STE WILLIAMS

Seattle police are on the lookout for a group of female thieves who are targeting Microsoft retail stores on its home turf.

The police report says that the gang, which consists of six women and a man, have so far stuck five times in the last two months, Q13 Fox reports. So far they’ve stolen an estimated $5,000 in purloined goods from Microsoft stores located at 2624 Northeast University Village Street and 116 Bellevue Square in Seattle.

Described as between 20 and 45, the team wears heavy coats and sweep through stores in coordinated actions. Based on Microsoft pricing, the septet of shifty shoplifters could have snaffled 10 base-specification Surface fondleslabs (we’re assuming they’re not repaying tax in a fit of remorse later) or a few hundred of Microsoft’s Touch Covers.

Anyone with knowledge of the events should call Detective Davidson at (206) 684-4593, but it’s unlikely we’re dealing with master criminals here. If they were smart, they’d have waited until the $999 Windows Pro tablets come out next year and got a much higher return for their recidivism.

Nevertheless, if there is some kind of master criminal out there then it could be a job for Seattle’s own band of nutters costumed crimefighters, the Rain City Superhero Movement, led by El Reg reader’s favorite Phoenix Jones.

Jones unmasked at a court appearance for four charges of assault (later dropped)

The group occasionally stalks the mean streets of Seattle fighting crime, with various degrees of success. It hosts a menagerie of exotic members, such as Green Reaper, The Mantis, a rather-unimaginatively entitled No Name, Thunder 88, Karma (who may or may not be a bitch), Red Dragon, and El Caballero.

El Caballero, Midnightjack, and Jones claim to have foiled a plan to blow up the city courthouse on May Day by members of the anarchist collective Black Bloc. After alerting the police to the plot, and receiving no response, the trio took it upon themselves to defend the building against a claimed 60 protestors.

“I got hit with a little of the pepper bomb, so we went back-to-back to make sure they couldn’t circle us. Once we went back-to-back, we went in front of the door. I was like this and Jack was on my back. We just stood there basically and made sure no one came in,” he told WSBT.

So far, Seattle’s second-finest claim to have stopped drunk drivers from getting behind the wheel, chased down and aided in the apprehension of a sex-offender, and helped drivers of stranded vehicles. One has to wonder what said drivers thought when a bunch of people in costume approached their vehicles.

Nevertheless, while there’s a crime in Seattle, Phoenix Jones and his crew might be on it. Somehow we doubt Redmond’s security team is holding its breath. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/12/11/microsoft_stores_theft/

An attack on Australian Defence Force Academy systems operated by the University of New South Wales (UNSW), has spilled 20,000 user records.

The systems were compromised in November, with UNSW notifying staff and students within a day, but has only now come to light.

The attacker, whose “Darwinaire” tag was also seen in a claimed attack on Amazon UK in early November, says the Website took only minutes to reveal its secrets, according to the Sydney Morning Herald (of course, an attacker’s statements about their own prowess may be considered equivocal).

In an e-mail sent to students and staff, posted here, UNSW says it expected the impact of the attack to be “minimal”, explaining that some IDs and passwords were “historical” and others related to a system that has since been replaced.

However, since e-mail addresses can easily be inferred from user names, the university warned that users may receive targeted spam or phishing attacks, or that the names may be used to attempt identity theft.

The attack has spawned national “hack attack” paranoia as a “national security failure” (according to RMIT’s Dr Mark Gregory speaking to The Conversation) and the SMH headlining the attack as “Australia’s worst hacking attack”.

While the publication of 20,000 user IDs has to be regarded as embarrassing, previous attacks known to Vulture South have sent target companies to the wall, going back as far as the 1990s. A more measured assessment of the attack has been penned by Sophos’ Paul Ducklin here, who notes that while the breach is serious, “no juicy Defence secrets” were involved.

Vulture South is also curious as to why the ADFA systems held 20,000 user IDs, when the academy’s annual intake numbers in the hundreds. We will update this story should ADFA respond to our query. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/12/11/adfa_hacked_in_november/

Reader poll Antivirus pioneer John McAfee, who found himself at the centre of Central America’s hottest manhunt in recent history, has sold the exclusive film rights to his life story.

