Researchers Discover Over 100 Tor Nodes Designed To Spy On Hidden Services

An anonymous reader writes from a report via Schneier on Security: Two researchers have discovered over 100 Tor nodes that are spying on hidden services. Cory Doctorow from Boing Boing reports: "These nodes -- ordinary nodes, not exit nodes -- sorted through all the traffic that passed through them, looking for anything bound for a hidden service, which allowed them to discover hidden services that had not been advertised. These nodes then attacked the hidden services by making connections to them and trying common exploits against the server-software running on them, seeking to compromise and take them over. The researchers used 'honeypot' .onion servers to find the spying computers: these honeypots were .onion sites that the researchers set up in their own lab and then connected to repeatedly over the Tor network, thus seeding many Tor nodes with the information of the honions' existence. They didn't advertise the honions' existence in any other way and there was nothing of interest at these sites, and so when the sites logged new connections, the researchers could infer that they were being contacted by a system that had spied on one of their Tor network circuits. No one knows who is running the spying nodes: they could be run by criminals, governments, private suppliers of 'infowar' weapons to governments, independent researchers, or other scholars (though scholarly research would not normally include attempts to hack the servers once they were discovered)." The Tor project is aware of the attack and is working to redesign its system to try and block it. Security firm Bitdefender has issued an alert about a malicious app called EasyDoc that hands over control of Macs to criminals via Tor.

Mission accomplished

wasn't that the Fed's plan the entire time?

So much for anonymity.

[shmlco]

Anyone who thinks they can hide in the darknet is an idiot.

Re:So much for anonymity.

Anyone who thinks they can hide in the darknet is an idiot.

You are the idiot here. You haven't even understood what you read. Nothing in the article implies that Tor doesn't work, and no "vulnerability" was found out. It actually says that it is used also for illegal purposes, such as hacking and running giant botnets, which is no news at all and makes me think that Tor works pretty well, otherwise black-hats wouldn't use it.

Re:So much for anonymity.

Tor started as a Navy project, and is now highly funded by the CIA. Do your research on the history of this government spying project cloaked as anonymity.

That's great you think "Tor works pretty well" though :)

Re:So much for anonymity.

...and is now highly funded by the CIA

Does it stand for Center for Idiotic Alcoholics? Is that where you get your "infos" from?

Re:So much for anonymity.

You can argue for privacy rights but trying to argue in favor of anonymity is a fools errand. You want a drivers license then be prepared to provide your address, age, gender, and DOB. Want to have a career and receive a salary then be prepared to give up all the information required by the IRS. Want to own property be prepared to give up the information required when registering the property in your local tax rolls. As a matter of fact the government doesn't need to spy on anyone who files tax returns. Tax returns contain enough information to accurately track you any time they want. The government doesn't even need a search warrant or probable cause to go through the IRS databases. The IRS makes the NSA, CIA, or any other agency look like pikers when it comes to collecting information and using that information when needed. You cannot function in today's society and expect to be anonymous. But there is a bright spot. The people most concerned with government spying lead boring and inconsequential lives that even the government could care less about. But just to be safe I would refrain from posting the detailed op plans for taking over the country on the Internet. You might also want to stay out of the chat rooms where people discuss the pros and cons of traveling to the ME to lend a hand to the fledgling caliphate. These are the type of things that risk putting you on the NSA's radar and when that happens your screwed.

Re:So much for anonymity.

No, actually, you're the idiot.
All modes of Tor usage are COMPLETELY vulnerable to Global Passive Adversaries, you know, the NSA.
And because Tor uses legacy TCP and Circuit Switching designs without fill traffic, there's nothing they can do about it.
Even tiny little I2P is better against GPA's than Tor, and they're also not funded by millions in US Government money either.
However I2P isn't all that much better, it will take entirely new network designs to beat GPA's.
AND Tor's hidden services are HIGHLY vulnerable to attackers deploying specialized nodes to find them.
That's why all the pedos that used to host from home for free are mostly gone now, they got popped.
Dark Markets get paid to run from VPS's so they don't care.
HOWEVER, other than against GPA's, your use of Tor as essentially a VPN out via the exits... is reasonably quite safe provided the exits themselves aren't fucking with you via MITM attacks.

