Feeds

Tor node admin raided by cops appeals for help with legal bills

'I'm on my own and require a good lawyer' says bloke

The Essential Guide to IT Transformation

A sysadmin had his flat raided and equipment seized by police last week for hosting a Tor exit node.

William Weber from Graz, Austria, was questioned by cops after someone allegedly distributed child abuse images over one of the Tor exits he administered. Contrary to some early reports Weber was only questioned by police, who seem to be at the early stage of an inquiry. "I was not arrested (yet), just searched and questioned," Weber told El Reg.

Weber's equipment - 20 computers, 100TB+ storage, tablets, consoles and phones - was seized by investigators. The raid was carried out by officers from the Styrian Landeskriminalamt (LKA), Austria's state police investigators, who served a warrant on Weber at his place of work. They then escorted him home and conducted a search and seize operation at his flat. Before and after pictures can be found here.

In response, Weber has established a legal defence fund, and is soliciting donations via PayPal from the internet community:

I got raided for someone sharing child pornography over one of my Tor exits. I'm good so far, not in jail, but all my computers and hardware have been confiscated.

If convicted I could face up to 10 years in jail (minimum six years), of course I do not want that and I also want to try to set a legal base for running Tor exit nodes in Austria or even the EU.

Sadly we have nothing like the EFF here that could help me in this case by legal assistance, so I'm on my own and require a good lawyer.

Tor (The Onion Router) offers, among other things, anonymised web browsing and has many legitimate applications including getting around censorship controls in countries with a poor human rights record. Tor routes traffic through a number of relay nodes before delivering the packets to their final destination, confusing attempts to figure out where traffic originated. Volunteers such as Weber administer “exit nodes” - the final stepping stone on the network.

The system is used by journalists, activists and military organisations around the world to bypass censorship and communicate securely. Like any technology Tor can also lend itself to unsavoury applications.

This leaves anyone providing hardware to the Tor project in a difficult position. El Reg asked Weber if he had any advice for other admins hosting Tor exit nodes to avoid landing themselves in a legal pickle.

"Tor admins should open a LLC (if US) or Limited (in UK, if EU) or registered partnership/non-profit (German Verein, if in Germany) company as owner of these servers," Weber said. "This removes the hassle of running it as private person and remove at least a bit liability (in most countries) if not all of it (in Germany, Telemediengesetz)."

"Besides this there should be good contact with the ISP beforehand, let them know that there will be abuse (filesharing and the DMCA, mainly) and what Tor is. Or if more money is available to invest, a membership of ARIN/RIPE is well worth it, getting own IP blocks and an AS number (running their own network) helps to resolve issues faster and means you get direct information if servers should be tapped or confiscated (unlike if rented, then only your ISP gets the warning)."

Weber's colocated servers were not seized, most likely as they are outside of EU jurisdiction: they are in Liechtenstein, the US and Hong Kong. The server running the exit node was under investigation was in Poland but "already disabled since I moved to a different ISP", according to Weber.

LKA officers questioned Weber about his motives for running a Tor Exit Node, according to a detailed report on the raid.

"I could not make them understand why I would 'waste' resources and bandwidth (translating into money) to run a Tor node," Weber explained. "I informed them that I was already contacted by the Polish police in May about this IP, regarding hacking attempts originating from it. Back then I had already explained to Polish police that this was a Tor exit node, and that no logfiles were held. After the report of hacking attempts, I shut down the Tor node on this server, but apparently this was too late and they were investigating (and/or wiretapping) already."

Police also recovered a small quantity of marijuana and legally held firearms as a result of their raid on Weber's flat.

Running a Tor exit node is "fraught with danger" according to a former police investigator contacted by El Reg on the topic. He added "you do not know what or who will be using your bandwidth".

David Harley, senior research fellow at anti-virus firm Eset, said abuse of Tor networks is something of an occupational hazard for the sysadmins who administer them.

"It's not unusual for the maintainer of a [Tor] exit node to be the focus of abuse complaints: mostly DCMA notices, I think. Reports of paedophilia-related abuse are a lot rarer, but not unheard of," he added.

The story of another Tor admin who was put through a police inquiry after one of the exit nodes he administered was abused to distribute images of child abuse can be found here.

Harley said he wasn't familiar which any statistics or research on how much traffic routed through Tor exit nodes is related to child abuse.

"I'm not unsympathetic to the fact that Tor gives a voice to oppressed groups and so on, but misuse is inevitable," Harley concluded. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.