I've been blogging on the evils of Tor since forever of course, with pieces like this about the Navy's condoning of Jacob Appelbaum, helper of Edward Snowden and what a conflict of interest that was -- and most recently questioning why Quinn Norton, who lied to the grand jury about her old boyfriend's "guerilla manifesto," isn't qualified to be a peace-maker and air-clearer on this issue. Then there's my book on Snowden, which has multiple chapters on Tor.
So Tor network is under attack right now, big-time -- bigger than the times that the FBI took down something like half the nodes or at least highlighted them so that the users were compromised -- and bigger than those dozen or so malicious nodes discovered to be running inside Russia.
Tor competitors who themselves are just as nasty like @kaepora described the damage, and got a lot of denials -- Tor is good at denials and edge-casing -- did I mention they are good at denial? And Roger Dingledine is incorrigible.
This is so big, Tor itself had to put one of those reassuring messages on its website of the sort Sony has had to send to customers, or even Ars Technica, which you think would be too cool to get hacked.
The attack is called a "Sybil" attack because of, well, Sybil and her "multiple personalities" syndrome -- which is now called by another name -- disassociative identity disorder," which sounds like a problem Tor itself has suffered from, unable to decide whether it is a hipster gonzo anarchists' collective or a department of the DoD.
But what better way to overwhelm a centralized system than by love-bombing it with hundreds of new decentralized entities? Maybe the US government's cyber defense finally figured out how to democratize this arrogant bunch whose totalitarian ideals have brought us Manning and Snowden and more? Is this how they have to do it, because working through other branches of government like Congress or the courts proved too time-consuming or cumbersome -- or ineffective?
Tor Project warned earlier about upcoming attempts to take down nodes. When I saw that appear literally two days after I posted my piece criticizing Tor on Medium I thought, "My God, do I have magic powers?" Except, I've been writing about Tor -- like, forever. And it made little difference to the US government elements that found it not a problem all these years -- well, except the NSA that complained about it and tried to crack it and the FBI, of course, trying to fight crime.
Paul Carr and Yasha Levine at Pando have kept up a drumbeat of hatred against Tor (and not for good reasons, they only hate it because it's associated with the US government -- and don't have much more of anything intelligent to say after that. Occasionally among their self-serving screeds -- replete with things like Carr whining about people "smearing one of his writers" -- he means Mark Ames -- with "rape of children" -- he means the rape of a 15-year-old Russian girl. We've been over this. Mark Ames can't have it both ways. Either this is true, in which case he's total scum and should be shunned, or it isn't true, and his legend as a gonzo journo is destroyed. Paul Carr keeps trying not to have either happen, and implies it's fiction, except Mark Ames didn't say it was fiction *in his own book* which is where the story comes from, derp.
Carr decodes that message on the Tor web site as follows:
Likewise last week, when Tor’s founder admitted that government agents would only need to seize five Tor directory authority servers to completely hickack the network, he described that possibility as “really bad.”
The risk has to do with Tor’s “directory authorities” — which are hardcoded into Tor clients and serve as the network’s centralized addressing system.
Yes, we said “centralized.” For all the talk about Tor being a totally independent ad-hoc system that operates outside the realm of anyone’s control, it does in fact have a highly centralized network architecture that’s run by key Tor developers and insiders. There are currently nine directory authorities — one is run by Tor developer Jacob Appelbaum, while another is run by Tor cofounder Dingledine himself.
Wow, doesn't that make you feel safe?! Jacob Appelbaum, a fugitive from the WikiLeaks grand jury in self-imposed exile in Germany and helper of Edward Snowden runs a node?
Here's @ioerror (Appelbaum) on the subject today:
An ~85Mb/s DDOS (for a few hours?) on my #Tor Directory Authority reminds me of the late 90s. Quaint. This took down XBox and PS gaming net?— Jacob Appelbaum (@ioerror) December 27, 2014
So, why do online games depend on Tor again? If that's what the claim is here. And these Lizard people wanted to stick it to Appelbaum:
Looks like Riseup networks and preceding cogent lines are getting killed thanks to @ioerror :)— Lizard Squad (@LizardMafia) December 27, 2014
Why? You had to wonder what was up with this, too:
Competitor to Tor? Or also caught in the same symbiotic relationship?
And the ethics-free Dingledine who always makes it seems criticism of Tor is based on ignorance of "science," not morals. And hey, who are those other 7 people, guys? Say, is Edward Snowden one of them by chance! How does it work in Tor-land -- you run a node well and then graduate to running a directory authority? Who gets to decide?
Paul frets that Tor users should feel unsafe and can't imagine any of them in their right mind -- if they got the message -- would still be using it.
Carr doesn't get it apparently about the two very different kinds of users of Tor. One kind is likely the vast majority -- they just want to get around blocked sites to read them. The government already spies on them. It may even spy on them more if they see Tor usage (remember the Harvard bomb-scare student?). But they don't care, because they're only using it for circumvention, not encryption.
