Vulnerabilities / Threats
8/22/2013
01:06 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Russia May Block Tor

In effort to combat child porn, Russian security forces consider installing filters preventing access to Tor networks. But experts say blocking the anonymizing service could be difficult.

As part of a bid to crack down on purveyors of child porn, could Russia block the anonymizing Tor network?

In fact, the head of the Federal Security Service (FSB) -- the Russian equivalent to the FBI -- is seeking changes to the country's laws that would give his agency jurisdiction over child pornography investigations and allow him to put filters in place to actively block anyone who attempts to connect to anonymous Tor networks from inside Russia, reported Russian newspaper Izvestia.

That news emerged when Sergey Zhuk -- who runs the Head Hunters group, a Russian special interest group founded to combat child pornography -- wrote to the FSB requesting that it block all Tor sites on the grounds that they were being used to host the world's largest collective child porn archive, reported Russia Today.

Tor is short for "the onion router," referring to the layers of encryption that are used to disguise the identity of someone browsing the Internet along with the pages they're viewing. The service does that by routing requests through one of about 3,000 different relays.

[ Feds describe Anonymous as a "shadow of its former self" since LulzSec bust. Read FBI: Anonymous Not Same Since LulzSec Crackdown. ]

Tor is used to facilitate so-called "darknets," which are reachable only when using Tor's anonymizing software and feature pages that sport an ".onion" extension. While Tor's anonymizing capabilities are used by activists and dissidents to combat authoritarian regimes, the functionality has also attracted suppliers of illegal narcotics, weapons traffickers and child porn peddlers.

But the real-world hurdles facing any law intelligence agency that might attempt to block Tor recall the famous aphorism from John Gilmore, who helped found the Electronic Frontier Foundation: "The Net interprets censorship as damage and routes around it." For example, a study released last year noted that China appeared to be blocking most, if not all, Tor traffic inside the country. But researchers then identified new techniques for evading those blocks.

Similarly, Iran attempted to block all Tor traffic inside the country in 2011 by adding a filter to network border controls. But within 24 hours, the Tor Project had upgraded its Tor relay and bridge software to route around the filters.

Still, U.S. intelligence officials have suggested that in their effort to track traffic sent across Tor, they're hosting a number of the Tor relays. According to the Tor Project, traffic is ideally routed across three relays, but if any one is compromised, someone might be able to glean sensitive information such as passwords or the identity of a user.

Tor also isn't immune to targeted takedowns. For example, many security experts suspect that an FBI sting operation, revealed earlier this month, successfully disabled anonymity on Tor for some users by targeting a vulnerability in the Tor Browser Bundle (TBB), which is based on Firefox 17 and is the easiest way for people to access Tor's hidden services. According to one thesis, the bureau exploited the vulnerability to log the IP addresses of people associated with child pornography sites hosted using Tor, as part of an operation designed to locate and capture 28-year-old Eric Eoin Marques, who was ultimately arrested by police in Dublin. During a related extradition hearing earlier this month, an FBI official accused Marques of being the largest facilitator of child porn on the planet.

As that suggests, blocking Tor outright may not be in the best interests of law enforcement agencies. In fact, Russia Today -- which often advances a pro-Kremlin viewpoint -- reported that according to some security specialists, criminals relying on Tor often overestimated the protection provided by darknets.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JohnM059
50%
50%
JohnM059,
User Rank: Apprentice
8/23/2013 | 8:58:47 AM
re: Russia May Block Tor
The Russians dont use TOR, So Its good to hear they are going to block it LMAO. It has a map that shows where people are that use it, there has never been a node in Russia I ever saw. Tor is very good to keep your location safe, proxies have always been considered better security, than direct connections. Nothing is bullet proof!
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web