Tor Network Used To Command Skynet Botnet 105
angry tapir writes "Security researchers have identified a botnet controlled by its creators over the Tor anonymity network. It's likely that other botnet operators will adopt this approach, according to the team from vulnerability assessment and penetration testing firm Rapid7. The botnet is called Skynet and can be used to launch DDoS (distributed denial-of-service) attacks, generate Bitcoins — a type of virtual currency — using the processing power of graphics cards installed in infected computers, download and execute arbitrary files or steal login credentials for websites, including online banking ones. However, what really makes this botnet stand out is that its command and control (C&C) servers are only accessible from within the Tor anonymity network using the Tor Hidden Service protocol."
This was expected... (Score:5, Insightful)
Re: (Score:2, Insightful)
Or, is it some bullshit plot and propaganda cooked up by our asshat federal government to justify screwing the crap out of the creaTORs.
In this age of federal lies and manipulation by Repubmocrat swine , does not the wisdom " don't believe what you read in the media" take on that third dimension in bold print and multi colored neon?
In a perfect world the paperboy would only bring the funnies.
Re:This was expected... (Score:5, Insightful)
Hell, I'm absolutely positive that this isn't [slashdot.org] the [slashdot.org] first [slashdot.org] time [slashdot.org] a criminal has ever used Tor to cover up crimes. So unless you actually think Silk Road was created by the government, pretty sure OP is right, and this is a problem that they brought upon themselves by removing people's privacy in the first place.
Re: (Score:2)
Well, the television interview with the creator of Tor, in which he complained bitterly of the harassment he is receiving from homeland security, the FBI and God knows what other 3 letter offices, was pretty much a big clue, Scooby Doo.
Re: (Score:2)
Re: (Score:2)
"Security researchers have identified a botnet controlled by its creators over the Tor anonymity network. /. story names the creators as the criminals in question.
Forensic evidence found in the first sentence of the
Media interviews and reports of harassment of the creator prior to this development lend the suspicion that they have an erection for them to begin with in spite of this evolving from a Naval project.
I do recommend that you sharply increase your caffeine intake before operating any powered equipm
Re: (Score:2)
Security researchers have identified a botnet controlled by its creators over the Tor anonymity network.
The creators of the botnet control it over the Tor network. They aren't saying that the creators of Tor created the botnet (they didn't mention the creators of Tor at all, just the creators of the botnet), they are only saying that the people that did make the botnet use Tor for C&C. May I suggest investing in additional caffeine today? :)
Re: (Score:3)
Dude, go back to Grade 2 and actually pay attention in the reading comprehension classes. I know it is difficult to understand how the doing words join up with the naming words, but you'll get it after the first two or three years.
The verb "to control" is being used to bind the noun botnet to the possesive noun its creators. This invokes a fairly fundamental rule of English and clearly states that the creators in question are those of the botnet.
The second subsection of the sentance contains a p
Re: (Score:2)
There are an inordinate amount of pronouns and sentences starving for commas, which would FIX poor journalism.
Either way, I still expect my scenario to play out.
Re: (Score:2)
That I agree with, journalists need to go back to grade 1 and learn joined up writing.
Re:This was expected... (Score:4, Insightful)
The asshat federal US government sponsored the creation of Tor [wikipedia.org]. Governments who want to crack down on the use of Tor are already doing so openly without resorting to the cloak and dagger tactics you seek to imagine.
But carry on. The disconnected phrasing of your post hints that observable reality does not significantly influence your thinking.
Re: (Score:1)
Of course not. Everyone knows, after all, that conspiracies are hidden, and thus not observable. The observable reality therefore lies to you in order to hide the conspiracy. ;-)
Re: (Score:2)
Yes and lately they've been detaining him and harassing him, making travel difficult, etc. It's been on T.V., Radio and /.
Realistically, I've observed phrasing of your post hints that some influence has disconnected your thinker.
