Tor servers vanish as FBI swoops on kiddie-smut suspect Network anonymisation outfit TOR has posted a fascinating piece of commentary on reports that some of the anonymous servers it routes to have disappeared from its network. “Around midnight on August 4th we were notified by a few people that a large number of hidden service addresses have disappeared from the Tor Network,” the …
Correct me if I'm wrong (and I just might be), but it seems to me that Tor has become a bit insecure by default. I'm thinking this because the government spook agencies and probably some criminal outfits [is there a difference?] seem to have figured out that they can just listen in on exit node traffic and scoop up lots of juicy communication from criminals, extremists, freedom fighters, dope smugglers, other spook agencies, etc.
Am I wrong on this? I've avoided using the Tor Browser Bundle recently for this reason. Not that anyone would be even slightly interested in reading any of my communication, but still it seems kind of a bad idea to place stuff directly into the government dragnet like that.
You are a bit wrong. First of all, exit nodes communicate unencrypted only with the regular web. Accessing hidden services makes the communication encrypted end-to-end. And even for the regular web, you can use https to achieve the same result.
This will hide both the origin of the traffic and the content of the traffic from anyone listening. Depending on how many intermediate nodes there are between you and the exit node, it can be almost impossible for someone to trace you, under normal conditions.
However, if most of the entry, exit and intermediate nodes are owned by FBI/NSA etc., everything changes. And it seems they lease some cloud servers from time to time to do just that.
TL/DR: TOR is not secure when attacked by someone with a lot of resources.
> Am I wrong on this? I've avoided using the Tor Browser Bundle recently for this reason. Not that anyone would be even slightly interested in reading any of my communication, but still it seems kind of a bad idea to place stuff directly into the government dragnet like that.
Use Tails in LiveCD mode, rather than the TOR Browser Bundle.
For hardcore mode, use Tails in LiveCD mode without a HDD installed in the laptop, a USB wireless dongle that you purchased using cash from a camera less kiosk, change MAC address anyway, wardrive for internet connection while keeping the laptop suspended over a bucket of saltwater. Slowly roll a cyanide capsule around your mouth and be prepared to bite down on it at anytime.
@Unauthorized - >"For hardcore mode, use Tails in LiveCD mode without a HDD installed in the laptop, a USB wireless dongle that you purchased using cash from a camera less kiosk, change MAC address anyway, wardrive for internet connection while keeping the laptop suspended over a bucket of saltwater. Slowly roll a cyanide capsule around your mouth and be prepared to bite down on it at anytime."
Too risky - you might forget to bite down on the capsule. Safer to grab a 1,000-count bottle of one-minute time-release cyanide capsules. Every 59.5 seconds, spit one out and replace it with a new one.
Hard core - 5,000-count bottle of 20-second time release capsules.
With the recent revelations about the level of internet surveillance, I would have to say Tor's security is not looking good. At least not good enough for anyone the NSA might be after. Hidden services are probably especially vulnerable due to their persistence, and the fact that the Tor Project has been neglecting that part of the software for some time.
Unfortunately the only countermeasure to this type of correlation attack, as far as I know, is to add a large randomized delay at each step in the circuit. This, needless to say, would not be very attractive to most users.
Personally, I think some of this also shows that the Tor Project needs to rethink their strategy. Now obviously, their goal was not to provide a way for people to access child pornography, but of course the same attack could be used against more sympathetic users, and it directly took advantage of two things the Tor Project did thinking they would make people safer. #1 Encouraging everyone to use the same browser bundle, and #2 keeping JavaScript enabled. Their thinking was safety in numbers, and that making it user friendly would get more people to use it, but it seems to me they discounted the more acute risk of a targeted exploit.
Left hand: We need to do something to aid political expression in certain repressive regimes, and prevent those governments snooping on dissidents, as social change in those countries is essential for continued peaceful coexistence.
Right hand: We need to set up improved monitoring and tracing systems systems for the internet - it'll be impossible to enforce the law effectively online if anyone can disappear into electronic mist at will, not to mention the potential for money laundering.
I don't think they were communicating at the time.
A bunch. That shouldn't be an issue if you restrict your usage to hidden services, as there is no exit node involved. However...
The payload sets a tracking cookie and appears to phone home with information about your system (IP address, for instance) that it shouldn't have. The code will only run if it thinks it's on a Windows machine running Firefox 17... Word is that the Tor Browser Bundle presents itself as FF 17 on Windows, regardless of the machine it is actually running on.
Sit back and watch the fun.
A large number.
At the exit nodes the data is decrypted so that it can be sent to its final location. While the FBI et al cannot work out the sender (unless they're accessing a service that gives that away, such as gmail etc, though those details might be limited) they can work out what the sender is doing (in some cases at least, unless you're engaging in encrypted communications and using TOR as the backbone).
I used to host a 100 mbit TOR node in the UK, and i'm 99% sure it was monitored by the security services.
I had a hidden USB camera in my rack server and it showed suspicious repatching taking place to just my server during a mysterious brief outage that my CoLo proider denied knowing anything about, this being a couple of weeks after I started running an exit node....and my server had been in place without change for over a year. As soon I realised what had likely happened I stopped hosting TOR.
