[tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation

Thomas White thomaswhite at riseup.net
Sun Dec 21 23:54:32 UTC 2014

Hash: SHA512

Ok now the dust has settled a little, a few updates on the situation:

1. The likelihood of this being the work of law enforcement seems to
be lower than originally anticipated. This is good in many ways but
asks more questions than it solves right now. I am not going to
completely exclude the possibility of law enforcement involvement
though as there simply isn't enough information.

2. A large portion of our logs seem to be non-existent right now, I am
not sure how or why they have been cleared as this has not happened
before. When a bit of time has passed and I can be sure of no imminent
raid on my property I will look into the logs in more detail and share
them with people more qualified than myself to judge on the matter. If
appropriate we will then also look to make them public assuming there
are no consequences for doing so. Furthermore as the time & date of
some of the servers seem to have been skewed, what remaining info
there is may be unreliable.

3. The servers have been blacklisted and pose no danger to the Tor
network or the users of it. I will refrain from putting these servers
back online until a proper vetting and analysis of events has happened.

4. Support staff at the ISP have not yet commented on whether a
warrant has been executed for the servers. At this stage it isn't
possible to distinguish whether the person I talked to genuinely
doesn't know or they are being told to refrain from commenting at this
moment in time. Therefore I won't be drawing conclusions from that.

5. Support staff at the ISP have confirmed to me there has been
unauthorised access to my account. This could be down to the fact I
access the control panel often via Tor (yes, using TLS before anybody
asks), however it does raise the prospect of a non-LE person(s) being
behind this but does not explain why a chassis intrusion was detected
for example or anything else to do with on-board sensors.

6. No information was kept on the server in relation to users. We
follow the best practice guidelines on running a Tor server to reduce
any information stored on our hardware about the users of Tor. These
events in no way put users at risk who may have used our nodes in the
past or at the time the servers went offline.

7. Again, at this moment in time I am under no gagging orders or
unreasonably withholding information under orders.

8. Tor isn't broken. Stop panicking. The strength of Tor is that no
single party has the power to critically damage the network or to put
users at risk. If I believe I come across any such vulnerability, this
will be forwarded to the core developers immediately and patched.

9. One or two media groups/reps have contacted me. I appreciate your
interest in Tor and these recent events but I am not a representative
of Tor and I don't want to draw a conclusion right now as it would be
no more than mere speculation really. If anything significant develops
I am sure Tor Project will release the information in due course.


- -- 
Activist, anarchist and a bit of a dreamer.

Current Fingerprint: E771 BE69 4696 F742 DB94 AA8C 5C2A 8C5A 0CCA 4983
Key-ID: 0CCA4983
Master Fingerprint: DDEF AB9B 1962 5D09 4264 2558 1F23 39B7 EF10 09F0
Key-ID: EF1009F0

Twitter: @CthulhuSec
XMPP: thecthulhu at jabber.ccc.de
XMPP-OTR: 4321B19F A9A3462C FE64BAC7 294C8A7E A53CC966


More information about the tor-talk mailing list