I just wanted to let everyone know that my two Tor nodes have been raided (+all my computer equipment and everything that could store data).
I'm not sure what triggered all this unwanted attention, but I suspect that it's the local police department trying to make a score after tor getting some media attention. It doesn't look to be a very 'high-tech' operation because I got a call asking me for the root password to the tor servers that are on unencrypted disks...
Let this be a warning to everyone running middlemans in the Netherlands, I found out the hard way.
Nicknames of the servers where AIVD and MIVD, no clue what the public key was. But consider them compromised.
Best regards, David
Hello. Can you please keep us updated about what happens to the case? If they give you any explanation why they raided an non-exit node I would be interested to know.
Thanks for the tip.
----- My blog with GPG keys, my programs etc: http://www.inshame.com Some more links: http://bit.ly/gbla4z
On Thu, Nov 10, 2011 at 1:48 PM, David davidlusthof@goatse.be wrote:
I just wanted to let everyone know that my two Tor nodes have been raided (+all my computer equipment and everything that could store data).
I'm not sure what triggered all this unwanted attention, but I suspect that it's the local police department trying to make a score after tor getting some media attention. It doesn't look to be a very 'high-tech' operation because I got a call asking me for the root password to the tor servers that are on unencrypted disks...
Let this be a warning to everyone running middlemans in the Netherlands, I found out the hard way.
Nicknames of the servers where AIVD and MIVD, no clue what the public key was. But consider them compromised.
Best regards, David _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 10.11.2011 11:48, David wrote:
I just wanted to let everyone know that my two Tor nodes have been raided (+all my computer equipment and everything that could store data).
I'm not sure what triggered all this unwanted attention, but I suspect that it's the local police department trying to make a score after tor getting some media attention. It doesn't look to be a very 'high-tech' operation because I got a call asking me for the root password to the tor servers that are on unencrypted disks...
Let this be a warning to everyone running middlemans in the Netherlands, I found out the hard way.
Nicknames of the servers where AIVD and MIVD, no clue what the public key was. But consider them compromised.
Best regards, David _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Interesting. They already raids on middleman/guard nodes, not only exits? What can be reasons of such raids?
On Thu, Nov 10, 2011 at 14:44, Orionjur Tor-admin tor-admin@orionjurinform.com wrote:
On 10.11.2011 11:48, David wrote:
I just wanted to let everyone know that my two Tor nodes have been raided (+all my computer equipment and everything that could store data).
I'm not sure what triggered all this unwanted attention, but I suspect that it's the local police department trying to make a score after tor getting some media attention. It doesn't look to be a very 'high-tech' operation because I got a call asking me for the root password to the tor servers that are on unencrypted disks...
Let this be a warning to everyone running middlemans in the Netherlands, I found out the hard way.
Nicknames of the servers where AIVD and MIVD, no clue what the public key was. But consider them compromised.
Best regards, David
Interesting. They already raids on middleman/guard nodes, not only exits? What can be reasons of such raids?
Possibly non tor-related? As far as I read the post, it isn't clear right now why the raid had taken place, and I know (unfortunately) from personal experience as a raided exit-operator in NL it can take a while before this is clear why exactly the raid happened. Took me a few weeks to get clarity, also because the police will not tell you much until they have analysed the evidence.
Anyhow, David, good luck, it's not easy having to explain your neighbors why the police raided your house.
Op 10-11-11 15:20, Nils Vogels schreef:
On Thu, Nov 10, 2011 at 14:44, Orionjur Tor-admin tor-admin@orionjurinform.com wrote:
On 10.11.2011 11:48, David wrote:
I just wanted to let everyone know that my two Tor nodes have been raided (+all my computer equipment and everything that could store data).
I'm not sure what triggered all this unwanted attention, but I suspect that it's the local police department trying to make a score after tor getting some media attention. It doesn't look to be a very 'high-tech' operation because I got a call asking me for the root password to the tor servers that are on unencrypted disks...
