Researchers Discover 110 Snooping Tor Nodes

Reader Orome1 writes: In a period spanning 72 days, two researchers from Northeastern University have discovered at least 110 "misbehaving" and potentially malicious hidden services directories (HSDirs) on the Tor anonymity network. "Tor's security and anonymity is based on the assumption that the large majority of its relays are honest and do not misbehave. Particularly the privacy of the hidden services is dependent on the honest operation of hidden services directories (HSDirs)," Professor Guevara Noubir and Ph.D. student Amirali Sanatinia explained. "Bad" HSDirs can be used for a variety of attacks on hidden services: from DoS attacks to snooping on them.

Hidden Service Directories

[Anonymous Coward]

I asked on the Tor forum how one can run a directory server, and the response was basically -- "you can't -- only people chosen *specifically* by the Tor project can host a directory server".

Apparently this is *not* true, so what's the real deal, and *why* did they tell me this?

Re:

[Joce640k]

I _could_ tell you but then I'd have to kill you.

Clue: NSA.

Can authentication be distributed?

[Toe, The]

I always assumed relays of any kind are untrustworthy. Even if there is a group of admins regulating them, that's still prone to social engineering.

Might it be possible to have relays cross-check each other? Way over my head technically: I can't imagine if it's possible to run checks that would prove validity. But it seems like the only possible solution: distribute the authority instead of trying to centralize it.

Re:

[FatdogHaiku]

From Wikipedia:
"The core principle of Tor, "onion routing", was developed in the mid-1990s by United States Naval Research Laboratory employees, mathematician Paul Syverson and computer scientists Michael G. Reed and David Goldschlag, with the purpose of protecting U.S. intelligence communications online. [wikipedia.org]
Onion routing was further developed by DARPA in 1997.[17][18][19]

The alpha version of Tor, developed by Syverson and computer scientists Roger Dingledine and Nick Mathewson[20] and then called The Onion R

Re:

[cryptizard]

What a completely irrelevant piece of information. You do realize that a lot (probably most) of privacy research is sponsored by the government, i.e. the National Science Foundation?

Sure

[no-body]

NSA owns a couple of those.

Re:So is the bottom line...

[TroII]

If you even search for Tor (or "Linux" or "secure desktop" or "IRC" or "Truecrypt") you get put on an NSA list. [techspot.com]

Re:

[AHuxley]

AC "The program marks and tracks the IP addresses of those who search for 'tails' or 'Amnesiac Incognito Live System' along with 'linux', ' USB ',' CD ', 'secure desktop', ' IRC ', 'truecrypt' or ' tor '." as in collects details on all who look for such tools.
More at "NSA targets the privacy-conscious" (03.07.14) https://daserste.ndr.de/panora... [daserste.ndr.de]
with "Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the per

Re:

[atgaaa]

don't use google, don't use google name servers.

Tor's fatal flaw

[fustakrakich]

You can't trust anybody, not even Tor. I'm afraid this one looks like a lost cause. I wouldn't use the damn thing.

ESPECIALLY Tor and other obvious targets

[raymorris]

> You can't trust anybody, not even Tor.

IMHO, I especially don't trust Tor. It's an obvious place that three-letter agencies would be looking. If I drive down Crack Avenue with a busted taillight, I *expect* that police will be patrolling the area and probably pull me over. It would, imho, be silly to think that authorities aren't patrolling the digital equivalent of Crack Avenue.

The Navy has always done signals intelligence

[raymorris]

The general concept of onion routing was first created by the Navy. Because they operate offshore and need to use open-air signals to communicate, Navies have had a strong interest in signals intelligence for a couple thousand years.

DARPA later developed the concept a bit more, then back to Navy contractors for a working implementation. The problem then was that an "anonymized" network which is only used by the US Navy and US spies isn't all that anonymous. If a doctor in Syria is using Tor, the Syrian go

Re:

[duke_cheetah2003]

You can't trust anybody, not even Tor. I'm afraid this one looks like a lost cause. I wouldn't use the damn thing.

Which is precisely the goal of tampering and interfering with TOR network operations. To cast doubt upon it, to make it less attractive. I really don't think it has much to do with wanting to snoop, as it is to make people think they're being snooped on and to destablize the service entirely. Seems like it's fairly effective so far too!

