Cybercrooks Increasingly Use Tor Network To Control Botnets

alphadogg writes "Malware writers are increasingly considering the Tor anonymity network as an option for hiding the real location of their command-and-control servers, according to researchers from security firm ESET. The researchers recently came across two botnet-type malware programs that use C&C servers operating as Tor 'hidden services.' The Tor Hidden Service protocol allows users to set up services — usually Web servers — that can only be accessed from within the Tor network through a random-looking hostname that ends in the .onion pseudo domain extension. The traffic between a Tor client and a Tor hidden service is encrypted and is randomly routed through a series of computers participating in the network and acting as relays."

I guess I don't know how these things work

[beschra]

Why haven't they been doing this for a long time already?

Re:I guess I don't know how these things work

[houstonbofh]

No need... Cheap server hosting with little tracking was plentiful. Now, not so much... You see, as they develop new methods, lots of people study and find ways to defeat those methods. So in a small ammount of time, there will be many hackers finding a way to shatter annonomity in TOR. The NSA could not have planned it better.

Re:I guess I don't know how these things work

Because many of them are idiotic script kiddies who don't know the first thing about security?

Re:I guess I don't know how these things work

[stewsters]

Its pretty easy to take away the anonymity of tor if you could hypothetically record all traffic to and from each computer in the network. You can then see Alice send the message to Carlos who then forwarded it to Bob. Luckily in the US no one is recording every encrypted message you send... oh shit.

The only way to protect yourself would to use garlic routing and make sure you send a lot of traffic. Turn your bandwidth up. To improve this, you need to create a widely used sharing client for your network to get as many others to create decoy traffic as you can.

Re:I guess I don't know how these things work

[houstonbofh]

Its pretty easy to take away the anonymity of tor if you could hypothetically record all traffic to and from each computer in the network. You can then see Alice send the message to Carlos who then forwarded it to Bob. Luckily in the US no one is recording every encrypted message you send... oh shit.

Next time you are on TOR look and see where your exit node is. Surprisingly often is it Virginia... Hmm... Is my tinfoil hat on tight?

Re:I guess I don't know how these things work

[Immerman]

And then hackers on the other side find a way to make a more shatterproof alternative, which could really suck for the NSA. After all IIRC Tor is a closed-source NAVY project so it can be reasonably assumed that it includes a military-controlled backdoor, and if the NSA doesn't already have the keys I'm betting they could get them pretty quickly if they wanted them, whether via official channels, blackmail, or other maneuverings.

Re:I guess I don't know how these things work

[blueg3]

You can only do this if the Tor traffic rate is fairly low or through fairly sophisticated correlated-timing attacks. Each layer of indirection wraps the TCP stream in a layer of encryption, so you cannot, in fact, see the same message transit between nodes in a Tor network.

Re:I guess I don't know how these things work

[Jane+Q.+Public]

"Its pretty easy to take away the anonymity of tor if you could hypothetically record all traffic to and from each computer in the network. "

Tor was specifically designed to prevent exactly that.

The vulnerability of Tor is in its exit nodes (where Tor routing ends, and regular internet routing resumes). A third party can snarf all the traffic through an exit router, and (if that traffic is from one person), they might as well have a tap at that person's ISP.

The difficulty, of course, is that there is no way to tell in advance via which exit router your traffic will exit. So the government's scheme is to monitor as many exit nodes as possible.

There are two ways to make this more difficult for them: hiding and switching.

Hiding means increasing the number of Tor exit nodes (preferably vastly increasing it), as well as turning them on and off at random times (I don't mean every few minutes, but more like in blocks of 4-8 hours or so). This makes it more difficult to track traffic through any given exit node. Note, however, that in order for Tor to work effectively while turning nodes on and off like that, it would definitely need many more exit nodes. Hell, it needs lots more anyway.

By "switching", I mean sending all your HTTP requests via multiple connections through different Tor routes. Because of the wait times to re-align packets, this is not necessarily significantly faster over Tor (as it is when using multiple connections for downloads, as some browsers do), but that is possible. It would mean that only some of your packets are exiting via any given Tor exit node, making tracing your activities much harder.

