Feeds

Tor node admin raided by cops appeals for help with legal bills

'I'm on my own and require a good lawyer' says bloke

Choosing a cloud hosting partner with confidence

A sysadmin had his flat raided and equipment seized by police last week for hosting a Tor exit node.

William Weber from Graz, Austria, was questioned by cops after someone allegedly distributed child abuse images over one of the Tor exits he administered. Contrary to some early reports Weber was only questioned by police, who seem to be at the early stage of an inquiry. "I was not arrested (yet), just searched and questioned," Weber told El Reg.

Weber's equipment - 20 computers, 100TB+ storage, tablets, consoles and phones - was seized by investigators. The raid was carried out by officers from the Styrian Landeskriminalamt (LKA), Austria's state police investigators, who served a warrant on Weber at his place of work. They then escorted him home and conducted a search and seize operation at his flat. Before and after pictures can be found here.

In response, Weber has established a legal defence fund, and is soliciting donations via PayPal from the internet community:

I got raided for someone sharing child pornography over one of my Tor exits. I'm good so far, not in jail, but all my computers and hardware have been confiscated.

If convicted I could face up to 10 years in jail (minimum six years), of course I do not want that and I also want to try to set a legal base for running Tor exit nodes in Austria or even the EU.

Sadly we have nothing like the EFF here that could help me in this case by legal assistance, so I'm on my own and require a good lawyer.

Tor (The Onion Router) offers, among other things, anonymised web browsing and has many legitimate applications including getting around censorship controls in countries with a poor human rights record. Tor routes traffic through a number of relay nodes before delivering the packets to their final destination, confusing attempts to figure out where traffic originated. Volunteers such as Weber administer “exit nodes” - the final stepping stone on the network.

The system is used by journalists, activists and military organisations around the world to bypass censorship and communicate securely. Like any technology Tor can also lend itself to unsavoury applications.

This leaves anyone providing hardware to the Tor project in a difficult position. El Reg asked Weber if he had any advice for other admins hosting Tor exit nodes to avoid landing themselves in a legal pickle.

"Tor admins should open a LLC (if US) or Limited (in UK, if EU) or registered partnership/non-profit (German Verein, if in Germany) company as owner of these servers," Weber said. "This removes the hassle of running it as private person and remove at least a bit liability (in most countries) if not all of it (in Germany, Telemediengesetz)."

"Besides this there should be good contact with the ISP beforehand, let them know that there will be abuse (filesharing and the DMCA, mainly) and what Tor is. Or if more money is available to invest, a membership of ARIN/RIPE is well worth it, getting own IP blocks and an AS number (running their own network) helps to resolve issues faster and means you get direct information if servers should be tapped or confiscated (unlike if rented, then only your ISP gets the warning)."

Weber's colocated servers were not seized, most likely as they are outside of EU jurisdiction: they are in Liechtenstein, the US and Hong Kong. The server running the exit node was under investigation was in Poland but "already disabled since I moved to a different ISP", according to Weber.

LKA officers questioned Weber about his motives for running a Tor Exit Node, according to a detailed report on the raid.

"I could not make them understand why I would 'waste' resources and bandwidth (translating into money) to run a Tor node," Weber explained. "I informed them that I was already contacted by the Polish police in May about this IP, regarding hacking attempts originating from it. Back then I had already explained to Polish police that this was a Tor exit node, and that no logfiles were held. After the report of hacking attempts, I shut down the Tor node on this server, but apparently this was too late and they were investigating (and/or wiretapping) already."

Police also recovered a small quantity of marijuana and legally held firearms as a result of their raid on Weber's flat.

Running a Tor exit node is "fraught with danger" according to a former police investigator contacted by El Reg on the topic. He added "you do not know what or who will be using your bandwidth".

David Harley, senior research fellow at anti-virus firm Eset, said abuse of Tor networks is something of an occupational hazard for the sysadmins who administer them.

"It's not unusual for the maintainer of a [Tor] exit node to be the focus of abuse complaints: mostly DCMA notices, I think. Reports of paedophilia-related abuse are a lot rarer, but not unheard of," he added.

The story of another Tor admin who was put through a police inquiry after one of the exit nodes he administered was abused to distribute images of child abuse can be found here.

Harley said he wasn't familiar which any statistics or research on how much traffic routed through Tor exit nodes is related to child abuse.

"I'm not unsympathetic to the fact that Tor gives a voice to oppressed groups and so on, but misuse is inevitable," Harley concluded. ®

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
NOT OK GOOGLE: Android images can conceal code
It's been fixed, but hordes won't have applied the upgrade
Apple grapple: Congress kills FBI's Cupertino crypto kybosh plan
Encryption would lead us all into a 'dark place', claim G-Men
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.