Top | |
Newsletter 12/26/2021 | Back to Contents |
And now, from The Dept of LMAO Department: The Russian government banning access to the Tor network, and thus restricting access to the website at https://www.torproject.org/ (enter at your own risk), can be likened to the Chief Wolf telling all the underling wolves that the chicken coop is now off limits. The Tor network has been the tool of choice for cyber crooks for years. And it is no exaggeration to say that Russia has unleashed more cyber crooks than any other nation. As reported by the BBC in November 2021: Many of the people on the FBI's cyber most wanted list are Russian. While some allegedly work for the government earning a normal salary, others are accused of making a fortune from ransomware attacks and online theft. If they left Russia they'd be arrested - but at home they appear to be given free rein. The most recent example of Russian culpability in cyber crimes is that in December 2021, Google sued "two Russians and 15 unknown individuals said to be behind Glupteba, a malicious "botnet" that has infected over a million computers." So Russian crooks have been using the dark web, accessed via the Tor network, for years. A general understanding of how the dark web works is useful here. Several articles are available that describe how Tor is used to access the dark web.
To bring you up to speed, the deep web is the vast, subsurface
portion of the internet encompassing everything that’s not crawled by
conventional search engines. The dark web is a purposefully obfuscated
subsection of this, linked to shady activity but also a useful platform
for privacy activists living under oppressive regimes.
Russia's reasoning for banning access to the Tor network was that
"this website that enable the operation of tools that provide
access to unlawful content." 1. The Western Powers have told our dear friend,
Vlad, that if you wish to continue to trade oil and gas on the world
markets, which require access to western currencies, i.e. "petrodollars,"
and/or international financial services like those offered by
Fiserv, then you better start cracking down on all
the ransomware coming from your borders and/or your friends' borders.
Indeed, clamping down on Tor would be a start. On the other hand,
since the Log4j cyber apocalypse there has been not any let up
in ransomware attacks. And surely, Russian crooks are
at work here, as are many others. And, as noted in the Washington
Post in October,
"officials say there's no evidence the Kremlin is reining in
these groups." Security firm Group-IB says it
identified a new cybercrime group that, for the past six months, has
repeatedly and intentionally targeted Russian businesses with malware
and ransomware attacks. For the longest time it was believed that Putin's government acquiesced to the presence of ransomware crooks, as long as they did not operate inside Russian territory.
The number of cyberattacks carried out against the US has
increased recently, and the online perpetrators have one thing in
common: they are believed to be linked to Russia.
Maybe now that the tables are turned, and wealthy and connected Russian
interests are targeted, there is loud and concerted "Nyet!" emanating
from Moscow when it comes to the Tor network. The service has been hugely popular in Russia, where the government maintains a sprawling list of websites that have been banned for everything from advocating protests to promoting what the Kremlin calls "gay propaganda." According to the Tor project, 15% of its users came from the country, making it second only to the U.S., which accounts for 21% of Tor's user base. All this aside, there is another new phenomena happening within the Tor network that has researchers puzzled. This new trend impacting Tor might make this whole discussion moot. Indeed, what researchers have discovered is that the Tor network is now awash in malware. And that "the attacker may be trying to deanonymize and identify Tor users."
Since at least 2017, a mysterious threat actor has run thousands
of malicious servers in entry, middle, and exit positions of the Tor
network in what a security researcher has described as an attempt to
deanonymize Tor users. All this is resulting in users of Tor to be able to identified, as their IP addresses will no longer be hidden. And there is consensus that whoever is responsible for KAX17 is certainly a Leviathan of the murky waters known as the dark web. However, in the case of KAX17, the threat actor appears to be substantially better resourced than your average dark web malcontent: they have been running literally hundreds of malicious servers all over the world—activity that amounts to “running large fractions of the tor network,” Nusenu writes. With that amount of activity, the chances that a Tor user’s circuit could be traced by KAX is relatively high, the researcher shows. It is pointless to speculate who may be at work here, as so many competing and conflicting interests exist with the means and motivation to take down Tor. And as such, my speculations are no more valid or valuable that anyone else's. This blog only consists of information that is documentable.
Maybe Tor is falling apart anyway. And, our good buddy, Vlad,
simply didn't want to seem behind the curve when it came to Tor.
In its banning of Tor, like the rest of us computer users, the Putin
government has come to realize that whatever are the benefits of using
computers in antisocial ways, the benefits are far outweighed by the
costs. And that particular chicken has just roosted in Moscow. |
Back to Top |