Let this be a warning to everyone running middlemans in the Netherlands, I found out the hard way.
Nicknames of the servers where AIVD and MIVD, no clue what the public key was. But consider them compromised.
Best regards, David
Interesting. They already raids on middleman/guard nodes, not only exits? What can be reasons of such raids?
Possibly non tor-related? As far as I read the post, it isn't clear right now why the raid had taken place, and I know (unfortunately) from personal experience as a raided exit-operator in NL it can take a while before this is clear why exactly the raid happened. Took me a few weeks to get clarity, also because the police will not tell you much until they have analysed the evidence.
Anyhow, David, good luck, it's not easy having to explain your neighbors why the police raided your house.
They where specifically talking about 'The Tor servers'. And I got raided by the 'Zeden' (not sure what the right translation is) department of the police, so it's probably about CP.
Can't help but think it has something to do with all the attention Tor has been getting by the police. Especially hidden services (which I did not run).
How much time did they take to go through all your stuff? It has been 4 weeks since it happened here.
Thanks, David
Hey David,
On Thu, Nov 10, 2011 at 15:31, David davidlusthof@goatse.be wrote:
Op 10-11-11 15:20, Nils Vogels schreef:
On Thu, Nov 10, 2011 at 14:44, Orionjur Tor-admin tor-admin@orionjurinform.com wrote:
On 10.11.2011 11:48, David wrote:
I just wanted to let everyone know that my two Tor nodes have been raided (+all my computer equipment and everything that could store data).
Interesting. They already raids on middleman/guard nodes, not only exits? What can be reasons of such raids?
Possibly non tor-related? As far as I read the post, it isn't clear right now why the raid had taken place, and I know (unfortunately) from personal experience as a raided exit-operator in NL it can take a while before this is clear why exactly the raid happened. Took me a few weeks to get clarity, also because the police will not tell you much until they have analysed the evidence.
Anyhow, David, good luck, it's not easy having to explain your neighbors why the police raided your house.
They where specifically talking about 'The Tor servers'. And I got raided by the 'Zeden' (not sure what the right translation is) department of the police, so it's probably about CP.
Yeah, I was raided by Vice (which is the right translation ;) ) as well.
Can't help but think it has something to do with all the attention Tor has been getting by the police. Especially hidden services (which I did not run).
I can't tell you what the reason was offcourse, for me it was because of exiting traffic related to case somewhere else in Europe.
How much time did they take to go through all your stuff? It has been 4 weeks since it happened here.
Preliminary results were in after 3 months, and I had some things returned to me, it took them two years to realise I was indeed running a tor exit node, and my case got dismissed returning all my stuff.
The department of digital forensics (who does the analysis of the computers) is immensely backlogged. I chose not to push them other than keeping in touch with the DA (OvJ) and the local police officers. Maybe if you put a lawyer on it, you get speedier results, YMMV.
On Nov 10, 2011, at 3:20 PM, Nils Vogels wrote:
On Thu, Nov 10, 2011 at 14:44, Orionjur Tor-admin tor-admin@orionjurinform.com wrote:
On 10.11.2011 11:48, David wrote:
I just wanted to let everyone know that my two Tor nodes have been raided (+all my computer equipment and everything that could store data).
I'm not sure what triggered all this unwanted attention, but I suspect that it's the local police department trying to make a score after tor getting some media attention. It doesn't look to be a very 'high-tech' operation because I got a call asking me for the root password to the tor servers that are on unencrypted disks...
Let this be a warning to everyone running middlemans in the Netherlands, I found out the hard way.
Nicknames of the servers where AIVD and MIVD, no clue what the public key was. But consider them compromised.
Best regards, David
Interesting. They already raids on middleman/guard nodes, not only exits? What can be reasons of such raids?
Possibly non tor-related? As far as I read the post, it isn't clear right now why the raid had taken place, and I know (unfortunately) from personal experience as a raided exit-operator in NL it can take a while before this is clear why exactly the raid happened. Took me a few weeks to get clarity, also because the police will not tell you much until they have analysed the evidence.
