The FBI-ICE-Europol seizure page greeted users to Doxbin’s main .onion page. Doxbin and Silk Road 2.0 were part of a 410-site sweep of the Tor darknet.
Last week’s takedown of Silk Road 2.0 wasn’t the only law enforcement strike on “darknet” illicit websites being concealed by the Tor Project’s network of anonymizing routers. A total of 410 sites that sell everything from drugs to murder-for-hire assassins were shut down as part of Operation Onymous—a joint operation between16 member nations of Europol, the FBI, and US Immigration and Customs Enforcement.
While 17 arrests were made, some operators of sites taken down by the worldwide sweep remain at large. One of them—the co-operator of Doxbin, a site that traded in personal identifying information to use for intimidation, identity theft, extortion, or other malicious purposes—has shared details of his site’s takedown with Tor developers in hopes they’ll find ways to protect other users of the network. An apparent distributed denial of service (DDoS) attack against Doxbin may have been used to uncover its actual location, and the same approach may have been used to expose other darknet servers seized by law enforcement.
Log files shared by the Doxbin proprietor, who calls himself nacash, suggest that sites may have been “decloaked” using Web requests intentionally crafted to break Tor’s Hidden Services Protocol. It’s also possible that his site was given up by bad PHP code. In a series of e-mails to the tor-dev list entitled “yes, hello, Internet supervillain here,” nacash, said that his server—a virtual private server running the German hosting service Hetzner—was initially hit by what he believed was a denial of service attack in August.
Read 5 remaining paragraphs | Comments