The Tor Project is warning that its network – used by netizens to mask their identities on the internet – may be knocked offline in the coming days.
In a Tor blog post, project leader Roger "Arma" Dingledine said an unnamed group may seize Tor's directory authority servers before the end of next week. These servers distribute the official lists of relays in the network, which are the systems that route users' traffic around the world to obfuscate their internet connections' public IP addresses.
Should the majority of those directory servers be disabled – such as by the physical seizure of the machines – users will be unable to use Tor effectively. According to the Tor source code, the default authority servers have the following IP addresses:
IP address Who owns the block containing this IP? 18.104.22.168 AS3 Massachusetts Institute of Technology 22.214.171.124 AS8437 Tele2 Telecommunication GmbH 126.96.36.199 AS3265 XS4ALL Internet BV 188.8.131.52 AS3265 XS4ALL Internet BV 184.108.40.206 AS680 Verein zur Foerderung eines Deutschen Forschungsnetzes e.V. 220.127.116.11 AS50472 Chaos Computer Club e.V. 18.104.22.168 AS40475 Applied Operations, LLC 22.214.171.124 AS198093 Foreningen for digitala fri- och rattigheter 126.96.36.199 AS14987 Rethem Hosting LLC 188.8.131.52 AS16652 Riseup Networks
As discussed on Hacker News, there are ten directory authorities including one just for bridges: the IP addresses belong to networks in Austria, Germany, the Netherlands, Sweden, and the US, and knocking out more than five would succeed in disrupting the Tor network.
"The Tor Project has learned that there may be an attempt to incapacitate our network in the next few days through the seizure of specialized servers in the network called directory authorities," Arma posted on the Tor Project blog on Friday.
"Directory authorities help Tor clients learn the list of relays that make up the Tor network. We are taking steps now to ensure the safety of our users, and our system is already built to be redundant so that users maintain anonymity even if the network is attacked. Tor remains safe to use.
"We hope that this attack doesn't occur; Tor is used by many good people. If the network is affected, we will immediately inform users via this blog and our Twitter feed @TorProject, along with more information if we become aware of any related risks to Tor users."
While the Tor Project has not said who could be behind the attack or what their motivation might be, some anonymous comments posted under the blog suggest a swoop could be related to the US government's investigation into the Sony Pictures mega-hack.
Tor has gained notoriety for its association with underground drugs markets, such as Silk Road, and other souks of questionable legality. The network does, however, have plenty of other applications – for whistleblowers, journalists, political activists, anyone who cares about privacy, and so on, just as long as they realize Tor, by itself, isn't magic OPSEC sauce.
Arma noted the role the Tor network plays in helping protect the privacy of users living under authoritarian regimes or operating in potentially sensitive matters.
"Tor is also used by banks, diplomatic officials, members of law enforcement, bloggers, and many others," he wrote. "Attempts to disable the Tor network would interfere with all of these users, not just ones disliked by the attacker." ®