UPDATE: "But even though they are running thousands of new relays, their relays currently make up less than 1% of the Tor network by capacity. We are working now to remove these relays from the network before they become a threat, and we don't expect any anonymity or performance effects based on what we've seen so far." So hopefully this gets nipped in the trollish bud before anonymity is affected."
What was the maximum capacity over the entire attack?
Even if you held majority for just an hour, it seems you could still build a useful database of identities and their usage. I was trying to imagine how much just an hour Tor snapshot might be worth to somebody.
No, for two reasons. 1) new relays are capped at a low bandwidth for the first few days and 2) relays cannot become guard nodes (and therefore cannot identify real users' IPs) until they have been stable for at least 8 days
There is a clear explanation in the same thread as to why LizardNSA's actions of adding bandwidth to the network isn't good, and in fact, potentially dangerous (not very dangerous at this moment of writing):
The kind of person whose sense of moral outrage gets activated by such nonsense bullshit doesn't know what the word "miscreant" means, and by not mentioning "terrorists" they're just confusing their target audience. If you don't say "terrorist", how are we supposed to know you're the good guys?
"> Only hackers, miscreants and pedophiles use Tor." you must be a full blown moron. Tor is used by journalists, bloggers, gov employees, chinese dissidents and all sorts of ppl in peril. go shoot yourself
I'm always a little bit fascinated by these sorts of attacks.
On one hand, I guess I understand (yet don't condone) the motivation for the 'vigilante' justice they're trying to do. On the other, I really don't understand what benefit you can get from attacking Xbox, then Sony, and finally Tor.
When I think of the people doing this, I tend to think of them as understanding the importance of Tor and the benefit of anonymity it brings. However, here are people doing a DDOS attack (obviously illegal) trying to bring down the biggest illegal goods marketplace on the internet.
Maybe I'm alone in this, but outside of attention, I really don't understand any logical reason for this happening, and that really makes me dismiss any message they may have. I can comprehend being motivated by anger or some event, or just being a douchey company, but I just really don't understand what anyone besides the US Government would gain by attacking Tor.
“Microsoft and Sony are fucking retarded, literally monkeys behind computers,” Omari said. “They would have better luck if they actually hired someone who knew what they were doing. Like, if they went around prisons and hired people who were convicted for stuff like this, they would have a better chance at preventing attacks.”
“If I was working [at Microsoft or Sony] and had a big enough budget, I could totally stop these attacks,” Cleary claimed. “I’d buy more bandwidth, some specific equipment, and configure it correctly. It’s just about programming skill. With an attack of this scale, it could go up to the millions. But that’s really no problem for Sony and Microsoft.”
"If I get caught, then I get caught. Maybe I'll end up serving time, or maybe I'll end up helping companies, help them get better I guess."
Well based on what they did, they obviously can't advertise their work. They also won't have any interest in working for SV companies. The only kind of job they are after is in the black market (organized crime and intelligence).
This. Another possibility I've considered is that they obviously wouldn't be able to get a job at any SV company, but perhaps when applying for the Chinese NSA, maybe hacking Sony is something you can put on your resume?
I guess I'm not sure, but my guess is there could be a few entities outside the US that would appreciate that kind of skill.
A plausible example is hiring a team to DDoS another State-sponsored infrastructure from outside of U.S. soil. Or hire some elite crackers to write custom software for them.
You still get investigated even if you are a contractor. I know many of them firsthand, and they tell me that contractors are put under additional scrutiny, actually. You need a high-level clearance for this sort of work done on behalf of the government, regardless of your employer.
Glad to know, but I still feel some of contract works require high-level clearance or background check.
If they just need a crack tool, they just need an agent to pay someone to write the tool and that doesn't give away information. Maybe I am spoiled by TV shows how they contact elite hackers in the black market.
Yeah, there's a lot more bureaucracy involved. I know people who used to work at these sorts of places. It's a wonder that anything gets accomplished, at all.
Apparently Kim Dotcom gave them 3,000 MegaUpload accounts to stop. After that they claim to have halted the attacks. They have somewhat of an incentive now to DDoS internet services and wait to see if someone will give them goodies in exchange to stop this.
