Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Discover Over 100 Tor Nodes Designed To Spy On Hidden Services (schneier.com)

Posted by BeauHD on from the lurking-in-the-shadows dept.

An anonymous reader writes from a report via Schneier on Security: Two researchers have discovered over 100 Tor nodes that are spying on hidden services. Cory Doctorow from Boing Boing reports: "These nodes -- ordinary nodes, not exit nodes -- sorted through all the traffic that passed through them, looking for anything bound for a hidden service, which allowed them to discover hidden services that had not been advertised. These nodes then attacked the hidden services by making connections to them and trying common exploits against the server-software running on them, seeking to compromise and take them over. The researchers used 'honeypot' .onion servers to find the spying computers: these honeypots were .onion sites that the researchers set up in their own lab and then connected to repeatedly over the Tor network, thus seeding many Tor nodes with the information of the honions' existence. They didn't advertise the honions' existence in any other way and there was nothing of interest at these sites, and so when the sites logged new connections, the researchers could infer that they were being contacted by a system that had spied on one of their Tor network circuits. No one knows who is running the spying nodes: they could be run by criminals, governments, private suppliers of 'infowar' weapons to governments, independent researchers, or other scholars (though scholarly research would not normally include attempts to hack the servers once they were discovered)." The Tor project is aware of the attack and is working to redesign its system to try and block it. Security firm Bitdefender has issued an alert about a malicious app called EasyDoc that hands over control of Macs to criminals via Tor.

21 of 56 comments (clear)

  1. So much for anonymity. by shmlco · · Score: 3, Insightful

    Anyone who thinks they can hide in the darknet is an idiot.

    --
    Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.
    1. Re:So much for anonymity. by Anonymous Coward · · Score: 2, Insightful

      Anyone who thinks they can hide in the darknet is an idiot.

      You are the idiot here. You haven't even understood what you read. Nothing in the article implies that Tor doesn't work, and no "vulnerability" was found out. It actually says that it is used also for illegal purposes, such as hacking and running giant botnets, which is no news at all and makes me think that Tor works pretty well, otherwise black-hats wouldn't use it.

  2. Re:If the government attacks us... by The-Ixian · · Score: 2

    What does that make them?

    Attackers?

    --
    My eyes reflect the stars and a smile lights up my face.
  3. Tor is a broken concept by spectrum- · · Score: 1

    When an encryption method ia broken, normally there is a newer stronger and more secure method recommended. The flaws in Tor are hardly news now but still there is no viable and usable alternative.
    Any attempts to be anonymous or simply not be tracked and recorded in the databases of multinationals and so on is a lot of hard work these days of turning off and opting out and disabling things.

    Is there nothing better on the way? Is a dubious and untrustworthy Tor connection the last refuge of online anonymity?

    1. Re:Tor is a broken concept by Anonymous Coward · · Score: 2, Interesting

      In a panopticon privacy is, by definition, impossible. Tor or other systems like it will probably be one of the last options remaining before the surveillance states become complete. However, despite the scare stories it still does just the job pretty well for now.

    2. Re:Tor is a broken concept by Anonymous Coward · · Score: 1

      The fundamental weakness of tor is that it is wide open to any adversary that can see and record every connection to every computer at once, whether through a global metadata collection system like PRISM or seeding the network with hundreds of recording nodes and hoping that your nodes get used to establish a connection.

      There are no practical responses to this yet. The obvious ones are to either consume massive amounts of bandwidth on transmitting random chaff packets to make it difficult to determine the actual connections (those chaff packets then have to be retransmitted with more chaff by the nodes receiving them or they'd be obvious decoys), or to store and forward the messages, slowing down the network to make it difficult to use timing information from metadata to correlate incoming and outgoing packets. Neither produce services people would be willing to use.

    3. Re:Tor is a broken concept by Impy+the+Impiuos+Imp · · Score: 1

      This is why the Supreme Court needs to keep repeating again and again the right to speak, encrypted, is part of the First Amendment. Whatever the FBI or CIA or NSA wants to do, let's assume they are angels for the moment and won't abuse it politically, it is clear shitheads like Putin and China's rulers have an interest in using it to maintain power by spying on their political opponents, and arresting them.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  4. Re: If U don't do anything illegal by spectrum- · · Score: 4, Insightful

    Maybe you just wish to conduct normal law abiding living with some privacy from governments which aren't democratic (Tor is a global resource don't forget) or large corporations looking to exploit any data on individuals for profit. Data has a value and quite often it's taken without users knowledge and sold onwards without giving them any say. Given how terrible some government's and companies secure your personal data from blatant criminality using your data for their gain, everybody has a vested interest in privacy even if theyre law abiding.

