Spying On Tor

juct writes "The long-standing suspicion that the anonymizing network TOR is abused to catch sensitive data by Chinese, Russian, and American government agencies as well as hacking groups gets new support. Members of the Teamfurry community found TOR exit-nodes which only forward unencrypted versions of certain protocols. These peculiar configurations invite speculation as to why they are set up in this way. Another tor exit node has been caught doing MITM attacks using fake SSL certificates."

MITM

[MartinG]

I've seen ssh MITM attempts myself with tor, but this can easily be avoided by ensuring you check your fingerprints. You do check your fingerprints, don't you?

not so fresh

[cpearson]

Old news is better than no news... i guess. /.ers have know that TOR exit notes where being sniffed for a while now and hackers certainly much longer than that.

Re:Is this not what that swedish hacker said?

[Z00L00K]

That's the normal situation - governments are permitted to do anything that's criminal for a normal citizen. As soon as you do anything is government approved or required it's no longer an issue of breaking the law. Even if it's morally wrong.

The problem here is that the guy revealed one of the weaknesses that's utilized by governments all over the world and suddenly that leak was quenched.

Shared keys, browsers, and malice

[Valdrax]

Or by using private-key encryption whenever possible. Of course neither solution means anything when you're trying to use an e-commerce site with SSL. Browsers don't offer a solution for checking the security of the connection against MitM attacks.

I find it interesting and openly malicious that encrypted protocols are blocked at some exit nodes. This may explain some intermittent problems that I've been experiencing with some of my apps that use TOR and encryption.

a more wretched hive of scum and villainy

[davejenkins]

1. set up a data-laundering haven
2. advertise amongst the warez people and criminal element
3. let enough criminal traffic (drug trafficking info) go through to build up trust that the laundering 'really works'
4. Wait around for the stuff that is important (like nuclear codes or enemy state intel)
5. ???
6. Promoted to section chief at the invisible mansion! (Profit!)

I don't have one lick of proof to say that our friends in Maryland or their cousins in Langley set this thing up from the beginning, other than it's an obvious slam dunk for them. I don't think the NSA is monitoring certain ports, I think they own the whole thing.

Ludicrous

[vvaduva]

The idea that anonymous routers/nodes can offer your secure routing of traffic is laughable. Since most folks don't understand the difference between anonimizing traffic and securing traffic, the entire conversation is a waste of time. The observations are interesting, but they are not surprising at all.

A little reminder

[Khopesh]

This is a little reminder that we need a lot more users and exit nodes before TOR is reasonably safe.
This is a little reminder to encrypt your data end-to-end rather than through another network; anonymity is not security.
This is a little reminder that you really do need to check your SSL certificates.

TOR's encryption fools some into thinking it is a security model. It is not. TOR facilitates anonymous transactions using encryption internally. It eliminates the possibility of people spying on you by name, but it does not stop them from spying on "the people" (which includes you). You still need another encrypted transaction between you and your endpoint for real security.

The more exit nodes there are, the less likely a snooping entity will get ahold of your data. The more users there are, the more data those snoops need to filter through to get something meaningful (caveat: statistical analysis [wikipedia.org]. workaround: encrypt data past the TOR network).

This is a call-to-arms; everybody needs to use encryption and anonymization to enable the system to work, otherwise somebody can set up a few nets and read the whole network's content, even brute-force decrypt it due to its low volume. Take a look at what Zimmerman's justification for PGP [philzimmermann.com]:

What if everyone believed that law-abiding citizens should use postcards for their mail? If a nonconformist tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding.

Military grade anonymity? Say what?

[myvirtualid]

Military grade anonymity?

What?

Sure, we all know - or think we know - what "military grade crypto" means[1], but now you're just making stuff up.

Military grade anonymity, indeed.

[1] Strong crypto managed in a Type 0 or Type 1, etc., system, where everything is kept secret, hardware and software are tightly controlled, and updates are distributed strictly out-of-band - think spies with briefcases handcuffed to their wrists.

Contrast with "commercial grade crypto", where everything but the secret/private keys themselves are known, well studied, well understood, etc., and updates are distributed in-band, though sometimes "boot strapped" using an OOB shared secret, etc.

There is the perception that "military grade" is somehow stronger than "commercial grade", but what is the basis for this perception? None of us can say, least not here.

To know - to really know - whether military grade crypto is actually any stronger than commercial grade crypto requires a degree of access which itself requires clearance at - or above - top secret, said clearance being predicated on the understanding that those with said access won't reveal what they know, on pain of prosecution.

So the people who do know cannot and will not tell.

You'll just have to take my word for it. :->

"Military grade anonymity" is nothing more than buzzspeak for "anonymity that we think is really, really OMG PONIES good, but we can't prove, what with there being a complete and total lack of mathematically sound anonymity analytics comparable to cryptanalysis, so there, nyah!"

