Spying On Tor

juct writes "The long-standing suspicion that the anonymizing network TOR is abused to catch sensitive data by Chinese, Russian, and American government agencies as well as hacking groups gets new support. Members of the Teamfurry community found TOR exit-nodes which only forward unencrypted versions of certain protocols. These peculiar configurations invite speculation as to why they are set up in this way. Another tor exit node has been caught doing MITM attacks using fake SSL certificates."

MITM

[MartinG]

I've seen ssh MITM attempts myself with tor, but this can easily be avoided by ensuring you check your fingerprints. You do check your fingerprints, don't you?

No expectation of anonymity

[athloi]

How does anyone expect anonymity? Traffic must somewhere go through ISPs, most of which rent their upstream from large providers like AT&T, who is surely not the only large corporation to get in bed with the government or anyone else who can pay. Enough of that information loaded into a database and compared will yield information about the suspect, even if it's too complex to explain to a "jury of your peers."

If you want anonymity, SSH through a string of compromised Eastern European servers to a comfortably log-agnostic Indonesian ISP, and do all your surfing through Lynx/Links. That's the only stab at anonymity you'll get, and they'll probably just install a keylogger anyway. Freedom is slavery.

Do fancy locks attract thieves?

[G4from128k]

Perhaps the problem is that using an anonymizer makes someone a more interesting target to authorities. Like the old adage of attacking the bank because "that's where the money is," perhaps some people are attacking Tor because "that's where the secrets are."

a more wretched hive of scum and villainy

[davejenkins]

1. set up a data-laundering haven
2. advertise amongst the warez people and criminal element
3. let enough criminal traffic (drug trafficking info) go through to build up trust that the laundering 'really works'
4. Wait around for the stuff that is important (like nuclear codes or enemy state intel)
5. ???
6. Promoted to section chief at the invisible mansion! (Profit!)

I don't have one lick of proof to say that our friends in Maryland or their cousins in Langley set this thing up from the beginning, other than it's an obvious slam dunk for them. I don't think the NSA is monitoring certain ports, I think they own the whole thing.

Not what tor was intended for!

[sammydee]

Tor was never intended to SECURE traffic. It is an ANOMYMISER. It is designed to cope with compromised nodes and still provide military grade anonymity.

It's important to remember that security and anonymity are different things.

Re:Conclusion:

[s20451]

Tor is so easy to abuse (if you run a tor server) it's not even funny. Just take a look at the code, it's trivial to hack. It's funny how much of the OSS community are proverbial sheeple, believing that since it's open source, it must be secure.

It's for exactly this reason that Tor should adopt AGPL. That way, if the Chinese government ran a hacked Tor server, they would have to release the source code as well and the hack would be obvious.

A little reminder

[Khopesh]

This is a little reminder that we need a lot more users and exit nodes before TOR is reasonably safe.
This is a little reminder to encrypt your data end-to-end rather than through another network; anonymity is not security.
This is a little reminder that you really do need to check your SSL certificates.

TOR's encryption fools some into thinking it is a security model. It is not. TOR facilitates anonymous transactions using encryption internally. It eliminates the possibility of people spying on you by name, but it does not stop them from spying on "the people" (which includes you). You still need another encrypted transaction between you and your endpoint for real security.

The more exit nodes there are, the less likely a snooping entity will get ahold of your data. The more users there are, the more data those snoops need to filter through to get something meaningful (caveat: statistical analysis. workaround: encrypt data past the TOR network).

This is a call-to-arms; everybody needs to use encryption and anonymization to enable the system to work, otherwise somebody can set up a few nets and read the whole network's content, even brute-force decrypt it due to its low volume. Take a look at what Zimmerman's justification for PGP:

What if everyone believed that law-abiding citizens should use postcards for their mail? If a nonconformist tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding.

Re:Is this not what that swedish hacker said?

[Frosty+Piss]

The problem with the guy you're talking about is not that he pointed out some issues with TOR, but that he then proceeded to disclose 100's of user ID and password combos. Totally unnecessary and irresponsible.

Please help us improve our documentation.

[Nick+Mathewson]

Hi all. I'm one of the Tor authors.

We're trying very hard to get out the message that you should always use encrypted protocols over Tor, if you're doing anything even slightly sensitive.

Right now, we do this in our documentation, and in a list of warnings on our download page. But obviously, this isn't good enough, since some of the commenters here seem to be surprised at finding it out.

Does anybody have good ideas about how to get the word out better?

(As for the SSL MITM thing: we've run into situations like this one before. Usually, it turns out that the exit node isn't doing the MITM itself, but is getting MITMd itself by its upstream. This happens depressingly often in some countries, and in some dormitories. I've dropped a line to the directory authority operators Mike Perry (the guy who maintains the Torbutton firefox plugin) has been working on an automated detection tool for this stuff. It would be great if somebody with programming chops would step up and give him a hand.)

Re:Please help us improve our documentation.

[Rob+T+Firefly]

If you find a reliable way to make end-users RTFM, please let us know.

Tor gives you anonymity

[arevos]

Tor gives you pretty robust anonymity, it just doesn't provide privacy.

Re:How does a SSL MITM attack work?

[phantomcircuit]

Replace the SSL Certificate with a self signed one and hope they just click yes.

any idiot should realize it's a hostile network

[SuperBanana]

Is this not what that swedish hacker said?

