And now, from The Dept of LMAO Department:
Putin Bans The Onion Router (TOR)

The Russian government banning access to the Tor network, and thus restricting access to the website at https://www.torproject.org/ (enter at your own risk), can be likened to the Chief Wolf telling all the underling wolves that the chicken coop is now off limits.  The Tor network has been the tool of choice for cyber crooks for years.  And it is no exaggeration to say that Russia has unleashed more cyber crooks than any other nation.  As reported by the BBC in November 2021:

Many of the people on the FBI's cyber most wanted list are Russian. While some allegedly work for the government earning a normal salary, others are accused of making a fortune from ransomware attacks and online theft. If they left Russia they'd be arrested - but at home they appear to be given free rein.

The most recent example of Russian culpability in cyber crimes is that in December 2021, Google sued "two Russians and 15 unknown individuals said to be behind Glupteba, a malicious "botnet" that has infected over a million computers."  So Russian crooks have been using the dark web, accessed via the Tor network, for years.

A general understanding of how the dark web works is useful here.  Several articles are available that describe how Tor is used to access the dark web. 

To bring you up to speed, the deep web is the vast, subsurface portion of the internet encompassing everything that’s not crawled by conventional search engines. The dark web is a purposefully obfuscated subsection of this, linked to shady activity but also a useful platform for privacy activists living under oppressive regimes. 

Created in the mid-1990s by military researchers in the US, the technology which paved the way for what is now known as the dark web was used by intelligence officers to share files anonymously. That initial platform was called ‘Tor’, which stands for ‘The Onion Router’.

"How To Access The Dark Web: What Is Tor And How Do I Access Dark Websites?, Victoria Woollaston, https://www.alphr.com/ , November 2020.  

Russia's reasoning for banning access to the Tor network was that "this website that enable the operation of tools that provide access to unlawful content."  
So this begs the question: Why did Russia ban the Tor network now?  One can only speculate, but...

1. The Western Powers have told our dear friend, Vlad, that if you wish to continue to trade oil and gas on the world markets, which require access to western currencies, i.e. "petrodollars," and/or international financial services like those offered by Fiserv, then you better start cracking down on all the ransomware coming from your borders and/or your friends' borders.  Indeed, clamping down on Tor would be a start.  On the other hand, since the Log4j cyber apocalypse there has been not any let up in ransomware attacks.  And surely, Russian crooks are at work here, as are many others. And, as noted in the Washington Post in October, "officials say there's no evidence the Kremlin is reining in these groups." 

2. Wealthy Russians now, too, are becoming victims of cyber crimes.

Security firm Group-IB says it identified a new cybercrime group that, for the past six months, has repeatedly and intentionally targeted Russian businesses with malware and ransomware attacks.

Named OldGremlin, Group-IB says the hackers are behind targeted attacks with a new strain [of] ransomware called TinyCryptor (aka decr1pt).
"They have been trying to target only Russian companies so far," Oleg Skulkin, Group-IB's senior DFIR analyst, told ZDNet this week.

"This is very unusual for Russian-speaking gangs who have this unspoken rule about not working within Russia and post-Soviet countries."

For the longest time it was believed that Putin's government acquiesced to the presence of ransomware crooks, as long as they did not operate inside Russian territory. 

The number of cyberattacks carried out against the US has increased recently, and the online perpetrators have one thing in common: they are believed to be linked to Russia.

Hackers have found a safe haven in Russia to carry out their attacks, as the Washington Post reported. That's because they work without any repercussions from Moscow, which seemingly grants them leniency as long as they don't target Russia or its allies.

Cybercriminal networks "in Russia seem to exist with the tacit blessing of the Russian state," V.S. Subrahmanian, director of Dartmouth's Institute of Security, Technology, and Society, told Insider. "As long as they do not carry out nefarious activities in Russia itself, they seem to be protected from severe prosecution."

Maybe now that the tables are turned, and wealthy and connected Russian interests are targeted, there is loud and concerted "Nyet!" emanating from Moscow when it comes to the Tor network.

3. The most likely answer is that, as in China, Russian dissidents have found Tor to be a very useful tool for dissidents to communicate with one another and organize without the eyes of Big Comrade peering in on them.  Tor and its users represented a real threat to Putin's grip on political power.  And, thus, Tor itself had to be cracked down upon.

The service has been hugely popular in Russia, where the government maintains a sprawling list of websites that have been banned for everything from advocating protests to promoting what the Kremlin calls "gay propaganda." According to the Tor project, 15% of its users came from the country, making it second only to the U.S., which accounts for 21% of Tor's user base.

All this aside, there is another new phenomena happening within the Tor network that has researchers puzzled. This new trend impacting Tor might make this whole discussion moot.  Indeed, what researchers have discovered is that the Tor network is now awash in malware.  And that "the attacker may be trying to deanonymize and identify Tor users." 

Since at least 2017, a mysterious threat actor has run thousands of malicious servers in entry, middle, and exit positions of the Tor network in what a security researcher has described as an attempt to deanonymize Tor users.

KAX17’s focus on Tor entry and middle relays led Nusenu to believe that the group, which he described as “non-amateur level and persistent,” is trying to collect information on users connecting to the Tor network and attempting to map their routes inside it.

All this is resulting in users of Tor to be able to identified, as their IP addresses will no longer be hidden.  And there is consensus that whoever is responsible for KAX17 is certainly a Leviathan of the murky waters known as the dark web.

However, in the case of KAX17, the threat actor appears to be substantially better resourced than your average dark web malcontent: they have been running literally hundreds of malicious servers all over the world—activity that amounts to “running large fractions of the tor network,” Nusenu writes. With that amount of activity, the chances that a Tor user’s circuit could be traced by KAX is relatively high, the researcher shows.

It is pointless to speculate who may be at work here, as so many competing and conflicting interests exist with the means and motivation to take down Tor.  And as such, my speculations are no more valid or valuable that anyone else's.  This blog only consists of information that is documentable.

Maybe Tor is falling apart anyway.  And, our good buddy, Vlad, simply didn't want to seem behind the curve when it came to Tor.  In its banning of Tor, like the rest of us computer users, the Putin government has come to realize that whatever are the benefits of using computers in antisocial ways, the benefits are far outweighed by the costs.  And that particular chicken has just roosted in Moscow.

Nonetheless,  I needed a rationale to discuss Tor, but within the context of a current theme among, at least, some of the digerati.  In other words, it had to be newsworthy.  So I would like thank Ol' Vlad for the opportunity.


Gerald Reiff