back to article Heads up! If Tor VANISHES over the weekend, this is why

The Tor Project is warning that its network – used by netizens to mask their identities on the internet – may be knocked offline in the coming days. In a Tor blog post, project leader Roger "Arma" Dingledine said an unnamed group may seize Tor's directory authority servers before the end of next week. These servers distribute …

  1. Mark 85

    They got a heads up?

    Makes me think that someone in the know disagrees with what appears to be planned. If it's an Agency, I suspect that there will be a massive search for the culprit. If it's miscreants (not from an Agency), the penalties could be severe for the leaker.

    1. Havin_it
      Holmes

      Re: They got a heads up?

      >If it's miscreants (not from an Agency), the penalties could be severe for the leaker.

      BradleyChelsea Manning might disagree with that comparative assessment...

      1. DavCrav

        Re: They got a heads up?

        "Chelsea Manning might disagree with that comparative assessment..."

        Not really: Manning still has her head, all of her fingers, her toenails...

  2. Ole Juul

    What could the attackers learn?

    . . . anonymous comments posted under the blog suggest a swoop could be related to the US government's investigation into the Sony Pictures mega-hack.

    Of course we don't know if the US govt. is going to be the attacker, or even if anybody is. However, I do wonder what someone could plan to learn from shutting down the Tor network. OTOH certain groups with no interest in the health of the internet would just like to see Tor down for any reason whatsoever.

    1. This post has been deleted by its author

    2. Richard Jones 1
      WTF?

      Re: What could the attackers learn?

      Possibly they do not want to learn that much from the potential stoppage. It may be that they feel it is being used for something else that they really want to target and go in hard. Stopping a communications system is often a prelude to acting against users of that system in a different co-ordinated attack. A trial take over might be something else to consider, possibly some rich pickings for a range of actors.

      Tying it to hints about the Sony hack might be a red herring, and very likely is, but it might also be that the same 'crew' want to do something else and that an attack or TOR could be a way of hiding or facilitating that activity.

      Another issue is that while a small part of the load on any system might be illegal and the rest fully legal and acceptable it does bring forth the discussion as to which hides which. Someone might argue that the legal stuff is there only to hide the illegal. On a tiny scale in one place I worked some of the biggest fraudsters were some of the hardest workers, they tried to bury their personal stuff in a hill of good stuff, hence my raising the discussion point in this case

    3. Anonymous Coward
      Anonymous Coward

      Re: What could the attackers learn?

      "anonymous comments posted under the blog suggest a swoop could be related to the US government's investigation into the Sony Pictures mega-hack."

      However it seems strange that whenever there is an attack on people's privacy, the US government seems to be in the midst of it. I guess its ok if it just prevents one terrorist attack or stops one child molester.

  3. Mephistro

    The references in the article regarding seizure of the servers seems to point clearly to a government agency. Not sure where those servers are physically located, but the USA seems like the most probable place.

    Join the dots. Any bets?

    1. This post has been deleted by its author

    2. Vociferous

      > Not sure where those servers are physically located

      Read the article?

      1. Mephistro
        Holmes

        @ Vociferous

        "Read the article?"

        Yes, I did.

        Just to clarify: I don't think anybody can 'grab' all the servers listed. The list provided in the article lists the owners of the server's addresses, not the physical (or 'cloud') location of said servers. Again, I'd bet most of this servers are in the States.

        Alternatively, some American TLA might be planning to'seize' -i.e. 'hack' the servers, even if they're located in other countries.

        Or some nutty American judge could be planning another 'Finn job' and authorize one of those TLAs to pwn the servers located in foreign countries, without bothering with request letters and all that legal red tape. Not the first time it happens.

        I'm not saying these are the only possible explanations, just the most probable ones. Hence the 'betting' part.

        1. Preston Munchensonton
          Pint

          Re: @ Vociferous

          ""Read the article?"

          Yes, I did.

          Just to clarify: I don't think anybody can 'grab' all the servers listed."

          Obviously, you didn't comprehend what you read. No one has to grab all ten servers.

          "The list provided in the article lists the owners of the server's addresses, not the physical (or 'cloud') location of said servers. Again, I'd bet most of this servers are in the States."

          And you're 0-2 now. Those IPs can be physically traced their general locations, based on the point of entry routers on the Internet. In fact, most are in Europe (or under European control). You'll find that four of them are in the US and the rest are in Europe.

          I suggest you step away from the thread and drink it off at the pub, mate. It's just not your day.