Re: (Score:2)
carrion...
Re: (Score:2)
What are anon cow and why we keep getting post from it?
Governments will love this (Score:2, Insightful)
A perfect opportunity to continue their campaign on the evils of anonymity and tools that enable it.
Re: (Score:1)
A perfect opportunity to continue their campaign on the evils of anonymity and tools that enable it.
TOR is the creation of a US Navy project. And you got +2 Insightful for posting that drivel? Get your heads out of your asses, mods.
Re: (Score:1)
FUD (Score:5, Insightful)
Next thing you know, they'll say the bad guys and terrorists use VPN to access the internet.
Re: (Score:2)
I think it was only brought up because of Tor's recent mentions in news...meh
They probably will say they use VPN, how horrid!
Re: (Score:2)
Watch your terms there.
nefarious: extremely wicked or villainous; iniquitous
silk road: illegal marketplace
What is illegal isn't necessarily nefarious. Leaping down to lift a child out off of a subway track knowing that you'll get killed is actually illegal because it's suicide.
Legality is not morality.
Otherwise, good post. Please carry on.
Re: (Score:1)
Suicide is illegal? Do they then put the corpse in prison, or what?
Re: (Score:2)
Re: (Score:1)
Even less of a surprise if you have seen this [youtube.com] from 2010.
Well, there is still a way to shut down the CC net (Score:3)
DoS attack against the ToR hidden service; from inside the ToR network.
Re: (Score:2)
DoS attack against the ToR hidden service; from inside the ToR network.
Cute idea, but it won't work. TOR hides things really well, and even if you managed to find one server, the admins could easily start another instance of its software on another machine.
Re: (Score:2)
and even if you managed to find one server,
That's why he said from inside the TOR network.
Re: (Score:3)
Tor's bandwidth and latency are sufficiently abysmal that it acts as a throttle. Overwhelming a number of servers via the Tor network would probably be not much easier than overwhelming the entire Tor network.
Re: (Score:2)
Tor's bandwidth and latency are sufficiently abysmal that it acts as a throttle.
What happens when you have 10,000,000 government operated Tor nodes designed for the sole purpose of DoS'ing one hidden service?
The limited bandwidth and latency of ToR services should help, not hurt a DoS attack against the service itself....
Re: (Score:2)
wretched hive of scum and villainy (Score:2)
Yeah, and? (Score:5, Interesting)
This is just the bot net people being lazy and taking the easy approach. It's already been shown you can design decentralized networks that require no "bootstrap" information like DNS in order to find other nodes and communicate. But it is beyond the abilities of these low-level social miscreants to create, so they're piggybacking on a network that they think can hide their malicious activity. Tor only anonymizes the source of the data; Anything between the exit node and destination is sent in the clear and likely they've made some mistake that'll allow it to be blockable.
Of course, this is exactly what the oppressive governments of the world (and those who oppress by claiming they're "liberating" others), have been looking for to shut down the Tor network. You can expect more attempts at legislating it away to come soon. Fundamentally though it doesn't solve the problem, which is that the criminal underworld has figured out how to do what industrialists figured out 50 years ago: If you take just a little from a lot of people, you can get very rich, and those people won't fight back because the cost of retaliation is higher than the loss. As a result, people everywhere are being nickel and dimed to death.
Botnets are simply the illegal mirror counterpart to the legal crime of draining pensions and unethical banking to turn a profit: Harm many only a little, and you too can be rich.
Re: (Score:3)
If, by "oppressive governments", you mean places like Saudi Arabia, Iran, or China, I don't think they're looking for excuses to shutdown Tor. They've always seen it as the enemy, and just make it illegal by fiat. They have zero need for excuses to shutdown Tor.
Re:Yeah, and? (Score:5, Insightful)
If, by "oppressive governments", you mean places like Saudi Arabia, Iran, or China, I don't think they're looking for excuses to shutdown Tor. They've always seen it as the enemy, and just make it illegal by fiat. They have zero need for excuses to shutdown Tor.
