- Apr 25, 2013
- 5,355
Thomas White (@CthulhuSec) warned users to steer clear of his Tor servers after he lost control following what he’s called “unusual activity.” In a post on Tor mailing list Thomas said,”I have now lost control of all servers under the ISP and my account has been suspended.” The entire signed message is given below :
Read MoreDear all,
Many of you by now are probably aware than I run a large exit node
cluster for the Tor network and run a collection of mirrors (also ones
available over hidden services).
Tonight there has been some unusual activity taking place and I have
now lost control of all servers under the ISP and my account has been
suspended. Having reviewed the last available information of the
sensors, the chassis of the servers was opened and an unknown USB
device was plugged in only 30-60 seconds before the connection was
broken. From experience I know this trend of activity is similar to
the protocol of sophisticated law enforcement who carry out a search
and seizure of running servers.
Until I have had the time and information available to review the
situation, I am strongly recommending my mirrors are not used under
any circumstances. If they come back online without a PGP signed
message from myself to further explain the situation, exercise extreme
caution and treat even any items delivered over TLS to be potentially
hostile.
The mirrors in concern are:
https://globe.thecthulhu.com
https://atlas.thecthulhu.com
https://compass.thecthulhu.com
https://onionoo.thecthulhu.com
http://globe223ezvh6bps.onion
http://atlas777hhh7mcs7.onion
http://compass6vpxj32p3.onion
77.95.229.11
77.95.229.12
77.95.229.14
77.95.229.16
77.95.229.17
77.95.229.18
77.95.229.19
77.95.229.20
77.95.229.21
77.95.229.22
77.95.229.23
77.95.224.187
89.207.128.241
5.104.224.15
128.204.207.215
I will do my best to keep this list updated on the situation as it
develops. If any of the mirrors or IPs do come back online, I would
welcome anyone who is capable of doing so checking for any malicious
code to ensure they are not used to deploy any kind of state
malware/attacks against users should my theory prove to be the case.
At this moment in time I am under no gagging orders or influence from
external parties/agencies. If no update is provided within 48 hours
you may draw your own conclusions.
Regards,
T