Tor Project asks for help protecting user privacy after Silk Road 2.0 takedown

The Tor Project has asked for help in figuring out how law enforcement agencies managed to track its users during the Operation Onymous and Project Protein investigations.

The Tor Project's 'Phobos' issued the call for aid in a blog post, warning users that Tor has still not figured out how law enforcement identified the location of numerous 'dark web' sites, including Silk Road 2.0, earlier in November.

'Recently it was announced that a coalition of government agencies took control of many Tor hidden services. We were as surprised as most of you. Unfortunately, we have very little information about how this was accomplished,' wrote Phobos.

'We do not know why the systems were seized, nor do we know anything about the methods of investigation which were used.'

The takedown happened across Europe and led to 17 arrests. The UK National Crime Agency (NCA) confirmed that six people were arrested and bailed in the UK as part of the crackdown.

They were a 20 year-old man from Liverpool, a 19 year-old man from New Waltham, Lincolnshire, a 30 year-old man from Cleethorpes, a 29 year-old man and a 58 year-old man from Aberdovey, Wales, and a 58 year-old woman also from Aberdovey.

Phobos asked any users with information or ideas how the takedowns happened to come forward.

'Tor is most interested in understanding how these services were located, and if this indicates a security weakness in Tor hidden services that could be exploited by criminals or secret police repressing dissent,' read the post.

'We are also interested in learning why the authorities seized Tor relays even though their operation was targeting hidden services. If anyone has more details, please get in contact with us. If your relay was seized, please also tell us its identity so that we can request that the directory authorities reject it from the network.'

Tor is a custom network designed to let people surf the internet anonymously and host web services without them being indexed on the public internet.

Numerous firms have reported a spike in Tor use since news of the NSA's Prism campaign broke.

The Prism scandal erupted in 2013 when Edward Snowden leaked documents to the press proving that US intelligence agencies siphoned off vast amounts of data from technology companies including Microsoft, Google, Twitter and Facebook.

The growth in Tor use has led many law enforcement agencies to take increased interest in the technology and begin attempting to find ways to track its users.

Phobos said the attacks have pushed the Tor Project's resources to its limits and forced it to consider outsourcing its investigation to bug hunters.

'Although the Tor source code gets continuously reviewed by our security-minded developers and community members, we would like more focused auditing by experienced bug hunters,' read the post.

'Public-interest initiatives like Project Zero could help out a lot here. Funding to launch a bug bounty programme of our own could also bring real benefit to our codebase. If you can help, please get in touch.'

Bug bounties are an increasingly popular strategy for firms looking to boost their services' security.

Google increased the maximum payout in its Chrome bug bounty programme to $15,000 in October, claiming that hunters had already helped to fix over 700 security flaws.


Popular posts from this blog

Dropbox Issues Outage Post


set up a free Google groups web forum in blogger