McAfee was named by police as a “person of interest” but not a suspect following the murder of his neighbour Gregory Faull in Belize in November. McAfee went on the run with his 20-year-old girlfriend for three weeks before crossing the border to Guatemala. He was detained by the authorities soon after entry and is fighting against deportation to Belize.

“[McAfee] trusts that we will honour his life story in an honest and truthful manner,” Brian Fitzgerald, cofounder of Impact Future Media that snapped up the film deal, told The Hollywood Reporter.

Impact Future Media (IFM) is now hunting for investors and production partners for the project, preliminary titled Running in the Background: The True Story of John McAfee. The producers obtained signed exclusive intellectual property rights to McAfee’s story last week, around the time he was planning his flight from Belize to Guatemala.

The Montreal-based biz hopes to spread the software mogul’s tale across a range of media including film, print, TV and multimedia. There’s no word on any video games, which would seem to be a logical extension of the McAfee franchise given his previous fondness for the dangerous sport of “aerotrekking”.

The financial terms of the deal were undisclosed. IFM has already established a micro-website about the programmer.

The production house also has a deal with Chad Essley, a cartoonist and friend of McAfee who is writing a graphic novel about the bearded thrillseeker. Essley also maintains McAfee’s official blog, whoismcafee.com.

“My most heartfelt thank you goes to Impact Future Media and Cartoon Monkey Studio,” McAfee said in a statement issued by IFM on Monday. “Their dedication to the truth is very uncommon in the world we live in today. I am now, and will always be, grateful to their organisations.”

What’s needed to make a perfect McAfee movie?

If The Hobbit can be stretched into three films then McAfee’s recent escapades alone provide ample material for five films.

McAfee’s antics while on the lam included burying his dogs after they were allegedly poisoned by police officers; sleeping on lice-infested beds; donning various disguises including blacking up with boot polish and sticking a tampon up his nose to disguise himself as a Guatemalan trinket salesman; and sending a look-alike over the Mexican border with a North Korean passport as a diversionary tactic while he slipped over the border to Guatemala.

Other plot elements ought to include his allegations of widespread corruption among politicians and police as well as his denials of suffering from drug abuse and paranoia. Another interesting tale involves reports over the weekend that he suffered a mild heart attack whereas in reality he banged his head on a wall after passing out due to dehydration and chain smoking.

Another twist in the plot came when McAfee’s location was carelessly exposed when a Vice magazine journalist took the millionaire’s photo after he crossed the border into Guatemala and uploaded the image to the web complete with position coordinates in the file’s metadata.

This kind of material practically writes itself, making a screenplay writer somewhat redundant, but that still leaves the problem of casting for film and finding a director.

David Cronenberg (Naked Lunch), Bruce Robinson (Withnail and I, The Rum Diary), Terry Gilliam (Brazil) and David Fincher (Fight Club) would all be excellent choices for director – assuming the budget stretches that far. Either Javier Bardem or Morgan Freeman could play the police chief searching for McAfee.

We’d like to see a cameo for Rob Rosenberger, a long-term critic who accused McAfee of embellishing security problems, particularly the impact of the Michelangelo virus in the early 1990s.

El Reg’s security desk has drawn up a list of potential actors for the key role of McAfee himself. We invite readers to vote on our suggestions or make nominations of their own in the comments below. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/12/11/john_mcafee_film_deal/

Theresa May’s communications data draft bill is far too broad and needs to be slimmed down, concluded MPs and peers who have spent many months scrutinising the Home Secretary’s lambasted plans to massively increase the surveillance of online activity in the UK.

The joint committee, chaired by Lord Blencathra, said:

Our overall conclusion is that there is a case for legislation which will provide the law enforcement authorities with some further access to communications data, but that the current draft bill is too sweeping, and goes much further than it need or should.

We believe that, with the benefit of fuller consultation with CSPs [communications service providers] than has so far taken place, the government will be able to devise a more proportionate measure than the present draft bill, which would achieve most of what they really need, would encroach less upon privacy, would be more acceptable to the CSPs, and would cost the taxpayer less.

