Vague Warnings Of Pending Tor Attack, While Exit Nodes Are Being Seized
from the stay-safe-everyone dept
Late last week, the Tor Project blog posted a somewhat vague warning about the possibility of an upcoming attempt to disable the Tor network by going after and seizing specialized directory authority servers that are the key to making Tor work.The Tor Project has learned that there may be an attempt to incapacitate our network in the next few days through the seizure of specialized servers in the network called directory authorities. (Directory authorities help Tor clients learn the list of relays that make up the Tor network.) We are taking steps now to ensure the safety of our users, and our system is already built to be redundant so that users maintain anonymity even if the network is attacked. Tor remains safe to use.Given that, it seemed especially noteworthy that over the weekend a bunch of Tor exit nodes were apparently quietly seized, according to Thomas White, who ran those servers:We hope that this attack doesn't occur; Tor is used by many good people. If the network is affected, we will immediately inform users via this blog and our Twitter feed @TorProject, along with more information if we become aware of any related risks to Tor users.
Tonight there has been some unusual activity taking place and I have now lost control of all servers under the ISP and my account has been suspended. Having reviewed the last available information of the sensors, the chassis of the servers was opened and an unknown USB device was plugged in only 30-60 seconds before the connection was broken.While he initially suggested that the way it was done made it seem likely that law enforcement was behind it, he later toned down that suggestion, saying he thought it was less likely that law enforcement was involved than he originally believed. Update: And now the servers have been returned and while there's still some confusion, it looks like nothing nefarious happened here.
Tor, itself, isn't compromised -- and pretty much all experts agree that it remains safe -- but it's at least troubling to see that there's at least some possible attempt to compromise parts of the network.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: attack, directory authorities, thomas white, tor, tor project
Reader Comments
Subscribe: RSS
View by: Time | Thread
What can be done?
Also, how can we stop cybercriminals who seize domain names without any kind of due process?
[ link to this | view in chronology ]
Re: What can be done?
[ link to this | view in chronology ]
Re: Re: What can be done?
[ link to this | view in chronology ]
Re: What can be done?
Also, how can we stop the cybercriminals in the FBI who seize domain names without any kind of due process?
The answer is simple; kill the Batman*.
*'Batman,' in this instance, is the Alphabetti Spaghetti of interlinked "Intelligence" agencies across the globe.
[ link to this | view in chronology ]
https://lists.torproject.org/pipermail/tor-talk/2014-December/036084.html
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
"The servers have been blacklisted and pose no danger to the Tor network or the users of it. I will refrain from putting these servers back online until a proper vetting and analysis of events has happened."
https://lists.torproject.org/pipermail/tor-talk/2014-December/036078.html
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Better to assume they're toast, burn them and setup some new servers in an anonymous location to prevent interdiction.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Not my choice in case they are infected and the charity sells them on to an unsuspecting ebay buyer. Destroy the USB controller chips and recycle the rest.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
This would have the secondary bonus of potentially flushing out just who fiddled with the servers in the first place, as they tried to reclaim the servers and keep the researchers from poking around inside.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Maybe it is better to donate them to the Guardian newspaper, to be destroyed when MI5 or MI6 wants another computer physically destroyed.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Don't forget the missing log entries: that's a clear indication of tampering. My guess would be something like the equivalent of the NSA is responsible. Or perhaps there is something more like the Secret Service, which is not law enforcement.
[ link to this | view in chronology ]
Re: Re:
Uhhh...yes they are. It's just the laws they are charged with enforcing are few.
[ link to this | view in chronology ]
Re:
KVM switch to a headless server. Could do a manual graceful shutdown/restart that way, but that should be in the logs and the ISP ought to be able to say why they did it, but they haven't. Seems like it is hosted somewhere that does not have video of all access to server rooms since there is no mention of missing video.
[ link to this | view in chronology ]
News Flash: Tor is fine--and safe to use.
[ link to this | view in chronology ]
Re: News Flash: Tor is fine--and safe to use.
[ link to this | view in chronology ]
Solidarity against online harassment
I don't condone online harassment, but it's still a somewhat odd post. The tone of it sort of worries me that they might be planning to put in a backdoor or something as a way to try and strike back at trolls that use TOR. (I trust I don't need to explain to anyone how that would cause major security issues.)
[ link to this | view in chronology ]
Any connection with NKora going down?
http://www.nytimes.com/2014/12/23/world/asia/attack-is-suspected-as-north-korean-internet-c ollapses.html
NKorea's Internet now looks like their nighttime satellite view from space, not that it was particularly bright b4.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
You can absolutely judge the government over there, and it's corrupt, insane, and tyrannical as hell.
[ link to this | view in chronology ]
the meaning of seized keys
Perhaps it's time for the Judge, cops and what not to get SUED for destroying such key-servers.
Such a payout would have to be monetary since, you can't just hand out more hardware, firmware, or software from the same source who seized it in the first place.
All local/remote exploits aside, ultimately you either keep your key-servers away from these oath breaking insects or you can't.
[ link to this | view in chronology ]