Cook County subpoenas Romanian security firm, a Tor exit node operator, for 'real' IP

Was Cook County (Chicago) hacked again or are the wheels of justice just now moving a year after the last alleged hack of its computer systems? A Romanian security firm which runs Tor exit nodes received a subpoena from Cook County asking for the "real" IP address that used an exit node IP address to access a Cook County IP.

Tor
Credit: Tor Project

Alistar Security, a security firm in Romania, informed the Tor-talk mailing list that it had received a subpoena from Cook County commanding the company to produce records regarding the “real IP address” from one of Alistar’s Tor exit nodes.

Alistar Security’s Sam Gruneisen, who is listed as the Whois contact for the IP 176.126.252.11, wrote:

I just wanted to let you know that Washington sent us a subpoena regarding one of our exit nodes in Romania. They want to know the real IP behind the Tor Network. I mailed them what Tor is and why I can't help them in identifying this person. Nevertheless I will give you the link to the full subpoena. Maybe you guys find it interesting. I will forward the subpoena to our lawyer as well. 

The subpoena commands the “Keeper of Records” at Alistar Security “to appear and testify before the Independent Inspector General of Cook County” on Friday, April 24. By the way, Alistar is located in Bucharest, Romania. Here’s the actual details attached to the subpoena:

Cook Country Inspector General subpoena to Alistar Security Alistar Security

Since Whois info put the ending IP of 12.218.239.38 as belonging to Cook County, it made me curious if Cook County was hacked recently. A quick search led to an article from a year ago, April 2014, claiming there was concern that the Cook County employee computer system may have been hacked. WTTW Chicago Tonight reported:

Cook County’s Risk Management Department began investigating the filing of unfounded unemployment claims for 5 employees in the Cook County Sheriff’s Office, 8 employees in the Cook County Assessor’s Office, and 1 or more employees in the Cook County Board of Review office.

Sources say that there is great concern that the county computer system or the state computer system was hacked, allowing access to the employees' personal information and the filing of the fraudulent unemployment claims.

The county employees affected were told today that their information may have been hacked.

The "Cook County Inspector General’s Office" was said to be "investigating the cause" of the fraudulent claims filed. While it’s understood that anything government-related as well as the wheels of justice are said to move slow, surely Cook County didn’t wait a year after thinking it was hacked before sending out a subpoena that commanded Alistar to provide an IP answer in a week from the time it was issued? Does that mean it was possibly hacked again more recently?

At any rate, the Cook County Office of the Independent Inspector General doesn’t seem to understand that a Tor exit node is like a proxy, the same as a VPN. It wouldn’t be the first time law enforcement misunderstood how Tor works and busted the wrong person because that person was a Tor exit node operator.

Or perhaps Cook County understands perfectly, as was pointed out on Hacker News; "sandworm" commented, “They need a non-response to take things to the next step. That step is probably political. They want the bullet point about why criminals are getting away due to VPNs, Tor and other online nasties.”

how Tor works 1 EFF
how Tor works 2 EFF
how Tor works 3 EFF

Lastly, although it's doubtfully a conspiracy-related ultimatum like another Hacker News user implied, FBI Director James Comey visited Bucharest, Romania, in March; the visit allegedly "was not publicly announced." Comey met with Eduard Hellvig, the head of the Romanian Intelligence Service (SRI). The two discussed “the state of cooperation between the SRI and the FBI,” as well as “the concrete directions for the future development of our partnership.” Hellvig added, “Under the SRI - FBI bilateral partnership, we intensively exchange information and conduct joint operations in several areas of priority, such as cybersecurity, the combat of organized crime and corruption, fighting terrorism and espionage."  

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.