US and EU officials just shut down over 400 dark web sites in Operation Onymous, including several drug marketplaces and multiple money-laundering sites. The dark web can only be accessed using the Tor browser. While libertarians might say drugs should be legal (a view I agree with), most would agree money laundering via Tor needs to be stopped. Tor is widely used by privacy advocates, dissidents, and, it is clear, criminals. Tor had been thought to be invulnerable, as it routes through any number of encrypted anonymous servers. However the large number of sites taken down indicates perhaps Tor is not as secure as thought. Some of the takedowns might be been due to knuckleheads leaving passwords at defaults, re-using passwords, and old-fashioned detective work, etc. But even that wouldn’t account for hundreds of sites going black.
The sheer number of Tor-hosted sites affected by the takedown raises questions about whether law enforcement officials may have found new vulnerabilities in Tor’s well-tested anonymity shield.
Though Operation Onymous left many of that underground economy’s major players intact, Europol’s Oerting said he was more confident than ever that the remaining sites can be tracked down and pulled off the Internet.
“This is just the beginning of our work. We will hunt these sites down all the time now,” he said, praising the cooperation of all the international law enforcement agencies involved. “We’ve proven we can work together now, and we’re a well-oiled machine. It won’t be risk-free to run services like this anymore.”
Sounds to me like Tor can no longer be assumed to be secure.