On Friday, a warning of a possible effort to hijack significant portions of the anonymizing Tor network was leaked to the Tor Project. And over the weekend, a cluster of servers in a Netherlands' data center that were used as Tor “exit nodes” and as mirrors for two Tor Project services were taken offline. However, it’s not clear who took the servers down or if law enforcement was involved.
Thomas White, an operator of a large cluster of servers providing an exit point for Tor traffic in the Netherlands, reported to a Tor news list that there was suspicious activity overnight on the servers. The servers, according to DNS data, were hosted in a data center in Rotterdam.
“I have now lost control of all servers under the ISP and my account has been suspended,” White wrote late on Sunday, December 21, in his first message on the takedown. “Having reviewed the last available information of the sensors, the chassis of the servers was opened and an unknown USB device was plugged in only 30-60 seconds before the connection was broken. From experience I know this trend of activity is similar to the protocol of sophisticated law enforcement who carry out a search and seizure of running servers.”