A 101-page report published by the committee this morning highlighted many shortcomings in May’s draft bill, which was tabled in June this year.

Among other things, it noted that there appeared to be a lack of ability among cops to make “effective use” of the data that is already available and recommends that this matter be addressed as a “priority”. The report added that no fresh law would be required for this but that additional costs would be involved.

The committee said that more consultation was needed among technical experts, police bodies, public authorities and civil liberties groups and that those talks should be shaped around a “narrower, more clearly defined set of proposals on definitions.” It also recommended that the bill should make it clear exactly why a gap in surveillance needs to be filled.

The peers and MPs said:

It is acknowledged on all sides that the volume of communications data now available is vastly greater than what was available when RIPA [the Regulation of Investigatory Powers Act 2000] was passed. The much quoted [Home Office] figure of a 25 per cent communications data gap purports to relate to data which might in theory be available, but currently is not.

The 25 per cent figure is, no doubt unintentionally, both misleading and unhelpful.

The report also warned that communication service providers needed reassurances about the retention of data as laid out in May’s draft bill. It said:

“Even though many of them [CSPs] are prepared to cooperate on a voluntary basis, they should also be told what obligations might be imposed on them. For many, their willingness to cooperate voluntarily will be reinforced if there is a statutory basis for the requirement.”

The report called on Clause 1 of the draft bill [PDF] to be rewritten with a “much narrower scope, so that the Secretary of State may make orders subject to Parliamentary approval enabling her to issue notices only to address specific data gaps as need arises.”

The Home Office wanted to keep clause 1 wide, May has argued, to “future proof” the law to allow for access to new types of data that may emerge. The committee dismissed that suggestion, however, and said:

“We do not accept that this is a good reason to grant the Secretary of State such wide powers now. We do not think Parliament should grant powers that are required only on the precautionary principle. There should be a current and pressing need for them.”

The report noted that the Home Secretary may in future need the power to require the retention of other data types, but it urged caution in how any law relating to that need might be introduced.

“Parliament and government both need to accept that legislation that covers the internet and other modern technologies may need revisiting and updating regularly,” the committee said.

The MPs and peers recommended that this might be done via an order subject to the super-affirmative procedure to guarantee greater parliamentary scrutiny than a standard affirmative order, which is currently proposed in the bill. If the committee’s method is adopted by the Home Office the process could take anything up to nine months to be scrutinised by those sitting in the Lords and the Commons.

The report questioned whether that clause should allow notices that require CSPs to retain web logs up to the first “/”. The politicos and peers said such a plan posed a “fundamental question” about the draft bill and added that parliamentarians needed to debate that issue further.

Next page: ‘Unacceptable risks to the privacy of individuals’

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/12/11/draft_communications_data_bill_joint_committee_report/

A medical practice in the Australian state of Queensland, the Miami Family Medical Centre, has been hit by ransomware said to originate in Russia.

ABC News reports staff arrived at the practice last week, turned on computers and found messages proclaiming that patients’ records had been encrypted. Seven years’ worth of patients records are now inaccessible.

The report goes on to say that the practice has decided it does not negotiate with cyber-terrorists and won’t be handing over the $AUD4,000 that has been demanded to decrypt the files. The practice will therefore rebuild a database, and appears to have written off its current collection of records.

Queensland Police say this is not the first such case in the state – 11 similar incidents have been reported in the last year.

The reason for the attack seems to be poor security: the practice says it ran anti-virus software, but the attackers seem to have divined passwords for both PCs and servers, brushing aside AV on their way into the centre’s systems. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/12/11/queensland_ransomware_attack/

The hacking collecting GhostShell has announced it has finished operations for the year, but has signed off with a dump of around 1.6 million account details purloined from government, military, and industry.

“ProjectWhiteFox will conclude this year’s series of attacks by promoting hacktivism worldwide and drawing attention to the freedom of information on the net,” the group said in a statement.

“For those two factors we have prepared a juicy release of 1.6 million accounts/records from fields such as aerospace, nanotechnology, banking, law, education, government, military, all kinds of wacky companies corporations working for the department of defense, airlines and more.”

