Peter Sunde: dark.fail domain was hijacked through fake court order (opens in new tab)

(twitter.com)

38 pointsylere5y ago9 comments

9 comments

8 comments · 3 top-level

ylereOP5y ago· 5 in thread

dark.fail used to host up-to-date links to many major darknet sites hosted on the tor network. The attacker kept the site online with minor changes and now anyone who visits these links will have the connection go through MITM proxies and their credentials stolen. It's difficult to understand why namecheap hasn't at least shut down the domain after days of this going on.

codsane5y ago

Very unfortunate that Namecheap isn’t cooperating. Not really sure what the hold up is, some say it’s related to the Namecheap vs. Tucows lawsuit [0], but realistically it wouldn’t make much sense to do something like this out of spite. I wonder if they’re worried about potential legal obligations of turning over such a “controversial” domain?

[0] https://domainnamewire.com/2018/11/08/namecheap-and-tucows-s...

viraptor5y ago

The alternative is that they keep serving that controversial domain instead, which likely isn't a good position either.

ryanlol5y ago

It can be slow and difficult to authenticate a court order.

Returning the domain to it’s previous criminal operators might not be the best idea either. Other very similar sites have faced issues with the DOJ.

ryanlol5y ago

This sounds like something actual law enforcement would do.

Why should namecheap shut down a potential law enforcement operation targeting darknet criminals?

creatonez5y ago

I think they should protest. Not all of the contents made accessible via the page was even illegal, and the page itself is not illegal. Law enforcement shouldn't expect to always get more surveillance tools than they need.

1 more reply

g_p5y ago

If anything, hopefully this highlights the weaknesses that many digital systems have, to intervention from those in the analogue world (like courts), who seem blissfully unaware of the ease with which documents like this can be forged. And similarly for those willing to accept such unauthenticated documents and blindly trust anything that vaguely looks official and arriving by email.

Similar processes are in place for other (very systems, and paper based processes don't protect against this. We have the technology to avoid this (digital signatures), and yet they are not used!

A good reason to ensure that systems are built securely on the assumption upstream providers (including DNS) can be compromised by an adversary, regardless of how much you may think you trust the provider. If someone cares enough, they'll get certificates issued under your domain by doing something like this. Adding more lines of defence certainly makes sense to prevent this - don't let DNS, and ultimately emailed bits of paper, become your single point of failure for confidentiality in a system!

shakna5y ago

> BONUS 3: If @Namecheap is claiming the court order is correct, they must believe that the German court has themselves put up a phishing site.

There'd be nothing surprising about this. It isn't a point in favour of the court order being "fake".

When the takeover of Hansa [0], a collaboration between German and Dutch LE, happened they did actually alter the code of the website in ways identical to phishing. Collecting usernames, passwords, and location information.

[0] https://www.wired.com/story/hansa-dutch-police-sting-operati...

j / k navigate · click thread line to collapse

9 comments

8 comments · 3 top-level

ylereOP5y ago· 5 in thread

codsane5y ago

[0] https://domainnamewire.com/2018/11/08/namecheap-and-tucows-s...

viraptor5y ago

The alternative is that they keep serving that controversial domain instead, which likely isn't a good position either.

ryanlol5y ago

It can be slow and difficult to authenticate a court order.

Returning the domain to it’s previous criminal operators might not be the best idea either. Other very similar sites have faced issues with the DOJ.

ryanlol5y ago

This sounds like something actual law enforcement would do.

Why should namecheap shut down a potential law enforcement operation targeting darknet criminals?

creatonez5y ago

1 more reply

g_p5y ago

Similar processes are in place for other (very systems, and paper based processes don't protect against this. We have the technology to avoid this (digital signatures), and yet they are not used!

shakna5y ago

> BONUS 3: If @Namecheap is claiming the court order is correct, they must believe that the German court has themselves put up a phishing site.

There'd be nothing surprising about this. It isn't a point in favour of the court order being "fake".

[0] https://www.wired.com/story/hansa-dutch-police-sting-operati...

j / k navigate · click thread line to collapse