Researchers Discover 110 Snooping Tor Nodes (helpnetsecurity.com)

← Back to Stories (view on slashdot.org)

Researchers Discover 110 Snooping Tor Nodes (helpnetsecurity.com)

Posted by msmash on Monday July 25, 2016 @06:40AM from the security-woes dept.

Reader Orome1 writes: In a period spanning 72 days, two researchers from Northeastern University have discovered at least 110 "misbehaving" and potentially malicious hidden services directories (HSDirs) on the Tor anonymity network. "Tor's security and anonymity is based on the assumption that the large majority of its relays are honest and do not misbehave. Particularly the privacy of the hidden services is dependent on the honest operation of hidden services directories (HSDirs)," Professor Guevara Noubir and Ph.D. student Amirali Sanatinia explained. "Bad" HSDirs can be used for a variety of attacks on hidden services: from DoS attacks to snooping on them.

28 of 45 comments (clear)

Min score:

Reason:

Sort:

Hidden Service Directories by Anonymous Coward · 2016-07-25 06:46 · Score: 3, Interesting

I asked on the Tor forum how one can run a directory server, and the response was basically -- "you can't -- only people chosen *specifically* by the Tor project can host a directory server".
Apparently this is *not* true, so what's the real deal, and *why* did they tell me this?
1. Re:Hidden Service Directories by Joce640k · 2016-07-25 06:53 · Score: 1
  
  I _could_ tell you but then I'd have to kill you.
  Clue: NSA.
  
  --
  No sig today...
2. Re:Hidden Service Directories by FatdogHaiku · 2016-07-25 13:25 · Score: 1, Informative
  
  From Wikipedia:
  "The core principle of Tor, "onion routing", was developed in the mid-1990s by United States Naval Research Laboratory employees, mathematician Paul Syverson and computer scientists Michael G. Reed and David Goldschlag, with the purpose of protecting U.S. intelligence communications online.
  Onion routing was further developed by DARPA in 1997.[17][18][19]
  The alpha version of Tor, developed by Syverson and computer scientists Roger Dingledine and Nick Mathewson[20] and then called The Onion Routing project, or TOR project, launched on 20 September 2002.[1][21] On 13 August 2004, Syverson, Dingledine and Mathewson presented "Tor: The Second-Generation Onion Router" at the 13th USENIX Security Symposium.[22] In 2004, the Naval Research Laboratory released the code for Tor under a free license, and the Electronic Frontier Foundation (EFF) began funding Dingledine and Mathewson to continue its development.[20]
  In December 2006, Dingledine, Mathewson and five others founded The Tor Project, a Massachusetts-based 501(c)(3) research-education nonprofit organization responsible for maintaining Tor.[23] The EFF acted as The Tor Project's fiscal sponsor in its early years, and early financial supporters of The Tor Project included the U.S. International Broadcasting Bureau, Internews, Human Rights Watch, the University of Cambridge, Google, and Netherlands-based Stichting NLnet.[24][25][26][27][28]
  From this period onwards, the majority of funding sources came from the U.S. government.[20]"
  The link is if you need more than that...
  but after the last sentence, do you, really?
  
  --
  You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
3. Re:Hidden Service Directories by cryptizard · 2016-07-26 00:42 · Score: 2
  
  What a completely irrelevant piece of information. You do realize that a lot (probably most) of privacy research is sponsored by the government, i.e. the National Science Foundation?
Sure by no-body · 2016-07-25 06:49 · Score: 1

NSA owns a couple of those.
Tor's fatal flaw by fustakrakich · 2016-07-25 07:17 · Score: 4, Insightful

You can't trust anybody, not even Tor. I'm afraid this one looks like a lost cause. I wouldn't use the damn thing.

--
“He’s not deformed, he’s just drunk!”
1. Re:Tor's fatal flaw by duke_cheetah2003 · 2016-07-25 09:42 · Score: 2
  
  You can't trust anybody, not even Tor. I'm afraid this one looks like a lost cause. I wouldn't use the damn thing.
  Which is precisely the goal of tampering and interfering with TOR network operations. To cast doubt upon it, to make it less attractive. I really don't think it has much to do with wanting to snoop, as it is to make people think they're being snooped on and to destablize the service entirely. Seems like it's fairly effective so far too!
  This is a beautiful piece of social engineering by those who want TOR to go away. Well played.
2. Re:Tor's fatal flaw by fustakrakich · 2016-07-25 10:38 · Score: 1
  
  I'm fine with that. Exposing actual flaws is always a good thing. The reasons aren't important. It just means we have to do better. I feel the same about publicly available encryption in general. I don't believe it is secure beyond what the script kiddies can do. And even the hardware itself is pretty leaky. So, just like the old days, the Sunday classifieds are still the best way to get a message out.The idea of *trust no one* is as old as the hills. Some things will never change, no matter how glitzy the tech. On the other hand there are burner phones and email, effectively one time pads, there is a future there until you need a fake ID to buy them. And maybe the miracle of 3D printed electronics has potential also. Just have to wait and see.
  
