Tor – the Onion Routing Network

Home , Evolution (marketplace), Onion routing

MSB-51.1 [email protected] Á incidenthantering, Enheten för operativ cybersäkerhet och it cybersäkerhet Verksamheten för samhällets informations samhällsskydd och beredskap Myndigheten för sgeir Davidsson Although this network was primarily used as a t peak connection load of 85 000 connections at its busiest.[2] network managed to process over 50 000 connections per day and reported a of 200 implementation. This network would run for the next fouryears, until January network, running what has since been named the 'Generation 0' specific term for the proxy servers described above). This was the original Tor network was built on a single machine inthe NRL Following the publication 'Hiding Routing Information', a proof speaking) in order to learn where to forward the packet. encryption is the one each proxy has to decrypt (or peel, metaphorically transmission in layers, much anlike onion, in which the outermost 'layer' The onion metaphor derives from the network being setup by encrypting the knowledge of both the origin and destination of the traffic. proxy isable to read the or on the Internet through a series of proxies. Within this system only the last system iscapable of forwarding encrypted traffic between a client and a server Routing In the NRL, Goldschlag, Reed, and Syverson, published the seminal paper 'Hiding 1995 when research began on anonymous routing. In 1996, three researchers at as a research project of the United States Naval Research Laboratory (NRL) in According to the 'Brief Selected History' of Paul Syverson[2], Tor b forwarding traffic on behalf of the network's clients[1]. on the internet with relays and users in more than six thousand servers reason, the Tor n 'black box' that hides the routing information of network participants. For this The network provides anonymity to both andclients servers, functioning as a Tor Project, Inc. and a worldwide network of volunteers. The Tor network is a low latency, onion routing network Tor and scalability tests, work was already underway in1997 to build the next

0 when it was shut down. During its four year lifespan, the Generation 0 – C

ERT the Onion Routing Network formation'[3] and coined the term 'onion routing'. An onion routing - SE etwork has become one of the most popular anonymity tools

iginal transmission, and no single proxy has - -

och 2015 Datum TLP: WHITE PM

estbed for performance tuning

running five relays (the Tor - 11

- 20

operated in part by the

- of egan its life - concept 136202 Diarienr of

- 1

( 12 )

MSB-51.1 samhällsskydd och beredskap Myndigheten för Tor network is estimated to handle connections for more than 200 000 with strong concentrations inGermany and the United States. Every day, the and100, composed of a handful of nodes. theBy end of 2004 it had grown to more than relay servers around the world. At the end of 2003, the Tor network was Around this point, the Tor network begins to grow as volunteers begin hosting documented on the Tor Project paper on the design of the network. Further changes to the Tor network are several additions that are not covered inthis publication, this isthe last formal Din published under the title 'Tor: The Second Generation Onion Router'[2 In 2004, the formal design specification of the Generation 2 Tor network is composed of the original developers and newcomers alike. handled by the Tor Project, In point onwards, further development and network management has been code of the Tor network was open Lab to becoming its own non transitioned from being an internal project of the United States Naval Resear The modern Tor network was deployed in October of 2003, as the project become a popular but controversial feature of the Tor network. ONR also funded the devel Research (ONR) to deploy and further develop the Generation 2 network. The In 2003, further funding was granted the Tor project fromthe Office of Naval deployed Tor network. Generation 2. The was made to abandon the Generation 1 code and build a new version called under the Fault Tolerant Networks Program. A year later, in2002, a decision In 2001, funding for onion routing development was reestablished by DARPA, Research Projects Ag funded by the NRL via the Office for Naval Research and the Defense Advanced effectively halting further development. At this point, work on Tor had been Work continued on the Generation 1 design until 1999 when funding ran out, behalf of the ne operators more control over the traffic they wish to forward to the Internet on the Generation 1 design includes the addition of exit policies to allow relay under the title 'Anonymous Connections and Onion Routing'[4]. Most notably, generation was published by the same team (Goldschlag, Reed and Syve iteration of Tor, the ‘Generation 1’ design. The design specification for the next users.[7] gledine, Mathewson and Syverson. Although the Tor network today has

as of 2015 there are thanmore 6000 relays operational worldwide, twork.

