New UK Cyber Police Chief: We Need Skills To De-Anonymise Tor Crooks

Britain’s brand new cyber police force is hungry to recruit people with the right skills to de-anonymise and catch crooks on Tor, the organisation’s chief told TechWeekEurope today.

The National Cyber Crime Unit (NCCU), launched alongside the National Crime Agency earlier this week, has continued an ongoing project to break the anonymisation of Tor users where it believes illegal activity is taking place, NCCU chief Andy Archibald told TechWeek this morning, during a discussion hosted by Symantec.

The force is keen to employ more technical people so it can track criminals despite their use of anonymising tools, but Archibald did not go into detail on how the force determined who to uncloak – or how the NCCU actually does the job.

Cracking Tor protection

“Tor and anonymisation represents a challenge… We need people with the skills, tools and infrastructure to conduct our work to ensure those who are operating there are not anonymous, so that we can go in there, that we can collect intelligence and evidence,” he said.

Archibald added that he didn’t want to cripple privacy tools, only get at those who police believe are carrying out crimes.

“We are not interested in those who are using Tor for perfectly legitimate purposes,” he added.

“You may think you can operate anonymously online with the security of Tor to conduct your business, but you can’t.”

He said the NCCU could gather evidence from other dark web sites too, whether they are on Tor or not.

The Tor network claims to provide anonymity by routing users through different servers across the world, using what is known as the Onion Router. It also encrypts user communications, but intelligence agencies and law enforcement have shown ways to circumvent protections, even if the basic architecture seems to be secure.

In August, the Tor Project reported that someone, whom some suggested was the FBI, managed to compromise a major Tor-based hosting firm, Freedom Hosting, to inject a JavaScript exploit in pages delivered to users. That would then upload malware onto the users’ machines, meaning they could be tracked.

The NSA and GCHQ are keen to break the protections surrounding Tor too, although successful efforts also appear to have involved the exploitation of users’ machines, according to leaks handed to the Guardian.

The most infamous site on the Tor network, the drug bazaar Silk Road, has now been shut down, with the creator and a handful of dealers in the UK arrested. However, it appeared basic security failures by Silk Road overlord, the Dread Pirate Roberts, such as leaving breadcrumbs online to his identity, resulted in this week’s arrest, according to the indictment.

Archibald hinted a more proactive approach would be taken to prevent crime, rather than acting responsively after events happen. The NCCU website also hints at a more aggressive approach, saying it would “target criminal vulnerabilities”.

“The tactics, techniques and opportunities for law enforcement in a changing criminal environment, we need to look at them all. We need to look at the legislation, what’s legal and the opportunities that we have for disruption,” Archibald told TechWeek.

“We won’t arrest our way out of this. It’s about how can we disrupt, how can we dismantle, how can we make things difficult.” He added that the NCCU would be “lawfully audacious”.

Tech cops and robbers – Try our quiz!