Re:I guess I don't know how these things work

[Electricity+Likes+Me]

Tor isn't closed source.

The more pertinent issue is that Tor exit nodes are under no obligations to allow certain types of traffic to exit. So it's perfectly possible to block known malware data. Though not much you could do about Tor running as the malware, but in that regard scanning for unintended Tor processes would be a pretty good red flag.

Re:I guess I don't know how these things work

[icebike]

Its pretty easy to take away the anonymity of tor if you could hypothetically record all traffic to and from each computer in the network. You can then see Alice send the message to Carlos who then forwarded it to Bob. Luckily in the US no one is recording every encrypted message you send... oh shit..

One has to wonder if this story isn't simply a trial balloon for a world wide campaign against TOR. Get some Slovakian "security researcher" company (that goes out of its way to avoid telling you anything about itself on its website) to publicly worry about TOR, and induce a few press articles. Pretty soon, the government can step in and "protect us" from the evil TOR.

Re:I guess I don't know how these things work

You are right, they wont see the same message.

By analyzing size and frequency of requests you can tell what kind of activity is going on. I have seen this technique used against ssh to profile what they were sending through the connection. A terminal session looks much different than a git checkout, which looks different than file downloads, which look different than file uploads.

If they repeatedly see Alice send Carlos a message that is X bytes in length, and Carlos sends a different message of a similar length to Bob, you can have a reasonable certainty that Alice has sent Bob a message. The headers and the encryption might change the length a little, but I would hazard a guess that it doesn't change enough to hide it.

The solution I provided above ("garlic routing") solved this by using other people's messages to pad out the length. You could also add a nonce and make all packets the same size, and schedule it so everyone sends garbage packets randomly if they aren't actually using the connection, but that wastes even more bandwidth.

Re: I guess I don't know how these things work

[yahwotqa]

ESET is actually a somewhat well-known company in malwar protection business, at least in Europe. Still, you might be onto something...

Re:I guess I don't know how these things work

[lister+king+of+smeg]

mine has never popped up in Virginia, it usually pops out in some eastern block country when i use it or japan a couple of time in California.

Re:I guess I don't know how these things work

[CastrTroy]

Yeah, but botnets are often controlled with common protocols like HTTP and IRC, because they are simple, and the code already exists, so they don't have to write their own protocols from scratch. So it may not really be that easy to determine if traffic is botnet contol codes or just a regular browser requesting a web page.

Re:I guess I don't know how these things work

You might be surprised how sophisticated those in it for money can be. In Eastern European countries they are often just another division of the traditional mafia.

Re:I guess I don't know how these things work

[tacokill]

The vulnerability of Tor is in its exit nodes
This is true only if you intended target is on the regular internet and not within Tor itself. The article speaks to hidden services within Tor so exit nodes don't even come into play.

There are plenty of hidden services inside the Tor network that are far worse than botnet C&Cs and those have been going on for years now. Methinks if there was a way to shutdown bad stuff on Tor, you'd have already heard about it.

Re: I guess I don't know how these things work

Why bother with a fake security researcher when you can just write the malware and let legitimate security researchers do the work?

Re:I guess I don't know how these things work

[hairyfeet]

While this is true talking to a friend in the state police I frankly wouldn't be comfortable running a tor node or a freenet server as frankly the idea of it really hasn't been tested in a court of law and with the fucked up way many of the CP laws are written you could be looking at decades in PMITA prison if the courts rule against you, awful lot to risk just to be the test case.

The way it was explained to me was like this...If I hand you a safe and tell you to deliver it, even if you don't have the key, and you willingly deliver it without bothering to find out what is inside and the cops stop you and find the safe full of CP? They can bust YOU for transportation and facilitation, even though you didn't have access to it yourself. According to my friend at the crime lab nobody really knows if the same will apply to Tor and Freenet and the like simply because no court has laid down what does and doesn't apply and how vaguely a lot of these CP laws are written leaves some of the cops saying yes, some saying no, the courts are really gonna have to chime in to get the laws defined as to what and what doesn't count as transportation and facilitation.