          1. Anonymous Coward
            Anonymous Coward

            Re: @ Vociferous

            *based on the point of entry routers on the Internet*

            the server can be anywhere you want it to be...

        2. Wzrd1 Silver badge

          Re: @ Vociferous

          "Alternatively, some American TLA might be planning to'seize' -i.e. 'hack' the servers, even if they're located in other countries.

          Or some nutty American judge could be planning another 'Finn job' and authorize one of those TLAs to pwn the servers located in foreign countries, without bothering with request letters and all that legal red tape. Not the first time it happens."

          And those nefarious folks announced it to the TOR folks in advance, huh?

    3. chivo243 Silver badge
      Holmes

      @Mephistro

      Two for sure and possible 3 addresses are European based. One is my ISP, and I live in Europe. One would think America is more paranoid than the rest of the world, but it's not the case.

      Plus having them in only one country would be very poor planning.

    4. Wzrd1 Silver badge

      I know that there were a lot of words in the article, but if you read all of them, you'd know that the servers are in Germany, the Netherlands, Sweden and the US.

      Now, let's look at who dislikes TOR and who supports it.

      The NSA wasn't to fond of it, but changed their tune a while ago. The FBI intensely dislikes it. The State Department fully supports TOR.

      Now, the US has a hierarchical government, with the State department being superior to every other agency and the military. Its order is POTUS, VP, Secretary of State.

      Indeed, that is the line of succession if one ignores Speaker of the House and President pro tempore of the Senate (Secretary of State is after those), then Secretary of the Treasury, Secretary of Defense, then Attorney General (the list goes on from there).

  4. gollux

    Sounds like a designed in single point of failure. Time to eat the dogfood and make it distributed, like it should have been done in the first place. We been bein' dazzled by all those onion layers and multipath jiggery-pokery, only to have it vulnerable to this?

    1. Ole Juul

      @ gollux

      Sounds like a designed in single point of failure.

      What are you talking about? The way I understand it there are 9 directory authorities, which are the specialialized servers that are the subject of our discussion. There is some talk of change to the architecture as it is not perfect, but that is the case with any system. There is certainly not a single point of failure. However, it is possible that things will slow to a crawl or even stop for a little while. In the end it's just going to be another Whac-a-mole contest and the best that the attackers will do is create some press.

  5. Matt Bryant Silver badge
    Pirate

    Re: Mephistro

    "The references in the article regarding seizure of the servers seems to point clearly to a government agency....." Actually, I'm more inclined to think this is Sony's lawyers, looking for a bit of payback. If their investigators can show the pilfered material from the Sony hack passed through the TOR servers, then they may try and claim the servers and data trail are material evidence of copyright infringement as well as "hacking tools" used in the theft. You may recall an Austrian exit node admin had similar problems with the law after some kiddie porn transited his node (http://www.theregister.co.uk/2012/12/10/tor_admin/).

    1. Mark 85

      Re: Mephistro

      You might be right, Matt. But does any court/agency that Sony's lawyers could use work that fast?

      1. Anonymous Coward
        Anonymous Coward

        Re: Mephistro

        "You might be right, Matt. But does any court/agency that Sony's lawyers could use work that fast?"

        Don't underestimate the lobbying power of the movie industry. They were probably seeing Tor as a threat to their profits a long time ago. Now they have a massive breach at Sony, which may have fast tracked their efforts against Tor a little -- with political backing (very easy to gain political support once the government puts the blame on a state like NK, largely exeggarating the situation)

        1. Anonymous Coward
          Anonymous Coward

          Re: Mephistro

          Now they have a massive breach at Sony,

          If Sony's shit was up to snuff, there wouldn't have been any breech. That goes for any entity that has been breeched. There is not enough vetting of the code and certainly no proper planning where security is first and foremost on the docket while the project is being designed. Security as an add-on after thought is a BadThing<tm>

      2. Matt Bryant Silver badge
        Big Brother

        Re: Mark 85 Re: Mephistro

        ".....But does any court/agency that Sony's lawyers could use work that fast?" They do with the backing of the Whitehouse. Obambi has always had an "interesting" relationship with Hollywood and Big Media (just look at his choice of Kal Penn for public office - http://en.m.wikipedia.org/wiki/Kal_Penn). Other companies get hacked and Obambi is too busy playing golf to quote, but a Seth Rogen (a Democrat donor) film gets in trouble and suddenly Obambi is all about 'justice' (http://deadline.com/2014/12/obama-sony-hack-attack-north-korea-1201330493/).

        I'm not sure what Sony's losses on The Interview stand at (budget was $40+m) but Sony does have deep pockets and the will to want to hit back. I would suggest the FBI and NSA actually have little appetite for killing the TOR network as it's pretty certain they already own it at will and would probably prefer to keep skimming off info from it.

    2. Vociferous

      Re: Mephistro

      > I'm more inclined to think this is Sony's lawyers, looking for a bit of payback

      Pretty sure you're right. With the enthusiastic cooperation of the EU security services.

      1. Mephistro
        Pint

        Re: Mephistro (@ Vociferous)

        "With the enthusiastic cooperation of the EU security services."

        All of them? from every country? I'm not aware of the existence of any EU security services able to play this trick across many different jurisdictions in such a short time frame.

        As I said to Matt, I'll be glad to invite you to a virtual pint if you happen to be right. :-)

        1. Matt Bryant Silver badge
          Pirate

          Re: Mephistro Re: Mephistro (@ Vociferous)

          "....I'm not aware of the existence of any EU security services able to play this trick across many different jurisdictions in such a short time frame....." Interpol/Europol could co-ordinate with Sony's European lawyers on European-wide action. They already have a history of doing so in video and game piracy cases, so the relationships and mechanisms are already in place. Interpol themselves have been targeted before by the Anonyputzs (allegedly using the TOR network to obscure their attack) in 2012 and they have co-ordinated with the FBI on tracking 'hacktivists' and webcrime (such as the Silk Road case) hiding on the TOR network (https://www.europol.europa.eu/content/global-action-against-dark-markets-tor-network). All it would take would be enough diplomatic pressure.

        2. ckm5

          Re: Mephistro (@ Vociferous)

          Europol - EU security services cooperate all the time - to think they don't is beyond naive.

    3. Mephistro
      Pint

      Re: Mephistro (@ Matt Bryant)

      You made a good point, but Sony's lawyers won't be able to get anything useful from this seizure, given the way the Tor network is designed, as it leaves behind basically no data trails. If Sony is involved in this, it's either a PR stunt, to show the unwashed masses that "they're doing something", or some 'under the table' arrangement with some TLA so the case can be used as an excuse to disrupt/investigate/corrupt the Tor network.

      Anyway, if/when we learn the truth about the matter you happen to be right, I'll be glad to invite you to a pint of ElReg's delicious virtual lager, if you agree to do the same if I happen to be right.

      1. Matt Bryant Silver badge
        Pirate

        Re: Mephistro (@ Matt Bryant)

        ".....but Sony's lawyers won't be able to get anything useful from this seizure....." As I understand it, the authority servers hold and propagate the tables of trusted routing and entry/exit nodes. Seizing those servers gives the authorities and/or Sony's investigators the data to map out the TOR network. If someone really is gunning for the TOR network then it would be logical to go first to the servers that list out the nodes, then mop up the nodes of interest (or just all the nodes they can) from there.

        Now, to really get the paranoid twitching - if all the authority servers just simply disappear off the network, as I understand it, the nodes can still function using cached routes and the TOR traffic will still flow, but the clients and relay nodes will reject any new authority servers not proposed/listed by existing authority servers (the nodes look for a signed hash in any authority update). But, if you have all the authority servers, you can start directing all the traffic through a set of compromised nodes, allowing you to monitor TOR and de-anonymise the users.

        If the authority servers all get owned then the clients and nodes would need a hack, patch or update to point them towards any new authority servers. Of course, it then does become a game of whack-a-mole, where the authorities simply watch for new updates and attack the new authority servers (and their hosting companies - how many hosters will allow you to run a TOR node if it risks their datacenter getting raided?), or issue compromised updates that send downloaders to sites where 'good' malware is waiting to log the user's identity and install some NSA/FBI/Sony tracking software.

        "....I'll be glad to invite you to a pint of ElReg's delicious virtual lager....." Lager? Ewwwww! It's Christmas, have a virtual double vodka on me!

        1. Roo
          Windows

          Re: Mephistro (@ Matt Bryant)

          Nice to see you strutting your good stuff again Matt, nice choice of icons too.

          I can't help but feel there may be a link to the DNS Root attacks and this TOR shakedown.

          1. Matt Bryant Silver badge
            Unhappy

            Re: Roo Re: Mephistro (@ Matt Bryant)

            ".....the DNS Root attack....." Good point. Unfortunately, there seems to be a whole raft of reasons (Sony hack, Anonyputzs, Lizard Squad, Silk Road x.0, etc, etc.) for the authorities to seek to regulate the Web. IMHO, all the 'hacktivists' have done is draw attention to themselves and ruined it for everyone. A regulated Internet will require funding for said regulation - say "hello" to Internet taxes!

