How are hidden service operators tracked down?

I understand that hidden services aren't perfect, and are vulnerable to several attacks (malicious guard nodes, etc). But once the server is located, how can the operator be tracked down? There are plenty of hosting companies where you can pay in bitcoin and hide your identity, and if you only ssh to the server over Tor then shouldn't you be impossible to track?


Comments


[3 Points] disposable_UK:

Poor OpSec.


[2 Points] Theeconomist1:

If you put your real name and gmail address as contact, the feds might figure out who you are.


[1 Points] oraldosing:

your contact information that you provide...

you most likely have an email. they track down that email and it's provider. So it's advised to not use real ip when accessing that email. also contacting live support with your real ip is also not advised. these are the mistakes that sr2 leader made. also to make sure you know who's around you as you may be monitored.. as they also linked his "active online" times.

just as one of hydra's admin is still around informing people that servers have been seized and they're looking for a new host to restore it. hope that helpd sr2 defcon did exactly that. he also included his real name on his email as well, also justifying that he owns the email that uses the server.

The odds of you being found is less likely. T