The group claimed the accounts come from the ESA, NASA, Pentagon, Federal Reserve, Interpol, FBI, and firms in the aerospace and military contracting field, as well as some security companies. It also claims to have sent emails highlighting failures in 150 servers to the security chiefs of the hacked organizations.

The team mocked the efforts of law enforcement groups trying to track them down, and the security groups hired to help them. Some of GhostShell’s servers had been found, but they were empty, the group said, and of little importance.

However, there were plenty of so-called hidden websites used by online investigators that GhostShell says it has been following and infiltrating. It mocked attempts to hide these sites, saying they would always be watching.

It has been a busy couple of months for the group, which has been cited as an off-shoot of the Anonymous group. In August, around one million account details from businesses were leaked, while in October it released student records from the world’s top 100 universities. Last month it was the Russians’ turn, with 2.5 million records from government and businesses put online. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/12/11/ghostshell_christmas_release/

Former anti-virus mogul turned fugitive John McAfee has appealed to be allowed to return to the United States rather than deported from Guatemala to Belize.

Authorities in Belize want to question McAfee as a person of interest in the murder of his neighbour, Gregory Faull. McAfee went into hiding with his 20-year-old girlfriend Samantha following the start of investigations into Faull’s murder on 11 November.

McAfee become the target of a bizarre* and highly publicised man hunt over the subsequent three weeks before finally surfacing in neighbouring Guatemala, where he was arrested for illegal entry to the country. McAfee’s location just before his arrest was spilled by the metadata embedded in a photo published by the online lifestyle mag Vice. Reporters from Vice were traveling with McAfee around the time he crossed the border from into Guatemala.

Arrest last week failed to dampen McAfee’s spirits. He was given access to a computer and an internet connection, allowing him to update followers of his blog (which he started on the run) to his assessments that the local jails were better than those in Belize and the coffee was “excellent”. McAfee requested asylum in Guatemala but the request was turned down by Guatemala’s foreign minister: however a judge granted a stay of execution against deportation. McAfee was subsequently rushed to hospital with what at first appeared to be a minor heart attack but turned out to be only the results of the 67 year-old losing consciousness due to dehydration and ill-advised chain smoking during which he fell against a wall and further injured himself.

During a press conference on Sunday McAfee answered questions from reporters via a video stream from an immigration detention centre in Guatemala City. The one-man Hunter S Thompson tribute band said he’d decided he wanted to return to the US rather than continuing his quixotic anti-corruption blogging campaign while trying to stay one step ahead of the Belizean authorities, who McAfee claims are corrupt and want to do him in.

“The odyssey that Samantha and I have been on did not begin after the death of Mr Faull,” McAfee said in a prepared video statement. “It began on 15 October after an abortive raid by the police of San Pedro and Belize City and since that time we have been on and off the run. After the death of Mr Faull we went underground in earnest.”

McAfee, who looked sweaty but otherwise reasonably well, went on to deny reports he was paranoid or that he took “bath salts” (a potent synthetic, narcotic drug) or any other drugs for that matter.

“Our intent is to return to America, if at all possible, and settle down to whatever normal life we can settle down to under the circumstances,” McAfee said in a QA session. “The intent to question me has nothing to do with Mr Faull’s murder. Since April of last year the Belizean government has been trying to level charge after charge against me, all of them groundless. This is simply the latest in that chain. The government is however getting very serious. While I was in hiding there were eight raids on my property.”

Corruption in Belize ranges from bribery to ex-judicial execution, McAfee claimed, adding that the accusations he has raised in his blog will have hurt tourism in Belize and further inflamed the anger of authorities against him.

“There is no hope for my life if I am ever returned to Belize,” he said.

McAfee denied any involvement in Faull’s death, insisting he’d left Belize to escape police persecution. McAfee moved to Belize in 2008, years after he made his fortune by selling his share in the computer security business he founded. He sold his share in McAfee Associates in 1994, seven years after founding the company.