I was also including a certain world superpower with a penchant taking away the rights of their citizens because the terrorists want to take away their rights. This superpower's main diplomat in the middle east is a predator drone that rains hellstone and fire randomly on people who are terrorists only slightly more often than they're innocent civilians. This superpower also has a global and far-reaching spy network to track almost all wireless communications in realtime, worldwide, and has stated it's slowly building in an "internet kill switch" that could disable the entire internet, worldwide, mostly for shits and giggles.
But yeah, Iran, China, etc., they're kinda bad too...
Re: (Score:2)
I think you missed a couple of anti-American slams, try again.
Re: (Score:2)
So you're asking for more while not even able to address what you've already been served with? Nuh-uh.
It may come as a shock to you, but 'I don't like what you said, yet have no refutation other than pouting and implying "anti-american-ness"' is not a valid fucking argument.
Re: (Score:2)
She(?) missed the biggest: neoconservatism. USA insists on spreading an ideology that results in stagnating wages, constant economic crises, and preying on the common people by the scum on top. It's rather unreasonable to harm people and expect them to not hate you for it.
Re:Yeah, and? (Score:4, Insightful)
So the US Navy helped create TOR.
So what? DARPA helped develop the internet too, but that hasn't seemed to make a difference to many in the US government who have been working hard at crippling the free and open nature of the internet and the ability to communicate anonymously, and for many of the same reasons they would want TOR effectively de-fanged.
Those who who would make government and themselves our overlords will always take action to neutralize anything that can be used to oppose them, no mater how, what, where, why, or by whom it was developed...even if it was themselves. Just look at the history and development of modern firearms in the US from just prior to WW1 until now, and the ever-growing encroachments, conditions, and restrictions that have been placed upon the Second Amendment.
First you disarm them, then you take away the ability to communicate and organize anonymously.
And for all the people I see and hear cheering on the expansions of government, and then hear them bitch and moan whenever the government gets all jack-booty, it makes me think that maybe the colonists should have just paid the damned tea taxes and the stamp taxes, swore fealty to King George, and kept their damned mouths shut.
We've proven we don't give a shit about and don't deserve what they suffered and died and risked themselves and their families to give us.
Strat
Re: (Score:1)
Re: (Score:2)
"to many in the US government who have been working hard at crippling the free and open nature of the internet and the ability to communicate anonymously, and for many of the same reasons they would want TOR effectively de-fanged." Who? Who is going after TOR? I can't think of any Congressman off the top of my head. The President hasn't spoken on the subject. It's technically legal to use in the US. "And for all the people I see and hear cheering on the expansions of government, and then hear them bitch and moan whenever the government gets all jack-booty, it makes me think that maybe the colonists should have just paid the damned tea taxes and the stamp taxes, swore fealty to King George, and kept their damned mouths shut." Based on this and your "Modern Progressivism & Liberalism: Ideas so good they have to be mandatory" signature I'm thinking this is nothing more than a cheap shot attempt at Liberals. Clearly America doesn't agree with your line of thinking. So basically your post is full of unproven "information" and petty political cheap shots because "hurr CONSERVATIVISM!!!@@!@#@#@#". Shut up.
"You've proven we don't give a shit about and don't deserve what they suffered and died and risked themselves and their families to give us."
Thanks for providing the handy example. Now my OP is even more relevant.
Not exactly the sharpest tool in the shed, are you?
Strat
Re: (Score:2)
antidisestablishmentarism
You keep using that word. I do not think it means what you think it means.
It refers to an opponent of those wishing to disestablish the Church of England (in other words to stop Anglicanism being the official State religion of the UK). So in other words, it refers to a conservative who wants to retain the status quo.
Re: (Score:2)
Re: (Score:2)
It's already been shown you can design decentralized networks that require no "bootstrap" information like DNS in order to find other nodes and communicate.