Then there is the much smaller group of nerds -- the crypto-anarchists and of course the hard-core criminals -- who use it to disguise their accessing of sites AND for communications, in conjunction with Tails or some other encryption program. That's the bigger problem, even if the much smaller group and use case.
But as Carr points out, this was "very not good."
So today, Tor is ostensibly under attack by these Lizard People, skiddies who want to fuck up Xbox or PSN or Sony -- except, they say on their feed they don't want to fuck up Xbox and PSN. Hmm.
I took a look at the video that the Twitter account links to of some supposedly outraged kid mad that his Xbox and PSN are fucked up.
Except, there's something "off" about this. I think it's an actor. Or staged. What kid says "Get it together, Microsoft. Get it together, FBI!". Really? Kids like this calling on MSFT and the FBI to help them keep their game boxes? I'm hardly convinced.
I think the Lizard thing is a persona -- it's kind of tackily put together. There's a paste-bin that's already removed, as if it said something horrible or doxed somebody, except it's a nothing burger when you look at it in google cache. Here it is. See what I mean?
The point is ~Xbox Live, PSN, etc are run by multi-billion dollar corporations eg: Microsoft & Sony. These entities spend exponentially far less on the users gaming experience then they should be. The fact that a sizeable Botnet can shut-down their services is an embarrassment, it is pitiful. By disrupting the gaming networks LizardSquad is forcing the owners of these services to deal with the disgraceful quality of their product and do better if they want to stay online. Yes services will go down for a few hours, maybe 3-5x but in the end if the gaming platform eg: Xbox live wishes to stay up they will be forced to upgrade their product. Essentially you are sacrificing a few hours of downtime for a substantially improved quality of service that will last for years to come. And course it's also for the lulz, our mascot does an excellent job of just that.
So my hunch is that Lizard is our guys at some kind of government cyber defense thing. Or that the anti-Lizard are our guys. Or both? You know how copies of thing can be just a little bit off, a little fuzzy around the edges -- well that's how this feels.
Now, shouldn't I be happy that Tor is at long last being taken down, that perhaps it's beautiful wickedness is finally melting?
Well, as I point out in my succinct piece on Medium, Tor should be suspended and investigated by Congress and the FBI!
(Medium is a terribly sucky platform BTW, more on that later, but the biggest problem is that when you respond to someone's piece there, there's no notice of that under their piece, so you can't get attention!) --
And by that I mean exactly what I said, suspended and thoroughly investigated. Debated. Changed, because it is corrupt. Or perhaps abolished. Shutting it down by merely making a fake hackers' group isn't justice, because you haven't made educating people about the difference between right and wrong part of the process.
But perhaps the feds had to jump in and take action because things are at such a pass.
Tor Project itself has been smarmily drumming up support by using professional PR methods, perhaps they even hired consultants or reputation management services. So they found like three or four very high follow individuals on Tor, some of them fellow travelers like Biela Coleman and Peter Maass (Laura Poitras hagiographer); other more geeky types like Chris Pirillo and Ycombinator Hacker news, and others more generic and further removed from hackers per se like Alec Empire, and some who can help pretend Tor is merely about freedom-fighting like Colin Anderson, and academic and got them to tout Tor and imply that none of us would have privacy or freedom movements in places like Iran without it -- which is of course arrant bullshit.[Update: oops, I was wrong that Empire was more about music than hacking. Should have paid more attention to that socialist father! Here is key-noting at 31c3:
And the hook they've used on these manufactured pitches is "misogyny" and "stopping attacks on women online". SUCH bullshit. This is about trying to pin on JBJabroni10 the "crime" of "attacking" women -- which amounts to a few tweets, some of them funny and ironic. The purple-haired @puellavulnerat who pretends to be such a wilting delicate flower who can't take the heat on the Internet claims falsely that he stalked or harassed her.
SHEER BULLSHIT. This is a nasty, vicious cadre who herself has harassed and heckled people and of course doxed JBJaborni10! Instead of getting an apology for this from Tor, we've got this tables-turning bullshit "protect the women" crap, utterly misfounded. I'll never forget how Andrea Shepherd whistled and got one of her junkyard dogs from Latin American to harass and intimidate and bully me for hours and days on end about a supposed libel suit coming from a country where he could make it stick because I properly said that Tor staff casually condone criminality in their product. Each time this issue comes up, we not only hear pious and arrogant bullshit about how the pipes aren't responsible for the content, we get suppression and smearing of critics.
But there's another possibility, just like the Sony Hack (which I think is a combination of NK and Russia exploiting hackers through nudging them, and that we are weathering now the tiresome annoyance of "security experts" minimizing the hack and telling us we're stupid for thinking it's either or both states known for their use of sabotage and hybrid war, especially Russia).
And that's indeed Russia -- because, remember when Russia advertised a bounty for the first person to crack Tor?
You don't think that in Russia, there weren't swarms of smart programmers who were happy to get a state bounty to take on this social task, that this wasn't fairly easy to accomplish, precisely because of the centralized nature of the network and the fallibility of arrogant types like Appelbaum?
Is that what we're seeing now?
So when we know better who is behind this hack - the US, Russia or some script kiddies -- then we'll know better how to respond.