Vague Warnings Of Pending Tor Attack, While Exit Nodes Are Being Seized

from the stay-safe-everyone dept

Late last week, the Tor Project blog posted a somewhat vague warning about the possibility of an upcoming attempt to disable the Tor network by going after and seizing specialized directory authority servers that are the key to making Tor work.

The Tor Project has learned that there may be an attempt to incapacitate our network in the next few days through the seizure of specialized servers in the network called directory authorities. (Directory authorities help Tor clients learn the list of relays that make up the Tor network.) We are taking steps now to ensure the safety of our users, and our system is already built to be redundant so that users maintain anonymity even if the network is attacked. Tor remains safe to use.

We hope that this attack doesn’t occur; Tor is used by many good people. If the network is affected, we will immediately inform users via this blog and our Twitter feed @TorProject, along with more information if we become aware of any related risks to Tor users.

Given that, it seemed especially noteworthy that over the weekend a bunch of Tor exit nodes were apparently quietly seized, according to Thomas White, who ran those servers:

Tonight there has been some unusual activity taking place and I have now lost control of all servers under the ISP and my account has been suspended. Having reviewed the last available information of the sensors, the chassis of the servers was opened and an unknown USB device was plugged in only 30-60 seconds before the connection was broken.

While he initially suggested that the way it was done made it seem likely that law enforcement was behind it, he later toned down that suggestion, saying he thought it was less likely that law enforcement was involved than he originally believed. Update: And now the servers have been returned and while there’s still some confusion, it looks like nothing nefarious happened here.

Tor, itself, isn’t compromised — and pretty much all experts agree that it remains safe — but it’s at least troubling to see that there’s at least some possible attempt to compromise parts of the network.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Vague Warnings Of Pending Tor Attack, While Exit Nodes Are Being Seized”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: What can be done?

What can be done to stop the terroists in government from interfering with the Tor network?

Also, how can we stop the cybercriminals in the FBI who seize domain names without any kind of due process?

The answer is simple; kill the Batman.

‘Batman,’ in this instance, is the Alphabetti Spaghetti of interlinked “Intelligence” agencies across the globe.

Anonymous Coward says:

Re: Re: Re:

From one of the links above:

“The servers have been blacklisted and pose no danger to the Tor network or the users of it. I will refrain from putting these servers back online until a proper vetting and analysis of events has happened.”

That One Guy (profile) says:

Re: Re: Re:4 Re:

Better idea: Donate the servers to computer security researchers. They would know what to look for, and I’m sure they could discover some interesting stuff poking around through the hardware.

This would have the secondary bonus of potentially flushing out just who fiddled with the servers in the first place, as they tried to reclaim the servers and keep the researchers from poking around inside.

Whoever says:

Re: Re:

if it wasn’t ‘Law Enforcement’, who else would be interested in Tor and why? particularly why have a usb attached if only for a short few seconds, to achieve what? a time bomb of malware? destroyer of information or the PCs themselves? something doesn’t add up

Don’t forget the missing log entries: that’s a clear indication of tampering. My guess would be something like the equivalent of the NSA is responsible. Or perhaps there is something more like the Secret Service, which is not law enforcement.

Anonymous Coward says:

Re: Re:

“particularly why have a usb attached if only for a short few seconds, “

KVM switch to a headless server. Could do a manual graceful shutdown/restart that way, but that should be in the logs and the ISP ought to be able to say why they did it, but they haven’t. Seems like it is hosted somewhere that does not have video of all access to server rooms since there is no mention of missing video.

Anonymous Coward says:

There was also this post a couple of days before:
Solidarity against online harassment

I don’t condone online harassment, but it’s still a somewhat odd post. The tone of it sort of worries me that they might be planning to put in a backdoor or something as a way to try and strike back at trolls that use TOR. (I trust I don’t need to explain to anyone how that would cause major security issues.)

EMF-Gain says:

the meaning of seized keys

So if your running keys for security on a server that gets seized it’s the same as saying “destroyed.” IF all your keys are now compromised, and you can’t tell if the hardware, firmware, or software was tampered with.

Perhaps it’s time for the Judge, cops and what not to get SUED for destroying such key-servers.

Such a payout would have to be monetary since, you can’t just hand out more hardware, firmware, or software from the same source who seized it in the first place.

All local/remote exploits aside, ultimately you either keep your key-servers away from these oath breaking insects or you can’t.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...