Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lizard Squad Targets Tor

Posted by Soulskill on from the reasons-"torget"-should-be-a-word dept.

mrspoonsi tips news that Lizard Squad, the hacker group who knocked Xbox Live and the PlayStation Network offline on Christmas morning, has now turned its attention to Tor. After tweeting that they were targeting a Tor-related zero-day flaw, the group is now in control of 3,000 exit nodes — almost half of them. "If one group is controlling the majority of the nodes, it could be able to eavesdrop on a substantial number of vulnerable users. Which means Lizard Squad could gain the power to track Tor users if it infiltrates enough of the network."

48 of 83 comments (clear)

  1. Zero-Day Flaw? by Anonymous Coward · · Score: 3, Informative

    They set up their botnet as tor nodes. How exactly is that a zero-day flaw?

    1. Re:Zero-Day Flaw? by Anonymous Coward · · Score: 1

      I don't understand the target, I used to use TOR for torrents, mostly just to anonymize my traffic for my ISP (I know, I'm a dick). Most exit nodes were European, so the NSA was already archiving everything I was doing anyway.
      Are these guys gathering information for the government now or something?

    2. Re:Zero-Day Flaw? by Zanadou · · Score: 3, Insightful

      (I know, I'm a dick).

      Yes, yes you are.

      This is why we can't have nice things.

    3. Re:Zero-Day Flaw? by Kythe · · Score: 1

      They want attention. That's it.

      --

      Kythe
    4. Re:Zero-Day Flaw? by MrL0G1C · · Score: 1

      NSA is pissed because their tor nodes only make up half of the remaining nodes and this makes it difficult for them to eaves drop. ;-)

      --
      Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
    5. Re:Zero-Day Flaw? by sudon't · · Score: 1

      They're not gathering information. Perhaps the targets will make more sense once you understand that the perpetrators are tweeny- and teeny-boppers. Squeakers, and griefers, desperate for attention and approval from their peers. Their message is: "See what we can do? LOL! Please think we are cool."

      As for you, please get a VPN.

      --
      -- sudon't

      Air-ride Equipped

    6. Re:Zero-Day Flaw? by ultranova · · Score: 1

      This is why we can't have nice things.

      Of course we can. Reality - including human nature - simply sets the design parameters for those nice things. For example, would it be possible to fit major torrent clients with built-in (non-exit) Tor nodes? That way, torrent traffick would not swamp exit nodes and would actually help hide the kind of traffick Tor was originally designed for.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

  2. The TOR Project was well aware of this a while ago by muphin · · Score: 4, Informative

    As reported by /. http://tech.slashdot.org/story...
    so i believe they are working on a fix.

    --
    It's not a typo if you understood the meaning!
  3. Oops by Anonymous Coward · · Score: 2, Interesting

    They have just kicked the hornets nest..... people who have the ability to track them down and take their revenge

    1. Re:Oops by JohnVanVliet · · Score: 1

      no kidding
      there ARE groups you just DO NOT PISS OFF

      the non govt. professionals like the ones behind offensive security and like
      are not to be messed with lightly

      --
      "I don't pitch OpenSUSE Linux to my friends, i let Microsoft do it for me
    2. Re:Oops by Earthquake+Retrofit · · Score: 3, Insightful

      no kidding there ARE groups you just DO NOT PISS OFF

      the non govt. professionals like the ones behind offensive security and like are not to be messed with lightly

      I'm more concerned about dissidents in dangerous places and the reporters who cover such places. They deserve to have secure channels. I hope the community can come up with something.

      --
      Fifty years of Yippie! 1968-2018
  4. Re:The TOR Project was well aware of this a while by fustakrakich · · Score: 1

    It must have been happening already for that 'prediction' to be so accurate.

    --
    “He’s not deformed, he’s just drunk!”
  5. Sybil attack? by jhantin · · Score: 3, Informative

    I haven't seen any explanation of how this is a zero-day exactly; so far, this looks more like a Sybil attack.

    --
    ...when you're writing a game...tweak the difficulty of "Easy" to something [your mother] can cope with. -- onion2k
  6. Not really an 0day exploit by El_Muerte_TDS · · Score: 5, Informative

    Either way, @LizardMafia's Tor relay attack isn't new. There's a paper on how Tor loses anonymity if over 50% of relays are compromised.

    https://twitter.com/kaepora/st...

