Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attacking and Defending the Tor Network

Posted by CmdrTaco on from the takes-a-codpiece-and-a-helmet dept.

Trailrunner7 writes "In a talk at the USENIX LEET workshop Tuesday, Nick Mathewson of the Tor Project discussed the group's recent challenges in responding to suppression efforts by governments in Egypt, China and elsewhere. What the Tor members have learned in these recent incidents is that while governments are becoming more up front about their willingness to shut off Internet access altogether or censor content, users are also becoming more resourceful. Mathewson said that the group is working on methods for alleviating the problems that national-level restrictions cause for Tor users. One method involves moving to a modular transport method in order to get around some of the throttling that ISPs perform on encrypted traffic in order to make Tor usage more difficult. In a separate talk at LEET, Stevens LeBlond of INRIA in France presented research on methods for tracing Tor users back to their IP address. One of the attacks, which LeBlond and his co-authors titled 'Bad Apple,' used an exit node that the researchers controlled in order to trace the streams of data sent by users of BitTorrent over Tor back to their IP addresses."

22 of 132 comments (clear)

  1. Information Is Like Water by WrongSizeGlass · · Score: 2

    Information is like water and it will always find a way to get through.

    1. Re:Information Is Like Water by bknabe · · Score: 2

      Yes, but it would be nice if the source survived the sending.

    2. Re:Information Is Like Water by gnick · · Score: 2

      So... Are you saying "You can't stop the signal"?

      --
      He's getting rather old, but he's a good mouse.
  2. I tried Tor.... by joocemann · · Score: 2

    ... and it was too slow to do anything at all.

    meh...

    1. Re:I tried Tor.... by Tolkien · · Score: 2

      That's because the number of exit nodes isn't very large. If there were more, a corresponding increase in speed would be the result.. If you want to help make Tor faster for other users, set up your own computer as an exit node.

      --
      how is babby formed?
    2. Re:I tried Tor.... by joocemann · · Score: 2

      Really? I found that even using slashdot takes like 30-60 secs just to load the one page I'm trying to look at... I click something to move forward in my surf, and there goes another 30-60 seconds. Without tor its like 1 second. I'm just too busy/impatient/american to wait so long after each click. Anyway, I just go without and tell myself that I'm not as interesting as I might think I am. This has worked so far.... oh wait, there's a knock at the door... brb.

    3. Re:I tried Tor.... by Hatta · · Score: 2

      If you're going through a proxy server to get to Tor, the proxy server knows your IP and everything you've browsed. This defeats the purpose of using Tor.

      --
      Give me Classic Slashdot or give me death!
    4. Re:I tried Tor.... by GameboyRMH · · Score: 2

      You misunderstand. The proxy server runs on the same box as Tor (Polipo is installed with Tor by default on the 'buntus and Debian). The caching proxy server is used to smooth out Tor's unreliability. If anyone can see what your proxy server is doing you have much bigger problems.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
  3. Never 100% safe by Tigger's+Pet · · Score: 5, Insightful

    I guess that the research demonstrated by Stevens LeBlond just goes to prove what most of us have known for a long time - even using TOR (and the same will go for any other type of encryption, IP masking etc) you are not 100% safe if somebody wants to work out who you are. The governments may not care too much if you are just sharing a few pirated movies around, although some companies may, but I can guarantee that those carrying out the real illegal activity, such as sharing child-pr0n, will be tracked down one way or another.
    All that TOR does is provides people who aren't really that switched-on with a false sense of security about their activities.

    1. Re:Never 100% safe by alan_dershowitz · · Score: 4, Informative

      The attack relies on the way Bittorrent is used and the fact that it uses UDP for contacting peers (which Tor doesn't route, causing only the tracker connection to be Torified) causing information leak; controlling an exit node to do a MitM); and the fact that Tor multiplexes multiple streams through the same node for performance reasons (meaning you can observe all the traffic that someone is going to through your exit node, once you've established who they are.)

      This attack won't work on you if:

      1. You are only using one app, in particular it won't work on you if all you're using is a browser and TorButton
      2. The same app is not sending data across both Tor and no-Tor
      3. The app in question can detect tampered-with data (SSL cert mismatch, etc.)
      4. As a precautionary measure, you are doing strict firewall egress filtering while using Tor.

      In short, if you are technically knowledgeable and careful, this attack doesn't apply to you. So, it's not the end of the road for Tor and anonymity, although it's a problem for "regular" people using Tor who can't be expected to keep track of all the ways their computer can unmask them.

    2. Re:Never 100% safe by DeadboltX · · Score: 3, Insightful

      The problem with anonymity, of course, is that it can be used for good or for bad.

      Then the solution is clear! We must only allow things that can only be used for good!

    3. Re:Never 100% safe by hairyfeet · · Score: 2

      The funny (or sad, depending on how you very tons of tax dollars wasted) is that the whole child porn things is a red herring as well, at least according to a friend that works at the state crime lab in charge of dealing with the child porn busts (he keeps trying to recruit me, but there ain't enough brain bleach to take THAT job) as according to him all they bust on the net are social retards that frankly haven't touched anyone but themselves and are wanking off to the same old shit that has been floating around since the days of BBS.