Generation 2 design is the foundation of the currently ency ency (DARPA).

opment of hidden services, which would later - profit organization. As part of this handover, the c. , Inc.'s blog[5][6]. -

a registered US non - sourced under the MIT license.[2] From this

2015 Datum TLP: WHITE PM

- 11

- - profit organization 20

136202 Diarienr 0 rson) ], by

( 12 )

MSB-51.1 samhällsskydd och beredskap Myndigheten för As a side note, these directory servers are the core of the particular Tor network directory servers from affecting the security of the directory consensus. contents. This design preve consensus to make sure that at least half of the directories agree on its trusted;fully instead clients and relays will verify the signatures of the s distributed to relays willing to cache the directory consensus. To avoid creating consensus isreached, the result issigned by the directory servers and consensus concerning the state of the network between themselves. Once this order to be listed appropriately. The directory s which will advertise their availability and statistics to the directory servers in along with the public key of each directory server. This isthe same for relays The address of the directory servers i network. All of this is essential for clients to be able to construct circuits through the Tor addition, the directory servers also keep track of the exit policies of exit relays. the public keys necessary for toclients est responsible for gathering a list of active relays inthe network, and providing operated by vetted organizations around the world. Directory servers are Directory servers SMTP, NTP, SSDP, etc. exit policy operators could easily choose to reject abuse policies was a huge step forward in reducing abuse from the Tor network, as to forward out of the network, and to which networks. The introduc exit policy, which specifies which kind of traffic, port inside the Tor network to the outside Internet. Each exit relay has an associated Exit relays that censor or block Tor. necessity must be public, the operator risks appearing on blacklists in countries exposed to relatively little liability. However, because relay addresses by Internet. Relays are considered relatively 'safe' to operate, as network and as such, are never used to connect out of the network to the some amount of bandwidth. Relay servers only forward traffic inside the Tor Relays can be operated by anyone Relays a server on the Internet. These are; relays, exit relays and directory servers. The DoesHow the Work? Tor Network that issynonymous with Tor itself. Anyone could es ingle

Tor network requires three components to anonymously connect a user to - points of failure in the network architecture, directory servers are not

are the most common type of server deployed in the Tor network.

perform the same function as relays, but al

are the only centralized part of the Tor network, and are

nts anything less than a compromise of half the willing to the run Tor software and donate s included inthe distributed Tor software, ablish secure connections to them. In 2015 Datum TLP: WHITE PM ervers will then build a

- tablish a new Tor network 11

- wise, the relay iswilling - 20 - so forward traffic from prone protocols such as

the operator is

tion of exit 136202 Diarienr

( 12 )

MSB-51.1 samhällsskydd och beredskap Myndigheten för connect to the server Bob (see also [8] for illustrated explanation) As an the Tor network to the Internet. With these three concepts explained, it is possible to build a 'circuit' through offering an alternative to the default directory servers. diff degree of anonymity gained by aggregating a large amount of traffic from clients, relays and directories is entirely open by providing their own trusted directory servers, as the code that runs the

erent users inthe same systems, and so there have been very few initiatives 6. 5. 4. 3. 2. 1.

example, consider the case of the client Alice wishing to anonymously relay) contents to next. When the transmission arrives at Relay (the3 exit transmission and discovers where to forward the still When Relay 1receives this transmission, it decrypts (or peels) the with the session keys of Alice can now construct a request for Bob and sequentially encrypt it key known only to her and each respective relay. Relay and3 has thus established a 3 shared only by her and Relay 2 temporary key with Relay 2 through Relay 1and so gains a session key Relay 2 by exactly the same method. Alice establishes another Alice will then request Relay 1to extend her circuit by one jump to perfect forward secrecy. Alice now has communication and then destroyed inaccordance with the principle of and Relay 1now share a session key that will be used only for this directory consensus and a temporary session key with the relay. Alice Alice gets the IP address and identity digest for Relay compatible with her purpose. Tor network, where one of those isan exit relay with an exit policy Alice now selects three relays with which to build a circuit through the aswell their public keys. all currently active public relays and exit nodes inthe Tor network, a signedsign by at least half of the directory servers, and now has a list of consensus from the server. Alice verifies that the directory consensus Alice connects to a directory ser software. Alice begins by downloading and verifying the integrity of the Tor client

, the traffic is decrypted into its original form and sent to Bob.

the Relays, in the order of farthest

. Alice repeats this process again with ver requestsver a copy of the directory - jump circuit with a unique session - 2015 Datum TLP: WHITE PM

source. However, there is a a 'circuit' of one hop.

