Feeds

Tor node admin raided by cops appeals for help with legal bills

'I'm on my own and require a good lawyer' says bloke

The essential guide to IT transformation

A sysadmin had his flat raided and equipment seized by police last week for hosting a Tor exit node.

William Weber from Graz, Austria, was questioned by cops after someone allegedly distributed child abuse images over one of the Tor exits he administered. Contrary to some early reports Weber was only questioned by police, who seem to be at the early stage of an inquiry. "I was not arrested (yet), just searched and questioned," Weber told El Reg.

Weber's equipment - 20 computers, 100TB+ storage, tablets, consoles and phones - was seized by investigators. The raid was carried out by officers from the Styrian Landeskriminalamt (LKA), Austria's state police investigators, who served a warrant on Weber at his place of work. They then escorted him home and conducted a search and seize operation at his flat. Before and after pictures can be found here.

In response, Weber has established a legal defence fund, and is soliciting donations via PayPal from the internet community:

I got raided for someone sharing child pornography over one of my Tor exits. I'm good so far, not in jail, but all my computers and hardware have been confiscated.

If convicted I could face up to 10 years in jail (minimum six years), of course I do not want that and I also want to try to set a legal base for running Tor exit nodes in Austria or even the EU.

Sadly we have nothing like the EFF here that could help me in this case by legal assistance, so I'm on my own and require a good lawyer.

Tor (The Onion Router) offers, among other things, anonymised web browsing and has many legitimate applications including getting around censorship controls in countries with a poor human rights record. Tor routes traffic through a number of relay nodes before delivering the packets to their final destination, confusing attempts to figure out where traffic originated. Volunteers such as Weber administer “exit nodes” - the final stepping stone on the network.

The system is used by journalists, activists and military organisations around the world to bypass censorship and communicate securely. Like any technology Tor can also lend itself to unsavoury applications.

This leaves anyone providing hardware to the Tor project in a difficult position. El Reg asked Weber if he had any advice for other admins hosting Tor exit nodes to avoid landing themselves in a legal pickle.

"Tor admins should open a LLC (if US) or Limited (in UK, if EU) or registered partnership/non-profit (German Verein, if in Germany) company as owner of these servers," Weber said. "This removes the hassle of running it as private person and remove at least a bit liability (in most countries) if not all of it (in Germany, Telemediengesetz)."

"Besides this there should be good contact with the ISP beforehand, let them know that there will be abuse (filesharing and the DMCA, mainly) and what Tor is. Or if more money is available to invest, a membership of ARIN/RIPE is well worth it, getting own IP blocks and an AS number (running their own network) helps to resolve issues faster and means you get direct information if servers should be tapped or confiscated (unlike if rented, then only your ISP gets the warning)."

Weber's colocated servers were not seized, most likely as they are outside of EU jurisdiction: they are in Liechtenstein, the US and Hong Kong. The server running the exit node was under investigation was in Poland but "already disabled since I moved to a different ISP", according to Weber.

LKA officers questioned Weber about his motives for running a Tor Exit Node, according to a detailed report on the raid.

"I could not make them understand why I would 'waste' resources and bandwidth (translating into money) to run a Tor node," Weber explained. "I informed them that I was already contacted by the Polish police in May about this IP, regarding hacking attempts originating from it. Back then I had already explained to Polish police that this was a Tor exit node, and that no logfiles were held. After the report of hacking attempts, I shut down the Tor node on this server, but apparently this was too late and they were investigating (and/or wiretapping) already."

Police also recovered a small quantity of marijuana and legally held firearms as a result of their raid on Weber's flat.

Running a Tor exit node is "fraught with danger" according to a former police investigator contacted by El Reg on the topic. He added "you do not know what or who will be using your bandwidth".

David Harley, senior research fellow at anti-virus firm Eset, said abuse of Tor networks is something of an occupational hazard for the sysadmins who administer them.

"It's not unusual for the maintainer of a [Tor] exit node to be the focus of abuse complaints: mostly DCMA notices, I think. Reports of paedophilia-related abuse are a lot rarer, but not unheard of," he added.

The story of another Tor admin who was put through a police inquiry after one of the exit nodes he administered was abused to distribute images of child abuse can be found here.

Harley said he wasn't familiar which any statistics or research on how much traffic routed through Tor exit nodes is related to child abuse.

"I'm not unsympathetic to the fact that Tor gives a voice to oppressed groups and so on, but misuse is inevitable," Harley concluded. ®

Next gen security for virtualised datacentres

More from The Register

next story
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Linux kernel devs made to finger their dongles before contributing code
Two-factor auth enabled for Kernel.org repositories
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.