Saturday, December 01, 2012

Police raid TOR operator after child porn detected passing through his servers

The Austrian operator of a group of TOR (The Onion Router) servers saw his servers confiscated on Wednesday after police detected child pornography being transmitted as part of the traffic across his computers. William Weber, a 20-year-old IT administrator in Graz, Austria, has been charged with distributing child pornography.

Those who understand the way TOR works know that police have "shot the messenger" in this case. From a high level, TOR, which is used to anonymize data as well as the IP address and country of origin, works by directing traffic through a worldwide volunteer network of servers. By making multiple leaps through TOR servers, anonymity is provided.

In terms of the name, The Onion Router, the onion portion of the moniker refers to the layered nature of the TOR encryption service. The original data is encrypted multiple times, then sent through successive TOR relays, each one of which decrypts a "layer" of the encryption and then passes the data on to the next relay until the data ultimately reaches its destination.

Thus, the data traveling through Weber's servers isn't an example of him distributing child pornography. It is instead the TOR users that are passing data through his servers that are doing so.

Typical of such a search by the authorities, they took little care in ensuring the safety of his equipment. In a blog post, Weber wrote:
My storage cubes (HP MicroServers) were confiscated without any regard for the hardware—the power cords were simply ripped out instead of properly shutting them down. After finishing the search in my living room, they continued in my bedroom, where they confiscated my legal firearms, as well as my cable TV receiver and my Xbox 360.

Despite my statement that all firearms and ammunition were legally owned and registered, having passed all background checks, this was doubted by one of the LKA officers due to the caliber.
In all, the authorities confiscated about 20 computers (mainly barebone PCs, HP storage MicroServers and thin clients), external hard drives, USB thumbdrives, his main computer, gaming consoles, two iPads, and his smartphones, a Samsung Galaxy Note and an HTC PDA.

In a later interview with authorities, Weber found that they were able to understand his argument. Still, he is seeking donations for legal representation:
Sadly we have nothing like the EFF here that could help me in this case by legal assistance, so I'm on my own and require a good lawyer.
He also had advice for others wanted to run TOR nodes:
The safest way is a middle node, as it cannot be seen from the Internet at all (it only routes internal traffic). Entry is pretty safe as well. Exit is very dangerous (as I've seen now...)

No comments: