Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Russia May Block Tor

In effort to combat child porn, Russian security forces consider installing filters preventing access to Tor networks. But experts say blocking the anonymizing service could be difficult.

As part of a bid to crack down on purveyors of child porn, could Russia block the anonymizing Tor network?

In fact, the head of the Federal Security Service (FSB) -- the Russian equivalent to the FBI -- is seeking changes to the country's laws that would give his agency jurisdiction over child pornography investigations and allow him to put filters in place to actively block anyone who attempts to connect to anonymous Tor networks from inside Russia, reported Russian newspaper Izvestia.

That news emerged when Sergey Zhuk -- who runs the Head Hunters group, a Russian special interest group founded to combat child pornography -- wrote to the FSB requesting that it block all Tor sites on the grounds that they were being used to host the world's largest collective child porn archive, reported Russia Today.

Tor is short for "the onion router," referring to the layers of encryption that are used to disguise the identity of someone browsing the Internet along with the pages they're viewing. The service does that by routing requests through one of about 3,000 different relays.

[ Feds describe Anonymous as a "shadow of its former self" since LulzSec bust. Read FBI: Anonymous Not Same Since LulzSec Crackdown. ]

Tor is used to facilitate so-called "darknets," which are reachable only when using Tor's anonymizing software and feature pages that sport an ".onion" extension. While Tor's anonymizing capabilities are used by activists and dissidents to combat authoritarian regimes, the functionality has also attracted suppliers of illegal narcotics, weapons traffickers and child porn peddlers.

But the real-world hurdles facing any law intelligence agency that might attempt to block Tor recall the famous aphorism from John Gilmore, who helped found the Electronic Frontier Foundation: "The Net interprets censorship as damage and routes around it." For example, a study released last year noted that China appeared to be blocking most, if not all, Tor traffic inside the country. But researchers then identified new techniques for evading those blocks.

Similarly, Iran attempted to block all Tor traffic inside the country in 2011 by adding a filter to network border controls. But within 24 hours, the Tor Project had upgraded its Tor relay and bridge software to route around the filters.

Still, U.S. intelligence officials have suggested that in their effort to track traffic sent across Tor, they're hosting a number of the Tor relays. According to the Tor Project, traffic is ideally routed across three relays, but if any one is compromised, someone might be able to glean sensitive information such as passwords or the identity of a user.

Tor also isn't immune to targeted takedowns. For example, many security experts suspect that an FBI sting operation, revealed earlier this month, successfully disabled anonymity on Tor for some users by targeting a vulnerability in the Tor Browser Bundle (TBB), which is based on Firefox 17 and is the easiest way for people to access Tor's hidden services. According to one thesis, the bureau exploited the vulnerability to log the IP addresses of people associated with child pornography sites hosted using Tor, as part of an operation designed to locate and capture 28-year-old Eric Eoin Marques, who was ultimately arrested by police in Dublin. During a related extradition hearing earlier this month, an FBI official accused Marques of being the largest facilitator of child porn on the planet.

As that suggests, blocking Tor outright may not be in the best interests of law enforcement agencies. In fact, Russia Today -- which often advances a pro-Kremlin viewpoint -- reported that according to some security specialists, criminals relying on Tor often overestimated the protection provided by darknets.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
JohnM059
50%
50%
JohnM059,
User Rank: Apprentice
8/23/2013 | 8:58:47 AM
re: Russia May Block Tor
The Russians dont use TOR, So Its good to hear they are going to block it LMAO. It has a map that shows where people are that use it, there has never been a node in Russia I ever saw. Tor is very good to keep your location safe, proxies have always been considered better security, than direct connections. Nothing is bullet proof!
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13295
PUBLISHED: 2020-08-10
For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.
CVE-2020-6070
PUBLISHED: 2020-08-10
An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerabilit...
CVE-2020-6145
PUBLISHED: 2020-08-10
An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-8224
PUBLISHED: 2020-08-10
A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.
CVE-2020-8229
PUBLISHED: 2020-08-10
A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.