Vulnerabilities / Threats
8/22/2013
01:06 PM
50%
50%

Russia May Block Tor

In effort to combat child porn, Russian security forces consider installing filters preventing access to Tor networks. But experts say blocking the anonymizing service could be difficult.

As part of a bid to crack down on purveyors of child porn, could Russia block the anonymizing Tor network?

In fact, the head of the Federal Security Service (FSB) -- the Russian equivalent to the FBI -- is seeking changes to the country's laws that would give his agency jurisdiction over child pornography investigations and allow him to put filters in place to actively block anyone who attempts to connect to anonymous Tor networks from inside Russia, reported Russian newspaper Izvestia.

That news emerged when Sergey Zhuk -- who runs the Head Hunters group, a Russian special interest group founded to combat child pornography -- wrote to the FSB requesting that it block all Tor sites on the grounds that they were being used to host the world's largest collective child porn archive, reported Russia Today.

Tor is short for "the onion router," referring to the layers of encryption that are used to disguise the identity of someone browsing the Internet along with the pages they're viewing. The service does that by routing requests through one of about 3,000 different relays.

[ Feds describe Anonymous as a "shadow of its former self" since LulzSec bust. Read FBI: Anonymous Not Same Since LulzSec Crackdown. ]

Tor is used to facilitate so-called "darknets," which are reachable only when using Tor's anonymizing software and feature pages that sport an ".onion" extension. While Tor's anonymizing capabilities are used by activists and dissidents to combat authoritarian regimes, the functionality has also attracted suppliers of illegal narcotics, weapons traffickers and child porn peddlers.

But the real-world hurdles facing any law intelligence agency that might attempt to block Tor recall the famous aphorism from John Gilmore, who helped found the Electronic Frontier Foundation: "The Net interprets censorship as damage and routes around it." For example, a study released last year noted that China appeared to be blocking most, if not all, Tor traffic inside the country. But researchers then identified new techniques for evading those blocks.

Similarly, Iran attempted to block all Tor traffic inside the country in 2011 by adding a filter to network border controls. But within 24 hours, the Tor Project had upgraded its Tor relay and bridge software to route around the filters.

Still, U.S. intelligence officials have suggested that in their effort to track traffic sent across Tor, they're hosting a number of the Tor relays. According to the Tor Project, traffic is ideally routed across three relays, but if any one is compromised, someone might be able to glean sensitive information such as passwords or the identity of a user.

Tor also isn't immune to targeted takedowns. For example, many security experts suspect that an FBI sting operation, revealed earlier this month, successfully disabled anonymity on Tor for some users by targeting a vulnerability in the Tor Browser Bundle (TBB), which is based on Firefox 17 and is the easiest way for people to access Tor's hidden services. According to one thesis, the bureau exploited the vulnerability to log the IP addresses of people associated with child pornography sites hosted using Tor, as part of an operation designed to locate and capture 28-year-old Eric Eoin Marques, who was ultimately arrested by police in Dublin. During a related extradition hearing earlier this month, an FBI official accused Marques of being the largest facilitator of child porn on the planet.

As that suggests, blocking Tor outright may not be in the best interests of law enforcement agencies. In fact, Russia Today -- which often advances a pro-Kremlin viewpoint -- reported that according to some security specialists, criminals relying on Tor often overestimated the protection provided by darknets.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JohnM059
50%
50%
JohnM059,
User Rank: Apprentice
8/23/2013 | 8:58:47 AM
re: Russia May Block Tor
The Russians dont use TOR, So Its good to hear they are going to block it LMAO. It has a map that shows where people are that use it, there has never been a node in Russia I ever saw. Tor is very good to keep your location safe, proxies have always been considered better security, than direct connections. Nothing is bullet proof!
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2004-2771
Published: 2014-12-24
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

CVE-2014-3569
Published: 2014-12-24
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshak...

CVE-2014-4322
Published: 2014-12-24
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or c...

CVE-2014-6132
Published: 2014-12-24
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML vi...

CVE-2014-6153
Published: 2014-12-24
The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.