Re:So much for anonymity.

It's still another example of how easy it is to mine information out of tor by just having money because Tor is too small. The technology is just one aspect. Behavior and resources have to be taken into account.

How dangerous is it to tell ppl Tor is 'safe' and then their country setups up nodes to mine them and they will get useful info from that. Tor just attracts too much attention to be worth it.

It's too easy/dangerous to be profiled as a Tor user and then get yourself more attention then just operating without Tor. The network is many times too small to be secure in a world of billions of people and trillions of dollars.

Re:So much for anonymity.

Writing delirious crap with caps lock on doesn't make it any less crap. MITM attacks with 100 nodes out of several thousands? You have no knowledge about basic statistics.

Re:So much for anonymity.

Your post is like saying that one shouldn't use condoms because they might cause penis irritation, while the risk of STDs is lower. As long as actual vulnerabilities are not found in Tor, you cannot be "profiled" as a user, and using it is still better than nothing.

Re:So much for anonymity.

Access facebook through tor and have a private conversation about onions. hilarity will ensue.

Re:So much for anonymity.

when I did it something trawled through my entire conversation history with that person

If the government attacks us...

What does that make them?

Re:If the government attacks us...

[The-Ixian]

What does that make them?

Attackers?

You didn't know this?

[subk]

I thought everyone knew...

If U don't do anything illegal

U have nothing 2 hide.

Re: If U don't do anything illegal

[spectrum-]

Maybe you just wish to conduct normal law abiding living with some privacy from governments which aren't democratic (Tor is a global resource don't forget) or large corporations looking to exploit any data on individuals for profit. Data has a value and quite often it's taken without users knowledge and sold onwards without giving them any say. Given how terrible some government's and companies secure your personal data from blatant criminality using your data for their gain, everybody has a vested interest in privacy even if theyre law abiding.

Re:If U don't do anything illegal

If you've got nothing to hide, you're a useless idiot.

Re: If U don't do anything illegal

Give out all your contact info, any cc info, ssn info, tax filings for the last five years, and any login information for all websites you access with all accounts.

What? You have something to hide?

Re: If U don't do anything illegal

Well said. And if you do, then avoid RSA.

Re: If U don't do anything illegal

"Maybe you just wish to conduct normal law abiding living"

Aka: a cuck who obeys woman's government.

Tor is a broken concept

[spectrum-]

When an encryption method ia broken, normally there is a newer stronger and more secure method recommended. The flaws in Tor are hardly news now but still there is no viable and usable alternative.
Any attempts to be anonymous or simply not be tracked and recorded in the databases of multinationals and so on is a lot of hard work these days of turning off and opting out and disabling things.

Is there nothing better on the way? Is a dubious and untrustworthy Tor connection the last refuge of online anonymity?

Re:Tor is a broken concept

In a panopticon privacy is, by definition, impossible. Tor or other systems like it will probably be one of the last options remaining before the surveillance states become complete. However, despite the scare stories it still does just the job pretty well for now.

Re:Tor is a broken concept

The fundamental weakness of tor is that it is wide open to any adversary that can see and record every connection to every computer at once, whether through a global metadata collection system like PRISM or seeding the network with hundreds of recording nodes and hoping that your nodes get used to establish a connection.

There are no practical responses to this yet. The obvious ones are to either consume massive amounts of bandwidth on transmitting random chaff packets to make it difficult to determine the actual connections (those chaff packets then have to be retransmitted with more chaff by the nodes receiving them or they'd be obvious decoys), or to store and forward the messages, slowing down the network to make it difficult to use timing information from metadata to correlate incoming and outgoing packets. Neither produce services people would be willing to use.

Re:Tor is a broken concept

You haven't even understood what you read. Nothing in the article implies that Tor doesn't work or it's "broken", and no vulnerability was found out.

Everybody can set up nodes to try to "spy" on whatever they want, it has nothing to do with Tor's anonymity.

Re:Tor is a broken concept

[Impy+the+Impiuos+Imp]

This is why the Supreme Court needs to keep repeating again and again the right to speak, encrypted, is part of the First Amendment. Whatever the FBI or CIA or NSA wants to do, let's assume they are angels for the moment and won't abuse it politically, it is clear shitheads like Putin and China's rulers have an interest in using it to maintain power by spying on their political opponents, and arresting them.