    I was going to go with botnet, but many LizardNSA relay IPs appear to route back to Google Cloud. Thousands of tiny VMs at low bandwidth?

    https://twitter.com/kaepora/st...

    You can see this whole list of tor nodes here: https://torstatus.blutmagie.de...
    All Lizard nodes resolve to *.bc.googleusercontent.com

    1. Re:Not really an 0day exploit by Iamthecheese · · Score: 2

      They'll never get over 50%: more than half are NSA nodes.

      --
      If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
    2. Re:Not really an 0day exploit by cbiltcliffe · · Score: 1

      You can see this whole list of tor nodes here: https://torstatus.blutmagie.de...
      All Lizard nodes resolve to *.bc.googleusercontent.com

      That's not the whole list. I've been running a node for years, and it's not listed on that page.

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
  7. Re:The TOR Project was well aware of this a while by Frosty+Piss · · Score: 1

    Almost certainly the US Three Letter Agencies as well as foreign intel have known about this flaw - and how to leverage it - for a long time. Clearly, tor is not secure and hasn't been for awhile.

    --
    If you want news from today, you have to come back tomorrow.
  8. Eavesdropping... by Savage-Rabbit · · Score: 1

    If one group is controlling the majority of the nodes, it could be able to eavesdrop on a substantial number of vulnerable users.

    I'm willing to bet the NSA has prior art on this.

    --
    Only to idiots, are orders laws.
    -- Henning von Tresckow
    1. Re:Eavesdropping... by bill_mcgonigle · · Score: 5, Funny

      I'm willing to bet the NSA has prior art on this.

      You think the Lizard Squad is teenagers? The conspiracy theorists have been warning us that the NSA is run by the NWO and Lizard People for decades.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  9. Re:The TOR Project was well aware of this a while by OverlordQ · · Score: 4, Informative

    Not the same issue at all. All this is is IdiotSquad starting up a bunch of Google Compute VMs as tor exit nodes.

    --
    Your hair look like poop, Bob! - Wanker.
  10. Headline is wrong and sensationalistic by carlhaagen · · Score: 5, Informative

    They haven't taken over 3000 Tor relays - they have set up 3000 new relays of their own, thus having control of over 50% of the available relays.

    1. Re:Headline is wrong and sensationalistic by Anonymous Coward · · Score: 1

      You do realize what site you're on right? I'm pretty sure the only reason the logo bore the "news for nerds slogan" was that "wrong and sensationalistic" would be too honest and too hard for the editors to spell properly.

    2. Re:Headline is wrong and sensationalistic by Anonymous Coward · · Score: 1

      You're correct, they seem to be bringing up new tor nodes in an attempt to intercept traffic, but they are hardly routing anything at all.

  11. Re:Wonder what 0 days are in use... by carlhaagen · · Score: 4, Informative

    They haven't been kicked down. LQ set up 3000 new rogue nodes.

  12. Re:The TOR Project was well aware of this a while by Anonymous Coward · · Score: 1

    > Clearly, tor is not secure and hasn't been for awhile.

    If by "clearly" you mean "innuendo, rumors, and undocumented third-party hearsay" you would be correct.

  13. Flag them all as bad by Anonymous Coward · · Score: 3, Interesting

    ... and be done with it. Isn't this what the BadExit flag is for?

  14. Prove it. by buckfeta2014 · · Score: 2

    I'm tired of hearing about these "anonymous" "hacking" "groups" and their supposed "achievements". I don't care if you get arrested. Prove to me that you're legit.

    --
    Buck Feta. You know what to do.
  15. Re:The TOR Project was well aware of this a while by Frosty+Piss · · Score: 1

    Keep believing your US Government honeypot is "secure". The rest of us will be laughing when you get arrested for browsing your pedo sites.

    Considering the type of attack in question, tor can be anyone's honeypot.

    That it is "sold" as something like a "darknet" is shameful.

    --
    If you want news from today, you have to come back tomorrow.
  16. Re:The TOR Project was well aware of this a while by lgw · · Score: 4, Interesting

    This is seriously one of the first things anyone in security would have thought up

    Ah, the /. 30-second expert. Indeed, the TOR guys did think of that too.

