Researchers Discover 110 Snooping Tor Nodes

Reader Orome1 writes: In a period spanning 72 days, two researchers from Northeastern University have discovered at least 110 "misbehaving" and potentially malicious hidden services directories (HSDirs) on the Tor anonymity network. "Tor's security and anonymity is based on the assumption that the large majority of its relays are honest and do not misbehave. Particularly the privacy of the hidden services is dependent on the honest operation of hidden services directories (HSDirs)," Professor Guevara Noubir and Ph.D. student Amirali Sanatinia explained. "Bad" HSDirs can be used for a variety of attacks on hidden services: from DoS attacks to snooping on them.

Hidden Service Directories

I asked on the Tor forum how one can run a directory server, and the response was basically -- "you can't -- only people chosen *specifically* by the Tor project can host a directory server".

Apparently this is *not* true, so what's the real deal, and *why* did they tell me this?

Re:Hidden Service Directories

[Joce640k]

I _could_ tell you but then I'd have to kill you.

Clue: NSA.

Re: Hidden Service Directories

You are confusing hidden service directories and authoritative directories

Re:Hidden Service Directories

Directory servers and hidden service directories are a different thing.

There are nine directory servers that vote on whether a relay should or should not be included in the network. These are hardcoded into the client, this is what they told you about.

Hidden service directories (HSDirs) are different—these are regular relays that have been up for a certain amount of time. Hidden services pick HSDirs at 'random' to advertise themselves, through a deterministic function of the date and their public key/URL.

HSDirs are much less security-sensitive—they can see which hidden services are being accessed (though not by whom), but can't manipulate the results or (AFAIK) compromise the anonymity of the users, barring any bug in the protocol. Normal directory servers can vote to add or remove relays from the network and change their properties, allowing control over the routing path of other users (e.g. by providing only hostile nodes to some users, etc.).

Re:Hidden Service Directories

[FatdogHaiku]

From Wikipedia:
"The core principle of Tor, "onion routing", was developed in the mid-1990s by United States Naval Research Laboratory employees, mathematician Paul Syverson and computer scientists Michael G. Reed and David Goldschlag, with the purpose of protecting U.S. intelligence communications online.
Onion routing was further developed by DARPA in 1997.[17][18][19]

The alpha version of Tor, developed by Syverson and computer scientists Roger Dingledine and Nick Mathewson[20] and then called The Onion Routing project, or TOR project, launched on 20 September 2002.[1][21] On 13 August 2004, Syverson, Dingledine and Mathewson presented "Tor: The Second-Generation Onion Router" at the 13th USENIX Security Symposium.[22] In 2004, the Naval Research Laboratory released the code for Tor under a free license, and the Electronic Frontier Foundation (EFF) began funding Dingledine and Mathewson to continue its development.[20]

In December 2006, Dingledine, Mathewson and five others founded The Tor Project, a Massachusetts-based 501(c)(3) research-education nonprofit organization responsible for maintaining Tor.[23] The EFF acted as The Tor Project's fiscal sponsor in its early years, and early financial supporters of The Tor Project included the U.S. International Broadcasting Bureau, Internews, Human Rights Watch, the University of Cambridge, Google, and Netherlands-based Stichting NLnet.[24][25][26][27][28]

From this period onwards, the majority of funding sources came from the U.S. government.[20]"

The link is if you need more than that...
but after the last sentence, do you, really?

Re:Hidden Service Directories

There are nine directory servers that vote on whether a relay should or should not be included in the network.

Only eight, now. :/

Re:Hidden Service Directories

flags: Fast, Guard, HSDir, Running, Stable, V2Dir, Valid

All of my nodes currently have these flags set. The only thing it takes is time. The Stable flag seems to show up after 48 hours. The V2Dir (tor directory) flag tends to show up a couple of days later. The Guard and HSDir (hidden services directory) flags seem to show up after a week, although to be honest I've never paid enough attention to know how accurate any of these numbers are. I just install tor in a container on new servers and let it run for the life of the server.

All it takes is time, and probably a fast connection doesn't hurt either. These all run on dedicated servers in European data centers. I don't do a thing, it's all automated. The only flag I don't have set is the Exit flag, and I don't run exit nodes due to the fact that I'm not criminally insane.

The type of directories you're thinking about are completely different things.