How is Tor even still a thing?

[barc0001]

In this day and age, it seems anyone who either uses Tor or operates an exit node is opening themselves to crazy risks. Especially the exit node operators. With the kind of traffic going through some of them you have to be a moron to run one...

Re:How is Tor even still a thing?

Sure, it's smarter to browse the web and post "inconvenient" comments showing off your actual IP address to anyone, and maybe even posting your penis photo on a porn website.

Re:How is Tor even still a thing?

[PCM2]

This story doesn't appear to have anything to do with exit nodes, so maybe there's your answer.

Re:How is Tor even still a thing?

"[I]t seems anyone who ... uses Tor ... is opening themselves to crazy risks"

[citation needed]

Tor is no less secure than a typical Internet connection. On the Open Internet your traffic passes through the networking equipment of tens of operators. With the exception of your ISP, you typically have no formal agreement with any of those operators. Any of those operators can capture and/or modify your traffic at will. It is widely known that operators have been and continue to do both of these things.

Using Tor is (at worst) like using a VPN with very good anonymising properties. I bet that you would never say that "Anyone who uses a VPN is opening themselves up to crazy risks.".

Re:How is Tor even still a thing?

[bill_mcgonigle]

anyone who either uses Tor or operates an exit node is opening themselves to crazy risks.

Using Tor and operating an exit node are completely separate risk profiles.

Especially the exit node operators.

Not if they're libraries. Encourage your local librarians to support freedom of inquiry by joining the Library Freedom Project.

I've been to a few of their symposia and each time the room was completely packed with librarians who had often traveled a great distance to be there.

Re:How is Tor even still a thing?

Running an exit node is very easy and highly safe.
1) Do not run from home unless you let your local police, sherriff, fbi know AND post a notice on all your exterior doors.
This is not because you actually have any legal risk to worry about, but because cops are pigs and love busting in with guns drawn for no reason at all. You don't want that.
Other than that...
2) Follow all operator best practices as outline on torproject and you'll be just fine.

Re: How is Tor even still a thing?

Smells like FUD to me. I've been running an exit node for years without issue. Life is good.

Good thing the editors got in their Apple hate

For no reason and not remotely connected to the topic.

Typical Slashcrap behavior.

Back to War Driving

[thundercattt]

When in doubt, time to go old school. War driving for wifi, do your hacking then drive off.

Re:Back to War Driving

So all the number plate and facial recognition cameras that are everywhere now can make it easy to trace you? You're still better off using Tor.

Re:Back to War Driving

[subk]

Maybe Mr. Robot had it right... Build your lair in an abandoned arcade, or hollowed out volcano... Whatever suits your fancy. As long as you're not there when they find it, who cares?

government

[JustNiz]

I'll bet at least some of these are NSA and other governments (China etc)

Re:government

I'll bet at least some of these are NSA and other governments (China etc)

Why not this:
Two security researchers setup 100 honeypot tor nodes to catch... two security researchers using 100 tor nodes to spy on traffic.

I guess I don't understand the difference in level of effort between these two activities and why one must be a government run hacking expedition while the other is two dudes in a lab.

Re:government

[JustNiz]

Do you REALLY believe that the NSA, the CIA, the FBI all have zero interest in finding out who's using TOR and for what?

Re: government

Researchers wouldn't really hack your shit.

For real?

The "honions' ".
Jesus...

Re:For real?

Don't mock the honions. They are easy to make. Just remember to keep the stove at medium to low, add the oil, spices and onions, sprinkle the salt and at the half way add the honey for that extra glaze and taste. Honions are a great base for sauces and curries as well.

Easydoc?

What the everloving hell does Easydoc have to do with spying Tor nodes?

Every time Apple's in the news, BeauHD adds an irrelevant crosspost to the most recent Apple news. Same with virtually any other topic. This isn't editorializing, this adds literally nothing of value to the story.

Please stop the crossposting irrelevancies. Haven't you heard the old saying? If you've got nothing useful to add, add nothing!

Cory Doctorow, really?