So considering how truly insane the amount of time you can get for getting convicted of anything to do with CP I'd be seriously wary of touching this stuff until the courts stick their 2c in, i don't know about you but i don't have a couple of hundred thou to spend in lawyer fees to fight it, not to mention you can give up working while its going on as nobody wants a pervo working for them. Most of the guys here forget that the laws really haven't caught up with the tech and this is one of those grey areas where the courts haven't laid down a precedent and without one you are literally risking the rest of your life behind bars, that is a hell of a thing to risk just to support Tor or Freenet.

Re:I guess I don't know how these things work

[lennier]

Its pretty easy to take away the anonymity of tor if you could hypothetically record all traffic to and from each computer in the network. You can then see Alice send the message to Carlos who then forwarded it to Bob. Luckily in the US no one is recording every encrypted message you send... oh shit.

Ding!

I bet that's exactly what the NSA is doing. And suddenly you've shown me a real legitimate use case for their heavy-hammer total interception approach. The real hardened high-value nasties are in the Tor streams; crack those and it might be worthwhile dragnetting everyone else as collateral.

Which, crap. I was not wanting to see it like that, but that makes a whole lot of sense from a certain point of view.

Re:I guess I don't know how these things work

[Aryeh+Goretsky]

Hello,

I guess you didn't look very closely at ESET's web site:

About Page - http://www.eset.com/us/about/profile/overview/

Contact Page - http://www.eset.com/us/about/contact/

According to their page on Wikipedia, they have over 800 employees: https://en.wikipedia.org/wiki/ESET

Hardly obscure, and as for the U.S. government listening to them, they'd have to get in line far, far behind Symantec, McAfee, Trend, etc.

Regards,

Aryeh Goretsky

Re:I guess I don't know how these things work

[Jane+Q.+Public]

"The article speaks to hidden services within Tor so exit nodes don't even come into play. "

YES, BUT...

I was replying to GP, and GP's comment was NOT about the hidden services within Tor. It was about tracking traffic within Tor.

My point was that it is not at this time possible to track traffic within Tor. (Unless of course you are monitoring each individual hop and that is impractical at best.) If you want to track Tor traffic, you have to do it at the exit nodes.

Re:I guess I don't know how these things work

[tacokill]

we are saying the same thing

Re:I guess I don't know how these things work

Erm, you're implying one could snail-mail some CP and then bust the postal/courier service? I am dubious of this.

shocking

[schneidafunk]

In other news, bank robbers are increasingly wearing masks.

Re:shocking

I've always said the best way to rob a bank would be a spray tan, fauxhawk wig, and fake tattoos.

IT WAS THE GUIDO! /really a nerd

Re:shocking

[robot256]

First thing the police would do is see if they could identify the same person buying spray tan, fauxhawk wig, and fake tattoos in the last month...

Re:shocking

The best way to rob a bank is... owning one !

so true, and so wrong, that is not funny :-\

Re:shocking

[fustakrakich]

Yes, and the chosen solution will be to outlaw masks. And we all know that bank robbers will balk at violating that law. But most of today's biggest bank robbers are wearing suits. They are even so brazen to keep an office in that bank with their name on the door!

Re:shocking

That assumes they knew it was disguise. And that the pieces were bought together.

Re:shocking

That assumes that you can't procure such things on the black market.

Re:shocking

I bought mine 20 years ago.

at a gas station in fargo.

traded a dog for the items.

Re:shocking

[lgw]

I bought mine 20 years ago.

at a gas station in fargo.

traded a dog for the items.

The dog had an embedded tracking chip.

It has been kept in cryogenic stasis, per the secret "freeze dogs traded for disguises or the communists win" law of 1954.

The dog remembers you and your scent, and will provide positive ID.

Re:shocking

[lxs]

Who I call for black market spray-tan? Do I ask for Mr. Brown?
Can I live in your reality for a while?