Re:Hidden Service Directories

[cryptizard]

What a completely irrelevant piece of information. You do realize that a lot (probably most) of privacy research is sponsored by the government, i.e. the National Science Foundation?

Sure

[no-body]

NSA owns a couple of those.

Nothing to see or hear

Move along little doggies move along hee aw!

So is the bottom line...

If you use TOR, you get put on a 3-letter list?

Re:So is the bottom line...

[TroII]

If you even search for Tor (or "Linux" or "secure desktop" or "IRC" or "Truecrypt") you get put on an NSA list.

Re:So is the bottom line...

not quite, the article you referenced doesn't confirm what you say at all

Re:So is the bottom line...

[AHuxley]

AC "The program marks and tracks the IP addresses of those who search for 'tails' or 'Amnesiac Incognito Live System' along with 'linux', ' USB ',' CD ', 'secure desktop', ' IRC ', 'truecrypt' or ' tor '." as in collects details on all who look for such tools.
More at "NSA targets the privacy-conscious" (03.07.14) https://daserste.ndr.de/panora...
with "Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search."

Re:So is the bottom line...

[atgaaa]

don't use google, don't use google name servers.

Tor's fatal flaw

[fustakrakich]

You can't trust anybody, not even Tor. I'm afraid this one looks like a lost cause. I wouldn't use the damn thing.

Re:Tor's fatal flaw

[duke_cheetah2003]

You can't trust anybody, not even Tor. I'm afraid this one looks like a lost cause. I wouldn't use the damn thing.

Which is precisely the goal of tampering and interfering with TOR network operations. To cast doubt upon it, to make it less attractive. I really don't think it has much to do with wanting to snoop, as it is to make people think they're being snooped on and to destablize the service entirely. Seems like it's fairly effective so far too!

This is a beautiful piece of social engineering by those who want TOR to go away. Well played.

Re:Tor's fatal flaw

[fustakrakich]

I'm fine with that. Exposing actual flaws is always a good thing. The reasons aren't important. It just means we have to do better. I feel the same about publicly available encryption in general. I don't believe it is secure beyond what the script kiddies can do. And even the hardware itself is pretty leaky. So, just like the old days, the Sunday classifieds are still the best way to get a message out.The idea of *trust no one* is as old as the hills. Some things will never change, no matter how glitzy the tech. On the other hand there are burner phones and email, effectively one time pads, there is a future there until you need a fake ID to buy them. And maybe the miracle of 3D printed electronics has potential also. Just have to wait and see.

Re:Tor's fatal flaw

[gweihir]

This is a beautiful piece of social engineering by those who want TOR to go away. Well played.

Indeed. It is a classical attack: Make people mistrust the secure tools and have them use less secure tools instead. Works on many people, unfortunately.

Re:Tor's fatal flaw

[fustakrakich]

Once again, Tor is proven to be insecure. No social engineering is needed. Which means that more secure tools are needed. That is the direction to move in.

Re:Tor's fatal flaw

[AHuxley]

Recall the origins and past funding of Onion routing https://en.wikipedia.org/wiki/... i.e. US needed a system that would allow US backed and funded dissidents globally to network for color revolutions https://en.wikipedia.org/wiki/... and other long term political NGO work.
5 eye nations did not seem to be very upset with its spread and use with systems like Tempora https://en.wikipedia.org/wiki/.... Federal funding at a police level in the US to track users goes from success to success even on low budgets per case.
For Onion routing to work well a lot of consumers need to be using the networks to hide the few "dissidents" globally.
Given all the low cost police work that makes it to court, tracking users is now less hard work. Collect it all is now in the hands of anyone or nation or cult or faith or brand with a limited federal police budget.

Re:Tor's fatal flaw

[fustakrakich]

That appears to be part of the problem. Not only does it stand out like the proverbial sore thumb, only the people who feel a real need are using it, making it easy to spot. We need something that blends in better, so we don't have to consider the percentage of people using it. The only thing that comes to mind for now is that steganography thing, and don't try to hide anything more complex than tiny text files.

Re:Tor's fatal flaw

[antdude]

"Trust no one." --The X-Files. :(

Re:Tor's fatal flaw

[gweihir]

You really have no clue what is going on. Fascinating.

In the same venue: Cars are insecure (they crash on occasion and kill people), food is insecure, water is insecure. According to your logic we need to drop all these.