      So what do the actual child molesters, the sick bastards you really want to catch to actually save and protect kids use? Why its USPS that's right, the fucking mail. They only use the net long enough to set up a few contacts (which according to my friend they have set up the "entrance fee" in a way no cop will be able to pass, like abuse a kid in the manner they describe with an object they tell you to get and you only have X number of days to provide the video) and from them on its encrypted DVDs and mail drops all the way. if they don't receive word from a contact in X number of time they consider that link dead and move on, no trails.

      He said all the cops KNOW about it, thanks to an ex cop they busted that had tons of the stuff unencrypted on his drive. Of course knowing and being able to do shit are two different things, we are talking DVDs with 2048 bit encryption, drives set up with Truecrypt inside Truecrypt, drive wiping on X number of wrong login attempts, pretty slick stuff.

      But he said the only thing they get on the net anymore is the Chris Hansen total morons and a whole shitload of social retards that have literally mountains of DVDs full of Internet porn and have watched so damned much porn they can't even get a hard on to anything but the sickest shit. According to him the feds care about stuff like Tor because they figure your "hillbilly homegrown terrorist type" would probably use it, but figure any seriously hardcore bunch is probably using what the CP guys use.

      Personally I think its a shame so much taxpayer money is wasted on catching the social retards and the Chris Hansen morons instead of trying to set up global networks to track down and bust the ones actually raping kids, but the politicians like seeing big numbers so there you go. I don't see how the guy does it myself, having to sit 8 hours a day and look at that shit? Not enough brain bleach in the world to take that job, and I sure as hell couldn't be all calm and shit when testifying against some guy who had actually raped his 6 year old and filmed it like my friend had to do last year, personally my urge to beat the shit out of him would be too great.

      But if you run a Tor exit node or Freenet on a home connection you're bug fucking nuts, as the cops SOP is to kick down your door, charge you based on the IP logs, haul away ALL your shit, which you may or may not get back three to four years from now when they get around to it, that is if it doesn't get lost, and meanwhile the papers have already run your name as "suspected kiddie fiddler" so everyone thinks your a monster. In this red scare climate when it comes to CP you'd have to be insane to touch that software, at least if you live in the USA. Maybe things are saner in Europe, I don't know.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    4. Re:Never 100% safe by Americium · · Score: 2

      Drive around until you find an open Wifi signal. 100% untraceable back to you.

  4. Re:Better not to be a tor exit node.... by 0100010001010011 · · Score: 2

    hello.jpg EXIT! DO NOT CLICK.

    Hopefully this does more help than a mod down.

  5. Re:Better not to be a tor exit node.... by GameboyRMH · · Score: 2

    Ohoho, nice try, but you won't goatse me today! ;)

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  6. integrate Tor and Incognito Mode? by Speare · · Score: 2

    I'd like to see better integration with Tor and Chrome's Incognito Mode. Normal plain-jane internet route for all my apps, but route all incognito traffic through Tor. Otherwise, I find it a pain in the rear (not to mention more error prone) to keep toggling OSX between "performance mode" and "tinfoil hat mode." Doesn't really matter what I'm viewing in tinfoil hat mode, I just would rather have the same kind of barriers on my local cookie/history storage as I have out in the world.

    --
    [ .sig file not found ]
  7. Re:Better not to be a tor exit node.... by Tolkien · · Score: 2

    Oh geez. I replied without clicking the link. It's a goatse. Don't go.

    --
    how is babby formed?
  8. Re:One word by SuricouRaven · · Score: 4, Interesting

    Massive, massive overhead. Also, only any use for private communications where both parties have already exchanged some form of key.

  9. Re:One word by Locke2005 · · Score: 4, Interesting

    Correct on both counts. But any system that allows new people to join in without being referred by a trusted party invites participation by government infiltrators. Consider key exchange as a form of formal introduction, like a fraternity handshake.

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  10. Re:One word by SuricouRaven · · Score: 2

    Depends on your aim. Freenet is one of the more prominant projects in this area, and it's designed for anonymous publication - that is, you don't mind the government seeing it so long as everyone else can, and it can't be traced to the source. Great for spreading videos of government abuse of power, leaked documents, counterpropaganda, surpressed books, etc. Anything you want everyone to see, but can't risk being identified as a distributor for. There is no invite needed, and yet finding the source of a document is very close to impossible baring some form of user error.

    Not that user error is hard to induce. It's quite possible to say, send someone a link to a non-existant news article on a government-controlled server. They get the link, follow the link, find nothing there... and then all the attacker need do is grep the logs, because the one person who accessed that particular fake address must be the one it was sent to.

  11. One Bad Apple by value_added · · Score: 2

    Recently discussed on Bruce Schneier's blog ("Identifying Tor Users Through Insecure Applications"):

    http://www.schneier.com/blog/archives/2011/03/identifying_tor.html

  12. Re:oblig. by ilsaloving · · Score: 2

    Only because the criminals didn't protect the pigeon's identity by having them wear masks and spandex tights during their flight.