Slashdot Mirror
Tor Network Used To Command Skynet Botnet
angry tapir writes "Security researchers have identified a botnet controlled by its creators over the Tor anonymity network. It's likely that other botnet operators will adopt this approach, according to the team from vulnerability assessment and penetration testing firm Rapid7. The botnet is called Skynet and can be used to launch DDoS (distributed denial-of-service) attacks, generate Bitcoins — a type of virtual currency — using the processing power of graphics cards installed in infected computers, download and execute arbitrary files or steal login credentials for websites, including online banking ones. However, what really makes this botnet stand out is that its command and control (C&C) servers are only accessible from within the Tor anonymity network using the Tor Hidden Service protocol."
That's the cost of sane privacy controls -- sometimes it can be used for bad purposes. Society should be looking inwards at the cause of this. Spying on people, tracking their every movement, and abusing the legal systems of countries created a need (and a demand) for a type of security system that would protect you to the n-th degree. Now we've got a solution and it will be abused. What needs to happen is companies that make software need to invest into security and response. We're never going to stop the threat, but we can minimize the damage and downtime.
A perfect opportunity to continue their campaign on the evils of anonymity and tools that enable it.
Been done. So what? Plenty of botnets don't and the people controlling them haven't been --and will not be-- apprehended.
I'm getting so tired of "security researchers" using every little tidbit they can find to PUBLISH MORE PRESS RELEASES. Gah.
Why is this such a surprise? If anyone wants to hide a server/service behind the cloak of anonymity, then yes, a tor hidden service is the way to do it. People do it for good reasons (eg. journalists under threat of death for publishing accounts of gov't actions) and nefarious reasons (silk road comes to mind). Hell, even Yelp blocks access from tor nodes b/c (they say) a large majority of bot traffic comes from the tor network. Is this really the first time a botnet has used tor, or is this the first time a botnet has been caught?
Next thing you know, they'll say the bad guys and terrorists use VPN to access the internet.
sysadmins and parents of newborns get the same amount of sleep.
DoS attack against the ToR hidden service; from inside the ToR network.
There's a lot of good that Tor provides for keeping channels of free speech open in oppressive countries. But this seems to be setting a trend of mis-use... and how long will it be before Tor's primary traffic is Cracker?
This is just the bot net people being lazy and taking the easy approach. It's already been shown you can design decentralized networks that require no "bootstrap" information like DNS in order to find other nodes and communicate. But it is beyond the abilities of these low-level social miscreants to create, so they're piggybacking on a network that they think can hide their malicious activity. Tor only anonymizes the source of the data; Anything between the exit node and destination is sent in the clear and likely they've made some mistake that'll allow it to be blockable.
Of course, this is exactly what the oppressive governments of the world (and those who oppress by claiming they're "liberating" others), have been looking for to shut down the Tor network. You can expect more attempts at legislating it away to come soon. Fundamentally though it doesn't solve the problem, which is that the criminal underworld has figured out how to do what industrialists figured out 50 years ago: If you take just a little from a lot of people, you can get very rich, and those people won't fight back because the cost of retaliation is higher than the loss. As a result, people everywhere are being nickel and dimed to death.
Botnets are simply the illegal mirror counterpart to the legal crime of draining pensions and unethical banking to turn a profit: Harm many only a little, and you too can be rich.
#fuckbeta #iamslashdot #dicemustdie
can it launch missiles?
and if it does you better hope the guys don't trun there keys
Citizen encryption has so tremendous potential that we can't allow goverments and criminals to be the only ones using it. We really need to start pushing encryption into the masses.
But... the future refused to change.
From the little I've read, it seems that they use a distributed host of volunteer servers to run the TOR network, so it might not be that easy to 'shut-down' the entire network (lack of centralized host) - If I'm wrong, I'd love to know why.
My concern is that they will make TOR access illegal. Clearly, we can't count on Google/Microsoft/Amazon/Apple/Facebook/Big-Biz to raise a finger - they prey off identifying and targeting customers. Privacy and anonymity must hurt their bottom line. So unlike SOPA/PIPA, I doubt that any major group will oppose a new law against this. And most people won't care - hell, if Wikipedia didn't have a blackout, I doubt SOPA would have got any news time on a 'major' news network at all.
Is there a way to detect TOR access uniquely? Or does the encryption make it look like any VPN/secure connection? I recollect reading about a method that could identify IP address accessing TOR (don't remember the details), I'm not sure if that hole was plugged (or if it can be plugged).
There have been bot nets that have used Bittorrent DHT too, so should we shut that down as well?
"One feature of the Skynet botnet is that each infected machine becomes a Tor relay, which ironically makes the network larger and able to sustain the load, he said."
Benefit.
Feature Request: Artificial intelligence is still pretty retarded. If we want Skynet to raise the machines, Skynet is going to need a little bit of human assistance. The organism needs a sustainable means of proliferation to prevent extinction as vulnerable systems get patched.
and eat it too. You accept that a non-censored internet necessarily means illegal usage of it, but you don't want to read about any of the illegal use. Contortionist, you are.
DoS attack against the ToR hidden service; from inside the ToR network.
Cute idea, but it won't work. TOR hides things really well, and even if you managed to find one server, the admins could easily start another instance of its software on another machine.
The old tautology, "if you outlaws firearms, only outlaws will have firearms" applies to Tor. (In fact, I'd go as far as to argue that many cryptographic mechanisms are covered by the second amendment, especially if you consider cryptography's military purpose, and that some ciphers have been regulated by the DOD as munitions. They cover the same role in protecting your property, identity and reputation from aggression, and as the "well regulated militia" clause demands, pseudonymous discussions are necessary tools to help people discuss political matters.)
The simple truth is you can shut down all the law-abiding people with Tor nodes, and the botnet creators will just run Tor nodes on their network. It would be absolutely trivial for botnet owners to get together and set up huge Tor networks and put access up for pay on the black market.
and even if you managed to find one server,
That's why he said from inside the TOR network.
If you wanted to dos the tor network, all you would need to do is set up a p2p connection within tor and let it run. Pretty common knowledge.
Get b&, creep.
Hydraulic pizza oven!! Guided missile! Herring sandwich! Styrofoam! Jayne Mansfield! Aluminum siding! Borax!
Tor's bandwidth and latency are sufficiently abysmal that it acts as a throttle. Overwhelming a number of servers via the Tor network would probably be not much easier than overwhelming the entire Tor network.
...only outlaws will use Tor.
Seriously, how long many days after a pretense like this will it take for governments to seize on this as a reason for government monitoring of the internet even in "free" countries in the name of "crime fighting"?
Heck, if the US wasn't a.) hung up on this fiscal cliff thing and b.) about to swear in a new congress in January, I'd have expected hearings this week...
Bitcoins are a virtual currency? Oh, please do tell! Thank you for letting slashdot know..this is the first we've heard of it!
http://xkcd.com/504/
Tor's bandwidth and latency are sufficiently abysmal that it acts as a throttle.
What happens when you have 10,000,000 government operated Tor nodes designed for the sole purpose of DoS'ing one hidden service?
The limited bandwidth and latency of ToR services should help, not hurt a DoS attack against the service itself....
Tor Network Used To Command Skynet Botnet
or
TCP/IP Used To Command Skynet Botnet
or
Phone Copper Used To Command Skynet Botnet
or
Computer Used To Command Skynet Botnet
Tor is suitable for this, because it is very slow. Human operators have limited patience to get through extreme slowness of access to their Jihad blogs and favorite torrent directories, but bots have unlimited patience.
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
If you have that many tor routers, chances are you have access to enough information to perform packet timing based searches for the machine hosting the hidden service, which, in my opinion is a much less destructive and less wasteful use of one's resources. I also suspect you would only need a much more reasonable number (maybe 10k-100k) of servers.
It's a LOT older than TOR, & had CIA involvement:
http://en.wikipedia.org/wiki/TriangleBoy
* So, thus - What's going on with TOR? Nothing new really... same old, SAME OLD!
APK
P.S.=> Yes, people... the more things change, the MORE THEY STAY THE SAME!
(For tools that "go both ways" to the GOOD, & to the BAD (purely relative terms of course, depends on who's doing the judging) always get misused for nefarious reprehensible purposes)...
... apk
DUQU ROOTKIT/BOTNET BEING SERVED FROM LINUX SERVERS:
http://it.slashdot.org/story/11/11/30/1610228/duqu-attackers-managed-to-wipe-cc-servers
APK
P.S.=> Very foolish statement from you, but you were trolling of course (not that THAT "makes it ok") - after all:
ANDROID shows you Linux folks a "portent of things to come" IF/WHEN you ever have your "year of Linux on the desktop" - because ANDROID's getting attacked left & right the past 1/2 decade or so now!
It's in the news, almost everyday in fact!
(So, IF you penguins EVER have the MAJORITY of marketshare/usershare? I don't think you're going to be as prepared for it as you seem to think @ least - the most used = the most attacked)...
... apk
As a professional that has seen first hand the incompetence of corporate America I say let them have it with both barrels! LOL These guys have way too many clowns and politicians that have no clue. They find ways to not hire the smart people and get rid of the techies in favor of ass kissers. So I have no sympathy for the ones that have rootkits and intruders actively on the internal network. If they would have practiced safe computer science standards and allowed the IT department to work as a technology team you would not have the issues you have today.
You think the PHB from Dilbert is a joke, no way! I have seen it and all the minorities that are in there to satisfy a quota.... You have to be kidding me. I am glad this is not war and I have to worry about getting killed by the idiots in the department.