- 11

- 1 from her encrypted

- to

- closest. 136202 Diarienr

( 12 )

MSB-51.1 samhällsskydd och beredskap Myndigheten för specific to the hidden service. The hidden services will then ask a set of relays When a hidden service is established, its operator will create a public key pair points and rendez client and hidden service from one another effectively. These are introduction an exit relay. Instead, two additional ty circuits, a client wishing to reach a hidden service will not to need make use of Tor network. Although reaching the hidden service will still require building thefrom mechanism use The mechanisms used for communicating with hidden services are different lookups. Domain system that utilizes an in persistent name, or URL address. This isaccomplished through a Top Level clients, Tor includes a mechanism for allowing hidden services to maintain the Tor network. In addition to providing the same routing anonymity as for A 'Hidden Service' isa server that communicates exclusively with clients using Hidden Services network in its unknown, he or she can connect through the bridge to gain access to the Tor Assuming that a user can receive the address of a bridge relay that remains internet traffic, is unable to block the entire set of relays inthe Tor network. this approach is that an adversary, capable of censoring and/or bl out directory servers. Instead, the address of bridge relays are distributed through Bridge relays success for the majority of clients. to. This design does not defeat such attacks, but changes the likelihood of its client will always use a relay fromthis set to build the first jump in the circuit randomly pick a set of relays to as guard use relays. When building cir attacks using traffic analysis. When a client connects to the Tor network, it will traffic within the Tor network) but serve a purpose in protecting clients from Guard relays network. These are guard relays and bridge relays. two additional types of relay that an serve important role inthe modern Tor Althou Guards and Bridges to Alice. with each Relay adding another layer of encryption and passing the reply back When Bob eventually replies, the encryption sequence isrepeated inreverse to function as introductions points. These relays will accept a public key from - of - gh not strictly essential for building circuits, the Tor network does have band (relative to the Tor network) channels to end users. The benefit of

entirety.

function in exactly the same way as regu are relays that are not public - vous points.

d by clients wishing to reach the Internet through the

network distributed hash table (DHT) for pes of relays are required to hide the ly listed by the Tor network 2015 Datum TLP: WHITE PM

- 11

- 20 lar relays (forwarding

ocking 136202 Diarienr cuits, the

( 12 )

MSB-51.1 samhällsskydd och beredskap Myndigheten för Upon receiving and decrypting the one through its persistent circuit to it. reach and forwards the encrypted one The introduction point recognizes which hidden service the the public key of the hidden service and the address of the rendezvous relay. introduction points and sends it a copy of the one and gives it a one The client will then build a circuit to relay willing to act as a rendez the public key and introduction points of the hidden service. she wishe Assuming that a user can find a legitimate '.onion' address for the service heor as The Hidden Wiki. 'thesilkroadnz03k9' when hovering over a link on a semi unlikely are relatively vulnerable to look that popular services have begun using brute trust inthe identity of a service from an outside source. Combined with the fact band. As bemight imagined, this design means that users must place thei user receivemust the address of the service heor she wishes to visit out As the Tor network provides no means for clients to discover a hidden service, a operator[9]. long, typically the first 8 characters are within the grasp of human readable. Although brute performed on the public key of the hidden service until the resulting hash is popular for well fact that they are key values ina DHT. However, it is possible and relatively These 16character addresses are random alphanumerical strings, reflecting the designator to the key. Aclient can then use this hash with the '.onion' top level domain character hash derived from the public key of the hidden service will be used as of the Tor network. The descriptor becomes the value in the table, and a 16 the private key of the hidden service and uploaded to the distributed ha location of its introduction points. The service descriptor is then signed with create a 'service descriptor' composed of the public key of the service and the Having established circuits to theseintroduction points, attacks against any single introduction point. service will have several introduction points to prevent denial the service a builds a circuit to the rendez

to be able to discern the difference between 'thesilkroad10dkr' and s to visit, the client will look

nd will maintain a persistent circuit to the hidden service. Ahidden perform a lookup inthe table through the Tor software package. - known hidden serv - time secret. The cl

- vous relay and sen - alike attacks. For example, a user is relatively - forcing the entire hash would take far too

ices to brute ient then builds a circuit to one of the - - up up the address inthe DHT and retrieve time secret back to the hidden service - time secret, the hidden service then -

forced addresses, hidden services 2015 Datum TLP: WHITE PM ds it ds the one - force the hashing algorithm - time secret encrypted with

