- Freedom Host's founder arrested in Ireland for potential extradition on American child pornography distribution charges.
Shows an iframe URL of: http://nl7qbezu7pqsuone.onion?requestID=203f1a01-6bc7-4c8b-b...
Which is live now, and shows:
<iframe frameborder=0 border=0 height=1 width=1 id="iframe"> </iframe>
It would take a long time to walk through what's being done, and even that isn't likely to be helpful. There's a lot of Array, Int32Array, and ArrayBuffer allocation and retrieval. It's possible one of the larger strings is for injecting code into memory. It doesn't look at the guid stored in the cookie or the query param. If it is a memory injection, your guess is as good as mine.
Original iframe w/ ?requestID=<guid>: http://pastebin.com/HcGRQk2N (with HTML)
content_1.html: <connection reset> (only used for versions of Firefox less than 17)
content_2.html?????: http://pastebin.com/t9x4GHr1 (same as content_2.html)
error.html: <connection reset> (it's likely meant to fail)
 http://pastebin.com/gVna4pi2 (NB: it gets modified before used)
It includes a hexdump of the shell code, showing it's building an HTTP request to somewhere. So it's likely identifying Tor users through non-Tor connections.
Anyone know what that might be, and who has compromised freedom host?
This could be faked, but it's interesting on its own.
That this appears to be so blatant suggests to me that it has nothing to do with surveillance at a state level.
Even if it isn't outside the realm of possibility, I don't think it's plausible for an organization that's supposedly powerful enough to monitor and archive all domestic and incoming electronic communication, when there's an entire ecosystem of hackers and skiddies out there anyway who do this kind of thing elsewhere all the time. JS in an iframe? XSS? Why would they even bother?
Edit -- turns out it might actually be the FBI...
Perhaps he doesn't want to be hunted either directly implicating the US for the US's work.
Seriously, bring something to the discussion if you are going to be asking others to do the same.
By the way the person who started the site linked is being prosecuted by the DoJ, no doubt with others involved being hunted down as well. I'm sure there is no implications to any of this.
FBI, who happens to work as a conduit for the NSA, along with any number of the other acronym boys? Or the corporations they hire while handing out legal immunity for the actions they are hired for? Or Google and others who also accept payoffs and immunity for helping monitor the acronym boy's targets?
How is the various crony corporations publicizing these deeds as services not relevant? This is the subject of exploits being used on users of a host whose owner was arrested, correct?
I am readily awaiting a more logical answer than another contracted service like Endgame and their pool of exploits they are so ready to use on the non legally immune citizens of the world. Or companies like Google for going along with the dragnet monitoring and exploitation of dissidents.
All of them are connected by virtue of payoffs, insider trading, market manipulation. None of it is irrelevant.
"There are even target packs for democratic countries in Europe and other U.S. allies. Maui (product names tend toward alluring warm-weather locales) is a package of 25 zero-day exploits that runs clients $2.5 million a year."
Endgame's product list was not marked classified, a product meant for distribution only to the likes of the NSA but peddled amongst fellow for-profit "whitehat" in arms. Yet another company with immunity to laws others are hunted and imprisoned for.