Tor misused by criminals

by phobos | October 21, 2014

Tor misused by criminals

Several people contacted The Tor Project recently because some software told them to install the Tor Browser to access a website. There is no affiliation between the criminals who wrote this software and Tor.

What happened here?

The computer is probably infected with what's called ransomware. This is a kind of malicious software which restricts access to the files and demands a ransom. In this case the authors of the ransomware CryptoLocker set up a website which is only reachable by using Tor. That is why people are thinking that the software is somehow related to The Tor Project.
In fact, CryptoLocker is unrelated to The Tor Project. We didn't produce it, and we didn't ask to be included in the criminal infection of any computer. We cannot help you with your infection. However, according to the BBC you may be able to decrypt your files for free. If not, Bleeping Computer can provide more information.
We, the people of Tor, are very sorry to hear that some individual misused the anonymity granted by our service. The vast majority of our users use Tor in a responsible way. Thank you for your understanding.

Comments

Please note that the comment area below has been archived.

The deep web is protecting free speech, freedom of thought, and civil rights. The deep web protects whistle blowers from getting murdered, and protecting their audience from censorship and ignorance. The deep web is a symbol of freedom and human rights. The criminals who misuse the deep web do nothing to harm the reputation of the deep web, contrary to the Stasi's dreams and hopes, contrary to dictators' aims and goals, contrary to criminals' intentions, and the deep web rocks on with freedom and safety.

The part that upsets me most here is that these jerks don't need Tor in order to be jerks. They could have put their "give us bitcoins" website in Malaysia or Russia or Panama, and it would have been impossible in practice for the authorities to shut down.

So by dragging Tor into it, they're making the "first contact" with Tor be a really miserable experience for their victims. :(

In short, this is another instance of "the bad guys are doing great on the Internet, and the good guys have very few options."

October 25, 2014

In reply to arma

Permalink

Can you explain why are those countries particularly safe for hosting clearnet websites?

There are many more countries like those -- I don't want you to misunderstand and conclude that there are three "safe" countries to go to.

As background, see the "Farmer's Market" discussion at
https://blog.torproject.org/blog/trip-report-october-fbi-conference
"I should still note that Tor doesn't introduce any magic new silver bullet that causes criminals to be uncatchable when before they weren't. The Farmer's Market people ran their webserver in some other foreign country before they switched to a Tor hidden service, and just the fact that the country didn't want to cooperate in busting them was enough to make that a dead end. Jurisdictional arbitrage is alive and well in the world."

I guess the next reading would be
http://en.wikipedia.org/wiki/Russian_Business_Network

We, the Internet, are doing really poorly at keeping organized crime from doing whatever they want on the Internet. And that asymmetry a) makes Tor even more important, because right now the bad guys have lots of options and the good guys have very few options, and b) makes it even more sad when people focus on trying to get rid of Tor and think that will solve their other problems too.

October 26, 2014

In reply to arma

Permalink

It's useless to know the IP address of the service if the host country doesn't cooperate, of course. I just thought no country (probably except for China and NK) would refuse to cooperate with the FBI.

I also didn't know something illegal such as the RBN operates openly. I now understand why I was told to not visit .ru domains.

Thank you!

legal and illegal should be used in context as in "illegal in usa". as in usa: it's legal for nsa to break into you house and say 'neighbours see you use a... bitcoins'. ( 7bln people on earth vs 300mln in usa )

October 25, 2014

Permalink

Well, that is really your problem. Who told you to install all these un-certified, un-authorized software to begin with? Your are just stupid and gullible. Do not blame Tor and Tor should not apologize. Idiots....

Well, I assume at least in some cases it's more complicated than that. A lot of infections happen these days from visiting the wrong website with your unpatched Internet Explorer. And "the wrong website" can vary by time, including e.g. the superbowl website.

So indeed you can call the average web user stupid and gullible, but that doesn't really resolve the problem, and depending on your audience it probably won't help to make it better.

As for whether Tor should apologize, I agree that we have nothing to apologize for. But we are still sad to see ordinary people get attacked by organized crime, and we are unhappy that the organized crime has decided to drag Tor's name into it. And as a final point, we'd like everybody to notice that this activity isn't "made possible" by Tor -- these criminals are doing just fine at being criminals when they're not using Tor too.

October 27, 2014

In reply to arma

Permalink

well what is the problem for nsa criminals to inject such messages? 'organised crime' as google? criminals - are they defined by court?
who profits from such PR action?

October 27, 2014

In reply to arma

Permalink

It is reasonable to say that every organized crime unit uses fraud, deception, and the likes. Therefore, if Tor is mis-used by criminals, it is a foreseeable act, just like how Tor was mis-used by teh Silk Road organizers to hide their system of trade and products. You lose, I win.

October 26, 2014

Permalink

It may be goo to mention that Classic Theme Restorer has been mentioned to change the window size by one pixel...in terms of anonymity set vs. TB with the crappy new UI.

October 26, 2014

Permalink

I personally agree with arma. The malaysian government is very aware of the jerk.
Particularly they always afraid of someone who tried to condemn them online. I got so lucky to know Tor and other underground stuff, The most jerk in our country is actually the ruled government political party. They always been jerk for almost 50 years. They misused the power given by our peoples. It happen again and again. I really hate this kind of political people.

Bitcoins are not allowed in Malaysia. They dont even have single website for Bitcoins transaction especially buy and pay transaction online.

Freedom to Malaysia.

October 28, 2014

In reply to arma

Permalink

Right here.
"Several people contacted The Tor Project recently because some software told them to install the Tor Browser to access a website. There is no affiliation between these criminals and Tor."

No, Tor isn't illegal in China, and no, Tor developers aren't criminals there.

(I don't mean to imply that using Tor in China will be safe in all cases -- but they care about what you're doing on the Internet, not what tools you're using.)

October 30, 2014

Permalink

Is it possible to "get-off-the-grid" and have total security. To be "cloaked" so to speak?
Can this be done using Tor, VPN, Proxies, whatever new security devices that are out there that are not honey-pots for NSA, Feds etc. I am buying an apple lap top and will not connect to internet until I can find out what I can do to totally protect myself. I am not a criminal, terrorist, or Fed Agency, just want to set up like "Neo" if it is possible. No joke, just want to see what I can do to completely protect myself and others if possible.

November 04, 2014

Permalink

Please any body can help me

I am using Tor Browser 4 in my work and McAfee antivirus see that tor.exe is a virus and delete it

when I change the name of Tor to any name the McAfee antivirus doesn't delet it but when I open Start Tor Browser a message appears to me :

unable to start Tor.
The Tor executable is missing.

I haven't any access on McAfee antivirus
So what should I do else If I change the name of Tor.exe to (for example browser.exe) ?

November 08, 2014

Permalink

No comments on the announced takedown today of more than 400 Dark Web hidden service sites?

SilkRoad 2.0 seems to have been the main target.