- 11

- 20 - the hidden service will

trusted website such

a patient user is trying to -

time secret. - of

- service (DoS) - vous relay 136202 Diarienr sh table - of r -

( 12 )

MSB-51.1 samhällsskydd och beredskap Myndigheten för especially pertinent for hidden services such as the hidden wiki, where Additionally, the problem of look trustworthy, based on their interests. However, the listing isneither exhaustive nor entirely mirrors/imitators maintain a list of known hidden services for users to discover deployment of hidden services in 2004[2]. The hidden wiki and its associated Hidden Wiki'. The hidden haswiki existed inone form or another since t also to led the creation of an 'index' of known hidden services called 'The The lack of a discovery mechanism inherent in the design of hidden services all h use common ransomware variants (Cryptolocker, CBT host key back to them) in particular has been making increased use of hidden services to that encrypts sensitive data belonging to the victims and atte services to host command and control infrastructure. Ransomware (malware Malware has also increasingly been making use of the Tor network and hidden contraband[13]. facilitated the sale and movement of two hund the operation. the By time of its seizure, the Silk Road was estimated to have the operation and was sentenced in2015 to life inprison for his part inrunning operation. The operator of the s marketplace until it was taken down by the FBI in2013 after a prolonged sting The Silk Road was for a time the most successful online drug and contraband hotbed for child sexual abuse material. was dismantled in its entirety when it was dis Freedom Hosting was a large Tor contraband, andact as command and control infrastructure for malware. distribute child Hidden services have also been used by less reputable actors as a mechanism to organization[11]. Wikileaks likewise maintains a similar service on Tor[12]. remain anonymous to upload large sets of documents ina secure manner to the example runs a hidden service called 'Strongbox' that allows those wish services to transfer documents and establish trust. The New Yorker, for groups of users[10]. Journalists and whistleblowers have made use of hidden The anonymity of hidden services provid connecting it to the hidden service. forward traffic between the circuit connecting it to the client and the circuit Having received the same one

idden services in this way[14]. -

generation servers and landing pages. Asof 2015, three of the most as the various hidden wikis are run by anonymous operators.

sexual abuse material, facilitate the sales of drugs and other

- time secret, the rendezvous relay will then ervice, Ross Ulbricht, was also caught as part of - - alike addresses, as mentioned previously, is based hosting company whose infrastructure

es a powerful draw to many different covered that it had become a 2015 Datum TLP: WHITE PM red million dollars worth of

- - locker and Torrentlocker) 11

- 20

mpts to ransom it

136202 Diarienr ing to he

( 12 )

MSB-51.1 samhällsskydd och beredskap Myndigheten för 2011 when the Great Firewall began employing deep packet inspection (DPI) While initially successful, the tide turned once more in favor of the censors in bridges from different accounts. efforts by censors to enumerate the bridge relay set by repeatedly asking for steps to prevent bots from creating accounts inbulk and that this would hinder mail address. The logic behind this limitation being that Yahoo and Google take e bridges. To receive a bridge, a potential Tor user can send a specifically formed distributed insmall sets so that no client would have a complete list of all the client's network futile. To further frustrate ce the hostile network, this measure makes blocking the directory servers on the consensus from the directory servers. Aslong as the bridge is located outside directly to their acquired automatic mechanism. Clients operating in hostile network can connect not be listed by the directory servers but instead be distributed through a semi To co network from extending circuits between known relays. buildingfrom the first hop into the Tor network, or relays within the affected use this list to create a comprehensive blacklist. This would prevent Tor clients Tor network, it is trivial for an adversary to co In addition, since the directory servers maintain a list of all active relays in the clients from bootstrapping themselves into the network. few innum to block traffic destined for the networks directory servers. These are relatively Initially, the simplest way for the censors to block usage of the Tor network was these censorship and anti The history of Tor and the Great Firewall of C block or disrupt the network at any time. incremental cat with such threats. The evolution of such measures has typically followed an Internet traffic, the Tor Project, Inc. began extending the Tor in countries with regimes that censor or otherwise block certain kinds of the outset[15]. However, as the Tor network has become increasingly popular its threat model, nor itdid include The design of the Tor network did not originally identify censorship as part of Censorship and Anti operator to directly clients to copycat or compromised hidden services. changing addresses is relatively trivial or c techniques to identify Tor traffic on the wire by inspecting the con - mail to a Tor Project, Inc unter this,unter the Tor Project, Inc. introduced bridge relays. Bridge relays are