Re:shocking

It worked in France, didn't it?

Re:shocking

[fustakrakich]

What, robbing banks from the inside? I suppose it works everywhere.

To be expected

Perfect anonymity is always a goal for hackers

Re:To be expected

[icebike]

Perfect anonymity is always a goal for hackers

NSA guy hiding as AC these days? Sheesh, how far you've sunken.

Glorious Leader Obummer

Fear not Citizen. Glorious Leader Obummer will ban Tor and encryption so that the terrorists can never hurt you again. We now return you back to your regularly scheduled programming: American Idol.

Re:Glorious Leader Obummer

[MrEricSir]

Nah, I'm sure DARPA considered this possibility before deciding to fund Tor.

Cool.

[magic+maverick+]

Of course, you shouldn't blame Tor for this. I'm sure Freenet could equally be used, but Tor is just easy. Instead, blame the OS manufactures, and the owners of the bot-ridden machines. Seriously. It's your fault if you don't know enough about your car that you ignore the oil light and it seizes up on a highway. And it's your fault if your machine is turned into a cog of part of a greater machine, bending to the whims of some "hacker".

Maybe it's time to bring back computers with the OS stored in ROM, so that is is reset to a clean state every time the computer is restarted.

Re:Cool.

[houstonbofh]

Maybe it's time to bring back computers with the OS stored in ROM, so that is is reset to a clean state every time the computer is restarted.

But how do you safely burn the rom every 4th Tuesday?

Re:Cool.

[ADRA]

Yes, we often blame the victims for crimes, because they're dumb.

Re:Cool.

[houstonbofh]

Victims passing out in alleys in high crime areas with a Rolex on the wrist? Yes.

Victims leaving boxes of expensive electronics in the back seat at the mall over the hollidays? Yes.
Blame the criminal as well, but take precautions. For example, leaving the keys in your car or leaving your car running, is a crime in several staes. When it is stolen, you get a fine, and insurance may not pay out.

Re:Cool.

[girlintraining]

Of course, you shouldn't blame Tor for this. I'm sure Freenet could equally be used, but Tor is just easy. Instead, blame the OS manufactures, and the owners of the bot-ridden machines.

Actually, you could use magnet links, or any one of a dozen peer to peer services, embedded commands in images on Facebook... the list goes on. The vulnerability isn't Tor, it's the fact that the entire internet is a giant peer to peer network. And Tor wouldn't be in such wide use if not for (wait for it) Governments dumping mass amounts of money into spying on people. And the more they do that, the more people who legitimately just want privacy to do ordinary and perfectly reasonable things are turning to these technologies. It's like how the war on ________ has ensnared innocent people who just want their _______, but because the government had a shit fit, they have to engage in business transactions with criminals instead of proper business people. We've been making this mistake since the 1800s and the Prohibition -- and don't worry, it's not just the United States. It's pretty much all the governments of the world contributing to this problem.

Now, as far as blaming the user... considering some of these exploits consist of "visit a webpage" to get infected, I don't think that's a valid position to hold. Users need to be responsible for their computers, sure, but we cannot expect them to have deep knowledge of the inner workings of a computer. Computers, unlike cars, don't have oil lights that come on when it's low on the secret sauce that prevents malware. And your computer, unlike a car, can very well seize up on the (information) highway for no good reason. So your car analogy, while a noble attempt to continue the tradition here on Slashdot, is busted.

Re:Cool.

[Kazoo+the+Clown]

If the NSA wasn't sitting on OS bugs because they want back doors, instead of reporting them, there probably wouldn't be so many infected machines to run as botnets.

Re:Cool.

[John+Bokma]

Maybe it's time to bring back computers with the OS stored in ROM, so that is is reset to a clean state every time the computer is restarted.

Yeah, that worked very well for RISC OS, right? Or were you one of its users who actually believed that it was virus-free?

Re:Cool.