  5. How is Tor even still a thing? by barc0001 · · Score: 1, Interesting

    In this day and age, it seems anyone who either uses Tor or operates an exit node is opening themselves to crazy risks. Especially the exit node operators. With the kind of traffic going through some of them you have to be a moron to run one...

    1. Re:How is Tor even still a thing? by PCM2 · · Score: 1

      This story doesn't appear to have anything to do with exit nodes, so maybe there's your answer.

      --
      Breakfast served all day!
    2. Re:How is Tor even still a thing? by Anonymous Coward · · Score: 2, Informative

      "[I]t seems anyone who ... uses Tor ... is opening themselves to crazy risks"

      [citation needed]

      Tor is no less secure than a typical Internet connection. On the Open Internet your traffic passes through the networking equipment of tens of operators. With the exception of your ISP, you typically have no formal agreement with any of those operators. Any of those operators can capture and/or modify your traffic at will. It is widely known that operators have been and continue to do both of these things.

      Using Tor is (at worst) like using a VPN with very good anonymising properties. I bet that you would never say that "Anyone who uses a VPN is opening themselves up to crazy risks.".

    3. Re:How is Tor even still a thing? by bill_mcgonigle · · Score: 5, Informative

      anyone who either uses Tor or operates an exit node is opening themselves to crazy risks.

      Using Tor and operating an exit node are completely separate risk profiles.

      Especially the exit node operators.

      Not if they're libraries. Encourage your local librarians to support freedom of inquiry by joining the Library Freedom Project.

      I've been to a few of their symposia and each time the room was completely packed with librarians who had often traveled a great distance to be there.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  6. Good thing the editors got in their Apple hate by Anonymous Coward · · Score: 2, Informative

    For no reason and not remotely connected to the topic.

    Typical Slashcrap behavior.

  7. Back to War Driving by thundercattt · · Score: 1

    When in doubt, time to go old school. War driving for wifi, do your hacking then drive off.

    1. Re:Back to War Driving by subk · · Score: 1

      Maybe Mr. Robot had it right... Build your lair in an abandoned arcade, or hollowed out volcano... Whatever suits your fancy. As long as you're not there when they find it, who cares?

      --
      Now, if you'll excuse me, I have backups to corrupt.
  8. For real? by Anonymous Coward · · Score: 1

    The "honions' ".
    Jesus...

  9. Re:If U don't do anything illegal by Anonymous Coward · · Score: 3, Insightful

    If you've got nothing to hide, you're a useless idiot.

  10. Re:government by Anonymous Coward · · Score: 1

    I'll bet at least some of these are NSA and other governments (China etc)

    Why not this:
    Two security researchers setup 100 honeypot tor nodes to catch... two security researchers using 100 tor nodes to spy on traffic.

    I guess I don't understand the difference in level of effort between these two activities and why one must be a government run hacking expedition while the other is two dudes in a lab.

  11. Easydoc? by Anonymous Coward · · Score: 2, Insightful

    What the everloving hell does Easydoc have to do with spying Tor nodes?

    Every time Apple's in the news, BeauHD adds an irrelevant crosspost to the most recent Apple news. Same with virtually any other topic. This isn't editorializing, this adds literally nothing of value to the story.

    Please stop the crossposting irrelevancies. Haven't you heard the old saying? If you've got nothing useful to add, add nothing!

  12. Re:government by JustNiz · · Score: 1

    Do you REALLY believe that the NSA, the CIA, the FBI all have zero interest in finding out who's using TOR and for what?

  13. Potential for a "public service" on the Deep Web? by Timothy2.0 · · Score: 1

    I wonder if it would be possible to set up a series of these honeypots in order to detect potentially-malicious activity and craft a database of nodes "promoting" malicious activity. Using that data, shape Tor traffic to avoid malicious nodes in the network. Adopting the traffic-shaping would be voluntary, ascentral control over routing is dangerous, and the body operating the "checkpoints" could act transparently.

    Not sure if the Tor protocol allows for it; this is just back-of-the-napkin thinking, but it would create a more robust, likely more secure, network.