Vulnerabilities / Threats
8/22/2013
01:06 PM
50%
50%

Russia May Block Tor

In effort to combat child porn, Russian security forces consider installing filters preventing access to Tor networks. But experts say blocking the anonymizing service could be difficult.

As part of a bid to crack down on purveyors of child porn, could Russia block the anonymizing Tor network?

In fact, the head of the Federal Security Service (FSB) -- the Russian equivalent to the FBI -- is seeking changes to the country's laws that would give his agency jurisdiction over child pornography investigations and allow him to put filters in place to actively block anyone who attempts to connect to anonymous Tor networks from inside Russia, reported Russian newspaper Izvestia.

That news emerged when Sergey Zhuk -- who runs the Head Hunters group, a Russian special interest group founded to combat child pornography -- wrote to the FSB requesting that it block all Tor sites on the grounds that they were being used to host the world's largest collective child porn archive, reported Russia Today.

Tor is short for "the onion router," referring to the layers of encryption that are used to disguise the identity of someone browsing the Internet along with the pages they're viewing. The service does that by routing requests through one of about 3,000 different relays.

[ Feds describe Anonymous as a "shadow of its former self" since LulzSec bust. Read FBI: Anonymous Not Same Since LulzSec Crackdown. ]

Tor is used to facilitate so-called "darknets," which are reachable only when using Tor's anonymizing software and feature pages that sport an ".onion" extension. While Tor's anonymizing capabilities are used by activists and dissidents to combat authoritarian regimes, the functionality has also attracted suppliers of illegal narcotics, weapons traffickers and child porn peddlers.

But the real-world hurdles facing any law intelligence agency that might attempt to block Tor recall the famous aphorism from John Gilmore, who helped found the Electronic Frontier Foundation: "The Net interprets censorship as damage and routes around it." For example, a study released last year noted that China appeared to be blocking most, if not all, Tor traffic inside the country. But researchers then identified new techniques for evading those blocks.

Similarly, Iran attempted to block all Tor traffic inside the country in 2011 by adding a filter to network border controls. But within 24 hours, the Tor Project had upgraded its Tor relay and bridge software to route around the filters.

Still, U.S. intelligence officials have suggested that in their effort to track traffic sent across Tor, they're hosting a number of the Tor relays. According to the Tor Project, traffic is ideally routed across three relays, but if any one is compromised, someone might be able to glean sensitive information such as passwords or the identity of a user.

Tor also isn't immune to targeted takedowns. For example, many security experts suspect that an FBI sting operation, revealed earlier this month, successfully disabled anonymity on Tor for some users by targeting a vulnerability in the Tor Browser Bundle (TBB), which is based on Firefox 17 and is the easiest way for people to access Tor's hidden services. According to one thesis, the bureau exploited the vulnerability to log the IP addresses of people associated with child pornography sites hosted using Tor, as part of an operation designed to locate and capture 28-year-old Eric Eoin Marques, who was ultimately arrested by police in Dublin. During a related extradition hearing earlier this month, an FBI official accused Marques of being the largest facilitator of child porn on the planet.

As that suggests, blocking Tor outright may not be in the best interests of law enforcement agencies. In fact, Russia Today -- which often advances a pro-Kremlin viewpoint -- reported that according to some security specialists, criminals relying on Tor often overestimated the protection provided by darknets.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JohnM059
50%
50%
JohnM059,
User Rank: Apprentice
8/23/2013 | 8:58:47 AM
re: Russia May Block Tor
The Russians dont use TOR, So Its good to hear they are going to block it LMAO. It has a map that shows where people are that use it, there has never been a node in Russia I ever saw. Tor is very good to keep your location safe, proxies have always been considered better security, than direct connections. Nothing is bullet proof!
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.