> I really don't understand any logical reason for this happening,
Maybe it is the federal government trying to bolster their case for stronger control of the internet with a false flag operation.
For the record I'm not a conspiracy nut, but at the same time, given what we know about our government now and in the past, I can't completely dismiss the possibility.
Knowing the people behind the attacks personally, I can ensure you this isn't the case. They're simply kids with too much free time and a yearning for attention.
If you're curious about validating this first hand, some of the members are active over at digitalgangster.com to give you an idea of the level of sophistication.
The Internet was designed to withstand a nuclear attack and due to people intent on centralizing services, we have services taken down by nerds. I hope Tor ends up being resilient because it's also used by folks in oppressed countries.
Because sometimes desk jockeys within the IT world put on their blue collar, settle for a mediocre salary, grow 4-6 pant sizes, and think "this is good enough"
Up until new blood walks up, points out a flaw, and fucks shit up because the "senior" desk jockey can barely squirm out of his $1000 computer chair to reach his keyboard.
That's just my take on it, if Lizard Squad states that it has taken them minimal effort to setup these attacks; then what's stopping a larger organization from doing such things?
They claim a "0day", which may just be them coopting the term from real hackers, but may also be a legitimate attack that gets around the approval period.
But it appears this is all running from Google's Compute Engine. They can easily shut it down, although they're probably using stolen credit cards, so there's no real traceability there.
Have they taken any action that would be cause for a shutdown? Does Google not allow you to run Tor relays on their service? Genuine questions, I'm not familiar enough with the service.
I have no proof obviously, but I somehow think that those 3000 new GCE instances have not been registered according to the TOS of Google, most importantly in regard to real name and accountability policies.
You'd think Google wouldn't want to give away free computer resources to these 'hackers' since the banks will almost assuredly take back any mis-gotten money from stolen credit cards.
They attack the PSN and XBox networks. Kim Schmitz gives them 3000 vouchers for Mega to save christmas (what?) and/or the world. Then they claim, he's the reason they stopped the attacks.
And then they target their next victim.
My point is: one might not like Kim but he is way too smart to expect such a barter to be successful.
So, given his own background, what makes him this? A stupid hero? Or is there a much smarter option?
It was a chance to inject Mega's name into a big story. Before, the story was "Hackers steal Christmas." Now, the story is "Mega saves Christmas."
Also, he probably wanted to play some video games and it's not like Mega vouchers cost him all that much, particularly considering this is basically an advertising expense.
Not only that but he could gather information on the use of those accounts. If they are ever used recklessly then he potentially has information about the group, giving him leverage with authorities. A very crafty play indeed.
Seriously, he just ended up passing the hot potato to someone else. That someone else is now Tor. I think I would've preferred to let Microsoft deal with the DDoS (they have the means).
Giving in to criminals's demands really ends up making things worse in the long term, whether it's bank robbers, CryptoLocker creators or the owners of botnets that can DDOS sites.
You say that as if these guys wouldn't have touched Tor if Kim Dotcom didn't intervene. This is just what they do, whether or not they were given the vouchers. If not today, eventually they would probably have set their sights on Tor anyhow.
> Then they claim, he's the reason they stopped the attacks.
Attacks have not been stopped though. PSN is still down (or was this morning) and Xbox Live is still under DDOS, it's just being able to mitigate it better than yesterday.
The thing I fear the most is cyber retaliation. So many of us have accounts on the Internet that matter to us day to day. If they are reading this (I am damn sure they are), and if they don't like you, they will try to take over your accounts and make fun of you. Fear is the most destructive and most effective weapon and such weapon is most terrible when targeting at individuals.
But I still have to drop a line: please arrest these "hackers" / "crackers" / cyber criminals.
Well, you never know. They certainly can target you because you are working for X company and X company sounds awesome enough to exploit and place on the front page.
So from what I've read so far they are trying to deanonymize TOR users by having a large number of relays in the network. This isn't an unknown attack vector. But surely the NSA could easily do the same. What's to say that half the relays aren't already NSA owned?
