I'm Cthulhu

Author: Cthulhu

Announcements

I stand with Lauri Love

by
2 Comments on I stand with Lauri Love

Further information: http://thecryptosphere.com/2015/07/16/alleged-hacker-lauri-love-arrested-in-uk-us-demands-extradition/

I have known Lauri for a while now, and we have both talked at length of our own struggles, shared some comforting advice and helped one another progress through difficulties as they arise. Today it deeply saddened and enraged me to hear his extradition has been demanded by the United States of Assholes.

Lauri Love is a British citizen. He lives in the UK. Therefore following this assumption, any alleged wrongdoing must fall within British laws. I, therefore, question why the need for extradition must exist when the frameworks for his prosecution in the UK are already in place if he was indeed guilty of any offense. Should he be found guilty of any offence then he should also be punished under British law, which is where he resides.

The only thoughts that cross my mind on why an extradition would be necessary are as follows; the US knows what evidence it has will not stand up to scrutiny in British courts. Protocols exist where evidence gathered overseas can be used against citizens in a UK court, and so it would seem logical to prosecute a person in their home country as it would be quicker, easier and cheaper for everyone involved. Furthermore, to prosecute Lauri in the UK would at least show some respect to British sovereignty and that British laws must rule the actions of it’s citizens.

Instead, the US has again sought to bring a person into their own territory for prosecution. I find this deeply insulting. Unlike many countries in the world, the US attempts to force the laws of its nation upon all people, irrespective of where they reside and assume their laws reign supreme over all others. If the UK or any other country where to make such an assumption, it is likely that the US would refuse to comply or kick up a fuss about the matter seeing it as an insult to them, without regard to their hypocrisy.

So I feel it is time to use this phrase, despite my hatred of it: If the US has nothing to hide in prosecuting Mr Love, why are they not using established protocols for the presentation of evidence in British courts? “Nothing to hide nothing to fear” huh? If the US has material that they feel is in some way privileged and thus cannot be handed over the UK, then this would be a clear violation of Article 6 of the EU Convention on Human Rights. In that case, the extradition request should be denied immediately.

On this matter, I stand firmly by Lauri’s side. So to the US government I would like to remind you that I am not a member of Anonymous, nor do I agree with many things that they do. But I do not forgive or forget either. You should perhaps look into your sins very deeply because new alliances are forming against you daily, and I am firmly within their ranks on this matter.

Announcements

Today we have lost a friend

by
No Comments on Today we have lost a friend

I, like many today, was shocked to hear that our friend Caspar Bowden has sadly passed away. He was a man of passion and conviction, a force in the privacy debate that never waned nor held back. Everyone who knew him can certainly testify to his moral courage to stand for what is right and just, regardless of who he was facing.

I first met Caspar a few years ago and talked to him on many occasions. One conversation that stood out to me is during the Tor Project summer developer meeting in Paris in mid-2014. Little did I know what started as a small matter would soon turn into a pattern of me becoming a surveillance target of the UK government, followed by a campaign of intimidation and bullying. Throughout my ordeal, Caspar was there for me with his vast reserves of expert knowledge, patience and care, like a father to us all. He never cared for what somebody stood accused of or who they were, he was willing to stand there for everybody equally.

He was a friend, a mentor, a teacher. If the time ever came where you had lost all hope in the fight against tyranny and injustice, along Caspar came to pick you up with a new found drive to continue.

RIP Caspar Bowden. You will be missed.

Encryption

I’m a bad person to threaten

by
3 Comments on I’m a bad person to threaten

So, somebody took to XMPP a few minutes ago to threaten my recent investigation into poorly configured hidden services. From the broken English and half the words still being in Russian, I am pretty confident the person is from one of the Russian marketplaces.

I should point out that I am not a good person to threaten. The idea of a threat is to subdue or otherwise intimidate another to your will. As somebody acting on their own identity and with the capability to de-anonymise a lot of the sites out there, I am a pretty poor target for such threats.

