[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
From: Thomas White <thomaswhite@xxxxxxxxxx>
Date: Sun, 21 Dec 2014 23:54:32 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 21 Dec 2014 18:54:50 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1419206078; bh=D1qGNJ+YUOclym3fYiAS9p6KoYt1WP4IiTNYQl5SUMs=; h=Date:From:Reply-To:To:Subject:References:In-Reply-To:From; b=ElVHCxOL+fFLn5PIxPlr+yGg6iyhurKDHtyoRuylQco33L4fk8lqLGhPjLGI1Isx9 S3UXvYWwHTtes1rOYMDagaomdI/v9ZMfrIxw0nFtdnYHSDpmZdC3kvh7cjFd/hFtgL xi32LpDClcV8xnXpo1Z+z1gzKWqb0u6yE1xq+0lI=
In-reply-to: <54973F5C.6050609@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <54972AD3.8070005@xxxxxxxxxx> <CAJdkzEMF-bP0gZupNSuUXgaHVAh1hQyO5u8c8kcy+_3gNMUS_A@xxxxxxxxxxxxxx> <54973111.7000002@xxxxxxxxxx> <CAMtFrUF1CfGq207Qv3tx6Qx47fbF85PgcfHwikBuH9ZPKjm0og@xxxxxxxxxxxxxx> <549733A7.6070905@xxxxxxxxxx> <CAFggDF1fe7UuKxYNbua_y+yKdGkH7cEueSC+ibWKkp3x6vXMNA@xxxxxxxxxxxxxx> <54973F5C.6050609@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Ok now the dust has settled a little, a few updates on the situation:

1. The likelihood of this being the work of law enforcement seems to
be lower than originally anticipated. This is good in many ways but
asks more questions than it solves right now. I am not going to
completely exclude the possibility of law enforcement involvement
though as there simply isn't enough information.

2. A large portion of our logs seem to be non-existent right now, I am
not sure how or why they have been cleared as this has not happened
before. When a bit of time has passed and I can be sure of no imminent
raid on my property I will look into the logs in more detail and share
them with people more qualified than myself to judge on the matter. If
appropriate we will then also look to make them public assuming there
are no consequences for doing so. Furthermore as the time & date of
some of the servers seem to have been skewed, what remaining info
there is may be unreliable.

3. The servers have been blacklisted and pose no danger to the Tor
network or the users of it. I will refrain from putting these servers
back online until a proper vetting and analysis of events has happened.

4. Support staff at the ISP have not yet commented on whether a
warrant has been executed for the servers. At this stage it isn't
possible to distinguish whether the person I talked to genuinely
doesn't know or they are being told to refrain from commenting at this
moment in time. Therefore I won't be drawing conclusions from that.

5. Support staff at the ISP have confirmed to me there has been
unauthorised access to my account. This could be down to the fact I
access the control panel often via Tor (yes, using TLS before anybody
asks), however it does raise the prospect of a non-LE person(s) being
behind this but does not explain why a chassis intrusion was detected
for example or anything else to do with on-board sensors.

6. No information was kept on the server in relation to users. We
follow the best practice guidelines on running a Tor server to reduce
any information stored on our hardware about the users of Tor. These
events in no way put users at risk who may have used our nodes in the
past or at the time the servers went offline.

7. Again, at this moment in time I am under no gagging orders or
unreasonably withholding information under orders.

8. Tor isn't broken. Stop panicking. The strength of Tor is that no
single party has the power to critically damage the network or to put
users at risk. If I believe I come across any such vulnerability, this
will be forwarded to the core developers immediately and patched.

9. One or two media groups/reps have contacted me. I appreciate your
interest in Tor and these recent events but I am not a representative
of Tor and I don't want to draw a conclusion right now as it would be
no more than mere speculation really. If anything significant develops
I am sure Tor Project will release the information in due course.

Regards,
T


- -- 
Activist, anarchist and a bit of a dreamer.

Current Fingerprint: E771 BE69 4696 F742 DB94 AA8C 5C2A 8C5A 0CCA 4983
Key-ID: 0CCA4983
Master Fingerprint: DDEF AB9B 1962 5D09 4264 2558 1F23 39B7 EF10 09F0
Key-ID: EF1009F0

Twitter: @CthulhuSec
XMPP: thecthulhu at jabber.ccc.de
XMPP-OTR: 4321B19F A9A3462C FE64BAC7 294C8A7E A53CC966
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUl123AAoJEFwqjFoMykmDgdEP/2HYEBTLRYc4gjik1UdUCTyM
K6+ZNGddkKf3aYxH0FDzLiDPfpPjXgkIyhWSa0qJn0t7kq7QT7aZHUgV0Dxdu9tb
oAJjzXbAxDJpk6XrRLG4SQ/ob3FE064DpWNuzOYtnoZ9e7K/Vj2BSpXw1kkkuPbO
zwZ6131+VKQpWkJqP8Iqxz9osQ9/GwGiSK/V+II6/IdTxEnGoY6G8/J4G6MCZUhL
HtLe9q4roYuxBZ408Ac3rV2/9SJyaa5nVbRL/DVI/BbN8HxTopG5C/S79QlhNoTA
bGS1ajz1M5D5ouqCOvU/k8luiWVVki/j6H+zktvSGqCtmGMrQw2mTqbMMtb+/b8y
88FvJUwvAjm2XGEvXtXagIUbmanzuEUvL/IixRVAe+vSokSg5UPREpp0ynouXg53
PivMDsVnxq4cKyNc7Ax2b2HAYY9QnIyPOluD5oH/gOcEgQgCGA14gkosNnqZ9sUi
vFeZ74RApDCE/o9oQlblv5Yj+RkIY+GOQGupTi9em+nsYLOx/0ryF0sgiJoPxYMd
mTl5oF/qG8ZeJf+2ZVzknYp5e6k9EscdCMdFDaSvDFf7Rw2S5LRKAVgSXXI5QLun
WZ1oTb3QspLl1P+hXKIREBpQ3ttNGvdI3UO0MkTJU3xXYJWgmDpovDurM34JVLtO
wnPNqo2RwaOhg9a6emJ9
=sNtB
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
  - From: krishna e bera

References:
- [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
  - From: Thomas White
- Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
  - From: Damian Johnson
- Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
  - From: Thomas White
- Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
  - From: Runa A. Sandvik
- Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
  - From: Thomas White
- Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
  - From: Jacob Appelbaum
- Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
  - From: Thomas White

Prev by Author: Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
Next by Author: Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
Previous by thread: Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
Next by thread: Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
Index(es):
- Author
- Thread