Does this mean that if agencies from different countries get into an arms-race trying to take control of the network in such a way, it would actually make tor stronger?
You make me wonder if there is yet another way of compromising TOR, to ask each intelligence service to contribute a small fraction of their capacity to TOR so that the vast majority of the nodes is owned by some agency, who then exchange data through some back channel. Harder to detect and with far more resources than any single agency could provide.
Or is the NSA so large that it dwarfs the resources the rest of the world could contribute?
I don't think its out the realms of possibility for any intelligence agency to set up a LOT of servers at different ISPs with different credit cards and account owners.
The problem with that approach is that it need to be done very quietly, slowly, and secretly, while being large scale.
If a few hundred thousands nodes or a few massive large nodes suddenly popped up, then the admins of the tor directory servers (or some security research) would start asking question. It wasn't that long time ago that a rather large cluster came into discussion because it looked suspicious, and the situation got resolved a few days later.
Then it need to say quiet since nodes require up-time in order to be weighted favorable compare to other nodes. During this time they will generate traffic, noise and like a few abuse letters. That mean the ISP will be in communication with the intelligence agency, which in turn either require lies which could fail or agreements which can leak.
Simply put, it is likely easier, more cost effective and less fragile tap the back bone ISP network and sort out tor chains when needed.
True. But if you do it over a long period... TOR has been around a while now. How can you possibly vet all owners? Surely most relay owners would prefer to remain anonymous.
Yes, I'm sure there are relays being run by the NSA and other governments. But people monitor the creation of new relays an attempt to determine who is running them. It's not a simple task to fool everyone.
Since a large part of initial Tor development was funded by the US Navy and then DARPA, I think it's a safe bet that the NSA et al. have been doing this ever since the first public release.
Kim Dotcom gave them 3000 Mega accounts yesterday, and now they seem to have created 3000 relays. Is the number just a coincidence, or are they doing it through those accounts somehow?
As grateful as I was to be able to actually play the games I received on Christmas, it is hard to find anything positive longer term with respect to paying off DDOS attacks (though I'm assuming that this more or less happens constantly away from public view).
It's unfortunate that they're attacking Tor, but at least this type of attacks is being demonstrated now by someone presumably only out for lulz, rather than potentially by more malicious entities in the future.
How do you honestly know that? Everything can be pseudonymous or anonymous and behind several layers of indirections. Real names could be used so dox-ing can reveal "something" but in effect could simply be a steganographic ruse.
Given the resources of large intelligence operations funded worldwide, would can you be sure one or more aren't really behind Lizard (or LulzSec or Anonymous even)?
I didn't catch the interview, did they mask the voices? Presumably the filter they would use could be undone fairly easily, in the same way that the "swirl" filter paedophiles were using got them caught [1].
The way in which these people are acting right now is just asking for a mistake. I would guess they have made some huge opsec mistakes already. There's a supposed dox on them already (find it yourself on Twitter).
Calling them script kiddies is not productive either. They're hackers by the now commonly accepted definition as used in the media. That ship sailed ages ago, but if you want to bicker about what to call them the correct term is probably something along the lines of cyber criminals.
I don't usually care for the meaning of "hacker" (tinkerer or pirate) but in this case calling them "hacker", even in the mainstream meaning of the word is giving them too much credit.
They're not hacking anything any more that 4chan users "hack" websites by flooding them, there's no "hack" involved in any meaning of the word. I'm sure they love being called "hackers" by the media.
So yeah, I'm definitely in favor of calling them script kiddies. It's much easier to understand, even for a mainstream audience. And I assume they'd find the attention they're getting less rewarding if they were called script kiddies everywhere...
Complaints about the terms are 'no true Scotsman...' arguments. DDOSing and Botnet attacks are crude, brute-force attacks, but finesse has never been a requirement for a good hack - it's the icing on the cake but ultimately it's the result that matters. Being pompous about terms just comes across to the general public as nerd rage, much like gun aficionados whining about terminological niceties following reports of a mass shooting incident.