Re:Trust

[stevey]

Given the number of hijacked machines taking part in the Storm worm, for example, any popularity contest could be skewed by a maliciously motivated attacker.

The big issue with tor is that you're magnifying your exposure. By default you're vulnerable to sniffing by your ISP, and all the people they peer with till you get to your endpoint. With tor in the mix you're vulnerable to sniffing from your ISP, and any number of random people who've elected to host a tor node.

Sure you've bounced your connection around to essentially mask the source & destination from the end-point and your ISP - but you've introduce a whole load of untrusted hops as part of that.

If you care about security the idea of passing unencrypted traffic through even more random machines should scare you ..

Re:Wolves in Sheep's Clothing

[koehn]

As the article has repeated, if you're interested in security it seems you really ought to apply your own encryption on top of TOR.

However, even if you do that are you truly anonymous? Is there any way to determine both ends of a conversation (either email or sessions)?

There's no way to guarantee that your communications over TOR are anonymous, and they're pretty upfront about that in the documentation. It's pretty easy for a government (or just about anybody, really) to add enough nodes to TOR to have a reasonable likelihood of being all three nodes in your conversation (entrance, middle, and exit). The nodes need to be geographically distributed, but that's easy for governments and easier for hackers, who have access to botnets of machines all over the world. Once they've got enough nodes out there, it's pretty easy to tell who's sending all that traffic, and where it's going.

Again, adding encryption helps keep your data from being sniffed (as long as you know you're not hit by MITM, see other comments about PKI), but TOR doesn't protect your anonymity against a sophisticated (and reasonably well-funded) attacker.

Re:No expectation of anonymity

[Anonymous Coward]

Nice try, but a protocol for perfect anonymity has already been described:

http://www.ece.cmu.edu/~adrian/731-sp04/readings/dcnets.html [cmu.edu]

Not sure if there are any actual implementations yet.

Re:a more wretched hive of scum and villainy

[johannesg]

I have been saying this about Google for a long time. What is the best way to know what people are thinking? Make it easy to answer their questions. What is the best way to know what they are talking about? Offer them an easy, free communication mechanism. What is the best way to know what part of the globe they are interested in? Offer them free maps...

Re:any idiot should realize it's a hostile network

[Burz]

I disagree with the overall thrust of your post.

Tor isn't aimed at sysadmins for use as a client. You are confusing the actors and roles in your message.

Tor client only requires a knowledge of: domains/URLs, cookies and misc browser security issues like scripts and web bugs. Network architecture isn't important (if I'm mistaken, please explain). In Firefox, keep using Tools-> Clear Private Data. With this level of knowledge you can browse 'open' sites anonymously.

If privacy is also required, then basic knowledge of https/ssl is required. You must know the ritual of looking for the lock, then checking the domain name, and heeding certificate warning dialogs. Not hard. At this level, you can conduct transactions that would wouldn't mind the CA or certain governments seeing.

If 'high' privacy is necessary, then the user must know how to import certificates into the browser. Working the Certificate Manager in Firefox is also not hard. At this level (requiring more than a little work on the server side) the user can feel safe there is no cleartext net surveillance, though other modes of spying may be possible (keyloggers, physical break-in, etc.).

Re:any idiot should realize it's a hostile network

[SuperBanana]

Tor isn't aimed at sysadmins for use as a client. You are confusing the actors and roles in your message.

The point of my post is that at several organizations, including apparently a bunch of embassies, someone thought it was a good idea to install this stuff. It's the fault of the sysadmins for not advising their users better or not locking down machines (embassies should have good security.) What's truly frightening is the possibility that one of them recommended it, and that's even worse.

Re:Yeah, well show me a PSK solution for browsers.

[Valdrax]

[1]Who said this was about e-commerce? [2]Under what conditions should online commerce be kept secret from the government? [3]Or by "single point of failure" are are implying that a CA will have its private key STOLEN by private crooks?? The latter would be a really stupid assumption to make, esp since they can revoke stolen keys.

(Numbers added by me)
1. E-commerce is the single most common use of SSL encryption.
2. Under any and all situations in which the government does not have a warrant.
3. No. By government crooks under the guise of national security.

Why would you even mention ssh here?

Because the person I originally replied to brought it up first, asking if you check your SSH fingerprints (as a way of avoiding MitM attacks). Do actually attempt to read the thread you're posting in.

At least the browser comes with built-in keys that allow you to reject any known crypto attack except for a compromised CA.

So does SSH. It's the server fingerprint. Much like a certificate, unless you have knowledge of what it should be prior to the connection, it's hard to know you're compromised. The problem is exacerbated by inexperienced users, but fundamentally it's the issue of trusting an unknown set of credentials.