[Citation needed].
No, I'm not being sarcastic and don't intend to cast a malicious doubt over the statement:
I'm just signaling my (potential) gratitude for some relevant links (would they be made available).
Thanks in advance.
Re: (Score:1)
I was just going to ask for his source.
Re:Yeah, and? (Score:4, Informative)
Tor only anonymizes the source of the data; Anything between the exit node and destination is sent in the clear and likely they've made some mistake that'll allow it to be blockable.
One feature of Tor is "hidden services", where the traffic is encrypted end-to-end and even the service itself is anonymous, identified only through a .onion address. I'd guess this is what they're using.
Some Tor nodes filter certain exits -- ie. to not allow porn through their node. if this works for hidden services I imagine this botnet could be blacklisted fairly easily if enough of the node operators got in on the act.
Re: (Score:2)
Nodes can't filter access of .onion addresses because none of the Tor nodes (besides the one hosting the hidden service if you're counting it) know who the connection is for or from.
Re: (Score:2)
You don't understand what you're arguing about. Read the article again. These hidden services never need to communicate with the outside world. Everything goes on within Tor.
Re: (Score:2)
Although I haven't read tor document in depth, I think blocking certain tor hidden services is doable. A tor node with hidden service will 'advertise' it services on randomly chosen nodes (introductions point), those who want to connect to the hidden service choose one random node (rendezvous point), ask those introductions point to relay the message to the hidden service node, which will initiate the connection by connecting to the chosen rendezvous point (extra step of redirection, I know). So if a node o
Re: (Score:2)
If you'll Read The Fine Article, you'll notice that this particular botnet is using Tor hidden services to obscure the location of the command server; they're not routing botnet traffic through Tor to a command server on the clearnet; that would be silly, as you just pointed out.
Re: (Score:3)
Tor hidden services do not use exit nodes. There should be no traffic outside of the tor network.
Re: (Score:2)
Tor only anonymizes the source of the data; Anything between the exit node and destination is sent in the clear and likely they've made some mistake that'll allow it to be blockable.
They control both ends of the communication, they could easily use for example HTTPS as their transport protocol. If they didn't that's rather naive and will probably be fixed in the next release.
can it launch missiles? (Score:1)
can it launch missiles?
and if it does you better hope the guys don't trun there keys
We need to push encryption to the masses. (Score:5, Insightful)
Citizen encryption has so tremendous potential that we can't allow goverments and criminals to be the only ones using it. We really need to start pushing encryption into the masses.
Re: (Score:3)
We really need to start pushing encryption into the masses.
Push? How? Like... a global vaccination program?
Re: (Score:2)
Push? How? Like... a global vaccination program?
Careful, we might get the anti-crypters all hot and bothered.
"But there's PROOF that encryption makes people cheat on their partners! And I have nothing to hide, anyway!"
Re: (Score:2)
Kinda, we should nudge mozilla in the direction of including EFF's "HTTPS Anywhere" extension by default, it's a very harmless extension that tries to connect by https before fallin gback and using http. Same goes for GPG/PGP in Thunderbird. It shouldn't be a separate add-on.
Tor Park needs to be a turn-key solution. Also, people should have easy access to onion sites. Even if hosting a hidden service remains black magic, accessing one shouldn't.
And serisouly I need to start making a tutorial for these thing
Re: (Score:2)
Then MISS, Make It Simple. Email clients and browsers with encryption facilities preloaded.
New law in 5...4...3...2...1 (Score:5, Insightful)
From the little I've read, it seems that they use a distributed host of volunteer servers to run the TOR network, so it might not be that easy to 'shut-down' the entire network (lack of centralized host) - If I'm wrong, I'd love to know why.
