Several Tor Servers Mysteriously Taken Offline Days After Leak of Potential Upcoming Attack
18 replies, posted
[quote]On Friday, a post on the Tor Project's blog sent out an alarming message: [b]"The Tor Project has learned that there may be an attempt to incapacitate our network in the next few days through the seizure of specialized servers in the network called directory authorities. [/b] (Directory authorities help Tor clients learn the list of relays that make up the Tor network.) We are taking steps now to ensure the safety of our users, and our system is already built to be redundant so that users maintain anonymity even if the network is attacked. Tor remains safe to use."
Still, at least one volunteer running a Tor server has seen the server taken offline in the wake of the announcement. In an email to the Tor-Talk listserve, the user responsible for a group of exit nodes and mirrors under the name "Cthulu" told the list [b]his network had been abruptly taken down[/b] over the weekend. [b]"The chassis of the servers was opened and an unknown USB device was plugged in only 30-60 seconds before the connection was broken,"[/b] the message reads. [b]"From experience I know this trend of activity is similar to the protocol of sophisticated law enforcement who carry out a search and seizure of running servers."[/b]
[/quote]
[quote]White said users should treat the servers as hostile until control was regained signified by a PGP signed message from himself.
He also urged them not to jump to conclusions about the identity of any possible agency nor harbour concern for the integrity of the Tor network.
[img]http://i.imgur.com/8QBpSPl.png[/img]
"If any of the mirrors or IPs do come back online, I would welcome anyone who is capable of doing so checking for any malicious code to ensure they are not used to deploy any kind of state malware or attacks against users should my theory prove to be the case," he added.
Should no further updates be delivered, White said users were welcome to assume he was under a gag order.
[/quote]
Email from the mailing list.
[url]http://article.gmane.org/gmane.network.tor.user/34619[/url]
Sources:
[url]http://arstechnica.com/security/2014/12/cluster-of-tor-servers-taken-down-in-unexplained-outage/[/url]
[url]https://blog.torproject.org/blog/possible-upcoming-attempts-disable-tor-network[/url]
[url]http://www.theregister.co.uk/2014/12/22/stay_away_popular_tor_exit_relays_look_raided/[/url]
Noooo my drugs
And I thought datacenters were supposed to be secure.
[QUOTE=Elecbullet;46778949]Noooo my drugs[/QUOTE]
Agora is up ;)
-snip, wrong thread-
[QUOTE=SebiWarrior;46781171]Well, at least they have Crimea. Hope it was worth it, Putin.[/QUOTE]
what
[QUOTE=Limed00d;46781182]what[/QUOTE]
I fucked threads up, sorry.
[quote] "The chassis of the servers was opened and an unknown USB device was plugged in only 30-60 seconds before the connection was broken," the message reads. "From experience I know this trend of activity is similar to the protocol of sophisticated law enforcement who carry out a search and seizure of running servers."[/quote]
That's some next level shit
[QUOTE=Gray Altoid;46781755]That's some next level shit[/QUOTE]
I'm really surprised that worked - I'd have thought unknown USB devices / unconfirmed login would trigger an automatic panic for a server that was built by probably the most paranoid groups of people around.
A Tor relay by itself doesn't really contain any information worth worrying about.
Apparently they were exit nodes, so the worst you could get was the information that was coming out of the Tor network, onto the Internet, but Five Eyes can already track that, so it's not beneficial.
The fact that the chassis alarm got triggered tells me one thing though: either some employee at the datacenter got stupid, or it was the FBI. Those morons don't bother with covert, at all. Someone from Five Eyes wouldn't bother opening the chassis, you can compromise most servers without opening them.
So far, if I only had to explain one server going down, the most likely scenario would be a DC worker debugging a server and plugging the KVM into the wrong box, wondering why it's not working.
But multiple servers apparently went down, at the same time.
[QUOTE=bord2tears;46782323]I'm really surprised that worked - I'd have thought unknown USB devices / unconfirmed login would trigger an automatic panic for a server that was built by probably the most paranoid groups of people around.[/QUOTE]
Now, most developers don't consider physical compromise of server hardware to be worth protecting against: Usually either because they don't expect it "It won't happen", or because they know that if an attacker has physical access to the machine, very little can be done anyway.
So the most common physical attacks are USB, and at least speaking from my experience, gaining that level of physical access is [I]fairly[/I] easy; especially if the facility has more relaxed co-location rules (Which, due to the nature of colo, is frequent).
Assessing the situation, I guess the optimal way would to have the whole system run on an encrypted FS that to boot, would require a decryption key to be provided (Likely over tftp, or physically with a USB key), and would also be physically locked inside of a private cabinet or cage. but all of that is expensive, complicated, and unlikely to be needed.
Quite a few sites and services linked to piracy seem have been taken down in the last month or so, someone's woken up the internet police it seems.
[QUOTE=formatme;46781156]Agora is up ;)[/QUOTE]
agora sucks tho
MPAA lobbying at work
[QUOTE=bord2tears;46782323]I'm really surprised that worked - I'd have thought unknown USB devices / unconfirmed login would trigger an automatic panic for a server that was built by probably the most paranoid groups of people around.[/QUOTE]
Should've taken a page from Uplink and put a motion sensor on the server along with a small firebomb.
[QUOTE=Paramud;46794330]Should've taken a page from Uplink and put a motion sensor on the server along with a small firebomb.[/QUOTE]
I am the system administrator. My voice is my passport. Verify me.
[QUOTE=XeroG;46797231]I am the system administrator. My voice is my passport. Verify me.[/QUOTE]
"Hello? ... Helloooo? Argh! *click*"
Sorry, you need to Log In to post a reply to this thread.