Japanese police urge site administrators to block Tor
Internet anonymity tool poses threat to security, NPA claims
Communications originating from online re-routing and anonymisation tool Tor, short for The Onion Router, should be blocked by internet service providers, according to the Japanese National Police Agency (NPA).
The declaration, reported by Japanese newspaper The Mainichi, comes after a series of threats were made online by someone known only by the pseudonym Demon Killer', whose use of Tor has made it impossible for the NPA to track him or her via their IP address.
Demon Killer left messages saying they intended to plant bombs in Japanese schools and nurseries. The NPA carried out four arrests in connection with the case, only to find the supposed culprits were in fact victims whose machines were being used as end points by the Tor network.
The agency report also highlighted cases where Tor had been used to post other murder threats online, as well as illegally access bank accounts and leak data stored by the Tokyo Metropolitan Police Department.
Consequently, the NPA has recommended that, in order to stop such abuses, IP addresses registered as being allocated at end points of Tor be blocked voluntarily by site administrators.
A spokesperson for online security and anti-malware vendor Malwarebytes said the NPA's decision was to be welcomed, but does not go far enough in trying to stop the anonymous remote hijacking of computers.
"Tor is just one of a number of ways to anonymise a proxy. Expert cybercriminals will find other methods to mask their IP address such as using an internet caf or a paid-for anonymising service," the spokesperson said.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"In addition, by labelling Tor as a cybercrime tool, Japan is failing to see the benefits the software has for consumers as a method to preserve their privacy while surfing online. In our world where your every click is logged and fed into statistical analysis systems, it is good to know your identity can be kept safe," they added.
The identity of the person behind the Demon Killer messages remains a mystery and the NPA is currently offering 3 million (20,000) for information leading to his or her arrest.
Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.
Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.