Japanese police target users of Tor anonymous network

[Ceewan]

I would like to note that I do not "hack" but I am acquainted with a few that do. I don't ask them about their business but I have learned a few things from them. Most "hacking" is done using some form of passive ftp or by using tools and/or malware that open a backdoor for the same. Tor could be used as it a socks proxy but you would have to know what you are doing to configure it right. (I use the Tor Browser myself which is congfigured differently and what is readily available nowadays through the Tor website.) So it is conceivable that Tor can be used for hacking purposes. I am sure the police are not going to be overly forthcoming and even if they were the media is sure to get it wrong.

 

[Gir633]

I guess this event could be catagorized as a "Pink Collar" crime...

When after guys always go where the pussy is, it gets them every time.

 

[JohnLukePacard]

im assuming that this is the same guy when i write this but i may be wrong.

there was stuff on the news around this time about someone who had hacked into some site or server and left messages for people, or who had hacked into somewhere and used that as there place of release to send threatening messages to the police. at the time the media said that the police were having trouble tracking the person as they were 'bouncing their connection through multiple servers' but the tor network wasnt mentioned as far as i remember. this guy was actually hacking.

the way the above story reads, there was just some guy posting messages to boards through tor and he got put in jail for it.

This is basically exactly what I was trying to say just far more succinctly. It's certainly possible he was doing hacking but how the story reads it sounds like the media is just calling a glorified troll a hacker.

Kind of off topic but I was just thinking kids (and I suppose adult children like this guy) who are playing hacking love to be called hackers because it's validation. Real hackers don't want to be known as such any more than, say, a bank robber does. Well that's what I would assume at least; the closest I've ever been to a "real hacker" is reading security books written by retired ones.

 

[BudEWiser]

I' m thinking that the cat would not have played a role in the story at all if he was simply posting messages to forums using TOR.

What many "hackers" do is simple.
Create or borrow a program that will be "useful" to the end user. Something like Perfect Dark or Share for example. Append your malicious code and write a short tutorial including "Don't forget to open TCP port 3953 on your router." Most won't give it a second thought. Because most routers are still using UPnP, you could just write your code to send a request to open the port. The program could also be written to call home to a server. This could be done via tor if it's included in the package (source code is freely available).
People download his software, install it, and it's running on their system. It's new so AV software doesn't pick it up. Software contacts a web page via a regular internet connection that gets the publicly facing IP, and uploads a small txt file so the hacker has a list of IPs he can use.
Once you have gained some control over the machine, even if using it as what is known as an anonymous proxy (to specifically set someone up, rather than it comming from a tor exit node) you can pretty much do whatever you want.
From there it's childs play to set someone up. Yes, it can be done over tor, or even open net, as connections TO the victim machine will mostly appear as noise (such as file sharing) to any ISP.
The important thing to remember when talking about tor, is that anything that can be done over TCP can be done over TOR. Web based email is done completely over TCP connections.

 

[isityours]

i think it is also mainly due to poor phrasing of terms that do not accurately describe what was apparently happening. "using tor" shouldnt imply that this person was employing the tor network to hack, only that he was using it to facilitate his "attacks".

im sure 'hacking 101' was appreciated by many members but with so many upnp enabled devices (esp routers) with internet facing upnp ports (and we are talking numbers in the millions here), it is hardly worth the time and effort to inject a custom build with malware or write 'open port...' into a text file to compromise the people that install your altered version when you can just handshake hundreds, thousands or as many routers as you want and use your bot network to make something for you. also, it seems kinda counnterintuative that a user with enough knowledge to be able to forward a router or firewall port would be so naive as to get their copy of share or whatever from some dodgy source...