifiable information along with your request to the third party. Like Google dorks (advance search patterns), there are thousands of similar, but technically more useful search hacks are also available in DuckDuckGo called DuckDuckGoodies . Today I am going to share about Handy " Cryptography " using DuckDuckGo search engine . Whether you are a Hacker, Cracker or a Researcher, you need to face a number of hash strings in your day to day life. Hashing is a one way encryption of a plain text or a file, generally used to secure passwords or to check the integrity of the file. There is a certain set of hashing algorithms, e.g.md5, sha1, sha-512 etc. A hash function generates the exact output if executed n numbe...