Slashdot Mirror
Cybercrooks Increasingly Use Tor Network To Control Botnets
alphadogg writes "Malware writers are increasingly considering the Tor anonymity network as an option for hiding the real location of their command-and-control servers, according to researchers from security firm ESET. The researchers recently came across two botnet-type malware programs that use C&C servers operating as Tor 'hidden services.' The Tor Hidden Service protocol allows users to set up services — usually Web servers — that can only be accessed from within the Tor network through a random-looking hostname that ends in the .onion pseudo domain extension. The traffic between a Tor client and a Tor hidden service is encrypted and is randomly routed through a series of computers participating in the network and acting as relays."
In other news, bank robbers are increasingly wearing masks.
Some people die at 25 and aren't buried until 75. -Benjamin Franklin
No need... Cheap server hosting with little tracking was plentiful. Now, not so much... You see, as they develop new methods, lots of people study and find ways to defeat those methods. So in a small ammount of time, there will be many hackers finding a way to shatter annonomity in TOR. The NSA could not have planned it better.
Of course, you shouldn't blame Tor for this. I'm sure Freenet could equally be used, but Tor is just easy. Instead, blame the OS manufactures, and the owners of the bot-ridden machines. Seriously. It's your fault if you don't know enough about your car that you ignore the oil light and it seizes up on a highway. And it's your fault if your machine is turned into a cog of part of a greater machine, bending to the whims of some "hacker".
Maybe it's time to bring back computers with the OS stored in ROM, so that is is reset to a clean state every time the computer is restarted.
HELP MY ACCOUNT HAS BEEN HACKED BY AN ILLIBERAL ART STUDENT SET TO DESTROY THE INTERWEBZ!
Anonymity is a powerful force. In both directions. The anonymous writings of the late 18th century were every bit as powerful as a masked bandit.
I, for one, do not consider the risk of Tor to be greater than the benefit.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
Its pretty easy to take away the anonymity of tor if you could hypothetically record all traffic to and from each computer in the network. You can then see Alice send the message to Carlos who then forwarded it to Bob. Luckily in the US no one is recording every encrypted message you send... oh shit.
The only way to protect yourself would to use garlic routing and make sure you send a lot of traffic. Turn your bandwidth up. To improve this, you need to create a widely used sharing client for your network to get as many others to create decoy traffic as you can.
The article found two examples of using Tor, and had already identified one from the past. That's the justification for the "increasingly using Tor" headline? Then again, I'm surprised that they didn't run with a headline of "Malware using Tor Doubled!"
"Its pretty easy to take away the anonymity of tor if you could hypothetically record all traffic to and from each computer in the network. "
Tor was specifically designed to prevent exactly that.
The vulnerability of Tor is in its exit nodes (where Tor routing ends, and regular internet routing resumes). A third party can snarf all the traffic through an exit router, and (if that traffic is from one person), they might as well have a tap at that person's ISP.
The difficulty, of course, is that there is no way to tell in advance via which exit router your traffic will exit. So the government's scheme is to monitor as many exit nodes as possible.
There are two ways to make this more difficult for them: hiding and switching.
Hiding means increasing the number of Tor exit nodes (preferably vastly increasing it), as well as turning them on and off at random times (I don't mean every few minutes, but more like in blocks of 4-8 hours or so). This makes it more difficult to track traffic through any given exit node. Note, however, that in order for Tor to work effectively while turning nodes on and off like that, it would definitely need many more exit nodes. Hell, it needs lots more anyway.
By "switching", I mean sending all your HTTP requests via multiple connections through different Tor routes. Because of the wait times to re-align packets, this is not necessarily significantly faster over Tor (as it is when using multiple connections for downloads, as some browsers do), but that is possible. It would mean that only some of your packets are exiting via any given Tor exit node, making tracing your activities much harder.
Nope it was the U.S. Naval Research Lab that was the original sponsor. Also as of 2012, 80% of their funding was still from the U.S. government.
The main use of TOR seems to be buying drugs. Clearly he's a drug-dealer terrorist pedo! And a hacker.
Back when /. was young and dinosaurs walked the earth, some pundit predicted the "four horsemen of the internet apocalypse": terrorists, pedos, drug dealers, and hackers. Every freedom the internet provided would be removed over time because for each freedom the public could be sufficiently scared by one of the four horsemen.
Sadly that was overly optimistic, having underestimated the power of the copyright lobby.
Socialism: a lie told by totalitarians and believed by fools.
The vulnerability of Tor is in its exit nodes
This is true only if you intended target is on the regular internet and not within Tor itself. The article speaks to hidden services within Tor so exit nodes don't even come into play.
There are plenty of hidden services inside the Tor network that are far worse than botnet C&Cs and those have been going on for years now. Methinks if there was a way to shutdown bad stuff on Tor, you'd have already heard about it.