Tor Project Seeks Help To Identify How Government Officials Broke Tor And Took Down Silk Road 2.0
Last week a joint operation between the Federal Bureau of Investigations, Department of Homeland Security, and Europol was announced. Named Operation Onymous, it led to the arrest of 17 people, the shutdown of over 400 hundred .onion sites, and Tor relays seized by government officials. As a result, the Tor Project is asking for help to determine how government officials were able to locate these services.
“Tor is most interested in understanding how these services were located, and if this indicates a security weakness in Tor hidden services that could be exploited by criminals or secret police repressing dissents,” reads a statement on the Tor Project blog. “We are also interested in learning why the authorities seized Tor relays even though their operation was targeting hidden services. Were these two events related?”
The method, or methods, used by the joint task force to locate the dark websites are yet to be revealed. Government officials have been silent on that topic, leaving Tor Project to figure out how it was done. The first theory is that the operators of the hidden servers didn’t use adequate operational security. Other theories include common web bugs, such as SQL injections, being used or even the possibility of Bitcoin deanonymization. Finally, attacks on the Tor network itself in order to reveal the location of these services could have been the reason for the success of Operation Onymous.
Tor Project went on to offer advice to concerned hidden service operators in an attempt to secure their services but added, “The task of hiding the location of low-latency web services is a very hard problem and we still don't know how to do it correctly. It seems that there are various issues that none of the current anonymous publishing designs have really solved.”
To that affect, Tor Project then put out call for more people to help review the designs and code, provide feedback on its upcoming hidden service revamp, or even assist with the research to discover the methods use by the government agencies.
“Tor is most interested in understanding how these services were located, and if this indicates a security weakness in Tor hidden services that could be exploited by criminals or secret police repressing dissents,” reads a statement on the Tor Project blog. “We are also interested in learning why the authorities seized Tor relays even though their operation was targeting hidden services. Were these two events related?”
The method, or methods, used by the joint task force to locate the dark websites are yet to be revealed. Government officials have been silent on that topic, leaving Tor Project to figure out how it was done. The first theory is that the operators of the hidden servers didn’t use adequate operational security. Other theories include common web bugs, such as SQL injections, being used or even the possibility of Bitcoin deanonymization. Finally, attacks on the Tor network itself in order to reveal the location of these services could have been the reason for the success of Operation Onymous.
Tor Project went on to offer advice to concerned hidden service operators in an attempt to secure their services but added, “The task of hiding the location of low-latency web services is a very hard problem and we still don't know how to do it correctly. It seems that there are various issues that none of the current anonymous publishing designs have really solved.”
To that affect, Tor Project then put out call for more people to help review the designs and code, provide feedback on its upcoming hidden service revamp, or even assist with the research to discover the methods use by the government agencies.