> Complaints about the terms are 'no true Scotsman...' arguments.
They really aren't.
> Being pompous about terms just comes across to the general public as nerd rage, much like gun aficionados whining about terminological niceties following reports of a mass shooting incident.
Words matter. If some fools are caught with a Molotov cocktail and the media starts reporting that they had a "nuclear weapon" because gasoline contains some radioactive carbon-14, the sane people are the ones telling anyone who will listen how stupid that is.
Calling those who maliciously break shit "hackers" is like calling those who drink too much "Irishmen." It's an offensive misuse of the word.
Words matter, but that doesn't mean one group gets to establish the definition that suits itself. 'Hacker' has been used in popular culture to include malicious computer activity since the 1980s, notwithstanding the existence of the jargon file, and folks such as yourself have been grumbling about that not being 'the true meaning' just as long. The fact is that you don't own the word, and the negative meaning has at least as much common currency as the nerdy one.
Words matter. If some fools are caught with a Molotov cocktail and the media starts reporting that they had a "nuclear weapon" because gasoline contains some radioactive carbon-14, the sane people are the ones telling anyone who will listen how stupid that is.
Wildly disproportionate analogies are not a good way to get taken more seriously.
> 'Hacker' has been used in popular culture to include malicious computer activity since the 1980s
I don't think his point is that the term shouldn't be used in a negative way, but that the negative way is more along the lines of someone who breaks in to computers, not just floods them with a bunch of packets. Is someone who pours water on a computer and fries the circuits a hacker now too? Petty vandalism just doesn't seem the same as actually gaining unauthorized access, which is how I've always understood to be the popular definition of the word.
I'm old enough to remember when 'hacker' meant exactly that. Now its hip to be called a hacker; does that change its meaning? What does it mean to be a 'gangsta'?
Languages change. That doesn't mean its offensive when somebody still uses the old meaning, because its how they grew up using it.
Ask anyone under 30 what they think a Phreaker is I bet they wouldn't have a clue, "phone freak" even the word freak these days may be misinterpreted too since it meant someone really into some hobby.
Maybe we should call this script kiddies "scriddies" since it seems the average Joe and TV/newspapers like a single catchy word.
Sure, languages change, but not in a vacuum. If the media starts using the word "businesswoman" to mean an infertile woman, the jackasses are not the people who object to that usage.
Well, it's probably a little late to save the term. Job descriptions for devs routinely state they are looking for "hackers" with Ruby. Not to mention, we're commenting on a site called "Hacker News", which features more posts about NASA and the latest JS framework than anything "Hacker".
Words do matter, but some are abused to a point wherein they take on new meanings; grating as that may be for those who knew and appreciated the original meanings.
I tried to tell a group of friends yesterday that the N Korean internet could have been brought down by script kiddies. When asked what that meant, I said "hackers" and everyone shook their head in agreement and said "ahh, hackers."
Hackers is just a generic term these days, no use getting upset about it.
When asked what a Script Kiddie was, you could have just said they figured out how to press the Refresh button faster than most other people.
Calling them Hackers is giving in, as is looking at it as "that ship has sailed". Language is fluid, it's always changing, and all we have to do to keep the term Hacker is to keep correcting people who mis-use it.
Did Electrical Engineers give in and start calling it "sodder"? No. They correct you when you mis-pronounce the word solder. I argue this is no different.
Nowhere near this size though, and those selling bigger attacks on e.g. darkode would charge extra for the heat. If they're paying for the attacks, they must be paying closer to $1000 per hour.
Lizard Squad has access to a large botnet which they used to DDoS Sony and Microsoft and now to create a large number of TOR relays. It's not hacking. It's not even being a script kiddie.
They appear to be using Google Compute instances (based upon the IP addresses) to create TOR relays but since they are not exit nodes I'm not really sure what they are hoping to achieve.
Google will probably shut them down quicker than the consensus gives them those. They are tiny; it's an attempted Sybil, but it's worse than GCHQ's one that used Amazon nodes.
I'd be curious if this would be considered against the google compute engine ToS.
