Slashdot Mirror

← Back to Stories (view on slashdot.org)

Scientists Detect Two Dozen Computers Trying To Sabotage Tor Privacy Network

Posted by Soulskill on from the a-few-bad-onions-spoil-it-for-the-rest-of-us dept.

New submitter fynbar writes "Computer scientists have identified almost two dozen computers that were actively working to sabotage the Tor privacy network by carrying out attacks that can degrade encrypted connections between end users and the websites or servers they visit (PDF). 'Two of the 25 servers appeared to redirect traffic when end users attempted to visit pornography sites, leading the researchers to suspect they were carrying out censorship regimes required by the countries in which they operated. A third server suffered from what researchers said was a configuration error in the OpenDNS server. The remainder carried out so-called man-in-the-middle (MitM) attacks designed to degrade encrypted Web or SSH traffic to plaintext traffic. The servers did this by using the well-known sslstrip attack designed by researcher Moxie Marlinspike or another common MitM technique that converts unreadable HTTPS traffic into plaintext HTTP.'"

19 of 94 comments (clear)

  1. Only 24? by Anonymous Coward · · Score: 4, Insightful

    If only 24 "bad" computers can cause that big of an issue then the TOR network clearly has bigger problems.
    I'm surprised that there was so few detected doing it.

    1. Re:Only 24? by Anonymous Coward · · Score: 4, Informative

      The "issue" is that an exit node can monitor or intercept outgoing connections.

      This is inherent to the design, and probably can't be fixed at this level.
      It's also a "feature" because it provides an incentive to run an exit node.

      The solution is that end users need to be extra paranoid. TOR isn't magic security dust - it anonymizes traffic, but it also increases your exposure to attacks. It should only be used for encrypted connections, with authentication of the end point.
      For "casual" users that means to always use https, always verify the certificate, and disable any root certificates you don't need.

  2. How many is "almost two dozen" exactly? by mikewilsonuk · · Score: 5, Funny

    "... almost two dozen computers that were actively...", "Two of the 25 servers... ".

    Oh, they clear that up nicely - "Almost two dozen" is actually 25. Perhaps dozen is like gallon: different sizes in different countries.

    1. Re:How many is "almost two dozen" exactly? by Imrik · · Score: 5, Informative

      Apparently the "almost two dozen" refers to the 22 that were doing MiTM attacks.

  3. Re:HTTP/HTTPS Issues? by Anonymous Coward · · Score: 2, Informative

    yes, EFF's HTTPS Everywhere

  4. Re:HTTP/HTTPS Issues? by Randle_Revar · · Score: 5, Informative

    Not sure if joking...

    http://noscript.net/features#o...
    https://www.eff.org/https-ever...

    A lot of the sslstrip stuff is based off of people not noticing the page has changed to insecure, modern browsers try to address that by making it more visible than it was in the pre-FF3 era, e.g.:
    https://support.mozilla.org/en...

    --
    Climate Progress - Hell and High Water
  5. Re:HTTP/HTTPS Issues? by Anonymous Coward · · Score: 5, Informative

    HTTPS Everywhere doesn't stop you browsing HTTP sites it just tries to redirect you to the HTTPS version of a HTTP site if it's available. Not saying it's not useful (just not quite what the OP was suggesting). There is a spin off of HTTPS Everywhere - HTTP Nowhere that might get the job done for Firefox. Not sure what happens with embedded crap like flash etc. though and AFAIK it's a global thing - there is no 'secure only' browsing window or anything like that.

    https://addons.mozilla.org/En-us/firefox/addon/http-nowhere/

    Another option might be squid (or another transparent proxy) which is configured to only allow HTTPS?

  6. Re:scientists? by alzoron · · Score: 4, Insightful

    Every time you see a headline in the form of "Scientists discover new foo" you can pretty much stop reading right there. The author is most likely the sort of person that confuses science with wizardry and isn't very likely to produce an article of any real substance. You could actually just replace every instance of scientist with wizard and impart the same level of information.

