French police seized the Tor relay server in the WannaCry attack – Penetration Testing

According to foreign media reported on June 11, the French cybercrime investigation agency OCLCTIC in the recent investigation of extortion software WannaCry attack successfully seized a server running two Tor relay nodes. At present, the server has been seized by the French police seizure.

It is reported that the server is hosted by the Online SAS company, and its two Tor relay nodes can act as Tor entry protection nodes (that is, the key components of the Tor routing used by the user to connect the anonymous network). In addition, the French radical activist Aeris, who manipulated the server, revealed the police action to Tor Project by mail on May 15 and asked other Tor operators to revoke the trust of the two relay nodes.

On May 12, the flow of a large French business facility in France led to the two Tor relay nodes, which were infected with the WannaCry sample of the company’s equipment while communicating with the command and control server hosted on the Tor network. Therefore, it is highly likely that the server was used as the first attempt of Tor communication.

According to people familiar with the matter, Tor servers are generally configured to record or rarely record user details (eg run time and status indicators) for privacy reasons. If it was not for Aeris to change it to the default configuration, the French police would most likely have no chance to find on the seized server. Aeris confirmed that dozens of other Tor nodes in France immediately disappeared after the WannaCry attack. Currently, he has provided French media Bleeping Computer with the list of 30 other servers that the police are investigating.

The post French police seized the Tor relay server in the WannaCry attack appeared first on Penetration Testing.


Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do

Você está comentando utilizando sua conta Sair /  Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair /  Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair /  Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair /  Alterar )


Conectando a %s