    Malicious exit nodes do not per se compromise TOR, though they are in a position to take advantage of some potential exploits (also, exit nodes are irrelevant to .onion servers) It's been known since the start that if an attacker both controlled the exit node and could directly tap your line, there'd be and endless stream of exploits possible - and IIRC the NSA had just such attacks in its arsenal. But that doesn't scale - you have to be actively monitoring a specific target to de-anonimize them, you can't do it to everyone. If the NSA actually got warrants when they did that to Americans [pause for laughter] I think it's a fine system.

    TFA seems to be about taking over more than half of all TOR nodes, which can hardly be done in secret, and really makes 0-days in the TOR bundle visible.

    Far more worrying, especially for the conspiracy theorist, is the never-ending stream of vulnerabilities in .onion servers allowing the operators to be de-anonymized. It's hard to believe TOR wasn't designed that way. TOR seemed designed from the start as a system to let Chinese dissidents use American servers safely, but not allow Silk Road-style sites (servers illegal in the US) to stay up. That IMO would be pretty cool if the US itself weren't growing ever more repressive.

    --
    Socialism: a lie told by totalitarians and believed by fools.
  17. Re:The TOR Project was well aware of this a while by Frosty+Piss · · Score: 2

    Malicious exit nodes do not per se compromise TOR...

    What other obvious use would there be?

    I need a car analogy, damn it...

    --
    If you want news from today, you have to come back tomorrow.
  18. Re:The TOR Project was well aware of this a while by aliquis · · Score: 1

    It was made for them.
    Also they found out who was running that drug store.

  19. Re:The TOR Project was well aware of this a while by I'm+New+Around+Here · · Score: 1

    Malicious exit nodes do not per se compromise TOR...

    What other obvious use would there be?

    I need a car analogy, damn it...

    Ok, Ok, how's this?

    What if you were driving down the road, and lost control of your car, and plowed into an onion patch?

    How may onions have to be run over for the field to considered compromised?

    --
    If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
  20. Clip art squad by greg1104 · · Score: 4, Funny

    Each time this group makes the news, the sales of lizard stock art skyrockets. I'm starting to think the whole thing is a PR stunt funded by Getty Images.

  21. Re:The TOR Project was well aware of this a while by Frosty+Piss · · Score: 1

    Ok, Ok, how's this?

    What if you were driving down the road, and lost control of your car, and plowed into an onion patch?

    How may onions have to be run over for the field to considered compromised?

    Depends on the number of onion plants. If it's around 6000 onion plants, maybe around 3000 or so?

    And you better be driving a big 'ol redneck Haus pickup truck with a cow catcher on the bumper.

    --
    If you want news from today, you have to come back tomorrow.
  22. Why are the Loser Squad still walking free? by Anonymous Coward · · Score: 4, Interesting

    "Lizard Squad" has been DOS'ing game servers, twitch.tv, and more for months. Surely the NSA has tracked these idiots down, and the FBI has had more than enough time to parallel construct a plausible investigation that didn't involve getting tipped off by NSA. Right? So why are these morons still sitting around in their parents' houses interfering with millions of regular people who are just trying to play games or browse the web? Big companies are being targeted, lots of money is being lost through the game server outages, why haven't these morons been put under the jail by now? They threw the entire weight of the federal government at Aaron Swartz for downloading a bunch of PDF files and yet the Loser Squad has been DOS'ing many companies for months with impunity? Makes me wonder if NSA et. al. aren't the ones behind the attacks.

    1. Re:Why are the Loser Squad still walking free? by marcello_dl · · Score: 1

      They should not bother being behind the attacks. They can just wait a lil longer until auntie and nephew both agree when a politician comes up on TV shouting: Damn hackers! we need internet regulation!

      The (cyber) antagonists, are likely useful idiots when two things occur:
      1- their target is made of mostly normal people, and does not involve structural damage or structural revolution of the status quo.
      2- their act gets lots of attention in the media.

      One would be really antagonist if you made useful FOSS, new ways of generating energy, 3d printing breakthroughs, direct democracy schemes.

      --
      ---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
  23. All suspect nodes must be blacklisted by Karmashock · · Score: 1

    You have to be able to control which exit nodes you use.

    --
    I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
  24. There is something to be said for E2E encryption by ihtoit · · Score: 1

    the outward node has a public key, the receiving node has the private key, nothing in between gets anything useful.