If so, it'd be simple for Google to wipe them. Otherwise, I have no doubt the tor directory authorities will be keeping an eye on these for malicious activity and will mark them as Bad Relays if any is detected.
This group has been DDOSing game networks for quite awhile now, a year at least? Are they just super skilled at covering their tracks, are they not being investigated, is federal law enforcement not good at tracking this down yet, or what? I don't understand how a major crime spree is being conducted in public and gleefully boasted about for this long.
IIRC LizardSquad did allegedly "disband" awhile back, I think when some heat got applied to them, but I don't know. They were repeatedly DDOSing the servers of a game I play so I started following their exploits. I do hope law enforcement catches up with these guys sooner rather than later.
When law enforcement caught up with Sabu and turned him, Lulzsec didn't stop, they actually got worse: they went through a period of unusually high activity, with Sabu at the reins, and the FBI at his reins.
Perhaps the members of LizardSquad should reflect on that.
> I do hope law enforcement catches up with these guys sooner rather than later.
Me not. Sony and MS need to be taught that online DRM is a massive customer experience clusterfuck, and they will only listen and learn one way: hit 'em in their pockets. Only when enough customers are angry and demand refunds that it hurts their bottom lines, then maybe online DRM measures will be finally allowed to rot in hell.
The solution is to vote with your wallet and encourage others to do so as well, which will hit their bottom line. Attacking their network is basically acting like a petty thug, and thugs can rot in hell. Besides which, DRM-free solutions already exist for you: support developers who release their games without DRM such as via Humble Bundle, etc. Or just pirate whatever you want since you're apparently okay with illegal activity already.
Maybe I missed it - where do they say they're DDOSing because of online DRM?
And if they are, how does online DRM justify illegal activity? I'm not going to flood someone's shop so they can't open for business because I don't like their product.
If you don't like it, don't buy it, and educate consumers on why they shouldn't buy it either. Boycotts are the most direct way to harm a company's bottom line.
If boycotting and consumer education worked, we would not have this discussion. Console and title sales are through the roof, despite tech-savvy people and press all over the world calling bullshit on DRM.
There's some successful boycotts, when there's a hell of a lot more on the line than just the inability to play COD. They're not doing anything illegal, and they don't need to.
> Console and title sales are through the roof, despite tech-savvy people and press all over the world calling bullshit on DRM. It's time for more drastic measures.
It's never time for more drastic (illegal) measures if someone provides a product you don't like. They're providing a shitty "feature" that frustrates you when your shitty internet connection is down. If it frustrates you so much, don't use it, get your friends not to use it, blog about it, post about it, spread the word. Look what happened to Sim City last year.
That is the point .. the tor people said we are the USA and we will play the PIG movie World Police style. Just as with them working with the FBI, NSA and NRO.
That kind of attitude is why we have people denying global warming. Terms have meaning, allowing idiots to try to muddy the waters hurts all of mankind. It has nothing to do with "Lisp nerds from MIT".
The whole argument of what "hacker" means in tech circles versus what it means to the mainstream is beyond a dead horse. That's like trying to make the word "gay" mean "happy" again.
You and a whole lot of other people, until they see something presenting it.
I had to explain the shift to my kids once. It was sort of interesting after that time. We notice it, and they will often comment on something picking up a new meaning now.
That suggests to me a lot of people remain unaware of "overloading" words in that way.
The word "prescriptive" generally refers to an approach to language, such as found in grammars, discussed by grammarians, etc. Not to languages themselves, which are neither descriptive nor prescriptive.
There are very much prescriptive languages. French, for example, is prescriptively maintained by the Académie française and the Office québécois de la langue française.
English isn't one, and all the hurfing and durfing in the world won't change that because a techie doesn't like the word "hacker" being used in a way despite his...wait for it...proscription.
Please understand the problem. Calling them "Hackers", or "Black hats" or whatever fucking term is NOT the issue.
When someone has the possibility of doing a Sybil attack, no matter what they did before, you take that shit seriously. As of now, we don't know if the goal is to really test their 0day (which, if it's a Sybil isn't exactly 0day) or just popping up 3360 exit nodes to give "free" bandwidth.