My concern is that they will make TOR access illegal. Clearly, we can't count on Google/Microsoft/Amazon/Apple/Facebook/Big-Biz to raise a finger - they prey off identifying and targeting customers. Privacy and anonymity must hurt their bottom line. So unlike SOPA/PIPA, I doubt that any major group will oppose a new law against this. And most people won't care - hell, if Wikipedia didn't have a blackout, I doubt SOPA would have got any news time on a 'major' news network at all.
Is there a way to detect TOR access uniquely? Or does the encryption make it look like any VPN/secure connection? I recollect reading about a method that could identify IP address accessing TOR (don't remember the details), I'm not sure if that hole was plugged (or if it can be plugged).
Re: (Score:1)
From the little I've read, it seems that they use a distributed host of volunteer servers to run the TOR network, so it might not be that easy to 'shut-down' the entire network (lack of centralized host) - If I'm wrong, I'd love to know why.
"They"? The Tor network is run by all its users... it's not like it requires some sort of specialized servers. Every (or most of) Tor node can act as both Tor client and Tor server.
My concern is that they will make TOR access illegal.
"They"? Who? Also, based on what would they make Tor illegal? If they can't make PGP illegal, there's also no basis to declare Tor illegal, as it works over the same principles.
Besides, you do know that Tor was invented by the US military, right? I mean... the US government runs Tor nodes. Why the fuck would they make that illega
So? (Score:1)
There have been bot nets that have used Bittorrent DHT too, so should we shut that down as well?
Re: (Score:2)
Many sites bock certain sort of access from Tor relays, so a few users might notice their infection because of that. However the sort who don't notice their machine doing bitcoin mining are unlikely to fall in that category. Google's search blocks some Tor IPs but I think that's if there's "bot like" usage of it, so if the number of Tor relays
Re: (Score:2)
Many sites bock certain sort of access from Tor relays, so a few users might notice their infection because of that.
The sites only block Tor exit nodes. Unless the botnets are turning these computers into exit nodes, they won't be blocked.
Encryption follows the same debate as firearms (Score:3)
The old tautology, "if you outlaws firearms, only outlaws will have firearms" applies to Tor. (In fact, I'd go as far as to argue that many cryptographic mechanisms are covered by the second amendment, especially if you consider cryptography's military purpose, and that some ciphers have been regulated by the DOD as munitions. They cover the same role in protecting your property, identity and reputation from aggression, and as the "well regulated militia" clause demands, pseudonymous discussions are necessary tools to help people discuss political matters.)
The simple truth is you can shut down all the law-abiding people with Tor nodes, and the botnet creators will just run Tor nodes on their network. It would be absolutely trivial for botnet owners to get together and set up huge Tor networks and put access up for pay on the black market.
Re: (Score:2)
What an incredibly good idea. Here's hoping one of them does. An enormous illegal expansion of the number of TOR exit nodes would be fascinating. And possibly fantastic. Even if it is stolen resources. It would probably last a very long time, too, given that typical botnet infestations can go for years without being removed.
Re: (Score:2)
What an incredibly good idea. Here's hoping one of them does. An enormous illegal expansion of the number of TOR exit nodes would be fascinating. And possibly fantastic. Even if it is stolen resources. It would probably last a very long time, too, given that typical botnet infestations can go for years without being removed.
I would imagine they'd use a protocol that allowed them to charge for transmission. If that's not feasible, it's probably why we haven't seen it yet.
Re: (Score:2)
Due credit that XKCD touched on the topic, but I actually have a cogent explanation of why it makes sense. And I'd go on about how you should think for yourself, but I had the satisfaction of modding someone else redundant when they posted a link and a blurb.
Bitcoins (Score:1)
Re: (Score:2)
A
A 'green' article is not a 'green' article without mentioning CO2.
It is the law!
Tor is suitable for this, because... (Score:2)
Tor is suitable for this, because it is very slow. Human operators have limited patience to get through extreme slowness of access to their Jihad blogs and favorite torrent directories, but bots have unlimited patience.
Re: (Score:2)