
Tor: 'Mystery' spike in hidden addresses - escapologybb
http://www.bbc.co.uk/news/technology-35614335
======
dacox
Bitcoin Core v0.12.0 was just released.

From the release notes,

    
    
      Starting with Tor version 0.2.7.1 it is possible, through Tor's control socket API, to create and destroy 'ephemeral' hidden services programmatically. Bitcoin Core has been updated to make use of this.
    
      This means that if Tor is running (and proper authorization is available), Bitcoin Core automatically creates a hidden service to listen on, without manual configuration. Bitcoin Core will also use Tor automatically to connect to other .onion nodes if the control socket can be successfully opened. This will positively affect the number of available .onion nodes and their usage.
    
      This new feature is enabled by default if Bitcoin Core is listening, and a connection to Tor can be made. It can be configured with the -listenonion, -torcontrol and -torpassword settings. To show verbose debugging information, pass -debug=tor
    

[https://github.com/bitcoin/bitcoin/blob/master/doc/release-n...](https://github.com/bitcoin/bitcoin/blob/master/doc/release-
notes/release-notes-0.12.0.md#automatically-use-tor-hidden-services)

~~~
ikeboy
There are around 200 nodes with 12.0 installed as of now.
[https://bitnodes.21.co/nodes/?q=/Satoshi:0.12.0/](https://bitnodes.21.co/nodes/?q=/Satoshi:0.12.0/)

Not all of them are going to be on machines with Tor running.

------
schoen
A different hypothesis on the tor-talk list was a piece of ransomware that
generates a hidden service per victim:

[https://lists.torproject.org/pipermail/tor-
talk/2016-Februar...](https://lists.torproject.org/pipermail/tor-
talk/2016-February/040318.html)

~~~
huuu
Exactly my first reaction.

At the moment we get hundreds of Locky mails per day.

There is a huge spike in ransomware at the moment. And all ransom has to be
paid via a tor location.

~~~
arprocter
We started blocking .docm at the mail server (it uses a Word macro to
download)

~~~
SCHiM
That won't block all macro viruses. You need a dedicated program/firewall for
this, filtering on extension won't work. Older .doc formats can also have
macro's included and will work in newer (as well as older) versions of word.

~~~
arprocter
This was just to prevent this specific attack - kind of a stopgap until the AV
detects it properly.

IIRC last time I checked the Word doc on virustotal it was picked up 22/55.

Fortunately at least AV did pick up the payload when a user let the macro
run...

Edit, ran it by virustotal again and got 28/55

------
finnn
This is a blogspam version of [http://www.profwoodward.org/2016/02/what-just-
happened-on-to...](http://www.profwoodward.org/2016/02/what-just-happened-on-
tor-network.html)

~~~
chatmasta
Which is blogspam of [https://lists.torproject.org/pipermail/tor-
talk/2016-Februar...](https://lists.torproject.org/pipermail/tor-
talk/2016-February/040302.html)

------
boondaburrah
Could this be related to Ricochet getting press?

~~~
AdmiralAsshat
From the article:

 _One possibility, he said, might be a sudden swell in the popularity of
Ricochet, an app that uses Tor to allow anonymous instant messaging between
users._

------
dookahku
Starting with Tor version 0.2.7.1 it is possible, through Tor's control socket
API, to create and destroy 'ephemeral' hidden services programmatically.
Bitcoin Core has been updated to make use of this.

This means that if Tor is running (and proper authorization is available),
Bitcoin Core automatically creates a hidden service to listen on, without
manual configuration. Bitcoin Core will also use Tor automatically to connect
to other .onion nodes if the control socket can be successfully opened. This
will positively affect the number of available .onion nodes and their usage.

This new feature is enabled by default if Bitcoin Core is listening, and a
connection to Tor can be made. It can be configured with the -listenonion,
-torcontrol and -torpassword settings. To show verbose debugging information,
pass -debug=tor.

------
telescope7
Measuring the Leakage of Onion at the Root:

[https://www.petsymposium.org/2014/papers/Thomas.pdf](https://www.petsymposium.org/2014/papers/Thomas.pdf)

------
aivosha
are these spikes in exit nodes ?

~~~
gruez
no, these are spikes in hidden services.

