The Tor anonymity network might be disrupted in the next few days via the seizure of directory authorities, the Tor Project has learned.
There are a total of nine directory authorities spread out in the United States and Europe. These servers provide a signed list of all the relays that make up the Tor network.
“We are taking steps now to ensure the safety of our users, and our system is already built to be redundant so that users maintain anonymity even if the network is attacked. Tor remains safe to use,” Tor Project leader Roger Dingledine noted in a blog post. “We hope that this attack doesn’t occur; Tor is used by many good people.”
Someone would have to take over at least five of the directory authorities in order to get Tor clients to use other relays. However, Dingledine has pointed out that most attacks on these servers would not be very efficient if the goal is to track down Tor users because these relays “don’t known anything about what particular Tor users are doing.”
Some believe the attack the Tor Project has warned about might be related to an FBI investigation into the recent Sony Pictures hack. Dingledine initially believed this had nothing to do with the attack on Sony. However, after being shown a report from HP which mentions the Sony hackers using Tor exit nodes to cover their tracks, he promised to investigate more.
Thomas White, an individual who runs a large Tor exit node cluster and a collection of mirrors reported losing control of his servers on Sunday. He noted that the incident bore the signs of a law enforcement operation. Some Tor users thought the incidents were related, but Dingledine pointed out that White is an exit relay operator, not a directory authority operator, and that this wouldn’t be the first time he has run-ins with British law enforcement.
In an update posted late on Sunday, after further investigating the issue, White said that while he didn’t completely rule out law enforcement involvement, the scenario was less likely.
In July, the Tor Project reported seeing attempts to deanonymize users, but the attacks appeared to be part of experiments conducted by two researchers who planned on giving a talk on Tor design flaws at the Black Hat security conference. Their presentation was canceled.
Last month, law enforcement authorities in the United States and Europe announced shutting down 410 Tor hidden services in an operation against illegal online marketplaces. The operation was a success from law enforcement’s point of view, but it raised a lot of security concerns since the Tor Project couldn’t figure out how the hidden services had been located.