Re:Tor's fatal flaw

[fustakrakich]

Your opinion is noted. I can only say that's a horrible analogy, but carry on.

For everybody else, some cars are more dangerous that others. I would recommend you don't drive them. In some places (Flint, Michigan, maybe, possibly?) the water is poison. Anyone who says to drink it anyway.. well, let's just say wouldn't be very nice. Spoiled food? I hope that goes without saying, but in today's world you never know, considering this last response I received above.

Re:Tor's fatal flaw

[gweihir]

My point is that both more secure alternatives (which have however consistently failed to materialize in any real-world deployed form, and the whole idea of anonymous networking is now something like 20 years old) and improving TOR security are both valid options. Given that TOR is already there and works and its weak points are already pretty well understood, the second seems to be the by far better option. Also note that the TOR project has long since said that hidden services need work, but that they would need funding/donations for that.

So this recent attack is not really much of a surprise and it was discovered as part of the ongoing attempts to make hidden services more secure. Also note that the known attacks on high-profile hidden services (Freedom Hosting, Silk Road, etc.) were not successful attacks against the hidden services, but attacks against the Firefox browser for users that did run old TOR browser bundles with known vulnerabilities, exploits against server software run on top of a hidden service and user and administrator errors. There is actually no evidence at this time that any hidden service was successfully attacked on TOR-level. What probably can be done with the current attack is identification of the hidden services and their addresses (but not where they run) and then try direct attacks on the server-software (web-server, etc.) running there. Having a TOR hidden service does not excuse you from making it secure against these conventional attacks.

Telling people to move away from TOR at this time is not really a good idea. Telling them to be careful and explaining what can get them attacked successfully is something that actually helps.

Re:Tor's fatal flaw

[AHuxley]

Nations can now afford to reconcile most of their users internet patterns over time. If that fails, just induce random network drops to see who falls off the network over a few 10's, hundred or 1000 interesting users per city and provider.
If most of a nations users are just surfing, using web 2.0, doing other tasks, getting a short list of people who went looking for software would not be too hard.

Probably almost all misbehave

Think about it. There are 196 countries in the world, all of which have police and most of which have intelligence agencies. Some hidden services have a legitimate use such as encrypted chat, but many of them are used as C&C for botnets by various criminals and for fun hackers, some of which have an interest in figuring out what the others hidden services are doing. And then there are private security researchers.

Overall, there is plenty of interest in snooping on Tor hidden services...

Can authentication be distributed?

[Toe,+The]

I always assumed relays of any kind are untrustworthy. Even if there is a group of admins regulating them, that's still prone to social engineering.

Might it be possible to have relays cross-check each other? Way over my head technically: I can't imagine if it's possible to run checks that would prove validity. But it seems like the only possible solution: distribute the authority instead of trying to centralize it.

ESPECIALLY Tor and other obvious targets

[raymorris]

> You can't trust anybody, not even Tor.

IMHO, I especially don't trust Tor. It's an obvious place that three-letter agencies would be looking. If I drive down Crack Avenue with a busted taillight, I *expect* that police will be patrolling the area and probably pull me over. It would, imho, be silly to think that authorities aren't patrolling the digital equivalent of Crack Avenue.

Re:ESPECIALLY Tor and other obvious targets

It _may_ have been trustworthy at some point, though I certainly agree that if anything, given the knowledge we now have about actual, active surveillance programs, if anything Tor would be _more_ likely to be watched than the usual packet-dump-keyword-search routine that's gotten popular the last few years.

It certainly isn't trustworthy now, however, for one simple purpose... Edward Snowden. He didn't exactly make much secret of the fact that Tor was instrumental in his pulling the rug out from under the entire surveillance state in America (http://www.huffingtonpost.com/2013/07/18/tor-snowden_n_3610370.html). It's not just a tool to mask U.S. navy officers looking up porn while at sea or deployed any more...now it's also a potential threat to the Americans. One of their pet military projects didn't turn into the Internet, it turned the spotlight back on their entire, ugly operation and exposed the many nation-states acting as collaborators.

Long story short, if "they" weren't watching Tor pre-Snowden, they're certainly, 100% without question watching it now. I would think it a bit presumptuous to be so certain of that very statement, were it not for the fact that in their own minds, the CIA and NSA would be negligent in their duties _not_ to be watching Tor at this point. In either case, if you're depending on it for anonymity and privacy, you probably don't have much of either...and if you're promoting it?