I think this is a very important point to keep in mind. Searching the web for the IP in question it is found in a few blocklists that don't typically list all Tor nodes, so another idea would be that your node was pwned and someone used it for a botnet/put an open proxy there, etc. Did you(r ISP) ever get abuse complaints?
Police might have found your IP address, seen it's a Tor server, and assumed the traffic was coming from Tor.
Anyhow, David, good luck, it's not easy having to explain your neighbors why the police raided your house.
Yes! Also, good luck figuring out what the exact allegations are and getting your hardware back.
Thank you for your support for Tor.
All the best Sebastian
Op 10-11-11 15:44, Sebastian Hahn schreef:
On Nov 10, 2011, at 3:20 PM, Nils Vogels wrote:
Possibly non tor-related? As far as I read the post, it isn't clear right now why the raid had taken place, and I know (unfortunately) from personal experience as a raided exit-operator in NL it can take a while before this is clear why exactly the raid happened. Took me a few weeks to get clarity, also because the police will not tell you much until they have analysed the evidence.
I think this is a very important point to keep in mind. Searching the web for the IP in question it is found in a few blocklists that don't typically list all Tor nodes, so another idea would be that your node was pwned and someone used it for a botnet/put an open proxy there, etc. Did you(r ISP) ever get abuse complaints?
That's certainly possible. the MIVD was an exit for a short time over a year ago. This caused abuse complains by my ISP and I edited the config to disallow exit connections. Never heard anything since.
It's possible that something is coming back to haunt me.
Police might have found your IP address, seen it's a Tor server, and assumed the traffic was coming from Tor.
Anyhow, David, good luck, it's not easy having to explain your neighbors why the police raided your house.
Yes! Also, good luck figuring out what the exact allegations are and getting your hardware back.
Thank you for your support for Tor.
All the best Sebastian
Thanks,
On Thu, 10 Nov 2011 12:48:44 +0100 David davidlusthof@goatse.be allegedly wrote:
Nicknames of the servers where AIVD and MIVD, no clue what the public key was. But consider them compromised.
Maybe your Police have no sense of humour?
AIVD = Intelligence and Security Service. MIVD = Military Intelligence and Security Service.
Good luck anyway.
Mick ---------------------------------------------------------------------
The text file for RFC 854 contains exactly 854 lines. Do you think there is any cosmic significance in this?
Douglas E Comer - Internetworking with TCP/IP Volume 1
http://www.ietf.org/rfc/rfc854.txt ---------------------------------------------------------------------
On Thu, Nov 10, 2011 at 12:48:44PM +0100, davidlusthof@goatse.be wrote 0.9K bytes in 21 lines about: : I just wanted to let everyone know that my two Tor nodes have been : raided (+all my computer equipment and everything that could store data).
This sucks. I'm sure you know that already. As you are in .nl, you may want to contact Bits of Freedom: info@bof.nl www.bof.nl
They have offered to help Tor relay ops in country. As you live in a democractic country, you should be able to at least learn the charge against you. There is a generally a set of stpes one must take, within a certain timeline, to appeal the raid and get your justice.
On Thursday 10 November 2011 06:48:44 David wrote:
I just wanted to let everyone know that my two Tor nodes have been raided (+all my computer equipment and everything that could store data).
I'm not sure what triggered all this unwanted attention, but I suspect that it's the local police department trying to make a score after tor getting some media attention. It doesn't look to be a very 'high-tech' operation because I got a call asking me for the root password to the tor servers that are on unencrypted disks...
Very sorry to hear this. I hope you get them back soon, intact.
cmeclax
tor-relays@lists.torproject.org
-
andrew@torproject.org -
cmeclax-sazri -
David -
Konstantinos Asimakis -
mick -
Nils Vogels -
Orionjur Tor-admin -
Sebastian Hahn