            1. Roo
              Windows

              Re: Roo Mephistro (@ Matt Bryant)

              "Good point. Unfortunately, there seems to be a whole raft of reasons (Sony hack, Anonyputzs, Lizard Squad, Silk Road x.0, etc, etc.) for the authorities to seek to regulate the Web"

              You shouldn't lay all the blame at the door of the lamers on this one.

              The internet has always had a bunch of crackpots hell-bent on causing mayhem by accident or design, the difference now is that the internet is now critical to business. Therefore the government's tax revenues are now increasingly dependent on the internet working - so they have a strong incentive to crack the whip.

              I think it's fair to say that rising of importance of the internet would have happened even without a single loon rampaging around the internet. I suspect that the Internet would be a lot less popular if it didn't have any loons rampaging around it.

        2. Old Handle

          Re: Mephistro (@ Matt Bryant)

          The directory servers do contain a list of list of nodes and exits, but this is public anyway. As for the idea of keeping them running and directing people to a fake Tor network, that would be possible, but it would be awful brash. It's not like it would go unnoticed.

          1. Matt Bryant Silver badge
            Happy

            Re: Old Handle Re: Mephistro (@ Matt Bryant) - this will upset Badger

            "....As for the idea of keeping them running and directing people to a fake Tor network, that would be possible, but it would be awful brash......" Politicians actually like those big gestures that are supposed to give the masses the idea they are doing something useful. And Obambi is in his final term with a lame-duck Congress, he is 'building his legacy' (see immigration, Cuba), so some of us are already playing a game of 'guess the policy lurch' where we place bets on which bit of political silliness/'vision' he tries next. The pool was 5:1 on some form of forced Isreali-Arab settlement, 4:1 on gun control through ammo taxation, and only 2:1 on either "saving the Interweb" or pardoning Chelsea Manning. Surprisingly, given the level of cynicism prevalent in the group, using the new USN's laser cannon to draw his likeness on the surface of the moon (a Mount Rushmore in space) is currently lagging at 1:20 against.

            ".....It's not like it would go unnoticed." OK, so if the TOR network gets hijacked by 'The Man' and word gets round, how is that bad for 'The Man'? Those without 'evil intent', such as businesses and activists in Third World countries, may grumble about "NSA intrusion" but will probably still use it anyway. Legitimate businesses using TOR want protection from business rivals and corrupt regimes, not the NSA or FBI, and activists hiding from oppressive dictators are usually the ones the State Department wants to help anyway (remember, that was what TOR was originally designed for by the US authorities). But those with 'evil intent' (pirates, drug-dealers, e-criminals and terrorists) will probably stop using it, which law enforcement will see as a prevention-of-crime win. Those who are just paranoid and stop using it are both too small a group and too minor in importance to carry any political weight. The NSA might grumble about the loss of information TOR probably gives them, but they can then shift resources and start to look for and target any "TOR2.0" groups that spring up on the Dark Web.

            Now, extend the idea one step further - if the Gubbermint has control of the TOR network but lets the people use it (in a policed manner), and you setup a new "TOR2.0", the political logic will be "that must mean with evil intent".....

            Merry Christmas all!

  6. Anonymous Coward
    Anonymous Coward

    Hm

    I can't imagine the USA would be so overt after this, if it is them and if anything does happen after this of course.

    Anyway, where are these things located? Are they all susceptible to being seized? ...What?

    1. Anonymous Coward
      Anonymous Coward

      Re: Hm

      sonycyber9/11 changed everything

    2. Old Handle

      Re: Hm

      According to one list I saw, 4 out of 9 have US IP addresses. So to get a majority (either to hijack it or take it offline) the US would need cooperation from at least one other country. Not that such a thing is unheard of by any means.

  7. Destroy All Monsters Silver badge
    Big Brother

    MiniLove recommends...

    The network does, however, have plenty of legitimate and beneficial applications as well...

    Implying that dealing in narcotics would not be a "legitimate and beneficial application" if religious nutcases, curtain twitchers and bureaucrats looking for job assurance by minding your personal business were not finding that activity objectionable.

    Next: Tor to be the last refuge of pork eaters, full-fat butter lovers, people suspiciously guilty of liking their privacy and those practicing sexual positions different from the governmentally approved missionary one.

    1. Mephistro
      Thumb Up

      Re: MiniLove recommends...