Probably a Slashdot editor.

Re:ESPECIALLY Tor and other obvious targets

Depends who's gaze you're trying to avoid. Your ISP, at least, can't tell what you're up to and, if you're careful (security flaws in Tor browser notwithstanding), Onion routing presumably still make difficult to trace you.

Re:ESPECIALLY Tor and other obvious targets

it was literally developed by the US Navy, (or Air Force I can't remember). But the point is- TOR was developed by the man to help the man against the boogie man. That it fell into netzians' hands may or may not be a coincidence.

Scale?

110 out of a population of how many hidden service directories? 25% of nodes also claimed to be exits.. How many exits are there?

A feel for how significant this problem is would be nice.

Re:Scale?

110 out of a population of how many hidden service directories?

As of right now, 3,174 are listed in the consensus.

25% of nodes also claimed to be exits.. How many exits are there?

Don't know where that number might have come from. Currently there are 902 relays marked with the "Exit" flag, out of a total of 6,846 public relays.

Tor is obviously not secure

I find it strange that after so many bad news about Tor over the past year, people insist on using it.

Researchers Discover Over 100 Tor Nodes Designed To Spy On Hidden Services (8/Jul/16)

Carnegie Mellon University Attacked Tor, Was Subpoenaed By Feds (25/Feb/16)

Re:Tor is obviously not secure

[gweihir]

That is because all alternatives are much, much worse.

Duplicate

He look at that: https://yro.slashdot.org/story...

Out of how many?

[Narcocide]

What really matters is what percentage of nodes are compromised, and whether the rest of us reading Slashdot right now can fix this issue forever by each just enabling a few new clean exit nodes?

Re:Out of how many?

[cryptizard]

This also only effects hidden services, which pretty much nobody uses.

Re:Out of how many?

a) hidden services don't use exit nodes

b) I understood from the dupe earlier that these nodes' function is to try exploits on hidden services whenever they see one. That is, I wouldn't call the nodes compromised but more like 'working but hostile' ... Basically, same sort of automatic exploit stuff that happens on the public interwebs, just now on the darknet.

The Navy has always done signals intelligence

[raymorris]

The general concept of onion routing was first created by the Navy. Because they operate offshore and need to use open-air signals to communicate, Navies have had a strong interest in signals intelligence for a couple thousand years.

DARPA later developed the concept a bit more, then back to Navy contractors for a working implementation. The problem then was that an "anonymized" network which is only used by the US Navy and US spies isn't all that anonymous. If a doctor in Syria is using Tor, the Syrian government would react without needing to know *exactly* who the doctor is talking to - he's talking to either the US military or US intelligence. So they needed lots of people to use Tor. That way nobody could tell which Tor users were spies and which were downloading cracked games. The contractors began to be funded by the EFF.

There aare WAYS around this problem.

I won't tell here for sure or counter-measures will be taken by the US gov.

I will say this. Add these two lines to your torrc

StrictNodes 1
ExcludeNodes {us}

If you find a node misbehaving, get it's fingerprint and add it to the end of ExcludeNodes with a comma. You can also just block whole countries. The {us} above blocks the United States. Another example would be {us},{de}

There's a larger list here.
http://www.b3rn3d.com/blog/2014/03/05/tor-country-codes/

Spies are lies and go to Hell. Just never join them.

Find Tails 1.4.1 if you want the safest level of TOR. You can make newer versions safe ONLY IF YOU KNOW what you are doing.
They took down the whole kat.cr (Kickass Torrents) domain simply because it still has a fast seed of Tails 1.4.1. After Ed Snowden fucked the US spies up, they infiltrated boum.org ..

See this image, it was posted in comments of kar.cr (TNTVILLAGE Tails 1.4.1) by me shortly before kat.cr was seized.
http://i.imgur.com/QLGyQYf.jpg

Get 1.4.1 and DO SHARE IT.

Re:There aare WAYS around this problem.

The correct Torrent for Tails 1.4.1 (from kat.cr) is on this Facebook page. Fast seed.
http://tinyurl.com/digabigtomb

You used to be able to use longurl.org to expand url's to check them first. I see now the domain is gone or down.

This one works to expand shortened urls like tinyurl and bit.ly
http://www.expandurl.net/expand