Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Thomas White <thomaswhite <at> riseup.net>
Subject: Warning: Do NOT use my mirrors/services until I have reviewed the situation
Newsgroups: gmane.network.tor.user
Date: Sunday 21st December 2014 20:17:23 UTC (over 2 years ago)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Dear all,

Many of you by now are probably aware than I run a large exit node
cluster for the Tor network and run a collection of mirrors (also ones
available over hidden services).

Tonight there has been some unusual activity taking place and I have
now lost control of all servers under the ISP and my account has been
suspended. Having reviewed the last available information of the
sensors, the chassis of the servers was opened and an unknown USB
device was plugged in only 30-60 seconds before the connection was
broken. From experience I know this trend of activity is similar to
the protocol of sophisticated law enforcement who carry out a search
and seizure of running servers.

Until I have had the time and information available to review the
situation, I am strongly recommending my mirrors are not used under
any circumstances. If they come back online without a PGP signed
message from myself to further explain the situation, exercise extreme
caution and treat even any items delivered over TLS to be potentially
hostile.

The mirrors in concern are:

https://globe.thecthulhu.com
https://atlas.thecthulhu.com
https://compass.thecthulhu.com
https://onionoo.thecthulhu.com

http://globe223ezvh6bps.onion
http://atlas777hhh7mcs7.onion
http://compass6vpxj32p3.onion

77.95.229.11
77.95.229.12
77.95.229.14
77.95.229.16
77.95.229.17
77.95.229.18
77.95.229.19
77.95.229.20
77.95.229.21
77.95.229.22
77.95.229.23
77.95.224.187
89.207.128.241
5.104.224.15
128.204.207.215


I will do my best to keep this list updated on the situation as it
develops. If any of the mirrors or IPs do come back online, I would
welcome anyone who is capable of doing so checking for any malicious
code to ensure they are not used to deploy any kind of state
malware/attacks against users should my theory prove to be the case.

At this moment in time I am under no gagging orders or influence from
external parties/agencies. If no update is provided within 48 hours
you may draw your own conclusions.

Regards,
T


- -- 
Activist, anarchist and a bit of a dreamer.

Current Fingerprint: E771 BE69 4696 F742 DB94 AA8C 5C2A 8C5A 0CCA 4983
Key-ID: 0CCA4983
Master Fingerprint: DDEF AB9B 1962 5D09 4264 2558 1F23 39B7 EF10 09F0
Key-ID: EF1009F0

Twitter: @CthulhuSec
XMPP: thecthulhu at jabber.ccc.de
XMPP-OTR: 4321B19F A9A3462C FE64BAC7 294C8A7E A53CC966
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUlyrRAAoJEFwqjFoMykmDmDUP/RQuzugIWZSg/otUXLEvZCNd
V7NIxwZKml0OLmkxvUDbNaCSaKk2aszrDY4n6f9T+SZExnkTJJ7VmObctwNgOhgj
XNPiR6jwqoUrvPIWHLShixZwMwrL8bjhz6QhFRZjXCh3dcXil5AeXghw/bjv5N0W
Ad05zEoVaPJLJP74W0jNZiRDTNzCvkzJn5r9idW07P83nXLOQaU9F//6+tyl5R52
1kQCx6Hoc6qDEopYpbT4gQ7BunOUZ+RaSk4XS7gxo8Qm3c7RBVI0niJRRwvvJ1Yn
oJ5pQIXuCcKqxWTla48QIdR13vGAFbgvZcJpPY/lqtGTOImWyp7ExIvQVd7Le1K7
Nu1eI0Ks+76cpFFord7BmendsgR8IDGbsmGQD8k69n/RIcbO3mMHIkYHx54pvIvH
3qjClNcspFSDfhb494T0iB/yap/0Aht4dke1zFfahinqqsSgCQIanZYC0wFeRjzU
4esTMEXZ+ZfsFRQIYy5VeFWVOO0wKekM+O4UBzIjwcQ39a/c1rqz9Z17OT7xZTYU
a0JsV9K71KM9AirrBRcKCCaoBoMCqaAomxb3Jcp3NzQcBw5jTd+SUDch7SC2SiyD
SDN9rJTf8iHyY4YeoI1dyQR32+BZjxRM+AhgsviAb3vkfncMTIKhPY9U6dhEa/NN
e9/8R2OWu1CaXAKp0/BI
=GZKT
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - [email protected]
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
 
CD: 4ms