Because of their shoddy security, Microsoft cars get stolen and used in crime a lot. But they come free when you buy a garage, so everyone drives them.
It recently surfaced that the NSA has hidden cameras installed at all intersections. Tinfoil-hat types had known this for a long time and they have been in the habit of putting Tor tape on their windshields which the cameras can't see through (Tor tape also protects against the NSA devices built into the ground on parking lots that take a scent sample whenever someone enters or exits their car).

In a press release today, the ESET corporation announced it had found evidence that criminals now use Tor tape to evade law enforcement. ESET is a leading manufacturer of steering wheel clubs.

Senator Cree Pass (R) who is known to have ties to the NSA called Tor tape "a threat to our freedom and national security" and announced plans to ban the product, citing its use by criminals and terrorists.

Re:Cool.

[MMC+Monster]

And it's your fault if your machine is turned into a cog of part of a greater machine, bending to the whims of some "hacker".

Actually, that sounds pretty cool. Like there's a higher purpose in my computer's existence.

And aren't we all just cogs in the greatest machine there is, creation?

Re:Cool.

[rossjudson]

If someone hacks into your car through the always-on wireless interface (that's so popular with new cars these days) and fires a command at your anti-lock brakes, is that *your* fault, as a driver?

Exactly when does an owned box "turn on the oil light" and let the user know they should fix it?

Re:Cool.

[Splab]

I'll be sure to check the malware light and virus light when I start my computer...

Re:Cool.

[lister+king+of+smeg]

we live ins computer controled civilization willful ignorance of how to use them is a major problem.
car ananlogy

We expect people who own a car to be trained to drive it, and part of the training is basic maintenance and knowledge of how it works. people know how to change out spark plugs and add fluids swap light bulbs put in new filters change a tire etc.

but with computers they don't bother to learn the don't want to learn and the actively avoid training. they don't want lo learn how to secure their computer the don't want know any of it they want to just click the magic box and have it do things for them. that is bad

Re:Cool.

[Threni]

This, but without the sarcasm.

Like the policemen talking about the woman who drink 20 gin and tonics and claimed she'd been spiked with rohypnol. What were you doing drinking 20 alcoholic drinks? Which one do you think was spiked?

Re:Cool.

Please, please, please stop blaming users for this. Blame the people who build the systems. Do you blame the driver when a Ford Pinto explodes? (Car metaphor fist-pump, fuck yeah!)

Re:Cool.

[Pubstar]

I blame them for having no taste and buying a Pinto.

Re:Cool.

[eennaarbrak]

Instead, blame the OS manufactures, and the owners of the bot-ridden machines. Seriously. It's your fault if you don't know enough about your car that you ignore the oil light and it seizes up on a highway.

Well, if an idiot ignores his oil light and ends up stranded on the highway, that is generally his problem. If an idiot allows a bot to run on his server, that becomes everybody's problem.

next stage ban tor

how many times do we have to see this staged before enough people rise up to stop it?

Or is it only going to be when they try try to take Americas got talent?

Well, so much for Tor.

[kheldan]

As if the powers-that-be weren't already looking for excuses to criminalize Tor, shut it down, and arrest people involved with it, now it's a certainty. Between overtly oppresive governments wishing to further tighten their grip on their citizens, and the U.S. and other Western countries wanting to destroy every notion of privacy for it's citizens and spying on everyone, this is just the excuse they all need to start black-bagging Tor operators and users. Thanks so much, assholes, for further ruining the world for everyone.

Re:Well, so much for Tor.

If the NSA wanted to kill Tor, they would stop funding it.

This activity is not enabled by Tor. Criminals controlling lots of computers can make their own anonimizing proxy out of compromised computers, or use some other comparable service. Tor is simply easier to use, and legal, so it benefits those who follow the law.

This just in: bribes use to control police and politicians: the powers-that-be are looking to outlaw money (and the internet, and guns, and cars, and fertilizer...)

Re:Well, so much for Tor.

[Desler]

You do realize that in 2012, 80% of the Tor Project's funding was from the US Government, right? If they wanted to kill it they need to do nothing more than defund it.

Re:Well, so much for Tor.

A famous quote.

"The more you tighten your grip, the more star systems will slip through your fingers.