    I mean, why overcomplicate shit?

    Hell, for that matter - airgap it.

    --
    Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
  25. Re:The TOR Project was well aware of this a while by ihtoit · · Score: 1

    that depends, how much tyre rubber needs to be deposited before you can't taste onion anymore?

    --
    Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
  26. fruit loops by sgt+scrub · · Score: 4, Insightful

    Are they the lizardsquad or the lowest hanging fruit squad? If they had skills they'd do something that isn't totally gay.

    --
    Having to work for a living is the root of all evil.
  27. Re:The TOR Project was well aware of this a while by Anonymous Coward · · Score: 3, Informative

    Actually the parent appears to be correct- they aren't actually taking over relays. There's a 5 hour old tweet on the torproject's twitter with the following statement:

    "This looks like a regular attempt at a Sybil attack: the attackers have signed up
    many new relays in hopes of becoming a large fraction of the network.
    But even though they are running thousands of new relays, their relays
    currently make up less than 1% of the Tor network by capacity. We are
    working now to remove these relays from the network before they become
    a threat, and we don't expect any anonymity or performance effects based
    on what we've seen so far."

  28. Re:There is something to be said for E2E encryptio by Dwedit · · Score: 1

    You know the senders and receivers. That's what Tor tries to stop.

  29. Re:The TOR Project was well aware of this a while by ToasterMonkey · · Score: 1

    you have to be actively monitoring a specific target to de-anonimize them, you can't do it to everyone. If the NSA actually got warrants when they did that to Americans [pause for laughter] I think it's a fine system.

    You laugh, but at what point in an investigation would you be aware of the target's nationality?
    Do you know the nationalities of the Lizard Squad members, for example? When would you, before or after this process?
    Am I an American citizen? I can't get a driver's license without something like three forms of proof I live here, so tell me how does this work on the Internet?

    Warrants for de-anonimizing Americans on the Internet... explain that paradox.
    IP addresses are not people, the Internet has no borders, information wants to be free, etc.

    IMO, there are no rights on the Internet UNTIL it has borders.

  30. Close enough to the truth as makes no difference. by westlake · · Score: 1

    They haven't taken over 3000 Tor relays - they have set up 3000 new relays of their own, thus having control of over 50% of the available relays.

    If you capture over half of the traffic that moves over Tor haven't you for all practical purposes taken control of the network?

  31. Stupid and sad ... by janoc · · Score: 4, Insightful

    Bunch of bored kids over Christmas break that got fed up with CounterStrike and Call of Duty, so they are wreaking havoc for fun and getting way too much news time for it. I have almost gagged when I have seen a reporter saying on TV with a straight face that "it is not confirmed whether the attackers are linked to North Korea" and that "The attack is not thought to be a terrorist attack". *double facepalm*

    I am not sure what is more sad, whether these jerks getting off on griefing others or the mom of one kid who couldn't play XBox over Christmas because of the DDOS and she lamented on camera - "What is he going to do now? He has nothing else to do!" I don't know - like going outside for a while?

    Our society is really going downhill :(

  32. Re:Close enough to the truth as makes no differenc by Rakhar · · Score: 2

    They have half of the nodes, but 1-2% of the traffic. They set up a bunch of new nodes, not took over existing nodes. As a result, they have a bunch of nodes that not many people are using. As the issue gets more attention, more of their new nodes are cut out of the loop.

  33. Re:There is something to be said for E2E encryptio by ihtoit · · Score: 1

    I don't get it. I mean, what would be the point of an anonymous broadcaster if you don't know where to go to authenticate the information? Yes, that'd be a valid use-case IMO, but it falls on its arse when it comes to actually validating stuff.

    I have information that *needs* to be out there, but I'm not going to broadcast it and not stand by it, that nullifies its value completely. I will stand by what I say, I will claim right when I piss people off because I will offer what they will not: evidence.

    When I'm transmitting information that isn't for general consumption*, I will airgap it and/or I will encrypt it. I won't broadcast it over a fucking anonymiser.

    *for measurement of "general consumption" read: stuff the Ears already have I don't particularly care if they know I've got it, they already know I'll fucking use it.

    --
    Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
  34. Re:The TOR Project was well aware of this a while by rthille · · Score: 1

    "low-ID"? WTF are you talking about?

    --
    Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/