"Cory Doctorow from Boing Boing" is a science fiction author (his books are complete garbage, but I digress) and is about the worst person you could have possibly quoted for technical details. There is no way in holy hell he isn't just parroting whatever he's read, in essence, uselessly stamping his name on it in an attempt to stay relevant in a field he has never belonged.

But hey, if you ever want to see what's the latest news on the battle against "Gamergate" or stay up to date on the latest faux outrage (clockboy comes to mind) make sure to stop by Boing Boing. Seriously though, Slashdot and BB readers couldn't possibly be more polar opposites...

This guy has a lot of info on what's going on.

Here is a backup large screenshot of his Facebook page. To get what he is saying you should start at the bottom so you can read it all in chronological order, but he is saying the CIA are on the run. He gives some good insight and links to safe Tails (Tor).

It looks like he was first messing around with his account info, then got serious. His real name and pictures are in his posts.
https://share.riseup.net/#yKR78sTOT0iTjIQ2_OIsKQ

The best I can tell is he is very spiritually smart. It all makes sense. If I had extra money I would give him a couple bucks.

Re:This guy has a lot of info on what's going on.

Here is a backup large screenshot of his Facebook page. To get what he is saying you should start at the bottom so you can read it all in chronological order, but he is saying the CIA are on the run. He gives some good insight and links to safe Tails (Tor).

It looks like he was first messing around with his account info, then got serious. His real name and pictures are in his posts.
https://share.riseup.net/#yKR78sTOT0iTjIQ2_OIsKQ

The best I can tell is he is very spiritually smart. It all makes sense. If I had extra money I would give him a couple bucks.

Holy FUCKIN SHIT! That guy is NO JOKE. He posted spec sheets for M16 receivers, he tagged the head of the CIA with a picture of a girl with dicks drawn all over her face. He TOTALLY FUCKING C-C-C-LOWNED THE CIA and they didn't say SHIT.

That guy has some huge testicles. Still reading but he also posted some extremely interesting points about the CIA being the actual terrorists.

TOR is probably run mostly by spy agencies

For your average person, setting up a TOR node has significant barriers, both to do it the first time, and over time.

A spy agency on the other hand could for the price of a piss in their budget run 1000 TOR nodes.

Re:TOR is probably run mostly by spy agencies

Not that difficult. Download, install, maybe forward some ports, make sure all exits are disabled (unless you're clinically insane or just really crave attention) and run.

Consider putting it in a container of some sort, and capping the bandwidth because tor will gladly use 200+ mbits if the hardware and line will allow it.

The obvious thing that needs to be said

So what? Fucking flood that shit. It's clear that Yankee operatives are aiming to destabilize the network by inserting clandestine nodes. So shut out the goddamn Americans already and act accordingly, and ignore their pitiful retribution.

Tor Works

If they don't know who's doing the spying, then I would say Tor works.

misleading headline

They are merely crawling the hidden services, using a well-known technique described by these researchers who crawled the entire onion space:

  https://media.ccc.de/v/31c3_-_6112_-_en_-_saal_2_-_201412301715_-_tor_hidden_services_and_deanonymisation_-_dr_gareth_owen

They are not unhiding the services. They do get more data than a web crawler because they see a sample of the lookup requests of users browsing the hidden services. It is as if they were running 8.8.8.8 dns. That seems a little surprising. Adding the additional step of launching 1+-day attacks against them is not scary, though.

Re:misleading headline

Pretty much. This is standard fare for anybody who runs a server on the internet. The fact that you're running an unadvertised hidden service only means that someone has to take an extra step to find it first, but once they do, expect to be probed.

Re: misleading headline

Exa,tly this. Article is like BBC calling skiddies nmapping you "cyber warfare".

Potential for a "public service" on the Deep Web?

[Timothy2.0]

I wonder if it would be possible to set up a series of these honeypots in order to detect potentially-malicious activity and craft a database of nodes "promoting" malicious activity. Using that data, shape Tor traffic to avoid malicious nodes in the network. Adopting the traffic-shaping would be voluntary, ascentral control over routing is dangerous, and the body operating the "checkpoints" could act transparently.

Not sure if the Tor protocol allows for it; this is just back-of-the-napkin thinking, but it would create a more robust, likely more secure, network.