Information Security News
by Sean Gallagher
Last week’s takedown of Silk Road 2.0 wasn’t the only law enforcement strike on "darknet" illicit websites being concealed by the Tor Project’s network of anonymizing routers. A total of 410 .onion pages on at least 27 different sites, some of which sell everything from drugs to murder-for-hire assassins, were shut down as part of Operation Onymous—a joint operation between16 member nations of Europol, the FBI, and US Immigration and Customs Enforcement.
While 17 arrests were made, some operators of sites taken down by the worldwide sweep remain at large. One of them—the co-operator of Doxbin, a site that allowed others to post personal identifying information frequently used for intimidation, identity theft, or other malicious purposes—has shared details of his site’s takedown with Tor developers in hopes they’ll find ways to protect other users of the network. An apparent distributed denial of service (DDoS) attack against Doxbin may have been used to uncover its actual location, and the same approach may have been used to expose other darknet servers seized by law enforcement.
Domestic Internet traffic traveling inside the borders of Russia has repeatedly been rerouted outside of the country under an unexplained series of events that degrades performance and could compromise the security of Russian communications.
The finding, reported Thursday in a blog post published by Internet monitoring service Renesys, underscores the fragility of the border gateway protocol (BGP), which forms the underpinning of the Internet's global routing system. In this case, domestic Russian traffic was repeatedly routed to routers operated by China Telecom, a firm with close ties to that county's government. When huge amounts of traffic are diverted to far-away regions before ultimately reaching their final destination, it increases the chances hackers with the ability to monitor the connections have monitored or even altered some of the communications. A similar concern emerged last year, when Renesys found big chunks of traffic belonging to US banks, government agencies, and network service providers had been improperly routed through Belarusian or Icelandic service providers.
The hijacking of Russian traffic is linked to last year's peering agreement between Russian mobile provider Vimpelcom and China Telecom. The pact allowed the firms to save money by having some of their traffic carried over the other's network rather than through a more expensive transit operator. On multiple occasions since then, according to Renesys, communications destined for Russia has followed extremely round-about routes that take the traffic into China before sending it on to its final stop. Doug Madory, director of internet analysis in Renesys research arm Dyn wrote: