whitetop
12-24-2014, 07:40 PM
Earlier this week, we reported (http://pando.com/2014/12/19/tor-founder-warns-that-threatened-attack-on-network-could-be-really-bad-allowing-traffic-to-be-hijacked/) on an apparent threat by an unnamed agency to disable the Tor anonymity network.
According to founder Roger Dingledine:
The Tor Project has learned that there may be an attempt to incapacitate our network in the next few days through the seizure of specialized servers in the network called directory authorities.
The wording (https://blog.torproject.org/blog/possible-upcoming-attempts-disable-tor-network) of Dingledine’s warning causes some (including us) to speculate that the anticipated attack might be coming from law enforcement agencies either inside the US or some other “friendly” country. Pressed by users to explain how serious the threat might be, Dingledine explained (http://pando.com/2014/12/19/tor-founder-warns-that-threatened-attack-on-network-could-be-really-bad-allowing-traffic-to-be-hijacked/):
“If [attackers] can extract five unexpired signing keys, then they can make up their own consensus and point people to their own relays. That would indeed be really bad.”
Today, Thomas White who operates “a large exit node cluster for the Tor network and [a] collection of mirrors,” reports (http://article.gmane.org/gmane.network.tor.user/34619) that his servers have apparently been compromised.
Tonight there has been some unusual activity taking place and I have now lost control of all servers under the ISP and my account has been suspended. Having reviewed the last available information of the sensors, the chassis of the servers was opened and an unknown USB device was plugged in only 30-60 seconds before the connection was broken. From experience I know this trend of activity is similar to the protocol of sophisticated law enforcement who carry out a search and seizure of running servers.
White warns “Do NOT use my mirrors/services until I have reviewed the situation,” adding:
At this moment in time I am under no gagging orders or influence from external parties/agencies. If no update is provided within 48 hours you may draw your own conclusions.
http://pando.com/2014/12/21/so-it-begins-operator-of-large-tor-exit-node-cluster-reports-he-has-lost-control-of-his-servers/
According to founder Roger Dingledine:
The Tor Project has learned that there may be an attempt to incapacitate our network in the next few days through the seizure of specialized servers in the network called directory authorities.
The wording (https://blog.torproject.org/blog/possible-upcoming-attempts-disable-tor-network) of Dingledine’s warning causes some (including us) to speculate that the anticipated attack might be coming from law enforcement agencies either inside the US or some other “friendly” country. Pressed by users to explain how serious the threat might be, Dingledine explained (http://pando.com/2014/12/19/tor-founder-warns-that-threatened-attack-on-network-could-be-really-bad-allowing-traffic-to-be-hijacked/):
“If [attackers] can extract five unexpired signing keys, then they can make up their own consensus and point people to their own relays. That would indeed be really bad.”
Today, Thomas White who operates “a large exit node cluster for the Tor network and [a] collection of mirrors,” reports (http://article.gmane.org/gmane.network.tor.user/34619) that his servers have apparently been compromised.
Tonight there has been some unusual activity taking place and I have now lost control of all servers under the ISP and my account has been suspended. Having reviewed the last available information of the sensors, the chassis of the servers was opened and an unknown USB device was plugged in only 30-60 seconds before the connection was broken. From experience I know this trend of activity is similar to the protocol of sophisticated law enforcement who carry out a search and seizure of running servers.
White warns “Do NOT use my mirrors/services until I have reviewed the situation,” adding:
At this moment in time I am under no gagging orders or influence from external parties/agencies. If no update is provided within 48 hours you may draw your own conclusions.
http://pando.com/2014/12/21/so-it-begins-operator-of-large-tor-exit-node-cluster-reports-he-has-lost-control-of-his-servers/