      Nice link! A recommended read for anyone who wants to be informed on the mindsets of the "nothing to hide, nothing to fear, except when I need to hide something" party.

    2. Anonymous Coward
      Anonymous Coward

      Re: MiniLove recommends...

      I think the sexual position the gov. approves of is more likely to be 'doggy' with the general population being the bitch.

      1. Mark 85

        Re: MiniLove recommends...

        And you will have to provide your own sand and Vaseline...

    3. Matt Bryant Silver badge
      Facepalm

      Re: Destroyed All Braincells Re: MiniLove recommends...

      "......guilty of liking their privacy....." Nice article, but it focuses on the idea that the only possible target for surveillance would be 'rights activists'. This paranoid preoccupation of the wannabes ignores the fact that the vast majority of surveillance by the NSA and GCHQ is of criminals and terrorists, not Islington's chattering class (or the like-minded Berkley commune). Further abroad, such as in Egypt, you might have a point, but that was not what the judge was advocating. He was saying the NSA was fine by him because it is overseen and warranted activity, ie not just some dictator's tool of oppression.

      Now, give it a rest and go have a Christmas pint.

      1. Bloakey1

        Re: Destroyed All Braincells MiniLove recommends...

        <snip>

        "This paranoid preoccupation of the wannabes ignores the fact that the vast majority of surveillance by the NSA and GCHQ is of criminals and terrorists, not Islington's chattering class (or the like-minded Berkley commune)."

        <snip>

        I disagree there Matt. The vast amount of data being slurped by these people is of Joe Bloggs although the targets are who you mention among others. The big problem the analysts have is that they have too much data, too many tracks leading them down false trails, too many "doodz" called xyz, leading to obfuscation of the XYZ they are after. The whole thing is clogged up with background chatter and they are like partly deaf people in a busy pub, trying to discriminate relevant conversations.

        Has anyone ever noticed that the NSA has the worlds biggest car park with a few buildings and a monolith in the middle?

        Enjoy your pint, they are coming for you at BMNT and breakfast will be taken rectally. Sadly for you it is toast today, one slice or two?

    4. Jes.e

      Re: MiniLove recommends...

      "Next: Tor to be the last refuge of pork eaters, full-fat butter lovers, people suspiciously guilty of liking their privacy and those practicing sexual positions different from the governmentally approved missionary one."

      Actually, I thought it was us anti-pork eaters who were on the terrorist watch list as put forth by the Bush administration..

      Color me surprised!

      ..oh yes..

      There's more than one sexual position?!?

      Where do I go to find the others?

  8. Badger Murphy

    Hypothesis: butchering POTUS's name = complete lack of valid points

    I'm old enough to have lived through the terms of several POTUS, and have read far too many comment sections for my own good, and have noticed an interesting correlation. Any and every time a poster intentionally butchers the POTUS's name into some "ingenious" insult, the content of that post is invariably one or more of the following:

    1. Completely unsubstantiated

    2. Riddled with fallacious reasoning

    3. Guilty of staggering leaps of logic

    4. Rife with meaningless propogandist talking points

    5. Belligerent

    I'm starting to think that the same brain issues that cause one to think the name calling I clever cause one to be incapable of logic, reason, and critical thinking. See example above.

    1. DavCrav

      Re: Hypothesis: butchering POTUS's name = complete lack of valid points

      Micro$oft, Bliar, CrApple, Shamsung, etc. Not just POTUS.

    2. John Brown (no body) Silver badge

      Re: Hypothesis: butchering POTUS's name = complete lack of valid points

      Almost as mature as Micro$oft and Crapple :-)

    3. Anonymous Coward
      Anonymous Coward

      Re: Hypothesis: butchering POTUS's name = complete lack of valid points

      @Badger - What took you so long?

      I'm amazed he's posted 6 times without saying Sheeple.

      Misanthropes - making the world a better place...not.

      1. Will Godfrey Silver badge
        Happy

        Re: Hypothesis: butchering POTUS's name = complete lack of valid points

        You all forgot "Cuntstomers".

        However, I maintain that one is perfectly valid.

    4. Matt Bryant Silver badge
      Happy

      Re: Badger Murphy Re: Hypothesis: butchering POTUS's name = complete lack.....

      So pretty certain Badger voted for Obambi then! Shame how his outrage (or maybe it's just the ravages of old age) prevented him from debunking any of the points made.

  9. FrogInABlender

    Thanks to whoever wrote this text.

    Very clear and intelligently targeted.

    This care implies base level of trust in the competence of all their moral & technical modelling & interpreting.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like