Hackers breach FSB contractor, expose Tor deanonymization,etc

Hackers have breached SyTech, a contractor for FSB, Russia's national intelligence service, from where they stole information about internal projects the company was working on behalf of the agency – including one for deanonymizing Tor traffic.

The breach took place last weekend, on July 13, when a group of hackers going by the name of 0v1ru$ hacked into SyTech's Active Directory server from where they gained access to the company's entire IT network, including a JIRA instance.

Hackers stole 7.5TB of data from the contractor's network, and they defaced the company's website with a "yoba face," an emoji popular with Russian users that stands for "trolling."

Hackers posted screenshots of the company's servers on Twitter and later shared the stolen data with Digital Revolution, another hacking group who last year breached Quantum, another FSB contractor.

FSB's secret projects

Per the different reports in Russian media, the files indicate that SyTech had worked since 2009 on a multitude of projects since 2009 for FSB unit 71330 and for fellow contractor Quantum. Projects include:

Nautilus - a project for collecting data about social media users (such as Facebook, MySpace, and LinkedIn).

Nautilus-S - a project for deanonymizing Tor traffic with the help of rogue Tor servers.

Reward - a project to covertly penetrate P2P networks, like the one used for torrents.

Mentor - a project to monitor and search email communications on the servers of Russian companies.

Hope - a project to investigate the topology of the Russian internet and how it connects to other countries' network.

Tax-3 - a project for the creation of a closed intranet to store the information of highly-sensitive state figures, judges, and local administration officials, separate from the rest of the state's IT networks.

BBC Russia, who received the full trove of documents, claims there were other older projects for researching other network protocols such as Jabber (instant messaging), ED2K (eDonkey), and OpenFT (enterprise file transfer).

Other files posted on the Digital Revolution Twitter account claimed that the FSB was also tracking students and pensioners.

Some projects came to be, were tested

But while most of the projects look to be just research into modern technology – which all intelligence services carry out – there are two that appear to have been tested in the real world.

The first was Nautilus-S, the one for deanonymizing Tor traffic. BBC Russia pointed out that work on Nautilus-S started in 2012. Two years later, in 2014, academics from Karlstad University in Sweden, published a paper detailing the use of hostile Tor exit nodes that were attempting to decrypt Tor traffic.

Researchers identified 25 malicious servers, 18 of which were located in Russia, and running Tor version 0.2.2.37, the same one detailed in the leaked files.

The second project is Hope, the one which analyzed the structure and make-up of the Russian segment of the internet.

Earlier this year, Russia ran tests during which it disconnected its national segment from the rest of the internet.

SyTech, the hacked company, has taken down its website since the hack and refused media inquiries.
;

Attached: sytech-dr.png (370x453, 131.23K)

Other urls found in this thread:

zdnet.com/article/hackers-breach-fsb-contractor-expose-tor-deanonymization-project/
torstatus.blutmagie.de/
trac.torproject.org/projects/tor/wiki/doc/badRelays
twitter.com/NSFWRedditImage

Some projects came to be, were tested

But while most of the projects look to be just research into modern technology – which all intelligence services carry out – there are two that appear to have been tested in the real world.

The first was Nautilus-S, the one for deanonymizing Tor traffic. BBC Russia pointed out that work on Nautilus-S started in 2012. Two years later, in 2014, academics from Karlstad University in Sweden, published a paper detailing the use of hostile Tor exit nodes that were attempting to decrypt Tor traffic.

Researchers identified 25 malicious servers, 18 of which were located in Russia, and running Tor version 0.2.2.37, the same one detailed in the leaked files.


zdnet.com/article/hackers-breach-fsb-contractor-expose-tor-deanonymization-project/

lol @ them for using windows

you ruineded this thread, op.

you ruined this thread user
learn to spell and not be a triggered idiot and one more word of advice...don't breed

No need to worry too much guys. The vulns referred in the OP were known and the hostile nodes were marked as rogue by the directory servers so clients wouldn't try to connect to them.

If it isn't a wall of text it won't be read.

Gno.

how?

The directory server flips a "don't send out this node to clients" variable and as they don't send the node IP to the clients, none of the clients connect to it. They're listed here torstatus.blutmagie.de/
Just sort by "bad exit".

yeah, that's trivial stuff.
How did they know these were rogue servers, and how long did it take them to notice?
That's what matters for privacy. You're not going to be pleased that the relay that deanonymized you got shut down the day after you got black bagged.

Anyone know where the 7.5TB dump is?

You ruined this thread, user. Learn proper punctuation and grammar, the correct use of the ellipsis, and to not be a triggered idiot. One more word of advice: don't breed.

My response was kinda tongue in cheek. I've been saying behind the scenes Tor is partially run by US intelligence behind the scenes, but it still is much, much better than browsing naked. For the most part you can protect against bad exit attacks by configuring HTTPS Everywhere to block unencrypted connections.
Bad exists are known from around 2010 apparently trac.torproject.org/projects/tor/wiki/doc/badRelays
I wasn't able to find any data on how fast are bad exit nodes found. Probably nobody has done an analysis on that.
I remember reading about automated bad exit node probing but I haven't been able to find anything on that either, so maybe they're just added manually.

i wish that there was a way to mass hide here like you can on 4chan with the addon. one hidden troll post then hides all replies to it too.

Consider the following:
>online articles claim that many analysis attacks on Tor require both endpoints [the first and exit nodes] to be compromised. i cannot say whether an exitdestination attack will suffice, but assuming the exit node must be compromosed,
competition keeps us safe from monopoly.
haiI eris

Like your wish to someday lose your virginity--the times your stepdad used your ass as a pussy when your mom was out of town or wouldn't put out don't count--this wish will probably remain unfulfilled. The mongrel Flip who runs this place can barely keep it functioning. I don't see many user-centric new features on the horizon.

Maybe you should just be less of a whiny bitch instead.

US intelligence can buy servers in russia. Russian intelligence can buy servers in the US.

So true. And Cloudflare sells data to all intelligence services willing to pay.

hmmm

that one is so overused that it has no effect anymore. i wish that these kids would at least try to put some effort in their shitposts.

Attached: 15.jpg (270x246, 4.65K)

That's how you know they are professionals and not open sores GRIDS patients.

If they're so professional, why did they get hacked? They could have been running their own custom OS on russian OpenSparc platform. Then the script kiddies would have been btfo.