WVUM 90.5FM | WE ARE THE VOICE | University of Miami

Attack on Tor

Tor Logo

(Image Credit: Tor Project)


Before I start, here’s a reference for those who aren’t totally sure about what Tor is or how it works–

(Image Credit: EFF)


Near the end of the weekend, somebody (I’ll get to who later) compromised Freedom Hosting, a hosting service that was heavily invested in Tor (The Onion Router). The company was responsible for a huge chunk (about half) of the hidden network’s sites and many of the more well-known ones including Tor Mail, a completely anonymous email service. The details of the attack are starting to be sorted out, but a few facts have already been nailed down. The move comes after Freedom Hosting’s founder, Eric Eoin Marques, was arrested on suspicion of child pornography, so many are speculating that the two events are related.


Tor network was originally conceived by the Navy as a way of anonymizing communications between correspondents, but was abandoned mid-way through development. It was later picked up by DIY-ers and completed into what we see today. Due to the nature of the network, any one user cannot identify another, even for server-client interactions, making a breach of anonymity from the inside near-impossible. The exploit in question was placed on Freedom Hosting’s sites after the company was either seized or otherwise compelled to do so (details unconfirmed at time of writing) and injected a JavaScript executable that made the target send an unencrypted request over HTTP to a specified server in Virginia, exposing the IP address of the user that normally would be impossible to find. Therefore, I’ll admit that the title of this piece is somewhat misleading: the network itself has not been compromised, but the company that hosted a majority of it has.


So: who did it? Many (myself included) initially speculated that the exploit was the work of the FBI, citing the arrest of Eric Marques, and the fact that it’s the FBI’s job (more or less) to take down child pornographers. As the matter was looked into it became apparent that the server receiving the non-encrypted IP addresses was owned by a corporation in Virginia that routinely leases server space to agencies like the FBI and NSA, prompting more speculation. However, at time of writing, nobody has stepped forth to claim credit for the exploit, leading some to wonder if it was a non-official entity. The latest evidence in the exploit points toward its purpose to be solely identifying and not actually hacking, so at this point, it’s anyone’s guess. Hopefully more will become known later this week.


If a state actor is responsible, I seriously question the motives. We can all agree that child pornography and abuse is bad by any measure, but taking down essential services that people the world over use to keep safe from tyranny or even just to keep private is not the way to go about removing it. Take Tor Mail mentioned earlier: with the recent revelation that the NSA is monitoring literally everything on the Internet, is it not reasonable that there was a push towards anonymous encrypted email? Heck, I myself have/had (depending on the outcome of this situation) a Tor Mail for the simple reason that I don’t like being spied on. Even if Eric Marques is guilty of hosting and distributing child pornography, I believe a more effective and efficient way to go after those responsible would have been to target the specific websites which are accused of doing so rather than the entire company that may or may not have hosted them. The FBI has previously been allowed to run a child pornography site before, and doing so in this instance would have made for a much shorter list of names than half of Tor network.


While this story is still developing, I want to end on a slightly inquisitive note: this happened during DEF CON (a hacker’s convention), meaning a good number of the people who bother to look into this kind of thing were busy out of town, and also on the heels of the NSA’s XKeyscore revelation, which “collects nearly everything a user does on the Internet.” These combined make me somewhat suspicious of this incident; more so than I normally would be for a compromise of a major anonymity service.

Mike Kanoff | Counterpoint

Mike is the host of WVUM's weekly political roundtable, Counterpoint. The show airs every Friday at 1pm.
Tags: , , , , , ,
By Mike Kanoff | Counterpoint | August 8th, 2013 | LEAVE A COMMENT