Feeds

Tor node admin raided by cops appeals for help with legal bills

'I'm on my own and require a good lawyer' says bloke

SANS - Survey on application security programs

A sysadmin had his flat raided and equipment seized by police last week for hosting a Tor exit node.

William Weber from Graz, Austria, was questioned by cops after someone allegedly distributed child abuse images over one of the Tor exits he administered. Contrary to some early reports Weber was only questioned by police, who seem to be at the early stage of an inquiry. "I was not arrested (yet), just searched and questioned," Weber told El Reg.

Weber's equipment - 20 computers, 100TB+ storage, tablets, consoles and phones - was seized by investigators. The raid was carried out by officers from the Styrian Landeskriminalamt (LKA), Austria's state police investigators, who served a warrant on Weber at his place of work. They then escorted him home and conducted a search and seize operation at his flat. Before and after pictures can be found here.

In response, Weber has established a legal defence fund, and is soliciting donations via PayPal from the internet community:

I got raided for someone sharing child pornography over one of my Tor exits. I'm good so far, not in jail, but all my computers and hardware have been confiscated.

If convicted I could face up to 10 years in jail (minimum six years), of course I do not want that and I also want to try to set a legal base for running Tor exit nodes in Austria or even the EU.

Sadly we have nothing like the EFF here that could help me in this case by legal assistance, so I'm on my own and require a good lawyer.

Tor (The Onion Router) offers, among other things, anonymised web browsing and has many legitimate applications including getting around censorship controls in countries with a poor human rights record. Tor routes traffic through a number of relay nodes before delivering the packets to their final destination, confusing attempts to figure out where traffic originated. Volunteers such as Weber administer “exit nodes” - the final stepping stone on the network.

The system is used by journalists, activists and military organisations around the world to bypass censorship and communicate securely. Like any technology Tor can also lend itself to unsavoury applications.

This leaves anyone providing hardware to the Tor project in a difficult position. El Reg asked Weber if he had any advice for other admins hosting Tor exit nodes to avoid landing themselves in a legal pickle.

"Tor admins should open a LLC (if US) or Limited (in UK, if EU) or registered partnership/non-profit (German Verein, if in Germany) company as owner of these servers," Weber said. "This removes the hassle of running it as private person and remove at least a bit liability (in most countries) if not all of it (in Germany, Telemediengesetz)."

"Besides this there should be good contact with the ISP beforehand, let them know that there will be abuse (filesharing and the DMCA, mainly) and what Tor is. Or if more money is available to invest, a membership of ARIN/RIPE is well worth it, getting own IP blocks and an AS number (running their own network) helps to resolve issues faster and means you get direct information if servers should be tapped or confiscated (unlike if rented, then only your ISP gets the warning)."

Weber's colocated servers were not seized, most likely as they are outside of EU jurisdiction: they are in Liechtenstein, the US and Hong Kong. The server running the exit node was under investigation was in Poland but "already disabled since I moved to a different ISP", according to Weber.

LKA officers questioned Weber about his motives for running a Tor Exit Node, according to a detailed report on the raid.

"I could not make them understand why I would 'waste' resources and bandwidth (translating into money) to run a Tor node," Weber explained. "I informed them that I was already contacted by the Polish police in May about this IP, regarding hacking attempts originating from it. Back then I had already explained to Polish police that this was a Tor exit node, and that no logfiles were held. After the report of hacking attempts, I shut down the Tor node on this server, but apparently this was too late and they were investigating (and/or wiretapping) already."

Police also recovered a small quantity of marijuana and legally held firearms as a result of their raid on Weber's flat.

Running a Tor exit node is "fraught with danger" according to a former police investigator contacted by El Reg on the topic. He added "you do not know what or who will be using your bandwidth".

David Harley, senior research fellow at anti-virus firm Eset, said abuse of Tor networks is something of an occupational hazard for the sysadmins who administer them.

"It's not unusual for the maintainer of a [Tor] exit node to be the focus of abuse complaints: mostly DCMA notices, I think. Reports of paedophilia-related abuse are a lot rarer, but not unheard of," he added.

The story of another Tor admin who was put through a police inquiry after one of the exit nodes he administered was abused to distribute images of child abuse can be found here.

Harley said he wasn't familiar which any statistics or research on how much traffic routed through Tor exit nodes is related to child abuse.

"I'm not unsympathetic to the fact that Tor gives a voice to oppressed groups and so on, but misuse is inevitable," Harley concluded. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.