An investigative researcher exposed fundamental OpSec failures in the Drughub darknet marketplace, including unpatched Exif data leaks from the logo and favicon that reveal software versions and OS details. The findings describe correlated domains pointing to the same Tor Hidden Service, a Jabber server that could expose user communications and OMEMO keys, and a UAE-hosted infrastructure that could invite cooperation with US law enforcement. #Drughub #EvilRabbit #TorHiddenService #OMEMO #Jabber #UnitedArabEmirates
Keypoints
- The Evil Rabbit investigation uncovers fundamental OpSec failures in Drughub’s setup, including unpatched Exif data leaks.
- Public assets like the logo and favicon reveal software versions and OS details, creating targeted exploit opportunities.
- Correlated domains (drughub.su and drughub.link) point to the same Tor Hidden Service, indicating a large attack surface.
- The Jabber server on a Tor Hidden Service could expose user communications and even enable OMEMO key compromises if breached.
- Geopolitical hosting in the UAE creates cooperation channels with US law enforcement, raising the risk of seizure and intelligence gathering.