McAfee is no longer much of a fan of the software that still bears his name. He told the FT that he took the software off his own computer. “It’s too annoying,” he told the FT.

The tech tycoon was born in the UK and continues to hold British citizenship. He said that he’d also be willing to go back the the UK, where he hasn’t lived since he was a child.

Meanwhile authorities in Belize continue to express exasperation about McAfee’s conduct, while reiterating that he has nothing to fear should he decide to return home.

“He’s really gone out of his way to make the country look bad,” Belize police spokesman Raphael Martinez has said about McAfee. “We just believe he should, if he’s innocent as he’s saying he is, he should bring in his lawyer, and let’s get to the bottom of this and say what he needs to say and let’s move on.” ®

Bootnote

*McAfee’s activities on the run included shooting and burying his dogs after they were allegedly poisoned by police, donning various disguises including blacking up with boot polish and sticking a tampon up his nose to impersonate a Guatemalan trinket salesman and sending a look-alike over the Mexican border with a forged North Korean passport as a decoy.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/12/10/john_mcafee_bizarre_press_conference/

Google has added new anti-malware capabilities to Android 4.2 “Jelly Bean,” but relying on them to block malicious apps might not be a good idea, says a computer science boffin from North Carolina State University.

The latest Android – currently only found on a select group of handsets – includes an on-device “application verification service” that claims to be able to alert users of potentially harmful apps and block their installation, irrespective of where they came from.

Associate professor Xuxian Jiang wanted to know how well the new feature fared against known Android malware, and to that end he pitted it against a collection of samples obtained by the university’s Android Malware Genome Project.

The results? Not so good. Of the 1,260 samples tested, Android’s on-device malware checker only managed to spot 193 of them, for a paltry detection rate of just 15.3 per cent.

That’s bad news for Android users, as the instance of malware attacks on the platform has reportedly been growing – a point that Microsoft, in particular, has been using to flog its own, rival smartphone platform.

Jiang went on to pit the same sample collection against an assortment of ten Android-based antivirus engines. Without naming any of the products involved, Jiang reports that all of them fared significantly better than Jelly Bean’s built-in one, with even the poorest performer catching 50 per cent of the malware.

Even in Android 4.2 you won’t be seeing this very often

Those are better findings than those reported in March by AV-Test, which reckoned that only about a third of the malware scanners for Android were actually up to the task.

Why such a poor showing for Google’s product? According to Jiang, Jelly Bean’s app verification service relies on relatively few data points to decide whether or not to block a given app install.

“Specifically, our study indicates that the app verification service mainly uses an app’s SHA1 value and the package name to determine whether it is dangerous or potentially dangerous,” he writes. “This mechanism is fragile and can be easily bypassed. It is already known that attackers can change with ease the checksums of existing malware (e.g., by repackaging or mutating it).”

Jiang further observes that Google has not integrated VirusTotal – a file-scanning security service which it bought in September – into the Android platform, but that VirusTotal performed significantly better than the app verification service in Jiang’s tests.

Although Jiang notes that some form of malware checking more sophisticated than Jelly Bean’s on-device method is necessary, however, he cautions that a delicate balance must be struck between security, device performance, and user privacy.

What’s more, Jiang is quick to point out that the fact that Google is paying attention to Android security at all is welcome news. Prior to Android 4.2 – which is running on just 0.8 per cent of the devices out there, according to Google’s stats – Android devices included no on-board security features at all.

Instead, they have relied on app stores to screen out malware, a method that researchers have shown doesn’t always work. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/12/10/android_malware_scanner_fails/

A sysadmin had his flat raided and equipment seized by police last week for hosting a Tor exit node.

William Weber from Graz, Austria, was questioned by cops after someone allegedly distributed child abuse images over one of the Tor exits he administered. Contrary to some early reports Weber was only questioned by police, who seem to be at the early stage of an inquiry. “I was not arrested (yet), just searched and questioned,” Weber told El Reg.

Weber’s equipment – 20 computers, 100TB+ storage, tablets, consoles and phones – was seized by investigators. The raid was carried out by officers from the Styrian Landeskriminalamt (LKA), the Austrian equivalent of the FBI, who served a warrant on Weber at his place of work before escorting him home and conducting a search and seizure operation at his flat. Before and after pictures can be found here.

