Alistar Security, a security firm in Romania, informed the Tor-talk mailing list that it had received a subpoena from Cook County commanding the company to produce records regarding the “real IP address” from one of Alistar’s Tor exit nodes.
Alistar Security’s Sam Gruneisen, who is listed as the Whois contact for the IP 220.127.116.11, wrote:
I just wanted to let you know that Washington sent us a subpoena regarding one of our exit nodes in Romania. They want to know the real IP behind the Tor Network. I mailed them what Tor is and why I can't help them in identifying this person. Nevertheless I will give you the link to the full subpoena. Maybe you guys find it interesting. I will forward the subpoena to our lawyer as well.
The subpoena commands the “Keeper of Records” at Alistar Security “to appear and testify before the Independent Inspector General of Cook County” on Friday, April 24. By the way, Alistar is located in Bucharest, Romania. Here’s the actual details attached to the subpoena:
Since Whois info put the ending IP of 18.104.22.168 as belonging to Cook County, it made me curious if Cook County was hacked recently. A quick search led to an article from a year ago, April 2014, claiming there was concern that the Cook County employee computer system may have been hacked. WTTW Chicago Tonight reported:
Cook County’s Risk Management Department began investigating the filing of unfounded unemployment claims for 5 employees in the Cook County Sheriff’s Office, 8 employees in the Cook County Assessor’s Office, and 1 or more employees in the Cook County Board of Review office.
Sources say that there is great concern that the county computer system or the state computer system was hacked, allowing access to the employees' personal information and the filing of the fraudulent unemployment claims.
The county employees affected were told today that their information may have been hacked.
The "Cook County Inspector General’s Office" was said to be "investigating the cause" of the fraudulent claims filed. While it’s understood that anything government-related as well as the wheels of justice are said to move slow, surely Cook County didn’t wait a year after thinking it was hacked before sending out a subpoena that commanded Alistar to provide an IP answer in a week from the time it was issued? Does that mean it was possibly hacked again more recently?
At any rate, the Cook County Office of the Independent Inspector General doesn’t seem to understand that a Tor exit node is like a proxy, the same as a VPN. It wouldn’t be the first time law enforcement misunderstood how Tor works and busted the wrong person because that person was a Tor exit node operator.
Or perhaps Cook County understands perfectly, as was pointed out on Hacker News; "sandworm" commented, “They need a non-response to take things to the next step. That step is probably political. They want the bullet point about why criminals are getting away due to VPNs, Tor and other online nasties.”
Lastly, although it's doubtfully a conspiracy-related ultimatum like another Hacker News user implied, FBI Director James Comey visited Bucharest, Romania, in March; the visit allegedly "was not publicly announced." Comey met with Eduard Hellvig, the head of the Romanian Intelligence Service (SRI). The two discussed “the state of cooperation between the SRI and the FBI,” as well as “the concrete directions for the future development of our partnership.” Hellvig added, “Under the SRI - FBI bilateral partnership, we intensively exchange information and conduct joint operations in several areas of priority, such as cybersecurity, the combat of organized crime and corruption, fighting terrorism and espionage."