One possibility, he said, might be a sudden swell in the popularity of Ricochet, an app that uses Tor to allow anonymous instant messaging between users.
I'd say this is highly likely. I saw it posted earlier on hn and Reddit. If it's doing the rounds, it seems plausible that 25k people just gave it a whirl. The article even states that the spike could be a due to Ricochet, but "mystery" traffic makes a better headline.
That's the speculation on the tor-talk mailing list. Makes sense to me. Also, there was a recent security audit of ricochet. It's possible that the auditors automated some kind of test framework with the side effect of creating thousands of new hidden service addresses.
That won't block all macro viruses. You need a dedicated program/firewall for this, filtering on extension won't work. Older .doc formats can also have macro's included and will work in newer (as well as older) versions of word.
Starting with Tor version 0.2.7.1 it is possible, through Tor's control socket API, to create and destroy 'ephemeral' hidden services programmatically. Bitcoin Core has been updated to make use of this.
This means that if Tor is running (and proper authorization is available), Bitcoin Core automatically creates a hidden service to listen on, without manual configuration. Bitcoin Core will also use Tor automatically to connect to other .onion nodes if the control socket can be successfully opened. This will positively affect the number of available .onion nodes and their usage.
This new feature is enabled by default if Bitcoin Core is listening, and a connection to Tor can be made. It can be configured with the -listenonion, -torcontrol and -torpassword settings. To show verbose debugging information, pass -debug=tor
Starting with Tor version 0.2.7.1 it is possible, through Tor's control socket API, to create and destroy 'ephemeral' hidden services programmatically. Bitcoin Core has been updated to make use of this.
This means that if Tor is running (and proper authorization is available), Bitcoin Core automatically creates a hidden service to listen on, without manual configuration. Bitcoin Core will also use Tor automatically to connect to other .onion nodes if the control socket can be successfully opened. This will positively affect the number of available .onion nodes and their usage.
This new feature is enabled by default if Bitcoin Core is listening, and a connection to Tor can be made. It can be configured with the -listenonion, -torcontrol and -torpassword settings. To show verbose debugging information, pass -debug=tor.
20 comments
[ 2.1 ms ] story [ 56.2 ms ] threadOne possibility, he said, might be a sudden swell in the popularity of Ricochet, an app that uses Tor to allow anonymous instant messaging between users.
https://lists.torproject.org/pipermail/tor-talk/2016-Februar...
At the moment we get hundreds of Locky mails per day.
There is a huge spike in ransomware at the moment. And all ransom has to be paid via a tor location.
IIRC last time I checked the Word doc on virustotal it was picked up 22/55.
Fortunately at least AV did pick up the payload when a user let the macro run...
Edit, ran it by virustotal again and got 28/55
- https://twitter.com/GossiTheDog/status/700370867352637440
From the release notes,
https://github.com/bitcoin/bitcoin/blob/master/doc/release-n...Not all of them are going to be on machines with Tor running.
https://www.petsymposium.org/2014/papers/Thomas.pdf
This means that if Tor is running (and proper authorization is available), Bitcoin Core automatically creates a hidden service to listen on, without manual configuration. Bitcoin Core will also use Tor automatically to connect to other .onion nodes if the control socket can be successfully opened. This will positively affect the number of available .onion nodes and their usage.
This new feature is enabled by default if Bitcoin Core is listening, and a connection to Tor can be made. It can be configured with the -listenonion, -torcontrol and -torpassword settings. To show verbose debugging information, pass -debug=tor.