Online market ‘is turning drug dealers from goons to geeks’

Researchers argued that Silk Road and its successors, known as cryptomarkets or darknet markets, became successful after bringing together four technologies: the bitcoin virtual currency and encrypted internet protocols such as Tor, which allowed anonymity, as well as Escrow and customer feedback systems, which gave buyers and sellers confidence in their transactions.

Source: Online market ‘is turning drug dealers from goons to geeks’ | World news | The Guardian

“In the drug cryptomarket era, having good customer service and writing skills, and a good reputation, via feedback, as a vendor or buyer may be more important than muscles and face-to-face connections.”

Researchers Find Malicious Tor Exit Node Adding Malware to Binaries

The exit node in question was in Russia, and Pitts discovered that the node was actively patching any binaries he downloaded with a piece of malware. He downloaded binaries from a variety of sources, including, and each of them came loaded with malicious code that opens a port to listen for commands and starts sending HTTP requests to a remote server.

via Researchers Finds Malicious Tor Exit Node Adding Malware to Binaries | Threatpost | The first stop for security news.

From: The Case of the Modified Binaries

Companies and developers need to make the conscious decision to host binaries via SSL/TLS, whether or not the binaries are signed. All people, but especially those in countries hostile to “Internet freedom,” as well as those using Tor anywhere, should be wary of downloading binaries hosted in the clear—and all users should have a way of checking hashes and signatures out of band prior to executing the binary.

The oRouter Is A Tor-Powered Linux Box That Secures Your Internet Connection

As an end user, the process of using the oRouter is designed to be exceedingly simple. It’s zero configuration, meaning that you plug it in and then connect to the Wi-Fi network it provides. Unlike the Tor download, it requires no additional software in order to work. Once connected, as you browse the web and use online services, you’re actually using Tor (via Wi-Fi), thereby securing your communications from eavesdropping. In addition, for an extra layer of security, the oRouter’s MAC address (hardware address) changes every 10 minutes.

via The oRouter Is A Tor-Powered Linux Box That Secures Your Internet Connection | TechCrunch.

Tor network used to command Skynet botnet

Security researchers have identified a botnet controlled by its creators over the Tor anonymity network. It’s likely that other botnet operators will adopt this approach, according to the team from vulnerability assessment and penetration testing firm Rapid7.

via Tor network used to command Skynet botnet – online safety, security, Rapid7, encryption, spyware, malware, privacy, bitdefender, kaspersky lab – Computerworld.

“One countermeasure that companies or ISPs could eventually enforce in their firewall is to drop all packets that originate from known TOR nodes, in order to minimize the amount of potentially malicious traffic they receive,” Botezatu said. “Of course, they might also end up blacklisting a number of legit Tor users looking for anonymity.”

“Anonymous” File-Sharing Darknet Ruled Illegal by German Court

A court in Hamburg, Germany, has granted an injunction against a user of the anonymous and encrypted file-sharing network RetroShare . RetroShare users exchange data through encrypted transfers and the network setup ensures that the true sender of the file is always obfuscated. The court, however, has now ruled that RetroShare users who act as an exit node are liable for the encrypted traffic that’s sent by others.

via “Anonymous” File-Sharing Darknet Ruled Illegal by German Court | TorrentFreak.

Knock Knock Knockin’ on Bridges’ Doors

In October 2011, ticket #4185 was filed in the Tor bug tracker by a user in China who found that their connections to US-based Tor bridge relays were being regularly cut off after a very short period of time. At the time we performed some basic experimentation and discovered that Chinese IPs (presumably at the behest of the Great Firewall of China, or GFW) would reach out to the US-based bridge and connect to it shortly after the Tor user in China connected, and, if successful, shortly thereafter the connection would be blocked by the GFW. There wasn’t time for a detailed investigation and analysis at the time, but that kernel eventually grew into the investigation detailed below. We were, however, able to determine that limiting connections to the bridge relay to only the single IP expected to be its client would, in fact, block the probes and allow the connection to remain open for an extended period (>48 hours in our testing).

via Knock Knock Knockin’ on Bridges’ Doors | The Tor Blog.

How the Great Firewall of China Blocks Tor

Wilde was able to find that the method the firewall was using to identify which sessions to go after had something to do with the list of SSL ciphers contained in the SSL packet the client sends at the beginning of a session. By changing that list, he was able to evade the blocking of the Chinese firewall. More long-term solutions are in the works, as well, including password protection for bridge relays and the establishment of another layer on top of the session that simply looks like binary data.

via How the Great Firewall of China Blocks Tor | threatpost.

How SOPA’s ‘circumvention’ ban could put a target on Tor

How SOPA’s ‘circumvention’ ban could put a target on Tor | Privacy Inc. – CNET News.

“It looks like SOPA would outlaw Tor,” says Markham Erickson, an attorney with Holch & Erickson LLP who runs NetCoalition. The trade association opposes SOPA and counts, eBay, Google, and Yahoo among its members.

It will be interesting what plans they have to enforce this.