More like this

Security

Heads up! If Tor VANISHES over the weekend, this is why

Developers warn of swoop plot to cripple privacy network

The Tor Project is warning that its network – used by netizens to mask their identities on the internet – may be knocked offline in the coming days.

In a Tor blog post, project leader Roger "Arma" Dingledine said an unnamed group may seize Tor's directory authority servers before the end of next week. These servers distribute the official lists of relays in the network, which are the systems that route users' traffic around the world to obfuscate their internet connections' public IP addresses.

Should the majority of those directory servers be disabled – such as by the physical seizure of the machines – users will be unable to use Tor effectively. According to the Tor source code, the default authority servers have the following IP addresses:

IP address       Who owns the block containing this IP?
128.31.0.39      AS3       Massachusetts Institute of Technology
86.59.21.38      AS8437    Tele2 Telecommunication GmbH
194.109.206.212  AS3265    XS4ALL Internet BV
82.94.251.203    AS3265    XS4ALL Internet BV
131.188.40.189   AS680     Verein zur Foerderung eines Deutschen Forschungsnetzes e.V.
193.23.244.244   AS50472   Chaos Computer Club e.V.
208.83.223.34    AS40475   Applied Operations, LLC
171.25.193.9     AS198093  Foreningen for digitala fri- och rattigheter
154.35.32.5      AS14987   Rethem Hosting LLC
199.254.238.52   AS16652   Riseup Networks

As discussed on Hacker News, there are ten directory authorities including one just for bridges: the IP addresses belong to networks in Austria, Germany, the Netherlands, Sweden, and the US, and knocking out more than five would succeed in disrupting the Tor network.

"The Tor Project has learned that there may be an attempt to incapacitate our network in the next few days through the seizure of specialized servers in the network called directory authorities," Arma posted on the Tor Project blog on Friday.

"Directory authorities help Tor clients learn the list of relays that make up the Tor network. We are taking steps now to ensure the safety of our users, and our system is already built to be redundant so that users maintain anonymity even if the network is attacked. Tor remains safe to use.

"We hope that this attack doesn't occur; Tor is used by many good people. If the network is affected, we will immediately inform users via this blog and our Twitter feed @TorProject, along with more information if we become aware of any related risks to Tor users."

While the Tor Project has not said who could be behind the attack or what their motivation might be, some anonymous comments posted under the blog suggest a swoop could be related to the US government's investigation into the Sony Pictures mega-hack.

Tor has gained notoriety for its association with underground drugs markets, such as Silk Road, and other souks of questionable legality. The network does, however, have plenty of other applications – for whistleblowers, journalists, political activists, anyone who cares about privacy, and so on, just as long as they realize Tor, by itself, isn't magic OPSEC sauce.

Arma noted the role the Tor network plays in helping protect the privacy of users living under authoritarian regimes or operating in potentially sensitive matters.

"Tor is also used by banks, diplomatic officials, members of law enforcement, bloggers, and many others," he wrote. "Attempts to disable the Tor network would interfere with all of these users, not just ones disliked by the attacker." ®

Sponsored: The Nuts and Bolts of Ransomware in 2016