Tor warns users of possible attempt to disable its network
The Tor Project has issued a statement warning that it has learned of a possible "attempt to incapacitate our network in the next few days." The statement doesn't identify the source of the alleged threat but warns an attack might come "through the seizure of specialized servers in the network called directory authorities."
After assuring users that their anonymity won't be compromised in the event of an attack, Tor appears to beg any would-be server seizers not to do anything mean:
We hope that this attack doesn't occur; Tor is used by many good people.... Tor is also used by banks, diplomatic officials, members of law enforcement, bloggers, and many others. Attempts to disable the Tor network would interfere with all of these users, not just ones disliked by the attacker.The appeal to the feelings of banks, diplomats and law enforcement seems to suggest that the anticipated attack might come from a government agency rather than a traditional hacker group. After all, you don't warn off members of Anonymous or Wikileaks by crying "Won't somebody please think of the diplomats!"
Regardless of the source of the threat, this latest announcement is yet another blow for Tor which now seems to be permanently on the defensive against suggestions of vulnerability, internal dissent and government interference. Certainly it's clear now that the technology is not the dissidents' panacea as which it was once billed.
I've contacted Tor to ask for more specifics on the threat and will update this post if I hear back.
Update: A representative of Tor has added more context to the warning...
To be sure to keep our source safe, we're not providing more details quite yet.
But actually, we don't know many more details than the ones we posted. And as for your 'why', that's an excellent question, and one we've been wrestling with too. There are nine directory authorities, spread around the US and Europe. If they're trying to hunt down particular Tor users, most possible attacks on directory authorities would be unproductive, since those relays don't know anything about what particular Tor users are doing.
Our previous plan had been to sit tight and hope nothing happens. Then we realized that was a silly plan when we could do this one instead. "Our previous plan had been to sit tight and hope nothing happens. Then we realized that was a silly plan when we could do this one instead."