To view the list of links, please access this site using Tor Browser.
If you’re seeing this message, access is restricted for regular browsers.
Already using Tor? If you are sure you’re currently in Tor Browser, proceed to our .onion version:
BidenCash specializes in payment card data, commonly differentiated in cybercrime circles as either CVVs (the data needed to make fraudulent e-commerce purchases), dumps (the raw magnetic strip data needed to manufacture fake or “cloned” cards), or fullz, sourced from a number of “bases” (databases).
BidenCash listings vary in level of completeness, with most including the card’s BIN, security code, expiry date, and type (e.g. Visa or Mastercard, credit or debit). Some also include associated PII such as the DOB, SSN, phone number, email and physical address of the victim. BidenCash has released several free bases on underground forums as promotional material.
In spite of the use of his name and image, it is highly unlikely to be associated with the president of the United States. In fact, it is probably a reference to Trump’s Dumps, a predecessor that used former President Donald Trump’s likeness and was estimated to have made about $4.1 million before being seized by Russian authorities in February 2022. BidenCash was launched later that month.
Tor is a widely used system that enables Internet anonymity. However, Tor is known to be vulnerable against autonomous systems (ASes) that can observe a Tor user’s traffic between the Tor client and guard relay and also between the exit relay and destination. In this paper, we show that these attacks are just the tip of the iceberg.
We present RAPTor, a new set of attacks on Tor that leverage the asymmetric and dynamic nature of Internet paths. Furthermore, we have built a Tor Path Simulation System that quantifies the impact of RAPTor on Tor security and a Traceroute Monitoring Framework that detects and analyzes RAPTor. On a whole, our work highlights the dangers of abstracting network routing in analyzing the security of anonymity systems.
So yes, the Tor project did implement a specific patch to mitigate the issue but given how the threats has evolved, and how such attacks are becoming more feasible for adversaries, it may be time for the Tor project team to implement a more proper patch to this.
I was the original author who brought up the RAPTOR attack /post/12b9f500f87bba5c3a0d and on few other forums too after which it got attention from multiple places. I'm learning now it has reached YouTube and DoingFedTime. The video of whom explains pretty much everything I outlined in my post almost word for word.
The only reason it got as much attention was because I noted the recent RapTor operation name did remind me of the RAPTOR attack from way back when. That's why in my post I focused on that specific attack as example of a viable attack today without the need of complex zero days. It never was said these marketplaces had been seized this way although I wouldn't be surprised as LE does like to fiddle on AS level. There are many more ways to deanon hidden services besides that but the RAPTOR attack has always stayed with me as unpatched.
Since market/forum admins haven't heard of this (and subsequently haven't deployed countermeasures) or darknet users en masse, it is treated as being novel which it isn't. Everyone who has experience in routing knows very well BGP is awfully weak protocol with no real fix only patches like RPKI (and then still).
The biggest take away from my post should have actually been how local adversaries can become global overnight as seen in this and other operations. Majority of traffic is within 14 Eyes countries and if they work together... this breaks Tors design and threat model. A core issue whom requires resolving or rebuilding entirely how Tor works before you can patch things up on AS level. But saying that will probably get the video taken down, swept under the rug by Tor Project (we can't fix this too much work) or the worst of all - less views and likes.
I'd offer alternative explanation for their actions. They don't have interest to fix it. Take a look at the DDoS on the Tor network. How many years before they actually introduced any options to fight at lowest level at all against introcell attacks. I'd definitely say their whole approach has been rather odd over the years about certain issues. Don't expect anything from them on the RAPTOR or breaking their model issues either.
I'd have to disagree there. Different types of attacks exist not only interception but BGP hijacking for example. Some of them absolutely anyone can do and with small budget too. Once you learn about BGP you will understand security is not a priority property of the protocol. Some attacks can go undetected you only hear about it when adversaries are caught. By adversaries understand not only governments but hackers too. When they used such techniques to steal user cryptocurrency from a South Korean (if I remember correctly) exchange.
It actually wouldn't be hard. Speaking about laws there are cooperation agreements and some countries like Netherlands have more freedom in the operations they run including offensive ones. That's why you see them everywhere mainly because no one else can do it as much <legally>. Countries cooperate what the US LEO can't do legally their partners technically can.
Anything short of going network to network and making sure RPKI is fully enabled, enough peers are available, enough upstreams are available, collecting ASN data and eliminating false positives with real time alerts to Tor users and node operators, won't make a sustainable impact. Hardening an already flawed guard selection algorithm (Who has best bandwidth? Yes you I choose you) is window dressing to say the least.
The problem goes way beyond Tor whose design and threat model is broken without the need for RAPTOR attacks as countries can simply cooperate.