Cybercrime , Fraud Management & Cybercrime
Tor Says Platform Is Safe After German Police Interception
German Law Enforcement Reportedly Deanonymized Tor User in 2021The Tor Project on Wednesday reassured users that they will remain anonymous after media reported that German police successfully used Tor to trace the alleged administrator of a child pornography site.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
The nonprofit privacy network said Tor users can continue to use the browser "securely" and that the "Tor Network is healthy." The statement came after German broadcaster Panorama and YouTube channel STRG_F reported the Federal Criminal Police Office of Germany was able to identify "Andreas G." as the admin of Boystown, a child sexual abuse material dark website that authorities busted in May 2021.
Boystown was primarily accessible through the Tor Browser, also known as The Onion Router, which provides anonymity to users on the clear web and serves as an entry point into the darknet - websites that use the anonymity of the Tor network to hide their servers' location. Tor touts itself as a human rights tool for privacy and an aid to activists in authoritarian countries. But the darknet also serves as a haven for illegal online marketplaces, CSAM material and cybercrime operators, including ransomware groups that host leak sites.
"Like many of you, we are still left with more questions than answers," Tor said of the German police operation, and added that the browser continues to be the "best solution" for privacy-focused communication.
Tor said that based on limited information, it appears police were able to deanonymize a user because he used a Ricochet, a "long-retired application" peer-to-peer instant messaging system for use on the Tor network. Police may have used a guard discovery attack, in which an attacker-controlled relay point establishes a circuit to the "guard node" that's the first relay in a Tor circuit - allowing the attacker to expose the actual IP address of the user.
Tor released fixes for the issue in 2018, suggesting the deanonymized user didn't deploy a defense that Tor dubbed Vanguards.
German authorities did not respond to a request for comment seeking further information on the operation. The agency may have invoked the Federal Criminal Police Office Act that allows the German police to employ a range of surveillance measures to track criminals, said Dennis-Kenji Kipker, a professor of IT security law at the University of Bremen.
A Tor spokesperson said the browser has "very limited information" on the police operation. Tor asked anyone with additional information on the operation to come forward to assist the browser with its threat analysis. It also recommended Tor users patch their applications immediately.