So here we go. The Russian market/classified area onion address is:
http://map2rampqm6qxbvz.onion/

 

I feel obliged to point out I have no idea if this was the market making the threat, nor do I care. I hope this serves as a gentle reminder that as somebody doing research and trying to remind people about vulnerabilities in their sites, I am not against the “dark net” sites. I can’t use magic and thus if you have no vulnerabilities, you are safe from me. If I can find your server, so can a capable state agency, and who would you prefer sent you this reminder?

 

So, here is some of the information on the site:

IP: 188.32.214.154
Document root: /home/map2ramp/www/
Server admin: root@work.local3
Internal IP: 10.0.0.13
OS: Gentoo

 

Unmasking this server was rather straightforward and again is down to a misconfiguration on their behalf. This time, however, it was a poorly configured PHP module with the web server. Another reason not to use PHP.

In The News

Shoddy “Dark Web” Journalism

by
No Comments on Shoddy “Dark Web” Journalism

As outlets have a history of removing content where they make some mistakes, I have made a copy of the article below:

http://thecthulhu.com/wp-content/uploads/article_biuk/index.html

The original can be found here:

http://uk.businessinsider.com/dark-web-researcher-discovers-ip-addresses-in-plain-sight-2015-6?r=US

A few days ago I complained that part of the “dark web” problem is that we often see sensationalist claims from media outlets who don’t put the time into proper research. Well, I have one excellent example of this that I was to dissect for some quite key errors.

 

“This specific forum, called the Tor Carding Forum v2, was quietly shut down, but White was still able to uncover its hosting address even though the forum currently appears to be completely shut down. “

The article on Motherboard, along the with the accompanying information on my blog and Twitter, made clear that I seized the unmasking information many months prior to publication. I intentionally placed emphasis on this fact through the use of hashes and including the original tweet, which is dated. I have not in any way been able to recover the IP address of the service since it shut down. The reason that it is published now is precisely due to the fact it is now offline.

 

“Additionally, White found another dark web marketplaceā€™s IP address: A site called Kiss Marketplace, which reportedly offered goods like illegal drugs. The IP address White posted on his website still works if you put it in any browser, meaning that the servers powering this site have ostensibly been unmasked.”

No. Again, this marketplace is now offline and has been for a few weeks according to DeepDotWeb before I published, this was an intentional action. The IP address, therefore, does not work and at this point, is obvious to me you haven’t even tried. The screenshot included on Motherboard was taken by @josephfcox several months back when I first showed him the information. We sat on the information until we deemed it safe to release.

 

“With the IP addresses of these dark web marketplaces becoming public knowledge thanks to White’s recent discoveries, the police will also be able to use this knowledge to shut down the websites if they decide to follow up on White’s findings.”

The police might be able to chase up who rented the server associated with the IP address, but at this point it is questionably useful since it is unlikely there will be remaining forensic data to extract. Furthermore, for it to stand it court it is likely they would need my testimony on how the evidence was obtained. I have made clear that I am totally unwilling to assist law enforcement at this point for how they have treated me in recent months/years.

 

“It appears that criminals are scrambling online to use these new ways to create black markets, but their lack of diligence shows.”

Speak for yourself.

Uncategorized

Another Small Release – TCF V2

by
4 Comments on Another Small Release – TCF V2

Another day, another release. This time, the Tor Carding Forum v2 which to my knowledge has now closed down and so this is another one, like yesterday, that will no longer be of much interest to law enforcement. The other possibility being they have quietly taken it down. Either way, I have no further responsibility to withhold this information and since there are still other major hidden services out there not taking basic security steps (such as forcing external data grabs to go through Tor), please remember I have many more sites to go through yet and nobody is untouchable from naming and shaming.

cthulhu@cthulhu:~$ echo -n “The Tor Carding Forum V2 at hidden service address ba6i2qxajcioadj4.onion and IP address 185.10.57.138 will be seized by the British or Dutch police in the very near future. They have used no magic or special technical ability and Tor is not broken.” | sha1sum | awk ‘{print $1}’
ba993b4a132df12537aab9fde4b297197b92a45a

 

From 3rd February 2015: https://twitter.com/CthulhuSec/status/562549685802774528

Information was still correct up until the time of closure. This fuck-up was thanks to them not routing their external lookups through Tor. They also must not check the logs of their webserver given how often I performed this to validate it and it was never fixed.