Did German Police Break Tor?

a recent publication about how German federal police and law enforcement from other nations collaborated to arrest the administrators of an illegal site on the dark web has people questioning how resilient the tour Network really is to attacks from nation state threat actors we know that tour works by bouncing your connection across multiple servers or nodes that are located around the world each one adding another layer of encryption to make it extremely difficult to find the real location of anyone on the network and these nodes that make up tour are run by volunteers I've even Run

Tour nodes myself at home there's also delicate balancing of these nodes going on behind the scenes to make sure that the ones that are picked to make up your connection are not all in the same legal jurisdiction or belonging to the same ISP or IP block and this is to prevent any one entity from being able to compromise all the nodes that make up your tour connection and totally remove your anonymity but International alliances of law enforcement and intelligence agencies are making this separation of nodes more difficult to do you might have heard of the

ukusa agreement better known as five eyes which is actually one of the smaller examples of this intellig Ence agency Alliance there's nine eyes and even 14 eyes the latter of which is particularly damaging to the health of tour because it includes Germany which as you can see here from tour metrics over 29% of all Tor nodes are located in Germany alone over 19% are located in the United States and of course the US is in all of these different surveillance agreements and almost 133% are in the Netherlands which is in both 9 eyes and 14

eyes throw in the UK and Canada which are also in all three alliances and we're up to over 66% of Tor nodes falling under the 14 eyes umbrella plus Germany has expressed interest in joining the more exclusive five eyes group so future collaborations of this kind could become more seamless if that happens now contrary to what you might think law enforcement doesn't actually need to run a large amount of nodes and get you to use all three of their nodes in order to De anonymize certain tour users Not only would this be a very expensive

ordeal to spin up thousands of tour nodes to collect all the traffic going through them but it would be very hard to deploy thousands of nodes to discreetly they would have to be set up at different times probably over the course of several years in order to avoid a suspicious Spike of new nodes all of a sudden coming online and they would have to be set up through different data centers with different isps and IP blocks because of that traffic balancing I mentioned earlier and all the while they're running these malicious nodes these three-letter agencies

would have to be careful not to disrupt tour uses by their allies because there's a lot of military and other three-letter agencies that are using tour right now to conduct their operations in fact the initial reason why tour was created was to provide anonymity to operations being conducted by the US Navy so one of the go-to moves for law enforcement to take down onion Services is to utilize a guard Discovery attack which involves spamming connections to an onion service until one of the adversaries nodes is chosen as a middle relay for the circuit and what

this does is let the adversary discover the true location of the onion Services guard node since their middle node would be connecting directly to it in the circuit and if the guard node can then be compromised or surveilled it isn't going to be very long until the computer that's actually serving up the onion service itself could be identified as well it's also possible to identify the guard nodes that a person using the tour browser connects to by tricking them into making many many connections to different onion sites that are all controlled by a single adversary

and you could easily do this by embedding images from those different onion sites onto a single page and each connection to those sites would be handled by a different circuit and eventually the adversaries middle node would be used by one of those circuits which would reveal your guard node this attack along with police surveilling all of a German isp's users to see who connected to the identified guard node is how they were able to take down boy toown a dark web CP Forum with more than 400,000 th000 registered users The Forum also had more exclusive

chat rooms that Forum members and administrators used to keep in touch with each other one of the main boy Town admins also described how he abused a boy in real life over that Ricochet chat service so that disturbing revelation of a real life encounter also likely led to his later identification and arrest Now While most of us us are enjoying the fact that police were able to bring these disgusting monsters to Justice this case has a lot of people worried about how reliable tour is for everyone else even though these crimes against children are some

of the most vile ones in my opinion the punishments against those criminals are often less severe than the ones that are given to vendors and admins of drug dealing weapons trade and illegal hacking forums even in this case where two of these admins actually hurt children in real life they were only given about 10 years in prison compare that to the Silk Roads founder who is still serving a life sentence in a high security prison members of the tour project have actually responded to these concerns about the Tor Network's resilience in regards to the boy

toown case and given the Limited amount of information that they received from law enforcement they believed that the administrators and their onion Services were not utilizing vanguards which were first introduced as a tour add-on in 2019 but didn't actually make it into the currently maintained Fork of Ricochet called Ricochet refresh until 20202 when they upgraded the app to use tour version 0.4.7 since we know that German police interacted with these admins over Ricochet and that they were arrested before the Vanguard update was pushed out or before it was more widely used on tour I think

it's pretty safe to say that they did not have the benefits of guard node protections that are provided by the Vanguard add-on every machine translated article that I've read about this case also says that the admins used Ricochet rather than Ricochet refresh now I don't know if this is just some kind of translation error but Ricochet was already several years out of date when the boy toown Forum launched so that along with the fact that admins clearly were having chats that were not strictly related to running the forums makes me think that police were able

to narrow down their suspect pool quite significantly just by lurking in these chat rooms before they actually ended up doing any kind of guard node attacks so my final conclusion given what little information we know about this case is that these monsters were caught the same way that most tour users and really most criminals in general are caught which is by talking too much so tour should still be safe for use especially if you aren't using it to commit any serious crimes if you enjoyed this video please like and share share it to hack the

algorithm and buy my merch from base. whenn to help support my work 10% discount for paying in Monero XMR have a great rest of your day