In response, Weber has established a legal defence fund, and is soliciting donations via PayPal from the internet community:

I got raided for someone sharing child pornography over one of my Tor exits. I’m good so far, not in jail, but all my computers and hardware have been confiscated.

If convicted I could face up to 10 years in jail (minimum six years), of course I do not want that and I also want to try to set a legal base for running Tor exit nodes in Austria or even the EU.

Sadly we have nothing like the EFF here that could help me in this case by legal assistance, so I’m on my own and require a good lawyer.

Tor (The Onion Router) offers, among other things, anonymised web browsing and has many legitimate applications including getting around censorship controls in countries with a poor human rights record. Tor routes traffic through a number of relay nodes before delivering the packets to their final destination, confusing attempts to figure out where traffic originated. Volunteers such as Weber administer “exit nodes” – the final stepping stone on the network.

The system is used by journalists, activists and military organisations around the world to bypass censorship and communicate securely. Like any technology Tor can also lend itself to unsavoury applications.

This leaves anyone providing hardware to the Tor project in a difficult position. El Reg asked Weber if he had any advice for other admins hosting Tor exit nodes to avoid landing themselves in a legal pickle.

“Tor admins should open a LLC (if US) or Limited (in UK, if EU) or registered partnership/non-profit (German Verein, if in Germany) company as owner of these servers,” Weber said. “This removes the hassle of running it as private person and remove at least a bit liability (in most countries) if not all of it (in Germany, Telemediengesetz).”

“Besides this there should be good contact with the ISP beforehand, let them know that there will be abuse (filesharing and the DMCA, mainly) and what Tor is. Or if more money is available to invest, a membership of ARIN/RIPE is well worth it, getting own IP blocks and an AS number (running their own network) helps to resolve issues faster and means you get direct information if servers should be tapped or confiscated (unlike if rented, then only your ISP gets the warning).”

Weber’s colocated servers were not seized, most likely as they are outside of EU jurisdiction: they are in Liechtenstein, the US and Hong Kong. The server running the exit node was under investigation was in Poland but “already disabled since I moved to a different ISP”, according to Weber.

LKA officers questioned Weber about his motives for running a Tor Exit Node, according to a detailed report on the raid.

“I could not make them understand why I would ‘waste’ resources and bandwidth (translating into money) to run a Tor node,” Weber explained. “I informed them that I was already contacted by the Polish police in May about this IP, regarding hacking attempts originating from it. Back then I had already explained to Polish police that this was a Tor exit node, and that no logfiles were held. After the report of hacking attempts, I shut down the Tor node on this server, but apparently this was too late and they were investigating (and/or wiretapping) already.”

Police also recovered a small quantity of marijuana and legally held firearms as a result of their raid on Weber’s flat.

Running a Tor exit node is “fraught with danger” according to a former police investigator contacted by El Reg on the topic. He added “you do not know what or who will be using your bandwidth”.

David Harley, senior research fellow at anti-virus firm Eset, said abuse of Tor networks is something of an occupational hazard for the sysadmins who administer them.

“It’s not unusual for the maintainer of a [Tor] exit node to be the focus of abuse complaints: mostly DCMA notices, I think. Reports of paedophilia-related abuse are a lot rarer, but not unheard of,” he added.

The story of another Tor admin who was put through a police inquiry after one of the exit nodes he administered was abused to distribute images of child abuse can be found here.

Harley said he wasn’t familiar which any statistics or research on how much traffic routed through Tor exit nodes is related to child abuse.

“I’m not unsympathetic to the fact that Tor gives a voice to oppressed groups and so on, but misuse is inevitable,” Harley concluded. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/12/10/tor_admin/

A sysadmin had his flat raided and equipment seized by police last week for hosting a Tor exit node.

William Weber from Graz, Austria, was questioned by cops after someone allegedly distributed child abuse images over one of the Tor exits he administered. Contrary to some early reports Weber was only questioned by police, who seem to be at the early stage of an inquiry. “I was not arrested (yet), just searched and questioned,” Weber told El Reg.

