r00t is the mastermind behind the attacks on the Tor network, and the attacks are ongoing
Since October, a large number of exit nodes and relay nodes on the Tor network have been suspended by service providers due to IP spoofing attacks, with the instigator of these events identifying themselves as r00t, who might be a hacker group.
The r00t group has created a website (r00t.monster) and left the message "Bytes are trembling, as it tears through the net," describing themselves as "A r00t monster that you’ll never forget." The group also stated that you won't get rid of them until they destroy the Tor network! They further propagated the message, "The time has come, we need to destroy Tør, join our forces!", seemingly recruiting more hackers to join their cause.
The r00t group provided a news link (https://news.ycombinator.com/item?id=41942978) claiming that law enforcement agencies are also disrupting the Tor network, attempting to legitimize their own attacks. They provided even more links trying to substantiate that Tor network developers and relay operators are problematic and should be imprisoned:
🔗 https://www.tagesschau.de/investigativ/panorama/telefonueberwachung-telefonica–bka-ermittlungen-paedokriminelle-100.html
🔗 https://www.ndr.de/fernsehen/sendungen/panorama/aktuell/Investigations-in-the-so-called-darknet-Law-enforcement-agencies-undermine-Tor-anonymisation,toreng100.html
🔗 https://www.justice.gov/opa/pr/four-men-sentenced-prison-engaging-child-exploitation-enterprise-tor-network
🔗 https://theconversation.com/how-the-worlds-biggest-dark-web-platform-spreads-millions-of-items-of-child-sex-abuse-material-and-why-its-hard-to-stop-167107
🔗 https://www.ice.gov/news/releases/secretary-johnson-announces-results-operation-dismantled-underground-child
🔗 https://www.justice.gov/opa/pr/dark-web-child-pornography-facilitator-sentenced-27-years-prison-conspiracy-advertise-child-0
🔗 https://www.justice.gov/opa/pr/virginia-man-sentenced-five-years-prison-receiving-child-pornography-tor-network-forum
🔗 https://www.justice.gov/opa/pr/nebraska-man-sentenced-prison-tor-distribution-child-pornography
🔗 https://www.justice.gov/news/press-releases?search_api_fulltext=+tor&start_date=&end_date=&sort_by=field_date
Next, the r00t group reposted an article from Europol (https://www.europol.europa.eu/crime-areas/child-sexual-exploitation) stating, "Europol has identified the major threats in the field of child sexual exploitation: peer-to-peer (P2P) networks and anonymous access, such as the dark web network (Tor)", to claim that their attacks are "just".
According to the archived data from the r00t.monster website and some retained text, the r00t group appears to have started on July 27, 2023, when abuse scanning activities targeting port 22 on Tor websites began to be reported. From October 21, 2024, operations began to scale up, and in the following days, the r00t group conducted illegal scans on the port 22 of data center IPs using node servers while simultaneously reporting these servers for abuse to various data centers, causing the suspension of these node servers' services.
Towards the end of October, numerous data center server providers started to address the abuse issues, notifying their server rental customers about suspensions due to abuse, which was widely reported by node operators on the Tor website. The r00t group took screenshots of these feedbacks from the Tor website, boasting about their attack achievements on their website:
- October 30: The r00t group claimed to have successfully taken down 3 fast node servers from Hetzner (AS24940)!
- October 31: The r00t group claimed to have successfully taken down 12 servers from IONOS SE (AS8560)!
- November 1: The r00t group claimed to have successfully taken down 40 servers from Kaan Kalayci trading as FastLayer (AS215400)!
- November 2: The r00t group claimed to have successfully taken down 31 servers from Stiftung Erneuerbare Freiheit (AS60729)!
- November 3: The r00t group claimed to have successfully taken down 5 servers from Massachusetts Institute of Technology (AS396527) and 16 servers from UNMANAGED LTD (AS47890)!
- November 4: The r00t group claimed to have successfully taken down 160 servers from Stiftung Erneuerbare Freiheit (AS60729)!
- November 5: The r00t group claimed to have successfully taken down 31 servers from AEZA INTERNATIONAL LTD (AS210644)!
- November 7: The r00t group stated that 100 servers from Quintex Alliance Consulting (AS62744) are down, 100 servers!
When the Tor official blog posted that they had successfully dealt with the IP spoofing issue, the r00t group responded, "You think you can? Let's play a game then!" It seems that the r00t group will continue to use various methods to attack the Tor network. On November 10, hackerfantastic jokingly remarked on X that the r00t monster should be awarded a knighthood.
Interestingly, at the bottom of their website, the r00t group claims, "Everything on this page is a fiction. Based on non-real stuff, or? ^^" A fictional attack? Then the network itself is also fictional!
"ODN" will continue to monitor the disruptive activities of the r00t group against the Tor network.
For more dark web news, follow "ODN".
Copyright:
Author:admin
Link:https://www.ondarknet.com/exclusive/r00t-is-the-mastermind-behind-the-attacks-on-the-tor-network-and-the-attacks-are-ongoing/
From:On DarkNet – Dark Web News and Analysis
Copyright of the article belongs to the author, please do not reproduce without permission.
total 0 comments