Slashdot Mirror
Spying On Tor
juct writes "The long-standing suspicion that the anonymizing network TOR is abused to catch sensitive data by Chinese, Russian, and American government agencies as well as hacking groups gets new support.
Members of the Teamfurry community found TOR exit-nodes which only forward unencrypted versions of certain protocols. These peculiar configurations invite speculation as to why they are set up in this way. Another tor exit node has been caught doing MITM attacks using fake SSL certificates."
I've seen ssh MITM attempts myself with tor, but this can easily be avoided by ensuring you check your fingerprints. You do check your fingerprints, don't you?
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
The problem here is that the guy revealed one of the weaknesses that's utilized by governments all over the world and suddenly that leak was quenched.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
1. set up a data-laundering haven
2. advertise amongst the warez people and criminal element
3. let enough criminal traffic (drug trafficking info) go through to build up trust that the laundering 'really works'
4. Wait around for the stuff that is important (like nuclear codes or enemy state intel)
5. ???
6. Promoted to section chief at the invisible mansion! (Profit!)
I don't have one lick of proof to say that our friends in Maryland or their cousins in Langley set this thing up from the beginning, other than it's an obvious slam dunk for them. I don't think the NSA is monitoring certain ports, I think they own the whole thing.
davejenkins.com |
This is a little reminder that we need a lot more users and exit nodes before TOR is reasonably safe.
This is a little reminder to encrypt your data end-to-end rather than through another network; anonymity is not security.
This is a little reminder that you really do need to check your SSL certificates.
TOR's encryption fools some into thinking it is a security model. It is not. TOR facilitates anonymous transactions using encryption internally. It eliminates the possibility of people spying on you by name, but it does not stop them from spying on "the people" (which includes you). You still need another encrypted transaction between you and your endpoint for real security.
The more exit nodes there are, the less likely a snooping entity will get ahold of your data. The more users there are, the more data those snoops need to filter through to get something meaningful (caveat: statistical analysis. workaround: encrypt data past the TOR network).
This is a call-to-arms; everybody needs to use encryption and anonymization to enable the system to work, otherwise somebody can set up a few nets and read the whole network's content, even brute-force decrypt it due to its low volume. Take a look at what Zimmerman's justification for PGP:
Use my userscript to add story images to Slashdot. There's no going back.
Military grade anonymity?
What?
Sure, we all know - or think we know - what "military grade crypto" means[1], but now you're just making stuff up.
Military grade anonymity, indeed.
[1] Strong crypto managed in a Type 0 or Type 1, etc., system, where everything is kept secret, hardware and software are tightly controlled, and updates are distributed strictly out-of-band - think spies with briefcases handcuffed to their wrists.
Contrast with "commercial grade crypto", where everything but the secret/private keys themselves are known, well studied, well understood, etc., and updates are distributed in-band, though sometimes "boot strapped" using an OOB shared secret, etc.
There is the perception that "military grade" is somehow stronger than "commercial grade", but what is the basis for this perception? None of us can say, least not here.
To know - to really know - whether military grade crypto is actually any stronger than commercial grade crypto requires a degree of access which itself requires clearance at - or above - top secret, said clearance being predicated on the understanding that those with said access won't reveal what they know, on pain of prosecution.
So the people who do know cannot and will not tell.
You'll just have to take my word for it. :->
"Military grade anonymity" is nothing more than buzzspeak for "anonymity that we think is really, really OMG PONIES good, but we can't prove, what with there being a complete and total lack of mathematically sound anonymity analytics comparable to cryptanalysis, so there, nyah!"
I'm here EdgeKeep Inc.
As the article has repeated, if you're interested in security it seems you really ought to apply your own encryption on top of TOR.
However, even if you do that are you truly anonymous? Is there any way to determine both ends of a conversation (either email or sessions)?
There's no way to guarantee that your communications over TOR are anonymous, and they're pretty upfront about that in the documentation. It's pretty easy for a government (or just about anybody, really) to add enough nodes to TOR to have a reasonable likelihood of being all three nodes in your conversation (entrance, middle, and exit). The nodes need to be geographically distributed, but that's easy for governments and easier for hackers, who have access to botnets of machines all over the world. Once they've got enough nodes out there, it's pretty easy to tell who's sending all that traffic, and where it's going.
Again, adding encryption helps keep your data from being sniffed (as long as you know you're not hit by MITM, see other comments about PKI), but TOR doesn't protect your anonymity against a sophisticated (and reasonably well-funded) attacker.