Is this not what anyone with a basic understanding of the most basic network/TCP concepts (ports, IP addresses, connections, that sort of thing) should have realized, if they read anything about Tor? Is this not something that the Tor project should have explained in clear language for those who do NOT have a basic understanding of networking?

It's beyond "untrusted". It's a hostile network and blatantly so, if you bother to read even a basic description of it. You should assume that your traffic will be routed out a node where a person, organization, or government is passively monitoring or actively attacking your traffic.

All this (repeated) fuss demonstrates is how many incompetent network/sysadmin people there are in the world, and how few people in the press and "blogging" community understand networking. Any idiot who knows ALL of the reasons why ssh is better than telnet (ie, answers more than just "it's encrypted, so people can't see what you're typing") should be able to tell you why Tor is a hostile network...unless they're just parroting what they've read elsewhere.

Military grade anonymity? Say what?

[myvirtualid]

Military grade anonymity?

What?

Sure, we all know - or think we know - what "military grade crypto" means[1], but now you're just making stuff up.

Military grade anonymity, indeed.

[1] Strong crypto managed in a Type 0 or Type 1, etc., system, where everything is kept secret, hardware and software are tightly controlled, and updates are distributed strictly out-of-band - think spies with briefcases handcuffed to their wrists.

Contrast with "commercial grade crypto", where everything but the secret/private keys themselves are known, well studied, well understood, etc., and updates are distributed in-band, though sometimes "boot strapped" using an OOB shared secret, etc.

There is the perception that "military grade" is somehow stronger than "commercial grade", but what is the basis for this perception? None of us can say, least not here.

To know - to really know - whether military grade crypto is actually any stronger than commercial grade crypto requires a degree of access which itself requires clearance at - or above - top secret, said clearance being predicated on the understanding that those with said access won't reveal what they know, on pain of prosecution.

So the people who do know cannot and will not tell.

You'll just have to take my word for it. :->

"Military grade anonymity" is nothing more than buzzspeak for "anonymity that we think is really, really OMG PONIES good, but we can't prove, what with there being a complete and total lack of mathematically sound anonymity analytics comparable to cryptanalysis, so there, nyah!"

Re:Military grade anonymity? Say what?

[Old+Man+Kensey]

myvirtualid wrote:

clearance at - or above - top secret

There is no clearance above TS, at least in the technical sense. There is TS/SCI ("special compartmented information") clearance, which may or may not include a lifestyle polygraph exam. TS/SCI and TS/SCI + lifestyle poly are not "above" TS in any real sense, they are merely additional qualifiers used as criteria to determine whether you can be allowed access to compartmented info. If you have TS/SCI it makes that process easier, but not having TS/SCI is not an absolute barrier if the right people sign off on it (although for certain information "the right people" may consist of both houses of Congress and the President).

Compartments can be as loose (within the restrictions of TS) or as restrictive as necessary. There can be (and I understand are) compartments with only a handful of people.

Re:Conclusion:

It's for exactly this reason that Tor should adopt AGPL. That way, if the Chinese government ran a hacked Tor server, they would have to release the source code as well and the hack would be obvious.

The problem is, a couple hours after suing the Chinese, you want to sue them again.

Re:Conclusion:

[Kadin2048]

Tor is so easy to abuse (if you run a tor server) it's not even funny. Just take a look at the code, it's trivial to hack. It's funny how much of the OSS community are proverbial sheeple, believing that since it's open source, it must be secure. I know I'm feeding a troll here, but I think this is an opportunity to clarify a point: Tor does one thing, and does it pretty well. It hides your IP address from the server you're connecting to. That's it.

It's not a "plug in security" solution, and it's not meant to protect your traffic from people snooping on it in transit. If you want that, you need to use some sort of end-to-end encryption on top of Tor. (And you need to use some form of encryption that doesn't positively identify you, or else you might as well not use Tor to begin with.)

These kind of "attacks" are trivial because they have nothing to do with Tor's actual function. They're taking advantage of user stupidity, not a design flaw.

Re:Conclusion:

[totally+bogus+dude]

Not really. The tor configuration lets you specify an "exit policy": addresses and ports which you will allow your node to be used as an exit for. Tor clients know what the exit policy of each node is, and don't try to exit out of a node which doesn't allow those connections to be made.

It's only disruptive if you use a firewall to prevent certain connections, and don't let tor know that you're doing so. In that case, a client may select you as an exit node, but the connection will fail. If you configure your exit policy to match your firewall policy, then clients know your server won't allow their connection to a particular host/port, and won't select it as an exit node.

Therefore, if your purpose in running tor is to snoop on unencrypted traffic, you would set your exit policy not to allow connections to port 443, because that's almost always encrypted, and thus minimise the amount of traffic exiting your node which you're not able to sniff. Or more likely, you'd set it to only allow connections to port 80 or whatever it is you're interested in.

Note that exit policies are very useful and quite legitimate. For example, I run two tor servers: one on my own dedicated server at a US colo facility on a dedicated IP address, which uses the standard tor exit policy which is fairly permissive. At work we have an unmetered fibre connection we don't use much, so I run a tor server here with a highly restrictive exit policy: deny everything (in other words, it's purely a relay or entry point, not an exit point). This limits our exposure; I'm willing to deal with people complaining about abuse from my own server, but I don't want to get our organisation involved in such disputes.

Most tor servers won't allow you to connect to port 25, as another example, because that effectively turns your tor server into an open SMTP relay.