Operation Liberty Lane is the alleged name of what is believed to be a joint operation of the United States, UK, Germany and potentially other countries with the goal to expose Tor users of illegal onion services. This operation caught my interest in January 2024, after someone had published screenshots of case files on Reddit.
According to the Reddit user Efficient_Wish_9790, this once theoretical attack has been operationalized and has unmasked thousands of users. The NCA and FBI have jointly developed a software program called „Good Listener“ that involves LE spinning up as many guard and middle nodes as possible, and then using a timing attack to correlate the IP at the malicious gaurd to the timing at the illegal HS.“
The screenshots reference an email sent by the Chief of the Federal Criminal Police in Germany (Bundeskriminalamt).
Agents in the United States are discussing their operation with Germany in email exchanges dated June 13, June 14, June 20, June 21, and June 24 of 2019. (FOIA Response, attached as Ex. E, pp. 3-11.). On June 24, 2019, for instance the Chief of the Federal Criminal Police in Germany emailed a redacted HSI agent, saying “good job! The report will be useful for us.” (Id.) This is not a one way street.
I tried to obtain email and report. The Federal Criminal Police, however, could not find the documents I requested.
Another user compiled a list of US cases associated with this operation. The relating documents include interesting Tor-related snippets. Here are snippets from Case 1:21-cr-00007-LJV-JJM Document 112:
As an initial matter, the prosecution in this case has claimed that it does not know how the hidden IP address was recovered. The government cannot, therefore, assure this Court that the manner in which it was uncovered would not shock the conscience. It is still unknown how the IP addresses were deanonymized – an ability that only nation states appear to have. To this point, the prosecution is only saying that the UK provided a “tip” to the United States that certain IP addresses accessed certain Tor websites.
Second, we now know that the United States government was more than a passive recipient of a generous tip […]>
Other emails released in this batch demonstrate that at least as early as 2018, HSI and the FBI were working together on projects they called “good listener” and were emailing documents about “guard research.” (Id., at p. 24) In the world of Tor, the entry node is often called the guard node; it is the first node to which the Tor client connects. One email purports to show how “good listener” actually works, with sections on “Background” and “Methodology.” This document is dated September 2018, well before the United States claims to have gotten a lucky “tip.”
Since January 2024, Operation Liberty Lane was discussed in multiple relay operator meetups. Until recently, no one was able to confirm or to debunk the suspicions. In recent news on law enforcement agencies undermining Tor anonymization, the Tor Project claims it is just speculation. For me, it’s sufficient to question if I should continue to recommend the use of onion services to journalists or whistleblowers. First I need to understand in more detail how the attacks are carried out and whether Iran or China, for example, could also carry out these attacks.