Weber’s equipment – 20 computers, 100TB+ storage, tablets, consoles and phones – was seized by investigators. The raid was carried out by officers from the Styrian Landeskriminalamt (LKA), the Austrian equivalent of the FBI, who served a warrant on Weber at his place of work before escorting him home and conducting a search and seizure operation at his flat. Before and after pictures can be found here.

In response, Weber has established a legal defence fund, and is soliciting donations via PayPal from the internet community:

I got raided for someone sharing child pornography over one of my Tor exits. I’m good so far, not in jail, but all my computers and hardware have been confiscated.

If convicted I could face up to 10 years in jail (minimum six years), of course I do not want that and I also want to try to set a legal base for running Tor exit nodes in Austria or even the EU.

Sadly we have nothing like the EFF here that could help me in this case by legal assistance, so I’m on my own and require a good lawyer.

Tor (The Onion Router) offers, among other things, anonymised web browsing and has many legitimate applications including getting around censorship controls in countries with a poor human rights record. Tor routes traffic through a number of relay nodes before delivering the packets to their final destination, confusing attempts to figure out where traffic originated. Volunteers such as Weber administer “exit nodes” – the final stepping stone on the network.

The system is used by journalists, activists and military organisations around the world to bypass censorship and communicate securely. Like any technology Tor can also lend itself to unsavoury applications.

This leaves anyone providing hardware to the Tor project in a difficult position. El Reg asked Weber if he had any advice for other admins hosting Tor exit nodes to avoid landing themselves in a legal pickle.

“Tor admins should open a LLC (if US) or Limited (in UK, if EU) or registered partnership/non-profit (German Verein, if in Germany) company as owner of these servers,” Weber said. “This removes the hassle of running it as private person and remove at least a bit liability (in most countries) if not all of it (in Germany, Telemediengesetz).”

“Besides this there should be good contact with the ISP beforehand, let them know that there will be abuse (filesharing and the DMCA, mainly) and what Tor is. Or if more money is available to invest, a membership of ARIN/RIPE is well worth it, getting own IP blocks and an AS number (running their own network) helps to resolve issues faster and means you get direct information if servers should be tapped or confiscated (unlike if rented, then only your ISP gets the warning).”

Weber’s colocated servers were not seized, most likely as they are outside of EU jurisdiction: they are in Liechtenstein, the US and Hong Kong. The server running the exit node was under investigation was in Poland but “already disabled since I moved to a different ISP”, according to Weber.

LKA officers questioned Weber about his motives for running a Tor Exit Node, according to a detailed report on the raid.

“I could not make them understand why I would ‘waste’ resources and bandwidth (translating into money) to run a Tor node,” Weber explained. “I informed them that I was already contacted by the Polish police in May about this IP, regarding hacking attempts originating from it. Back then I had already explained to Polish police that this was a Tor exit node, and that no logfiles were held. After the report of hacking attempts, I shut down the Tor node on this server, but apparently this was too late and they were investigating (and/or wiretapping) already.”

Police also recovered a small quantity of marijuana and legally held firearms as a result of their raid on Weber’s flat.

Running a Tor exit node is “fraught with danger” according to a former police investigator contacted by El Reg on the topic. He added “you do not know what or who will be using your bandwidth”.

David Harley, senior research fellow at anti-virus firm Eset, said abuse of Tor networks is something of an occupational hazard for the sysadmins who administer them.

“It’s not unusual for the maintainer of a [Tor] exit node to be the focus of abuse complaints: mostly DCMA notices, I think. Reports of paedophilia-related abuse are a lot rarer, but not unheard of,” he added.

The story of another Tor admin who was put through a police inquiry after one of the exit nodes he administered was abused to distribute images of child abuse can be found here.

Harley said he wasn’t familiar which any statistics or research on how much traffic routed through Tor exit nodes is related to child abuse.

“I’m not unsympathetic to the fact that Tor gives a voice to oppressed groups and so on, but misuse is inevitable,” Harley concluded. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/12/10/tor_admin/