Re:Well, so much for Tor.

[icebike]

You do realize that in 2012, 80% of the Tor Project's funding was from the US Government, right? If they wanted to kill it they need to do nothing more than defund it.

Originally conceived to allow un-censored access for people behind state sponsored firewalls, it has now become just another microphone bugging the net. All good things in Washington become corrupted.

Just today there is a story on how companies are forced to turn SSL keys. http://news.cnet.com/8301-13578_3-57595202-38/feds-put-heat-on-web-firms-for-master-encryption-keys/

And in spite of their posturing, your representatives rolled over once again just yesterday.

Re:Well, so much for Tor.

[Seumas]

Did Tor ever get any better? I tried using it many (ten?) years ago and while I appreciated the concept, it was miserable in practice. It literally took minutes for a page of text to load or for a single little button icon to load. I don't think I ever let an entire page load before I just finally gave up and uninstalled it.

Re:Well, so much for Tor.

[meta-monkey]

That's an expensive honeypot.

Re:Well, so much for Tor.

[tacokill]

I don't mean to point out the obvious but what makes you think the entity who created Tor (US Armed Forces, Navy) wants to shut it down?

Or did you not realize that part of Tor's funding comes from the US government itself?

Anonymity and you

[intermodal]

Anonymity is a powerful force. In both directions. The anonymous writings of the late 18th century were every bit as powerful as a masked bandit.

I, for one, do not consider the risk of Tor to be greater than the benefit.

Re:Anonymity and you

[icebike]

As long as you realize its fully compromised by the NSA, you are probably correct.

Re:Anonymity and you

[lgw]

I see you didn't get the memo and are still wearing a tinfoil hat. HAARP is all a distraction, the real government mind control machines are underground. Only tinfoil shoes can help you - the hat just reflects and doubles the effect, which is why the government started the rumors in the first place!

Re:Anonymity and you

[intermodal]

I never doubted that it was likely compromised. I'd just rather see it exist than not.

What is wrong with being anonymous?

There is nothing wrong with anonymity. The totalitarianists and fascists want you to believe your a terrorist if your anonymous. Seriously, why are you so scared of mankind?

Re:What is wrong with being anonymous?

Clearly you're a pedo.

Re:What is wrong with being anonymous?

[Desler]

And a terrorist pedo at that.

Re:What is wrong with being anonymous?

[meta-monkey]

I believe the pejorative you're looking for is "secret muslim terrorist pedo communist."

Re:What is wrong with being anonymous?

[lgw]

The main use of TOR seems to be buying drugs. Clearly he's a drug-dealer terrorist pedo! And a hacker.

Back when /. was young and dinosaurs walked the earth, some pundit predicted the "four horsemen of the internet apocalypse": terrorists, pedos, drug dealers, and hackers. Every freedom the internet provided would be removed over time because for each freedom the public could be sufficiently scared by one of the four horsemen.

Sadly that was overly optimistic, having underestimated the power of the copyright lobby.

Re:What is wrong with being anonymous?

Fear not Citizen!

I will protect you against these Tor users, or Torrorists as I would call them! Help me succeed in the fight against Torror and help me keep my jo- er... continue my service for the public! All we need are your contributions!

What if

the NSA already has access to roughly 50% of all the Tor nodes traffic ?

We should all be using Tor by default and deploying nodes as much as we can.

Before I flame

[ADRA]

I have a suggestion instead. Build a tor like tool but mandate personal key exchange between known parties. This would strengthen the security of the service, and it would be possible to segment bad actors from people seeking true anonymity. If I welcome job drug dealer to my networks (say by monitoring edge transactions) I may decide to pull my permission for some key's nodes to connect to mine. Problems solved and we can burn out the pedo's, criminals, and all those nasty folks who's agenda's I disagree with.

Re:Before I flame

[houstonbofh]

Check out Retroshare. It does exactly this. http://retroshare.sourceforge.net/

A quick article about it. http://www.linuxadvocates.com/2013/06/retroshare-for-paranoid-in-you.html

Re:Before I flame

all those nasty folks who's agenda's I disagree with.

