FYI.

This story is over 5 years old.

A Popular Server for Encrypted Chat Has Been 'Intentionally' Shut Down

The CCC's jabber service has been down for more than 24 hours.
September 29, 2015, 2:48pm
Photo: Shutterstock

A chat server used by countless activists, dissidents and security-minded journalists to have encrypted conversations using OTR ("Off The Record" messaging) has been down for more than a day.

The server, Jabber.ccc.de, went offline at around 9 AM UTC yesterday morning. The server is run by the European collective Chaos Computer Club.

Server outages happen all the time, but this one was accompanied by a tweet that read, "Some people are actively working at having this service shut down. Thanks." The tweet has since been deleted.

Advertisement

Hmm. Was it a denial of service (DoS) attack? A massive flood of malicious traffic could take the server down, and the cached version of their blog (web.jabber.ccc.de) suggests this has been a problem in the past.

CCC member Michael Horn (@nblr) says no:

@CthulhuSec there is no DoS going on.
— nibbler (@nblr) September 28, 2015

Offers of technical assistance on Twitter yielded this response:

@SecEvangelism there is no "crew" and the problem is not of technical nature.
— nibbler (@nblr) September 28, 2015

The game of twenty questions continued. If it wasn't a technical outage, then what was it? A court order of some kind?

@DaveManouchehri @SecEvangelism it is not a legal issue and if it was one, it would be communicated.
— nibbler (@nblr) September 28, 2015

Not a technical issue. Not a legal issue. (Assuming there's been no gag order.) What else could it be?

A quick review turns up the following tweet from less than 14 hours previous: "If you're a Russian Darkweb Money Service and you lost your password, even you won't get it back."

Additionally: If you're a Russian Darkweb Money Service and you lost your password, even you won't get it back.
— CCC Jabber Service (@jabbercccde) September 27, 2015

Coincidence? Impossible to know, and CCC has declined to answer questions.

Some unidentified party wants the CCC's jabber service offline. Not technical. Not legal. How many other options are there? So I asked:

Advertisement

@nblr if the problem isn't technical, what does that mean? rubber hoses, court order, blackmail?
— J.M. Porup (@toholdaquill) September 28, 2015

"if the problem isn't technical, what does that mean? rubber hoses, court order, blackmail?"

Which Horn seemed to think fanciful.

@toholdaquill wow, what a colourful imagination you seem to have. none of the above. nothing even close to that. move along. no story here.
— nibbler (@nblr) September 28, 2015

"wow, what a colourful imagination you seem to have. none of the above. nothing even close to that. move along. no story here."

More downtime. By the time of writing the server had been down for more than 24 hours, and there is no indication that it will be back up any time soon.

Meanwhile, speculation has begun.

Cryptography professor Matthew Green of Johns Hopkins University tweeted that it was unlikely a government takedown:

Why would a government wants to shut down jabber.ccc? It's such a useful place to grab metadata. https://t.co/V7s2MU12xd
— Matthew Green (@matthew_d_green) September 28, 2015

"Why would a government wants to shut down jabber.ccc? It's such a useful place to grab metadata."

(While OTR chat messages are encrypted, the metadata—who's talking to whom, when, from what IP addresses, and for how long—is not.)

But in a Twitter DM, Green speculated, "If the CCC guys chose not to log and/or share metadata with police during an investigation, you might see a reaction like this."

Advertisement

"A lot of people use that server," he added. "Some are journalists, some are activists, and I can only imagine that a few may be criminals…. wouldn't be surprised if Snowden used it back in the day."

So the CCC jabber server just got raided by law enforcement, and they're under a gag order?

"Either that or it's a boring DDoS and they don't want to admit it."

The CCC's jabber server is run by volunteers and is free for anyone to use. However, it has become a critical piece of infrastructure for encrypted communication. According to the documents released by Edward Snowden, not even the NSA was able to decrypt OTR traffic as of late 2012.

This makes the server a central point of failure, as many have discovered over the last 24 hours. It also makes the server admins a central point of pressure or coercion: by a court order, a secret service, or non-state criminal actors. It is alarming that the operators won't provide a straightforward explanation, beyond stating that "using [the service] is a privilege, not a right."

This is certainly true. So perhaps the solution is, as the ACLU's Chris Soghoian tweeted, to remove the central point of failure.

The sooner we transition to server-less instant messaging that doesn't leak metadata, the better. https://t.co/lOfltDv1hV
— Christopher Soghoian (@csoghoian) September 28, 2015

Update: Within a few minutes of publishing this article, the CCC Jabber Service Twitter account announced that the server had been temporarily turned off "intentionally."

Advertisement

This server has been temporarily switched off intentionally. The reason is neither government interference nor legal threat (1/2)
— CCC Jabber Service (@jabbercccde) September 29, 2015

Please stay calm, we won't delete your contact lists. Please use the time to setup/use new jabber servers out there. (2/2)
— CCC Jabber Service (@jabbercccde) September 29, 2015

After publishing this story, a source who requested anonymity contacted us with the following new information:

"As a followup on your CCC Jabber server story: In an internal CCC mailing list one of the admins said that the server was shut down due to personal threats against the people running it (the source of that threat wasn't specified). A press statement should come later today." This report is unconfirmed and Motherboard is investigating.

Correction: An earlier version of this story said Michael Horn (@nblr) is the admin of the CCC's jabber server. Julius Mittenzwei, a CCC member and lawyer, has reached out to Motherboard to say that Horn is simply a member of the collective, and not an admin of jabber.ccc.