  7. Re:scientists? by SuricouRaven · · Score: 3, Funny

    Any sufficiently analysed magic is indistinguishable from technology.

  8. just a thousand exit nodes by Anonymous Coward · · Score: 4, Interesting

    The mention in the article that there are only 1000 exit nodes generally available on TOR is kinda stunning.

    That's 20 nodes per US state.

    If that is it.... Then what is left of Freedom is in deep trouble.

    1. Re:just a thousand exit nodes by mSparks43 · · Score: 2

      That was my first thought to. On further reflection it's not actually that bad.

      Most tor traffic doesn't exit to the internet (it's being routed to .onion sites), and 1,000 - 25 nasty, unfiltered, uncensored exits is actually quite good e.g. there's only a few cables leaveing the UK, not sure exactly how many, but I'd guess it's a few hundred at most. However the number of "unfiltered, uncensored" exits leaving the UK is precisely zero.

    2. Re:just a thousand exit nodes by AHuxley · · Score: 3, Insightful

      Yes the NSA, GCHQ and friends have to low count of optical from nation to nation to thank for their easy global surveillance.
      Even if you get a great TOR connection, sent that message around the world, your message in and out can always be re joined no matter the entry or exit point.
      The low count of all exit nodes per month as an average is telling, chilling and unexpected.

      --
      Domestic spying is now "Benign Information Gathering"
  9. Re:HTTP/HTTPS Issues? by Melkman · · Score: 5, Informative

    Sorry, but modern browsers don't really address that. The problem with the browser warnings is their definition of insecure. You only get warnings if there is something wrong with an encrypted https site like an invalid certificate. Using an unencrypted site is NOT seen as insecure as it would annoy users during most of their normal browsing sessions. The Blackhat presentation about sslstrip from Moxie explains very clearly what the problems are. You can view it at http://www.thoughtcrime.org/so...

  10. Re:HTTP/HTTPS Issues? by Anonymous Coward · · Score: 2

    I guess another option would be to use FoxyProxy and configure a nonexistent proxy "running" on 127.0.0.1 for all http traffic. If you already use FoxyProxy for other purposes, it means you don't even need to install additional software/extensions.

  11. Who owns the "bad" servers ? by Taco+Cowboy · · Score: 3

    Reading TFA (yes, I did) revealed next to nothing. Other than a brief mention of "From Russia with love" and that their IPs were assigned to Russia, I can't glean any useful info on who owns those servers.

    --
    Muchas Gracias, Señor Edward Snowden !
  12. Re:Slashdot does this... by Boltronics · · Score: 4, Insightful

    Slashdot does this automatically

    $ echo QUIT | openssl s_client -connect slashdot.org:443 | openssl x509 -text

    Yeah, that's just sad. You'd think a popular technology news website such as Slashdot, of all places, would be on the ball and at least support TLS traffic... but it's actually worse than that. They're not lazy (they have a GeoTrust wildcard certificate issued back in April last year) but deliberately don't want people securing their connections, hence the 302 redirection the have in place. :(

    --
    It's GNU/Linux dammit!
  13. Re: Ah c'mon by Anonymous Coward · · Score: 2, Interesting

    I've seen lots of people using Tor - I run a relay - but I have no idea what they're using it for, or how legal that use is in my or their jurisdiction. Which is kind of the point.

  14. Re:Ah c'mon by mysidia · · Score: 2

    Have anybody ever in here seen anyone using Tor for legal purposes?

    Yes, all the time.

    People even visit Slashdot using Tor.

    Some folks use it all the time -- so all their ordinary daily browsing activity might go through tor.

  15. Re:HTTP/HTTPS Issues? by PlusFiveTroll · · Score: 3, Informative

    >Sorry, but modern browsers don't really address that.

    Yes, they do, but so few servers use it yet that it's still a problem.

    http://en.wikipedia.org/wiki/H...