[tor-talk] TPO/TBB clone on SourceForge, use of TPO name

grarpamp grarpamp at gmail.com
Tue Sep 23 20:11:10 UTC 2014


On Tue, Sep 23, 2014 at 12:57 PM, krishna e bera <keb at cyblings.on.ca> wrote:
> On 14-09-23 12:45 PM, Fabio Pietrosanti (naif) wrote:
>> Here an OSINT notes/analysis on several of that "suspicious" software:
>> https://docs.google.com/spreadsheet/ccc?key=0AqtQ4kKC2rLzdEVjWkxTcUVTTWxmdnh4VWFDY25zTHc&usp=sharing
>>
>> I've been particularly considering also other "suspicious" software that
>> has been "strangely" solicited/promoted across many activists community
>> but comes from unknown/anonymous persons.
>>
>> Please note that such TorProject copycat site seems to be particularly
>> targeting UAE users from Sourceforge's stats:
>> - TorBrowser (16.170 download with 2nd top-country UAE)
>> - Browser4Tor  (357 download, with 46% from UAE)
>>
>> That analysis is a bit old, September 2013, but may contain userful info
>> for people digging into that problem.
>
> Also TorProject.org and mirrors may be blocked by countries or by
> netnannies/firewalls, but SourceForge and Cnet download sites typically
> arent, even though they often contain malware of late.  Thus the uptake
> on malicious fakes can be high for some of Tor's likely users.

Randolph tried to spam cpunks with firefloo.sf.net which spawned
various posts/threads including some new OSINT and mail exchange
with them...

https://cpunks.org/pipermail/cypherpunks/2014-September/date.html
https://cpunks.org/pipermail/cypherpunks/2014-September/005505.html

I've seen some postings/accounts from, or related to, these guys
on Cnet, Linkedin, Facebook, Twitter, Wikipedia, etc but haven't
yet collated the links as it was easier and just as well to call
them out in email and get it indexed that way.

People should feel free to add my intel to the sheet, or to their
own work, and to carry any efforts forward. Thanks.


More information about the tor-talk mailing list