Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Privacy Security The Internet

Scientists Detect Two Dozen Computers Trying To Sabotage Tor Privacy Network 94

New submitter fynbar writes "Computer scientists have identified almost two dozen computers that were actively working to sabotage the Tor privacy network by carrying out attacks that can degrade encrypted connections between end users and the websites or servers they visit (PDF). 'Two of the 25 servers appeared to redirect traffic when end users attempted to visit pornography sites, leading the researchers to suspect they were carrying out censorship regimes required by the countries in which they operated. A third server suffered from what researchers said was a configuration error in the OpenDNS server. The remainder carried out so-called man-in-the-middle (MitM) attacks designed to degrade encrypted Web or SSH traffic to plaintext traffic. The servers did this by using the well-known sslstrip attack designed by researcher Moxie Marlinspike or another common MitM technique that converts unreadable HTTPS traffic into plaintext HTTP.'"
This discussion has been archived. No new comments can be posted.

Scientists Detect Two Dozen Computers Trying To Sabotage Tor Privacy Network

Comments Filter:
  • Only 24? (Score:4, Insightful)

    by Anonymous Coward on Wednesday January 22, 2014 @03:23AM (#46033457)

    If only 24 "bad" computers can cause that big of an issue then the TOR network clearly has bigger problems.
    I'm surprised that there was so few detected doing it.

    • Reading TFA (yes, I did) revealed next to nothing. Other than a brief mention of "From Russia with love" and that their IPs were assigned to Russia, I can't glean any useful info on who owns those servers.

    • Re:Only 24? (Score:4, Informative)

      by Anonymous Coward on Wednesday January 22, 2014 @05:59AM (#46033875)

      The "issue" is that an exit node can monitor or intercept outgoing connections.

      This is inherent to the design, and probably can't be fixed at this level.
      It's also a "feature" because it provides an incentive to run an exit node.

      The solution is that end users need to be extra paranoid. TOR isn't magic security dust - it anonymizes traffic, but it also increases your exposure to attacks. It should only be used for encrypted connections, with authentication of the end point.
      For "casual" users that means to always use https, always verify the certificate, and disable any root certificates you don't need.

      • by Anonymous Coward

        It depends on the use case. Somebody browsing porn on Tor (porn isn't illegal in many cases, just restricted, think academic institutions, etc) doesn't care if you can see everything they are looking at because they are still anonymous. That might be a bad example. Lets use a better one. A user posting a video of police corruption (taken from afar) doesn't care if the middle-man can see what hes doing. He only cares that the middle-man can't identify him.

      • With regards to the SSL stuff? Should I disable all SSL certs in the browser and then enable only the ones that my https sites ask for? Or is it safe to leave them alone. Or will it break everything if I disable them since I won't know which to turn back on? And what about non-browser ssl traffic? Does the update service use ssl libraries too? Isnt there a separate certs list for ssl programs that are not browsers?

    • That's 24 + the 2000 or so TOR end points the NSA operates.
  • by mikewilsonuk ( 1676196 ) on Wednesday January 22, 2014 @03:29AM (#46033473)

    "... almost two dozen computers that were actively...", "Two of the 25 servers... ".

    Oh, they clear that up nicely - "Almost two dozen" is actually 25. Perhaps dozen is like gallon: different sizes in different countries.

    • by Imrik ( 148191 ) on Wednesday January 22, 2014 @03:37AM (#46033509) Homepage

      Apparently the "almost two dozen" refers to the 22 that were doing MiTM attacks.

    • by Anonymous Coward

      Well, it always is a good idea to read the complete text. Here's a bigger quote with all the relevant parts:

      "[...] almost two dozen computers that were actively [...] by carrying out attacks that can degrade encrypted connections [...]",
      "Two of the 25 servers [did something different]. A third server [was apparently misconfigured]. The remainder carried out so-called man-in-the-middle (MitM) attacks designed to degrade encrypted Web or SSH traffic to plaintext traffic."

      So it was 22 servers which were "carry

    • Yeah...well...maybe /. sucks at LaTeX..

      Ever think of that?

    • by Buz53 ( 2828481 )
      It's exactly two of your average dozen...Bakers and regular
    • by jrumney ( 197329 )

      Since the results clearly show that Tor is a half-baked solution the story authors felt it appropriate to use 13 as the reference value for a dozen.

  • by Anonymous Coward

    Repeated attempts to destroy Tor's image to deter troublesome future widepread-adoption of this privacy tool?

  • by Anonymous Coward on Wednesday January 22, 2014 @04:39AM (#46033675)

    The mention in the article that there are only 1000 exit nodes generally available on TOR is kinda stunning.

    That's 20 nodes per US state.

    If that is it.... Then what is left of Freedom is in deep trouble.

    • That was my first thought to. On further reflection it's not actually that bad.

      Most tor traffic doesn't exit to the internet (it's being routed to .onion sites), and 1,000 - 25 nasty, unfiltered, uncensored exits is actually quite good e.g. there's only a few cables leaveing the UK, not sure exactly how many, but I'd guess it's a few hundred at most. However the number of "unfiltered, uncensored" exits leaving the UK is precisely zero.

      • by AHuxley ( 892839 ) on Wednesday January 22, 2014 @09:49AM (#46034817) Journal
        Yes the NSA, GCHQ and friends have to low count of optical from nation to nation to thank for their easy global surveillance.
        Even if you get a great TOR connection, sent that message around the world, your message in and out can always be re joined no matter the entry or exit point.
        The low count of all exit nodes per month as an average is telling, chilling and unexpected.
        • how does it have any impact on the 99% of tor traffic which never touches an exit node?

    • by Anonymous Coward

      That's 20 nodes per US state.

      Or 53 nodes per Finnish Region.

    • There seems to be less incentive to run an exit node when shit like thiscan happen to you...
  • .... if we make it, we can break it.

  • Even if this were to occur and you are on a bad exit node, wouldn't you still get a warning from the browser about the certificate being bad?

    • by Anonymous Coward

      sslstrip doesn't replace the certificate, it takes HTTPS traffic and turns it into HTTP at your end. It requires that you go to a HTTP page first, at which point it rewrites any HTTPS links or redirects to the corresponding HTTP ones. If you block your browser from using HTTP at all the attack doesn't work, but nobody does that.

  • Isn't it kind of obvious that Tor would be a target to be attacked?

    Between government agencies and other shady characters, I should think that as soon as you announce you've got something which provides anonymity, someone would be trying to break it.

    Sure, they've identified some specific things, but did anybody actually believe Tor and things like it wouldn't be targets?

  • People have to stop hanging their hopes for privacy on HTTPS/PKI and also a network (Tor) built on the premise of accessing an insecure web.

    If there is going to be any real privacy on the Internet going forward, it will have to be based on a new layer like the Invisible Internet Project (I2P). [geti2p.net] People should start using it now in a P2P fashion -- securing emails, chats, torrents and such -- and in time there is a chance the momentum will attract larger and larger web services, too. Make a habbit of telling p

e-credibility: the non-guaranteeable likelihood that the electronic data you're seeing is genuine rather than somebody's made-up crap. - Karl Lehenbauer