Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lizard Squad Targets Tor

Posted by Soulskill on from the reasons-"torget"-should-be-a-word dept.

mrspoonsi tips news that Lizard Squad, the hacker group who knocked Xbox Live and the PlayStation Network offline on Christmas morning, has now turned its attention to Tor. After tweeting that they were targeting a Tor-related zero-day flaw, the group is now in control of 3,000 exit nodes — almost half of them. "If one group is controlling the majority of the nodes, it could be able to eavesdrop on a substantial number of vulnerable users. Which means Lizard Squad could gain the power to track Tor users if it infiltrates enough of the network."

22 of 83 comments (clear)

  1. Zero-Day Flaw? by Anonymous Coward · · Score: 3, Informative

    They set up their botnet as tor nodes. How exactly is that a zero-day flaw?

    1. Re:Zero-Day Flaw? by Zanadou · · Score: 3, Insightful

      (I know, I'm a dick).

      Yes, yes you are.

      This is why we can't have nice things.

  2. The TOR Project was well aware of this a while ago by muphin · · Score: 4, Informative

    As reported by /. http://tech.slashdot.org/story...
    so i believe they are working on a fix.

    --
    It's not a typo if you understood the meaning!
  3. Oops by Anonymous Coward · · Score: 2, Interesting

    They have just kicked the hornets nest..... people who have the ability to track them down and take their revenge

    1. Re:Oops by Earthquake+Retrofit · · Score: 3, Insightful

      no kidding there ARE groups you just DO NOT PISS OFF

      the non govt. professionals like the ones behind offensive security and like are not to be messed with lightly

      I'm more concerned about dissidents in dangerous places and the reporters who cover such places. They deserve to have secure channels. I hope the community can come up with something.

      --
      Fifty years of Yippie! 1968-2018
  4. Sybil attack? by jhantin · · Score: 3, Informative

    I haven't seen any explanation of how this is a zero-day exactly; so far, this looks more like a Sybil attack.

    --
    ...when you're writing a game...tweak the difficulty of "Easy" to something [your mother] can cope with. -- onion2k
  5. Not really an 0day exploit by El_Muerte_TDS · · Score: 5, Informative

    Either way, @LizardMafia's Tor relay attack isn't new. There's a paper on how Tor loses anonymity if over 50% of relays are compromised.

    https://twitter.com/kaepora/st...

    I was going to go with botnet, but many LizardNSA relay IPs appear to route back to Google Cloud. Thousands of tiny VMs at low bandwidth?

    https://twitter.com/kaepora/st...

    You can see this whole list of tor nodes here: https://torstatus.blutmagie.de...
    All Lizard nodes resolve to *.bc.googleusercontent.com

    1. Re:Not really an 0day exploit by Iamthecheese · · Score: 2

      They'll never get over 50%: more than half are NSA nodes.

      --
      If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
  6. Re:The TOR Project was well aware of this a while by OverlordQ · · Score: 4, Informative

    Not the same issue at all. All this is is IdiotSquad starting up a bunch of Google Compute VMs as tor exit nodes.

    --
    Your hair look like poop, Bob! - Wanker.
  7. Headline is wrong and sensationalistic by carlhaagen · · Score: 5, Informative

    They haven't taken over 3000 Tor relays - they have set up 3000 new relays of their own, thus having control of over 50% of the available relays.

  8. Re:Wonder what 0 days are in use... by carlhaagen · · Score: 4, Informative

    They haven't been kicked down. LQ set up 3000 new rogue nodes.

  9. Flag them all as bad by Anonymous Coward · · Score: 3, Interesting

    ... and be done with it. Isn't this what the BadExit flag is for?

  10. Prove it. by buckfeta2014 · · Score: 2

    I'm tired of hearing about these "anonymous" "hacking" "groups" and their supposed "achievements". I don't care if you get arrested. Prove to me that you're legit.

    --
    Buck Feta. You know what to do.
  11. Re:The TOR Project was well aware of this a while by lgw · · Score: 4, Interesting

    This is seriously one of the first things anyone in security would have thought up

    Ah, the /. 30-second expert. Indeed, the TOR guys did think of that too.