  --
  “He’s not deformed, he’s just drunk!”
3. Re:Tor's fatal flaw by gweihir · 2016-07-25 11:34 · Score: 2
  
  This is a beautiful piece of social engineering by those who want TOR to go away. Well played.
  Indeed. It is a classical attack: Make people mistrust the secure tools and have them use less secure tools instead. Works on many people, unfortunately.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
4. Re:Tor's fatal flaw by fustakrakich · 2016-07-25 13:24 · Score: 1
  
  Once again, Tor is proven to be insecure. No social engineering is needed. Which means that more secure tools are needed. That is the direction to move in.
  
  --
  “He’s not deformed, he’s just drunk!”
5. Re:Tor's fatal flaw by AHuxley · 2016-07-25 13:56 · Score: 1
  
  Recall the origins and past funding of Onion routing https://en.wikipedia.org/wiki/... i.e. US needed a system that would allow US backed and funded dissidents globally to network for color revolutions https://en.wikipedia.org/wiki/... and other long term political NGO work.
  5 eye nations did not seem to be very upset with its spread and use with systems like Tempora https://en.wikipedia.org/wiki/.... Federal funding at a police level in the US to track users goes from success to success even on low budgets per case.
  For Onion routing to work well a lot of consumers need to be using the networks to hide the few "dissidents" globally.
  Given all the low cost police work that makes it to court, tracking users is now less hard work. Collect it all is now in the hands of anyone or nation or cult or faith or brand with a limited federal police budget.
  
  --
  Domestic spying is now "Benign Information Gathering"
6. Re:Tor's fatal flaw by fustakrakich · 2016-07-25 16:15 · Score: 1
  
  That appears to be part of the problem. Not only does it stand out like the proverbial sore thumb, only the people who feel a real need are using it, making it easy to spot. We need something that blends in better, so we don't have to consider the percentage of people using it. The only thing that comes to mind for now is that steganography thing, and don't try to hide anything more complex than tiny text files.
  
  --
  “He’s not deformed, he’s just drunk!”
7. Re:Tor's fatal flaw by antdude · 2016-07-25 19:15 · Score: 1
  
  "Trust no one." --The X-Files. :(
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
8. Re:Tor's fatal flaw by gweihir · 2016-07-25 19:37 · Score: 1
  
  You really have no clue what is going on. Fascinating.
  In the same venue: Cars are insecure (they crash on occasion and kill people), food is insecure, water is insecure. According to your logic we need to drop all these.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
9. Re:Tor's fatal flaw by fustakrakich · 2016-07-26 04:19 · Score: 1
  
  Your opinion is noted. I can only say that's a horrible analogy, but carry on.
  For everybody else, some cars are more dangerous that others. I would recommend you don't drive them. In some places (Flint, Michigan, maybe, possibly?) the water is poison. Anyone who says to drink it anyway.. well, let's just say wouldn't be very nice. Spoiled food? I hope that goes without saying, but in today's world you never know, considering this last response I received above.
  
  --
  “He’s not deformed, he’s just drunk!”
10. Re:Tor's fatal flaw by gweihir · 2016-07-26 11:22 · Score: 1
  
  My point is that both more secure alternatives (which have however consistently failed to materialize in any real-world deployed form, and the whole idea of anonymous networking is now something like 20 years old) and improving TOR security are both valid options. Given that TOR is already there and works and its weak points are already pretty well understood, the second seems to be the by far better option. Also note that the TOR project has long since said that hidden services need work, but that they would need funding/donations for that.
  So this recent attack is not really much of a surprise and it was discovered as part of the ongoing attempts to make hidden services more secure. Also note that the known attacks on high-profile hidden services (Freedom Hosting, Silk Road, etc.) were not successful attacks against the hidden services, but attacks against the Firefox browser for users that did run old TOR browser bundles with known vulnerabilities, exploits against server software run on top of a hidden service and user and administrator errors. There is actually no evidence at this time that any hidden service was successfully attacked on TOR-level. What probably can be done with the current attack is identification of the hidden services and their addresses (but not where they run) and then try direct attacks on the server-software (web-server, etc.) running there. Having a TOR hidden service does not excuse you from making it secure against these conventional attacks.
  Telling people to move away from TOR at this time is not really a good idea. Telling them to be careful and explaining what can get them attacked successfully is something that actually helps.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
11. Re:Tor's fatal flaw by AHuxley · 2016-07-26 14:03 · Score: 1
  
  Nations can now afford to reconcile most of their users internet patterns over time. If that fails, just induce random network drops to see who falls off the network over a few 10's, hundred or 1000 interesting users per city and provider.
  If most of a nations users are just surfing, using web 2.0, doing other tasks, getting a short list of people who went looking for software would not be too hard.
  
