Dear Micah Lee: Maybe Russian Hackers don’t use TOR, but Russian(and every other country’s) extortionists do

This is a post series on cyber crime. For more posts click here or the cybercrime tag below.

Maybe Russian  Hackers don’t use TOR, but the ransomware extortionists and other malware creators take full advantage of TOR’s ability to anonyminize IP addresses.  As for “smoking gun,” well, check the top of this post.  I was hit with ransomware last year and I can attest that all communication was through the TOR network, which allows the Reveton people the protection of anonymity.  A protection that the network and the way the OS is set up do not allow me, or most users.

Mr. Lee needs to understand that the internet is becoming a bad neighborhood and TOR is a big part of why. TOR was started with the best of intentions. The idea of being able to keep internet users protected from their governments seemed like a good idea. For that matter I though it was a good idea.  And then I got hit with ransomware.  Now as I have posted before, a big protection for a ransomware extortionist is the ability to remain anonymous through tools like the TOR network. After all if they had to constantly worry that their “secret servers” were being tracked by law enforcement and being shut down they would not be able to operate.  To say nothing of other people conducting illegal activities.  Pedophiles for, instance.

Using your same premise, conclusion based arguments, let me elaborate on my pedo comment, since you can’t have your cake and eat it to. Well, I lie, you can have your cake and eat it however you want, just remember, you’re bound to get a stomach ache. You remember Operation Torpedo don’t you? If not, or have never heard of it, let me remind you of what it was. Operation Torpedo was a Network Investigation Technique used by the FBI which led to the arrests of pedophiles. The exploit used was created with the assistance of one of the TOR Projects (an EFF project), former developers named Matt Edman. Since you want to speak about hard, cold facts, versus “circumstantial” evidence, there are my facts for my statement concerning pedophiles.

Mr. Lee, your post about Russian hackers not using TOR is more than likely correct.  After all, working through a network like TOR where routing signals are encrypted and decrypted actually works against a hacking attempt where you want actual access to a target computer.  So TOR is safe from those nasty Russian hackers.

That doesn’t mean that it is safe from your real and rising to crisis levels problem.  It’s time for TOR to clean up the network.  Ransomware and other malware that relies on the TOR network   more than likely had one billion in payments to the crooks and more than likely ten or more times that in direct economic losses for the victims.  You  can check this blog for far more of what’s been happening. also apparently 60% of small businesses here in the US that have been hit with ransomware have actually closed shop.

In my researching  over the last few months I’ve found out that TOR is primarily funded by the State Dept. and that one of the key things in the budget was the requirement by TOR to take action when criminal activity was occurring. Yet the general tone of you, and others at TOR is, “hear no evil, see no evil” and attempts to excuse away any responsibility. This when the estimate of illegal activity on the TOR network exceeds the legitimate traffic by some estimates.

After six months of personal mental trauma because my files had been trashed and seeing how ransomware has spread and only grown over those six months I have to think that it’s time that you stopped looking for imaginary Russian hackers and started to deal with your network becoming a enabler for massive destructive forces actually inflicting data destruction all over the globe.  With the onset of the new year it looks as if things are only going to get worse. The problem is that if a society or a network doesn’t police itself, that society or network is going to spill it’s bad actors onto people outside the network.  While the dark markets can be safely said to be exchanges between willing people even if the things being sold are illegal and even disgusting, the same cannot be said for the ransomware people.  They are striking all and sundry, attacking people who, in normal circumstances would never enter the dark net at all.  At some point, if TOR does not clean up the activity, somebody else will, probably by shutting TOR down altogether.

How easy would that be? Well to tell you the truth I’ve been thinking a lot about that, for a variety of reasons and it may be easier than anybody would like. It could be done with letters to Congress.  Posting things to boards. Writing articles about how TOR is used by ransomware distributers. At this point, there are enough victims and potential victims that don’t want to deal with the consequences of getting hit by an anonymous extortion racket that all it’s going to take is a match to burn the network where it really hurts, it’s funding.  TOR was created by the US government and it can be taken down  by that same government.  All that is needed is for somebody to make the case.  As long as the ransomware people continue to use TOR as an enabler their actions are a sword of Damocles over the TOR knot waiting for somebody to cut the thread holding the sword.  At this point it’s only of when, not if that somebody other than me realizes that.

TOR has good uses, which is one reason that I didn’t start the process that would cut the thread.  I figured that there was 60 to 70% chance, more if I worked, at it that I could make a persuasive case that the TOR network needed to be shut down before ransomware became an even bigger issue. How much persuasion does anybody think would be required that stopping something that attacks hospitals is a bad thing? I considered turning the key as I watched the ransomware snowball, but decided not to .  Mr. Lee, the best choice you could make right now is to make a serious effort to stop talking about “attacks” from law enforcement and encouraging your people to run away from the FBI and start cleaning up you network.  This problem is not going to go away.  As long as the dark markets, the pedo rings and especially the ransomware people use the TOR network, the TOR network will be vulnerable to the final attack that will kill the network.  It’s time to stop denying that you have a problem and solve it.


The week in ransomware:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s