Ay, there's the rub.

Tor is for terrorists

Remember, Citizen, the mere act of using Tor is reason enough to suggest that you could be doing something illegal which gives the police probable cause to send in a SWAT team. Anyone using Tor is a potential terrorist or paedophile otherwise they wouldn't have anything to hide. Welcome to the no-fly list.

Re:Tor is for terrorists

[Desler]

Then the US government better stop being the source of 80% of the project's funding.

Re:Tor is for terrorists

[fredrated]

Tor is for torrorists.

Re:Tor is for terrorists

Of course they fund it. It's a honey pot to catch the bad guys.

At least there's one benefit...

[Gman2725]

I wondered why browsing over Tor had been getting so much faster lately. I guess these guys have at least some of their slaves set up as relays, in effect adding capacity to the network. Honestly not sure if I'm joking though because it almost makes sense.

Alarmist journalism

[joeflies]

The article found two examples of using Tor, and had already identified one from the past. That's the justification for the "increasingly using Tor" headline? Then again, I'm surprised that they didn't run with a headline of "Malware using Tor Doubled!"

Re:Alarmist journalism

> That's the justification for the "increasingly using Tor" headline?

You see, Tor didnt exist 20 years ago... therefore it's use has increased since then.

Re:Alarmist journalism

Tor is heading for the label of a terrorist and criminal tool. There will probably be a media frenzy within 3 years, there will certainly be plenty of news coverage stating Tor is used by pedophiles after a clueless minority of politicians try to surf the news making a name for themselves (or indirectly the corporations that have been funding their campaigns).

People running Tor nodes are already killing them thanks to unwarranted government monitoring and the fear they'll end up on a dodgy watch-list.

Add to this the push for government sensoring^W filtering already happening in some countries and starting to be pushed by a number of western (first world) countries, the Internet as we know it will probably be gone by the time today's kids start work.

Turn about

Government goons illegally shut down valid communications via DNS and ISP's so if Anonymous decides to respond using similar tactics, it's fair play.

NSA still funding to? I don't think so...

NSA originally funded Tor. Then there was some heavy involvement by the EFF. And now they get funding from numerous sources.

Re:NSA still funding to? I don't think so...

[Desler]

Nope it was the U.S. Naval Research Lab that was the original sponsor. Also as of 2012, 80% of their funding was still from the U.S. government.

Re:NSA still funding to? I don't think so...

Recent articles likes this one suggest Tor is still 80% funded by the US government, but I can only track the sources as far as The Wall Street Journal last December . I guess this might not be true anymore, its hard to tell. I'm pretty sure I saw claims of ~70% funding from the NSA on the Tor Project site just a couple months ago, but maybe it was out of date and removed. Thanks for the update!

Got any sources that detail their funding breakdown? I'd like to know what it currently is.

Re:NSA still funding to? I don't think so...

[Desler]

No what you saw was funding from the US government not the NSA. Nowhere in their lists of sponsors or their annual reports is the NSA mentioned.

Re:NSA still funding to? I don't think so...

[Desler]

And no, not even a couple of months ago was that said on their site either.

Re:NSA still funding to? I don't think so...

And that is just what the NSA wants you to think.

Re:NSA still funding to? I don't think so...

[Threni]

It's WikipediaMan!

NSA? CIA? "US Naval Research Lab"? Whatever. The authorities. The people who want to ensure things don't change because for those guys and their rich friends there's no recession, no energy crisis, no job insecurity, no risk from "terrorism" etc.

And they use slashdot

Those garbled nonsensical posts that are entirely surrounded in an anchor tag with href to goat.cx are commands for a certain botnet. They typically mention OpenBSD.

Source: I'm involved in one of the projects.

Ummm, yeah ...

[gstoddart]

Malware writers are increasingly considering the Tor anonymity network as an option for hiding the real location of their command-and-control servers

Isn't it kind of obvious that if you build something designed to try to make you anonymous that people will try to use that anonymity for shady reasons?