ber, and blocking traffic destined to these servers would prevent - and - mouse pattern based on the specific techniques used to

bridge relay and from there retrieve the directory - censorship measures. -

e - - mail account from either a Censorship

designs for anti

ould be willfully overlooked by the nsorship efforts, bridges are be hina illustrates the evolution of nnect to the directory servers and 2015 Datum TLP: WHITE PM

- censorship measures from 11

- 20

Yahoo or Google e

design to cope

tent of traffic 136202 Diarienr

- 8

( 12 )

MSB-51.1 samhällsskydd och beredskap Myndigheten för network administrators were able to investigate which users had recently used communication was anonymous, the student was caught when Harvard a student posted a bomb threat using localvery contexts. Consider the Harvard bomb threat case of 2013[17], where which site the user is visiting or why. However, this assumption is less valid in communication: the traffic confirmation (by itself) to be a threat to the security of the wire to resist censorship measures. The threat model of Tor does not consider times efforts have been made to better hide the signature of Tor traffic on the passive surveillance to determine whether or not a user is using Tor. I Traffic confirmation confirmation and end of malicious relays, andhostile networks. However, there are two primary classes The Tor design lends itself wellto protect users from passive surveillance, of Tor Limitations to focustheir efforts on the former. producing or contributing content rather unfortunately make it possible to distinguish whether a user is more likely to be information, as opposed to producing it. The design of the Tor network does access forbidden Likewise, a censor may be content to allow a certain percentage of users to to make users self censoring the network theif chilling do not, for example, need to dev all times, censors typically adopt a 'best the nigh the goals and interest blockingadd Lastly, as Dingledine and Mathewson point out intheir 2006 paper on how to p protocols to itself hide on the wire. Work continues in this area to improve the mechanism that allows Tor traffic to more closely imitate the look of various To avoid detection by DPI mechanisms, Tor introduced pluggable transports; a further block the r packets to trick the receiver into thinking the connection has been closed, or characteristic start of a Tor connection, the censor could then spoof reset rather than relying on metadata. Upon detecting, for example, the

rofile of Tor's communication so that traffic can continue to escape detection. attacks that Tor cannot provide the same level of protection for; traffic -

impossible task of censoring every participant ina national network at - resistance to the Tor network[16], it is important to understand

information over Tor, as long as they are consuming that - ecipient entirely. censor themselves.

adversary only knows that the client is using Tor but not s of censors in order to fight them more effectively. Given - to

allows a network operator or an adversary capable of - end attacks.

ote as many technical resources to actively

- effect of periodic crackdowns issufficient

the Tor network. Even though his - effort' approach to their work. Censors

than consuming it,allowing a censor 2015 Datum TLP: WHITE PM

- 11

- 20

n recent 136202 Diarienr

( 12 )

MSB-51.1 samhällsskydd och beredskap Myndigheten för those with a legitimate need for anonymity to access their content. Foundation opted to disable certain features like editing while still allowing articles abuse from the Tor network where anonymous clients were making changes to total block bemight effective. Wikipedia, for example, faced a great deal of filter information, and optimally consider whether a severeless option than a access its infrastructure or services, especially it if has users whether or not there might be a legitimate need for its users to anonymously considering whether or not to attempt to block access to Tor should consider Torfrom exit relays was fraudule department found that the majority of traffic received by banks originating traffic that originates from the Tor network. In 2014, the U.S Treasury Similarly, private network operators may be skeptical of the abuse layer of defense. keys. In this context, blocking Tor traffic can be consid contact a hidden service command and control to retrieve or upload encryption for example, will generally not function or even encrypt data unless it isable to block access to anonymization services frowned upon, there are situations in which there exists a legitimate need to Although censorship efforts to block Tor on usage public networks is generally Blocking Tor ephemeral environment for Tor use. booted from a USB project was The Amnesic Incognito Live System (TAILS)[18], which can be minimize its attack up to build a complete, bootabl Inc. has partially recognized this problem and as a result, a project was started and send traffic directly to an adversary controlled machine. The Tor Project, forcing the clien those applications to send traffic to it to be forwarded. An adversary capable of Tor client functions as an application agnostic SOCKS proxy, it must rely on traffic to an adversary JavaScript, WebRTC exploits and other protocols or services that might send toleft secure themselves against end considered to be outside the threat model of the Tor project. Users are typically the traffic exchanged between them. By definiti compromise a client or server without compromising the routing anonymity of End in this way, the investigating authorities immediately had a lead. Tor immediately preceding the time of the threat. By using traffic confirmation