Given that they've yet to do anything beyond DDoS attacks that aren't even complex in nature - the odds of them having a 0-day or any attack of any sort is pretty much 0. This is literally one or more teenagers "doing it for the lulz" and the attention.
Do you know this? It seems obvious to me, but calling it a "0day" suggests that maybe the attack is (at least marginally) more sophisticated than the obvious correlation attack. Not to mention, as far as I can see, we have no idea.
Yeah I'm sure some rando bitch named Kate from gizmodo knows about DDoS. Any fucking moron can read twitter, thanks for "writing" an article about __nothing__. Seriously this site has zero standards compared to how it used to be.
I like lizards in general, but I am not too pleased about lizards that are hacking. It is, quite frankly, a disgrace.
Please be aware that the lizard community as a whole is appalled by these circumstances.
I hope that this whole bag of shenanigans does not prejudice your fine selves against lizards - whether they be lizards of the past, present, or future.
This is fun to watch, even funnier when you realize that any talk around this is just that - talk. But, I'm intrigued for the future, this type of hacking is starting to make its comeback, and that's a cute thing.
I guess it can be won back if you convince people that calling programmers hackers and hackers crackers is hip now. Once we achieve that we can focus or more serious issues like naming Linux GNU/Linux :)
English exists in its current state because it is constantly changing. Adding words, changing the pronunciation/spelling and even changing the definitions of them. You aren't concerned with correctness you're concerned with image and a pet word.
I find it interesting that you know me well enough to know what my innermost thoughts on a matter are.
Tell me, are you okay with this website being associated with illegal activity because the media is lazy and you'd rather just shrug your shoulders than correct that misconception? How would you like that used against you in real life? You're a member of a scary "hacker" forum, after all.
Words matter. Take this attitude when we're talking about "kek" vs "lol", not when we're talking about something that's being used to denigrate entire groups of people.
I know your thoughts on the matter allow for changes because you aren't talking to me in Old English which means you are concerned with changes to specific words only AKA pet words. Then you reply with a post about how it causes image problems and confirm my original reply was correct.
>Tell me, are you okay with this website being associated with illegal activity because the media is lazy and you'd rather just shrug your shoulders than correct that misconception? How would you like that used against you in real life? You're a member of a scary "hacker" forum, after all.
I would explain that hacker has multiple meanings and be done with it.
>Words matter.
Sure and when it comes to meanings majority rules and the majority made up their mind over 15 years ago. You're not just in the extreme minority that uses it for a different meaning. You're in the extreme minority of that extreme minority that still cares that other people use it for the newer meaning.
This is the media we're talking about. You think your (or anyone's) explanation will be taken at face value, or be taken as a member of an outgroup trying to save face?
I'll give you a hint, it's the one that outrages the most people. You don't explain away misconceptions like that.
Whatever. You may be okay with being lumped in with criminals. I am not. I will continue correcting people that make this mistake regardless of how much it annoys them to be wrong.
This is our fellow english speakers we're talking about. Unless you some how think everyone else is incapable of understanding some words can have multiple meanings then there is no concern. I for one am confident most people can understand that.
>You don't explain away misconceptions like that.
I've never had any problems. Maybe it is just your delivery?
>I will continue correcting people that make this mistake regardless of how much it annoys them to be wrong.
The thing is unless you believe English should be static(and as we've already discussed you clearly don't) it isn't them that is wrong it is you.
Sony - had this coming - fake security experts said the NK could do nothing - Now look - Ha! they stole the Admin password Ha! it was "lena" but we will kill their "NK" internet and stop them cold from further take-downs. Ha Ha he he ho ho ho..
https://lists.torproject.org/pipermail/tor-talk/2014-Decembe...
If you use Tor, I would follow the suggestion by another member of the mailing list [1], simply add to your torrc file:
That will disallow using any US nodes, which works since all of LizardNSA's nodes are currently in the US.[1] https://lists.torproject.org/pipermail/tor-talk/2014-Decembe...