Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Russia May Block Tor

In effort to combat child porn, Russian security forces consider installing filters preventing access to Tor networks. But experts say blocking the anonymizing service could be difficult.

As part of a bid to crack down on purveyors of child porn, could Russia block the anonymizing Tor network?

In fact, the head of the Federal Security Service (FSB) -- the Russian equivalent to the FBI -- is seeking changes to the country's laws that would give his agency jurisdiction over child pornography investigations and allow him to put filters in place to actively block anyone who attempts to connect to anonymous Tor networks from inside Russia, reported Russian newspaper Izvestia.

That news emerged when Sergey Zhuk -- who runs the Head Hunters group, a Russian special interest group founded to combat child pornography -- wrote to the FSB requesting that it block all Tor sites on the grounds that they were being used to host the world's largest collective child porn archive, reported Russia Today.

Tor is short for "the onion router," referring to the layers of encryption that are used to disguise the identity of someone browsing the Internet along with the pages they're viewing. The service does that by routing requests through one of about 3,000 different relays.

[ Feds describe Anonymous as a "shadow of its former self" since LulzSec bust. Read FBI: Anonymous Not Same Since LulzSec Crackdown. ]

Tor is used to facilitate so-called "darknets," which are reachable only when using Tor's anonymizing software and feature pages that sport an ".onion" extension. While Tor's anonymizing capabilities are used by activists and dissidents to combat authoritarian regimes, the functionality has also attracted suppliers of illegal narcotics, weapons traffickers and child porn peddlers.

But the real-world hurdles facing any law intelligence agency that might attempt to block Tor recall the famous aphorism from John Gilmore, who helped found the Electronic Frontier Foundation: "The Net interprets censorship as damage and routes around it." For example, a study released last year noted that China appeared to be blocking most, if not all, Tor traffic inside the country. But researchers then identified new techniques for evading those blocks.

Similarly, Iran attempted to block all Tor traffic inside the country in 2011 by adding a filter to network border controls. But within 24 hours, the Tor Project had upgraded its Tor relay and bridge software to route around the filters.

Still, U.S. intelligence officials have suggested that in their effort to track traffic sent across Tor, they're hosting a number of the Tor relays. According to the Tor Project, traffic is ideally routed across three relays, but if any one is compromised, someone might be able to glean sensitive information such as passwords or the identity of a user.

Tor also isn't immune to targeted takedowns. For example, many security experts suspect that an FBI sting operation, revealed earlier this month, successfully disabled anonymity on Tor for some users by targeting a vulnerability in the Tor Browser Bundle (TBB), which is based on Firefox 17 and is the easiest way for people to access Tor's hidden services. According to one thesis, the bureau exploited the vulnerability to log the IP addresses of people associated with child pornography sites hosted using Tor, as part of an operation designed to locate and capture 28-year-old Eric Eoin Marques, who was ultimately arrested by police in Dublin. During a related extradition hearing earlier this month, an FBI official accused Marques of being the largest facilitator of child porn on the planet.

As that suggests, blocking Tor outright may not be in the best interests of law enforcement agencies. In fact, Russia Today -- which often advances a pro-Kremlin viewpoint -- reported that according to some security specialists, criminals relying on Tor often overestimated the protection provided by darknets.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JohnM059
50%
50%
JohnM059,
User Rank: Apprentice
8/23/2013 | 8:58:47 AM
re: Russia May Block Tor
The Russians dont use TOR, So Its good to hear they are going to block it LMAO. It has a map that shows where people are that use it, there has never been a node in Russia I ever saw. Tor is very good to keep your location safe, proxies have always been considered better security, than direct connections. Nothing is bullet proof!
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15564
PUBLISHED: 2020-07-07
An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. The hypercall VCPUOP_register_vcpu_info is used by a guest to register a shared region with the hypervisor. The region will be map...
CVE-2020-15565
PUBLISHED: 2020-07-07
An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs....
CVE-2020-15566
PUBLISHED: 2020-07-07
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory allocation failed, o...
CVE-2020-15567
PUBLISHED: 2020-07-07
An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes...
CVE-2020-15563
PUBLISHED: 2020-07-07
An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM g...