- to . Instead of blocking Tor network access entirely, the Wikimedia -

end attacks t into executing code could therefore explicitly disregard this

- - drive and provides a user surface with regard to end -

are a class of attack that can de controlled machine over the regular Internet. Since the

e environmente specifically configured to nt or malicious[19]. An organization

- to

such as Tor. Tor - end threats such as malicious - friendly way of s 2015 Datum TLP: WHITE PM - to on, end - end attacks. The result of this

- 11

- - anonymize or 20 ered to be an additional - - to enabled ransomware,

- end attacks are

in regimes that etting up an

related 136202 Diarienr

( 12 )

MSB-51.1 samhällsskydd och beredskap Myndigheten för https://wikileaks.org/wiki/WikiLeaks:Tor [12] Wikileaks: Tor https://projects.newyorker.com/strongbox/ [11] New Yorker Strongbox https://www.torproject.org/about/torusers.html.en [10] Who uses Tor? https://github.com/katmagic/Shallot [9] Github repository of Shallot, a .onion address bruteforcing tool https://www.torproject.org/about/overview.html.en [8] An overview of how Tor connections work https://metrics.torproject.org/user [7] Tor metrics for number of directly connecting users https://blog.torproject.org/blog/top [6] Changes to Tor since the 2004 design, part 2 https://blog.torproject.org/blog/top [5] Changes to Tor since the 2004 design, part 1 http://www.onion An [4] http://www.onion [3] Hiding routing information http://www.onion [2] Early history of Onion Routing https://metrics.torproject.org/networksize.html [1] Tor metrics for number of relays and bridges References rather than attempt physical assets by preventing machines from booting live to prevent Tor software from being installed, and further locking down their censors. Private network operators bemight better off locking down endpoints somewhat harder, given that it isinprinciple the same problem face hand, blocking Tor traffic originating from inside an operator network is doing so would be to simply block the entire list of exit relays. On the other For those wishing to block traffic originati

onymous Connections and Onion Routing

- - -

router.net/Publications/SSP router.net/Publications/IH router.net/History.html

ing to block Tor ontraffic the wire.

stats - - changes changes

- relay ng from Tor, the simplest means of

- -

- 2015 Datum TLP: WHITE PM tor tor country.html - 1996.pdf

1997.pdf

- - 2004 2004

- 11

- 20

- - design design

USBs USBs such as TAILS,

- -

paper paper

d byd - - 136202 Diarienr part part - - 2 1

( 12 )

MSB-51.1 samhällsskydd och beredskap Myndigheten för https://svn.torproject.org/svn/projects/design [20] Tor: fraud/ http://krebsonsecurity.com/2014/12/treasury [19] https://tails.boum.org/ [18] TAILS receives http://www.forbes.com/sites/runasandvik/2013/12/18/harvard [17] Harward student use TOR to send bomb threat without good opsec. https://svn.torproject.o [16] Design of a blocking https://www.youtube.com/watch?v=DX46Qv_b7F4 [15] 28c3: How governments have tried to block Tor http://blog.fox State[14] of ransomware 2015, Fox ulbricht http://www.forbes.com/sites/katevinton/2015/06/05/silk Silk[13] Road creator Ross Ulbr

Krebs On Security; Treasury Dept: Tor a Big Source of Bank Fraud

- -

appeals f - the second generation onion router for –

- The Amnesic Incognito Live System tor - it.com/2015/09/07/the - - life failure - sentence/

rg/svn/projects/design - - while resistant anonymity system -

sending icht appeals life sentence - IT

- - anonymous state

- 2015 Datum TLP: WHITE PM of - - - dept paper/blocking.html paper/tor - ransomware

- 11 -

tor bomb

- 20 - a

- - big design.pdf - - threat/ road - - in source

- - - 2015/ creator student

136202 Diarienr of

- bank - ross

- - 12

( 12 )