On Friday, a post on the Tor Project's blog sent out an alarming message: "The Tor Project has learned that there may be an attempt to incapacitate our network in the next few days." More than 2 million users use the network to obscure their identities online, but law enforcement has been increasingly aggressive about pursuing criminals across Tor in recent years. Tor's tip suggested the latest attack would be directed against the network's directory authorities, which guide users to the available relays. If those authorities came down, users would be lost on the network, and the service would be effectively broken. Still, the post assured users that measures were being taken to ensure the authorities were backed up and the service as a whole remained online.
"The chassis of the servers was opened..."
Still, at least one volunteer running a Tor server has seen the server taken offline in the wake of the announcement. In an email to the Tor-Talk listserve, the user responsible for a group of exit nodes and mirrors under the name "Cthulu" told the list his network had been abruptly taken down over the weekend. "The chassis of the servers was opened and an unknown USB device was plugged in only 30-60 seconds before the connection was broken," the message reads. "From experience I know this trend of activity is similar to the protocol of sophisticated law enforcement who carry out a search and seizure of running servers."
Physical assaults on servers can be useful for law enforcement officials looking to pull server data or trace users across the network, although most recent law enforcement actions (like last year's Freedom Hosting busts) have focused more on digital exploits. It's unclear whether any warrants were served as part of the takedown. "At this moment in time I am under no gagging orders or influence from external parties/agencies," the message concluded. "If no update is provided within 48 hours you may draw your own conclusions."