    Malicious exit nodes do not per se compromise TOR, though they are in a position to take advantage of some potential exploits (also, exit nodes are irrelevant to .onion servers) It's been known since the start that if an attacker both controlled the exit node and could directly tap your line, there'd be and endless stream of exploits possible - and IIRC the NSA had just such attacks in its arsenal. But that doesn't scale - you have to be actively monitoring a specific target to de-anonimize them, you can't do it to everyone. If the NSA actually got warrants when they did that to Americans [pause for laughter] I think it's a fine system.

    TFA seems to be about taking over more than half of all TOR nodes, which can hardly be done in secret, and really makes 0-days in the TOR bundle visible.

    Far more worrying, especially for the conspiracy theorist, is the never-ending stream of vulnerabilities in .onion servers allowing the operators to be de-anonymized. It's hard to believe TOR wasn't designed that way. TOR seemed designed from the start as a system to let Chinese dissidents use American servers safely, but not allow Silk Road-style sites (servers illegal in the US) to stay up. That IMO would be pretty cool if the US itself weren't growing ever more repressive.

    --
    Socialism: a lie told by totalitarians and believed by fools.
  12. Re:The TOR Project was well aware of this a while by Frosty+Piss · · Score: 2

    Malicious exit nodes do not per se compromise TOR...

    What other obvious use would there be?

    I need a car analogy, damn it...

    --
    If you want news from today, you have to come back tomorrow.
  13. Clip art squad by greg1104 · · Score: 4, Funny

    Each time this group makes the news, the sales of lizard stock art skyrockets. I'm starting to think the whole thing is a PR stunt funded by Getty Images.

  14. Re:Eavesdropping... by bill_mcgonigle · · Score: 5, Funny

    I'm willing to bet the NSA has prior art on this.

    You think the Lizard Squad is teenagers? The conspiracy theorists have been warning us that the NSA is run by the NWO and Lizard People for decades.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  15. Why are the Loser Squad still walking free? by Anonymous Coward · · Score: 4, Interesting

    "Lizard Squad" has been DOS'ing game servers, twitch.tv, and more for months. Surely the NSA has tracked these idiots down, and the FBI has had more than enough time to parallel construct a plausible investigation that didn't involve getting tipped off by NSA. Right? So why are these morons still sitting around in their parents' houses interfering with millions of regular people who are just trying to play games or browse the web? Big companies are being targeted, lots of money is being lost through the game server outages, why haven't these morons been put under the jail by now? They threw the entire weight of the federal government at Aaron Swartz for downloading a bunch of PDF files and yet the Loser Squad has been DOS'ing many companies for months with impunity? Makes me wonder if NSA et. al. aren't the ones behind the attacks.

  16. fruit loops by sgt+scrub · · Score: 4, Insightful

    Are they the lizardsquad or the lowest hanging fruit squad? If they had skills they'd do something that isn't totally gay.

    --
    Having to work for a living is the root of all evil.
  17. Re:The TOR Project was well aware of this a while by Anonymous Coward · · Score: 3, Informative

    Actually the parent appears to be correct- they aren't actually taking over relays. There's a 5 hour old tweet on the torproject's twitter with the following statement:

    "This looks like a regular attempt at a Sybil attack: the attackers have signed up
    many new relays in hopes of becoming a large fraction of the network.
    But even though they are running thousands of new relays, their relays
    currently make up less than 1% of the Tor network by capacity. We are
    working now to remove these relays from the network before they become
    a threat, and we don't expect any anonymity or performance effects based
    on what we've seen so far."

  18. Stupid and sad ... by janoc · · Score: 4, Insightful

    Bunch of bored kids over Christmas break that got fed up with CounterStrike and Call of Duty, so they are wreaking havoc for fun and getting way too much news time for it. I have almost gagged when I have seen a reporter saying on TV with a straight face that "it is not confirmed whether the attackers are linked to North Korea" and that "The attack is not thought to be a terrorist attack". *double facepalm*

    I am not sure what is more sad, whether these jerks getting off on griefing others or the mom of one kid who couldn't play XBox over Christmas because of the DDOS and she lamented on camera - "What is he going to do now? He has nothing else to do!" I don't know - like going outside for a while?

    Our society is really going downhill :(

  19. Re:Close enough to the truth as makes no differenc by Rakhar · · Score: 2

    They have half of the nodes, but 1-2% of the traffic. They set up a bunch of new nodes, not took over existing nodes. As a result, they have a bunch of nodes that not many people are using. As the issue gets more attention, more of their new nodes are cut out of the loop.