Researchers Discover 110 Snooping Tor Nodes

Reader Orome1 writes: In a period spanning 72 days, two researchers from Northeastern University have discovered at least 110 "misbehaving" and potentially malicious hidden services directories (HSDirs) on the Tor anonymity network. "Tor's security and anonymity is based on the assumption that the large majority of its relays are honest and do not misbehave. Particularly the privacy of the hidden services is dependent on the honest operation of hidden services directories (HSDirs)," Professor Guevara Noubir and Ph.D. student Amirali Sanatinia explained. "Bad" HSDirs can be used for a variety of attacks on hidden services: from DoS attacks to snooping on them.

Tor's fatal flaw

[fustakrakich]

You can't trust anybody, not even Tor. I'm afraid this one looks like a lost cause. I wouldn't use the damn thing.

Probably almost all misbehave

Think about it. There are 196 countries in the world, all of which have police and most of which have intelligence agencies. Some hidden services have a legitimate use such as encrypted chat, but many of them are used as C&C for botnets by various criminals and for fun hackers, some of which have an interest in figuring out what the others hidden services are doing. And then there are private security researchers.

Overall, there is plenty of interest in snooping on Tor hidden services...

ESPECIALLY Tor and other obvious targets

[raymorris]

> You can't trust anybody, not even Tor.

IMHO, I especially don't trust Tor. It's an obvious place that three-letter agencies would be looking. If I drive down Crack Avenue with a busted taillight, I *expect* that police will be patrolling the area and probably pull me over. It would, imho, be silly to think that authorities aren't patrolling the digital equivalent of Crack Avenue.

Scale?

110 out of a population of how many hidden service directories? 25% of nodes also claimed to be exits.. How many exits are there?

A feel for how significant this problem is would be nice.