I'm not saying we shouldn't have anonymous data, but I don't think this observation is exactly new -- I've always assumed this was the case with Tor.

tor will live on - it was created by the cia

TOR was designed by and for the CIA, they use it to communicate with field operatives in foreign countries without being tracked by enemy agents. Our government isn't going to touch it, if anything they keep funding it to make it more anonymous. For example, when Iranians started blocking TOR traffic, they developed a protocol that looks like human chitchat but is really serialized data to fool the network censors.

1st thing law enforcement will do? apk

Infiltrate, & "seek and destroy" by setting up their own TOR exit nodes HUGELY for surface area coverage. That will "net" them all the "wrongdoers" (however, with a lot of innocents - "oh well, collateral damage" we can sort out later, even if it messes up decent folks). "The situation must be contained". Still - Think about it ("channel your inner criminal" folks): Were you they, what would YOU do? When you start seeing a lot of your 'endpoints' terminating in the Virginia/DC area (For starters), lol, you'll know the 'farmboys' are ALL over it. They'll "get smart" on that too - with their datacenters + fusion centers all over the place http://yro.slashdot.org/story/13/07/25/1610208/us-government-data-center-count-rises-to-7000 so you're dumb if you think those boys in the NSA & such haven't "figured it out" how to outfox it boys. They hire the BEST OF YOU with the right "psychological profile" (fortunately shaving out some of the 'best' IF there is such a thing, since I think it's all relative and nobody 'knows it all' in a field as varied & complex as computing telecommunications) , to use them against you - it's the "classic move" of incompetent unqualified mgt. the world over. Face facts. It IS how it works. Their heads/supervisors/mgt. don't NEED to know how it works or is done (which I feel breeds stupidity + BAD decisions in any company when the head doesn't know what the ass is doing or HOW it does it, and I've seen too much of it over a fairly successful 20++ yr. career in computing professionally) - they hire someone who does. Unfortunately, what is their 1 weakness? They get "infiltrated" too! That's what they overlook with unqualified mgt. who don't KNOW the field themselves (and any business does). Look @ Edward Snowden, William Binney, + Thomas Drake as "classic examples thereof". Folks, no matter how much of the "Holy Dollar" you pay them, ultimately answer to their consciences. To stay sane, if they can't handle they feel they're being "axeman" for wrongdoer masters, WILL turn on them. Look to the gents above. I *think* that there's going to be a lot more of folks like that popping out of their network's woodwork too in the future. Call it a "hunch". NOW - Do I agree with their current "spy network"? Absolutely not. Too many lies to Congress, secret courts, rules & law changes, IRS scandal targetting opponents of the current regime along with MIAC as well, etc./et al! Imo? It's TOO MUCH POWER for any 1 man or group, with too little efficacy/ROI/cost-benefit ratio in return, and has too much potential for "absolute power corrupting absolutely" abuse & it certainly didn't stop the Boston Bomber as an example of inefficacy (since that and their enmasse intercept of US citizenry telecommunique's been big news and yes, pissed me off too like it has everyone else who is NOT "part of the 'good ole boy network' getting fat, rich & happy by being "part of the team"). However, you can BANK on that being their next move, probably already in motion, vs. TOR users. What surprises me, is that their "think tanks" & "advisors" haven't advised them to "stop reacting" (putting up cameras everywhere, DHS buying up 450 million rounds of ammo, FEMA camps etc. - those tell ME @ least, they're 'prepping; for potential revolt actually). It tends to give a game away as well as true motivations, and WHO is really behind the curtain too. When I saw Gen. Alexander & Obama BOTH rush to defend vs. defunding the NSA yesterday, Obama even issuing an "emergency notice" vs. it? Well, lol, come on "projecting" or what... imo? It gave me a pretty good idea who was behind what. Same with the IRS scandal, MIAC scandal, and more too. Those boys are outta control, and need to be 'reined in'. IF they're up to no good, they're just men & perhaps it's just the temptation of potential domination by fear that's making them thus or perhaps they feel they're 'smart enough' to run