Tor Network May Face Disabling Attack

The Tor Project has learned that there may be an attempt to incapacitate our network in the next few days through the seizure of specialized servers in the network called directory authorities.

These words were the introduction to Possible upcoming attempts to disable the Tor network, an announcement made early Friday evening, Massachusetts time, where the Tor Project headquarters is located.

The fourth quarter of 2014 has been rough for Tor. First Operation Onymous caught a few darknet market operators, and everyone involved got trolled by European Cyber Crime Commission head Troels Oerting. Then a nasty spat erupted between Pando writer Yasha Levine (@YashaLevine) and the Tor development team over their government funding.

And now they face what may be an existential threat, because if enough Directory Authorities are taken, the network will be badly degraded, both operationally, and even worse in terms of user confidence.

Also read: Avoiding Tor Panic

Losing Directory Authorities?

the onion routerThe internet was started by DARPA, the Defense Advanced Research Project Agency, with the intent to create a packet network that could withstand the disruption of a nuclear attack. Forty some years later this network treats censorship like battle damage, routing around it, and the Tor anonymity network permits one to go even further, all without leaving much of a trail.

Tor’s resilience is based on the idea that there are no single points of failure, but there is a hierarchy of participation. Users of the network run a local Tor daemon that provides them access. Many individuals run relays, which permit users to connect, and some are configured to permit exit traffic as well. Relay operators with plenty of bandwidth and long term uptime will also provide directory services.

Tor’s Directory Authorities are similar to the root servers for DNS in that there are few, just eight globally. These servers are hand selected rather than gaining status based on their uptime, which is how other important roles in the network, like directory services, are delegated. If enough of them disappear all at once, this will be a major disruption for the Tor network.

Pando Sniping

There has been a call between Paul Carr (@paulcarr) of Pando and Tor Project director Andrew Lewman, not long after a peacemaking attempt by Quinn Norton (@quinnnorton), and things seemed to have calmed a bit. Even so, Carr is busy this evening lampooning the entire spectrum of people involved, from Tor itself to the conspiracy theorists who believe that Pando is a CIA front.

Paul Carr Comments On Tor
Paul Carr Comments On Tor

This at least seems to be headed back towards actual reporting and good natured ribbing, rather than the extreme trolling cage match between the two groups that prompted Norton’s diplomacy effort.

Watching & Waiting

One of the documents from the Snowden leak, Tor Stinks, described how the NSA can at most de-anonymize a small fraction of users, and they can not pick specific targets, it’s a fairly random thing. Since then it appears that a 0day exploit was used as a component of Operation Onymous, and now it seems the Tor network may face an outright beheading.

This potential shutdown has to be seen against the backdrop of not just Operation Onymous. The Sony intrusion and the comically thin information the FBI is using as the basis to claim North Korea was the culprit are very reminiscent of the Sixteen Words in George W. Bush’s 2003 State of the Union speech.

The British government has learned that Saddam Hussein recently sought significant quantities of uranium from Africa.

There will be an immense amount of egg on the face of every politician and security pundit who pushed ‘proportional action’ against North Korea if it turns out that the source of the attack was actually longtime Sony foe Lizard Squad (@LizardUnit). Among their prior antics are an instance where they posed as ISIS supporters and faked a bomb threat to an airliner in order to interdict a Sony executives travel plans.

All we can do now is wait and watch for signs that the Tor network’s performance is degrading.

Images from Shutterstock.