This is a beautiful piece of social engineering by those who want TOR to go away. Well played.

Re:

[fustakrakich]

I'm fine with that. Exposing actual flaws is always a good thing. The reasons aren't important. It just means we have to do better. I feel the same about publicly available encryption in general. I don't believe it is secure beyond what the script kiddies can do. And even the hardware itself is pretty leaky. So, just like the old days, the Sunday classifieds are still the best way to get a message out.The idea of *trust no one* is as old as the hills. Some things will never change, no matter how glitzy the

Re:

[gweihir]

This is a beautiful piece of social engineering by those who want TOR to go away. Well played.

Indeed. It is a classical attack: Make people mistrust the secure tools and have them use less secure tools instead. Works on many people, unfortunately.

Re:

[fustakrakich]

Once again, Tor is proven to be insecure. No social engineering is needed. Which means that more secure tools are needed. That is the direction to move in.

Re:

[gweihir]

You really have no clue what is going on. Fascinating.

In the same venue: Cars are insecure (they crash on occasion and kill people), food is insecure, water is insecure. According to your logic we need to drop all these.

Re:

[fustakrakich]

Your opinion is noted. I can only say that's a horrible analogy, but carry on.

For everybody else, some cars are more dangerous that others. I would recommend you don't drive them. In some places (Flint, Michigan, maybe, possibly?) the water is poison. Anyone who says to drink it anyway.. well, let's just say wouldn't be very nice. Spoiled food? I hope that goes without saying, but in today's world you never know, considering this last response I received above.

Re:

[gweihir]

My point is that both more secure alternatives (which have however consistently failed to materialize in any real-world deployed form, and the whole idea of anonymous networking is now something like 20 years old) and improving TOR security are both valid options. Given that TOR is already there and works and its weak points are already pretty well understood, the second seems to be the by far better option. Also note that the TOR project has long since said that hidden services need work, but that they wou

Re:

[AHuxley]

Recall the origins and past funding of Onion routing https://en.wikipedia.org/wiki/... [wikipedia.org] i.e. US needed a system that would allow US backed and funded dissidents globally to network for color revolutions https://en.wikipedia.org/wiki/... [wikipedia.org] and other long term political NGO work.
5 eye nations did not seem to be very upset with its spread and use with systems like Tempora https://en.wikipedia.org/wiki/... [wikipedia.org]. Federal funding at a police level in the US to track users goes from success to success even on low budget

Re:

[fustakrakich]

That appears to be part of the problem. Not only does it stand out like the proverbial sore thumb, only the people who feel a real need are using it, making it easy to spot. We need something that blends in better, so we don't have to consider the percentage of people using it. The only thing that comes to mind for now is that steganography thing, and don't try to hide anything more complex than tiny text files.

Re:

[AHuxley]

Nations can now afford to reconcile most of their users internet patterns over time. If that fails, just induce random network drops to see who falls off the network over a few 10's, hundred or 1000 interesting users per city and provider.
If most of a nations users are just surfing, using web 2.0, doing other tasks, getting a short list of people who went looking for software would not be too hard.

Re:

[antdude]

"Trust no one." --The X-Files. :(

Probably almost all misbehave

[Anonymous Coward]

Think about it. There are 196 countries in the world, all of which have police and most of which have intelligence agencies. Some hidden services have a legitimate use such as encrypted chat, but many of them are used as C&C for botnets by various criminals and for fun hackers, some of which have an interest in figuring out what the others hidden services are doing. And then there are private security researchers.

Overall, there is plenty of interest in snooping on Tor hidden services...

Scale?

[Anonymous Coward]

110 out of a population of how many hidden service directories? 25% of nodes also claimed to be exits.. How many exits are there?

A feel for how significant this problem is would be nice.

Re:

[gweihir]

That is because all alternatives are much, much worse.

Out of how many?

[Narcocide]

What really matters is what percentage of nodes are compromised, and whether the rest of us reading Slashdot right now can fix this issue forever by each just enabling a few new clean exit nodes?

Re:

[cryptizard]

This also only effects hidden services, which pretty much nobody uses.