Spying On Tor

juct writes "The long-standing suspicion that the anonymizing network TOR is abused to catch sensitive data by Chinese, Russian, and American government agencies as well as hacking groups gets new support. Members of the Teamfurry community found TOR exit-nodes which only forward unencrypted versions of certain protocols. These peculiar configurations invite speculation as to why they are set up in this way. Another tor exit node has been caught doing MITM attacks using fake SSL certificates."

Re:Shared keys, browsers, and malice

[Anonymous Coward]

Huh? You make no sense. SSL is private-key encryption. Every browser I have ever touched does offer a solution for checking against MITM attacks, namely by warning if the certificate is self-signed or doesn't match the site that sent it.

How can ...

[Anonymous Coward]

people be smart enough to setup tor, but not smart enough to use GPG/PGP/etc. ?

TOR is *not* a privacy tool in the sense it hides your message contents. It hides your route. So with Tor people know what is being sent, just not who is sending it.

It's not hard people, encrypt your traffic, then send it through TOR. OMG wow, I R SMRT!

Please help us improve our documentation.

[Nick Mathewson]

Hi all. I'm one of the Tor authors.

We're trying very hard to get out the message that you should always use encrypted protocols over Tor, if you're doing anything even slightly sensitive.

Right now, we do this in our documentation, and in a list of warnings on our download page [torproject.org]. But obviously, this isn't good enough, since some of the commenters here seem to be surprised at finding it out.

Does anybody have good ideas about how to get the word out better?

(As for the SSL MITM thing: we've run into situations like this one before. Usually, it turns out that the exit node isn't doing the MITM itself, but is getting MITMd itself by its upstream. This happens depressingly often in some countries, and in some dormitories. I've dropped a line to the directory authority operators Mike Perry (the guy who maintains the Torbutton firefox plugin) has been working on an automated detection tool for this stuff. It would be great if somebody with programming chops would step up and give him a hand.)

Tor gives you anonymity

[arevos]

Tor gives you pretty robust anonymity, it just doesn't provide privacy.

Re:How does a SSL MITM attack work?

[phantomcircuit]

Replace the SSL Certificate with a self signed one and hope they just click yes.

Re:Military grade anonymity? Say what?

[Old Man Kensey]

myvirtualid wrote:

clearance at - or above - top secret

There is no clearance above TS, at least in the technical sense. There is TS/SCI ("special compartmented information") clearance, which may or may not include a lifestyle polygraph exam. TS/SCI and TS/SCI + lifestyle poly are not "above" TS in any real sense, they are merely additional qualifiers used as criteria to determine whether you can be allowed access to compartmented info. If you have TS/SCI it makes that process easier, but not having TS/SCI is not an absolute barrier if the right people sign off on it (although for certain information "the right people" may consist of both houses of Congress and the President).

Compartments can be as loose (within the restrictions of TS) or as restrictive as necessary. There can be (and I understand are) compartments with only a handful of people.

Re:How can ...

[Chyeld]

Congratulations, you are only half wrong.

With "Joe Random"'s public key, you can indeed encrypt using it and only the owner of the matching private key can decrypt it. However, who is to say that you are really using Joe's public key?

And conversely, if you get something signed that can be decrypted using Joe's public key, how can you be sure that it was actually signed by Joe?

The answer is, you can't. Not unless Joe has a secure way of providing you his public key. Perhaps publishing it to a web site works, if the only part of your identity that is being proven is that you are "Joe of web site X". But that still doesn't prove much about Joe, does it?

Re:Conclusion:

[dave562]

And well , Tor never claimed that it couldn't be abused .

Very true. During one of the original presentations done at Defcon it was mentioned that Tor was already being abused by the government to obfuscate emails for political purposes. It was also mentioned that at the time of the presentation, the potential for both an entry and exit node to be on machines connected to a Level3 connection. One of the big concerns at that point was that with the increased consolidation of backbone providers, it will become more and more difficult to achieve the aims of anonymity.

Re:Conclusion:

[Kadin2048]

Tor is so easy to abuse (if you run a tor server) it's not even funny. Just take a look at the code, it's trivial to hack. It's funny how much of the OSS community are proverbial sheeple, believing that since it's open source, it must be secure.

I know I'm feeding a troll here, but I think this is an opportunity to clarify a point: Tor does one thing, and does it pretty well. It hides your IP address from the server you're connecting to. That's it.

It's not a "plug in security" solution, and it's not meant to protect your traffic from people snooping on it in transit. If you want that, you need to use some sort of end-to-end encryption on top of Tor. (And you need to use some form of encryption that doesn't positively identify you, or else you might as well not use Tor to begin with.)

These kind of "attacks" are trivial because they have nothing to do with Tor's actual function. They're taking advantage of user stupidity, not a design flaw.

Re:Conclusion:

[totally bogus dude]

Not really. The tor configuration lets you specify an "exit policy": addresses and ports which you will allow your node to be used as an exit for. Tor clients know what the exit policy of each node is, and don't try to exit out of a node which doesn't allow those connections to be made.

It's only disruptive if you use a firewall to prevent certain connections, and don't let tor know that you're doing so. In that case, a client may select you as an exit node, but the connection will fail. If you configure your exit policy to match your firewall policy, then clients know your server won't allow their connection to a particular host/port, and won't select it as an exit node.

Therefore, if your purpose in running tor is to snoop on unencrypted traffic, you would set your exit policy not to allow connections to port 443, because that's almost always encrypted, and thus minimise the amount of traffic exiting your node which you're not able to sniff. Or more likely, you'd set it to only allow connections to port 80 or whatever it is you're interested in.

Note that exit policies are very useful and quite legitimate. For example, I run two tor servers: one on my own dedicated server at a US colo facility on a dedicated IP address, which uses the standard tor exit policy which is fairly permissive. At work we have an unmetered fibre connection we don't use much, so I run a tor server here with a highly restrictive exit policy: deny everything (in other words, it's purely a relay or entry point, not an exit point). This limits our exposure; I'm willing to deal with people complaining about abuse from my own server, but I don't want to get our organisation involved in such disputes.

Most tor servers won't allow you to connect to port 25, as another example, because that effectively turns your tor server into an open SMTP relay.

But the tor people *do* explain that.

[Grendel Drago]

There's a link on the tor homepage [torproject.org] to a set of warnings [torproject.org]; number four reads:

Tor anonymizes the origin of your traffic, and it encrypts everything inside the Tor network, but it can't encrypt your traffic between the Tor network and its final destination. [torproject.org] If you are communicating sensitive information, you should use as much care as you would on the normal scary Internet -- use HTTPS or other end-to-end encryption and authentication.

The link goes to an explanation saying that you should use end-to-end encryption if you want to do more than just hide the source of your traffic. It's written in plain english, and it's fairly prominently featured on the front page. What's the problem?