STAY AWAY: Popular Tor exit relays look raided

USB plugged into Atlas, Global servers before control was lost

39 Reg comments Got Tips?

As foreshadowed last week, Tor network exit nodes have gone down after what appear to be raids by law enforcement authorities.

Thomas White (@CthulhuSec) warned users to steer clear of his Tor servers after he lost control following what he's called "unusual activity" that meant "I have now lost control of all servers under the ISP and my account has been suspended," White wrote in an update on the Tor mailing list.

"Having reviewed the last available information of the sensors, the chassis of the servers was opened and an unknown USB device was plugged in only 30-60 seconds before the connection was broken.

"From experience I know this trend of activity is similar to the protocol of sophisticated law enforcement who carry out a search and seizure of running servers."

White said users should treat the servers as hostile until control was regained signified by a PGP signed message from himself.

He also urged them not to jump to conclusions about the identity of any possible agency nor harbour concern for the integrity of the Tor network.

"If any of the mirrors or IPs do come back online, I would welcome anyone who is capable of doing so checking for any malicious code to ensure they are not used to deploy any kind of state malware or attacks against users should my theory prove to be the case," he added.

Should no further updates be delivered, White said users were welcome to assume he was under a gag order.

Exit nodes are the bridge between the Tor network and the public internet and funnel all forms of traffic regardless of the intent of the user. As a result they are of interest to cyber crime agencies, which occasionally raided operators suspected of assisting the distribution of child exploitation material and other net menaces.

The possible raids came less than a week after White served Globe and Atlas mirrors as Tor hidden services.

It also followed warnings Saturday by Tor Project leader Roger Dingledine that the network could be disrupted after a source warned of a possible raid against directory authorities which help users find relays.

Tor users should note and temporarily avoid the affected mirrors below:

  • https://globe.thecthulhu.com
  • https://atlas.thecthulhu.com
  • https://compass.thecthulhu.com
  • https://onionoo.thecthulhu.com
  • http://globe223ezvh6bps.onion
  • http://atlas777hhh7mcs7.onion
  • http://compass6vpxj32p3.onion
  • 77.95.229.11
  • 77.95.229.12
  • 77.95.229.14
  • 77.95.229.16
  • 77.95.229.17
  • 77.95.229.18
  • 77.95.229.19
  • 77.95.229.20
  • 77.95.229.21
  • 77.95.229.22
  • 77.95.229.23
  • 77.95.224.187
  • 89.207.128.241
  • 5.104.224.15
  • 128.204.207.215

®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Keep Reading

Remember the Clipper chip? NSA's botched backdoor-for-Feds from 1993 still influences today's encryption debates

Enigma We'll laugh at today's mandated holes in the same way we laugh at those from 25 years ago

Tor pedos torpedoed again, this time Feds torpedo four Tor pedos – and keep how they unmasked dark-web scumbags under wraps

Child abuse swap-shop admins to spend decades behind bars

Tor soups up onion sites with bountiful browser bump: No more tears trying to find the secure sites you want

Latest Tor Browser iteration makes the dark web a bit more memorable

Tor blimey, Auntie! BBC launches dedicated dark web mirror site

Censor-dodging news for those sat in ban-happy countries

At Mozilla VPN stands for Vague Product News: Foundation reveals security product will launch eventually, with temporary pricing, in unspecified places

But it does have a name. 'Firefox Private Network' is out, ‘Mozilla VPN’ is in.

FBI, NSA to hackers: Let us be blunt. Weed need your help. We'll hire you even if you've smoked a little pot in the past

Black Hat Now that's what we call a joint task force: Uncle Sam chills out, relaxes recruitment rules on drugs

FYI: FBI raiding NSA's global wiretap database to probe US peeps is probably illegal, unconstitutional, court says

Analysis A data silo we didn't know existed until a certain IT admin went rogue

Backdoors won't weaken your encryption, wails FBI boss. And he's right. They won't – they'll fscking torpedo it

Give it a Wray, give it a Wray, give it a Wray now: Big Chris steps in to defend blowing a hole in personal crypto

Biting the hand that feeds IT © 1998–2020