  --
  Domestic spying is now "Benign Information Gathering"
Probably almost all misbehave by Anonymous Coward · 2016-07-25 07:26 · Score: 2, Insightful

Think about it. There are 196 countries in the world, all of which have police and most of which have intelligence agencies. Some hidden services have a legitimate use such as encrypted chat, but many of them are used as C&C for botnets by various criminals and for fun hackers, some of which have an interest in figuring out what the others hidden services are doing. And then there are private security researchers.
Overall, there is plenty of interest in snooping on Tor hidden services...
Can authentication be distributed? by Toe,+The · 2016-07-25 07:55 · Score: 1

I always assumed relays of any kind are untrustworthy. Even if there is a group of admins regulating them, that's still prone to social engineering.
Might it be possible to have relays cross-check each other? Way over my head technically: I can't imagine if it's possible to run checks that would prove validity. But it seems like the only possible solution: distribute the authority instead of trying to centralize it.
ESPECIALLY Tor and other obvious targets by raymorris · 2016-07-25 07:58 · Score: 4, Insightful

> You can't trust anybody, not even Tor.
IMHO, I especially don't trust Tor. It's an obvious place that three-letter agencies would be looking. If I drive down Crack Avenue with a busted taillight, I *expect* that police will be patrolling the area and probably pull me over. It would, imho, be silly to think that authorities aren't patrolling the digital equivalent of Crack Avenue.
Re:So is the bottom line... by TroII · 2016-07-25 08:23 · Score: 4, Informative

If you even search for Tor (or "Linux" or "secure desktop" or "IRC" or "Truecrypt") you get put on an NSA list.

--
"If there was a gay Afro-Puertorican Linux distribution, I'd give it a try" ~lucm
Scale? by Anonymous Coward · 2016-07-25 08:31 · Score: 2, Insightful

110 out of a population of how many hidden service directories? 25% of nodes also claimed to be exits.. How many exits are there?
A feel for how significant this problem is would be nice.
Re:Tor is obviously not secure by gweihir · 2016-07-25 11:34 · Score: 1

That is because all alternatives are much, much worse.

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Re:So is the bottom line... by AHuxley · 2016-07-25 13:33 · Score: 1

AC "The program marks and tracks the IP addresses of those who search for 'tails' or 'Amnesiac Incognito Live System' along with 'linux', ' USB ',' CD ', 'secure desktop', ' IRC ', 'truecrypt' or ' tor '." as in collects details on all who look for such tools.
More at "NSA targets the privacy-conscious" (03.07.14) https://daserste.ndr.de/panora...
with "Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search."

--
Domestic spying is now "Benign Information Gathering"
Out of how many? by Narcocide · 2016-07-25 14:05 · Score: 1

What really matters is what percentage of nodes are compromised, and whether the rest of us reading Slashdot right now can fix this issue forever by each just enabling a few new clean exit nodes?
1. Re:Out of how many? by cryptizard · 2016-07-26 00:44 · Score: 1
  
  This also only effects hidden services, which pretty much nobody uses.
Re:So is the bottom line... by atgaaa · 2016-07-26 01:10 · Score: 1

don't use google, don't use google name servers.
The Navy has always done signals intelligence by raymorris · 2016-07-26 03:49 · Score: 1

The general concept of onion routing was first created by the Navy. Because they operate offshore and need to use open-air signals to communicate, Navies have had a strong interest in signals intelligence for a couple thousand years.
DARPA later developed the concept a bit more, then back to Navy contractors for a working implementation. The problem then was that an "anonymized" network which is only used by the US Navy and US spies isn't all that anonymous. If a doctor in Syria is using Tor, the Syrian government would react without needing to know *exactly* who the doctor is talking to - he's talking to either the US military or US intelligence. So they needed lots of people to use Tor. That way nobody could tell which Tor users were spies and which were downloading cracked games. The contractors began to be funded by the EFF.