Wow. Talk about walking into a trap. The fact that you get infected by a 0-day exploit on top of it is really bad. This quote on the Tor blog does not instill confidence: "We're investigating these bugs and will fix them if we can." I guess this is what you get when you build your service on a 1-year-old browser with known security holes.
Hadn't used it in quite awhile, but Tor Browser Bundle has just gotten permanently banned from any of my systems.
The included browser is supposed to be optimized to avoid leaking info, but it isn't required to do Tor browsing. You can simply point any FF/Chrome build to Tor by setting up the proxy settings to use the Tor local relay.
That said, Tor can be de-anonymized if the same person owns both the guard relay (entry point to Tor network) and the exit node, as explained by the Tor Project people at DEFCON. It could be what happened here, and it has more to do with the fact that Tor wasn't designed against a multi-national cooperation attacking the network, but was more about one single country trying to check on their users (i.e. China).
The slashdot post about the FBI putting malware on the site is interesting but hardly surprising, but could be construed as interfering in an investigation.
As to how effective the FBI are being, the Internet Watch Foundation may provide an insight. They report that since June there has been a spike in the number of attacks looking to create hidden folders of paedo porn on poorly defended websites, linked to regular pron sites, which looks like the paedo peddlers desperately moving and hiding their stuff and trying to hide their traffic amongst regular porn traffic (http://www.iwf.org.uk/about-iwf/news/post/367-websites-hacked-to-host-the-worst-of-the-worst-child-sexual-abuse-images). Whatever the FBI did in Ireland seems to be making the paedos a bit desperate and they seem to be deserting TOR. All good news AFAICS.
I rarely use TOR/Onion routers, and then I only use them out of frustration to overcome the irritating IP location-based blocking (watching online TV outside the viewing region and such).
It seems to me that trusting TOR with anything truly secure is a dangerous move. I do not believe--nor I'm not convinced--that the internet can ever be truly secure when messages are sent, say, between Alice and Bob and both their IP addresses are known and linked to them personally.
The internet cannot work unless IP addresses are 'published'. And as we've seen with recent revelations, government has back-door access to all those IP addresses--and probably access to servers along the way which would allow man-in-the-middle attacks.
With government having so much access to the internet, and with its very powerful pattern matching capabilities aided by super computers which are triggered at the first sight of encrypted text, you'd be mad to trust your secrets to the net.
Moreover, no one has shown that programs such as Mozilla Firefox can ever be truly secure.
In my opinion, TOR/Onion routers etc. should only be used in once-off emergencies such as a dissident trying to escape an oppressive regime.
A few high profile cases such as this might eventually serve to warn the world that the internet can never be truly secure in the same way as most us know that you never say anything on a public telephone network that you don't want the world to know about.
This is one of the few places where I would support a fascist dictatorship of allegedly moral officials. The Libertarian ideal of freedom to the point of not harming others is crossed badly by kiddie porn, and who would doubt it? The only danger here is that a fascist dictatorship of allegedly moral officials would accuse their detractors of anything -- even kiddie porn -- as a means to an end. I support any fascist dictatorship if kiddie porn is their actual target, but it says volumes about what I think of their character if I don't trust them even as to their statements about kiddie porn. After Snowden's revelations -- and their lies in response -- who would doubt it?
".....the point of kiddy porn is that the child is harmed in its creation....." I used to think that all paedos were dribbling old men with snuff vids of 5-year-olds, but the reality is it is not all kiddie-rapists and the like. A while back I helped host a website for a charity, one of the services they provided was storage space for code contributors and some users did dump porn in their folders. This wasn't a problem until a guy in Spain started dumping pics of young teen couples, nothing abusive or looking like it was either party being coerced, but legally paedo material in the UK. The website owner and I had a chat with the guy and he pointed out that in Spain the age of consent was 13, so he felt unfairly judged when we accused him of being a paedo using UK law, and was horrified that we lumped him in with the type of people raping infants and the like. Our response was tough, the server is in the UK, remove your material. He wasn't too pleased and left the site, threatening to sue us for slander (which he didn't).
It all goes to show that some paedos do not view themselves as crims nor think that they are doing wrong, and some apply cultural values that make them think what they do is not morally wrong even though we would consider it morally repugnant and illegal. Don't assume it is all nasty types willingly torturing kiddies, there are some "normal" and talented people out there willingly helping paedos hack code for hidden sites and the so-called digital underground or dark net.
This post has been deleted by its author
What a great idea!
What about your sister or brother who has autism? Uncle Fred, the benevolent leader doesn't like imperfections ( even though he's probably a short-arse with gammy leg! ) so off to "the hospital" with little Johnny or Sarah.
Your Mum or Dad, being of a different generation, forgot one day that things are different and said something the Great Leader ( "All hail his magnificence!" ) wouldn't like and uh-oh the neighbour they never got along with dobbed them in as state-traitors! They even gave the neighour a nice reward for it so he could get that nice new car!
Your partner and you had a baby and it's got a finger missing? Oh dear, you can't keep it, off the state orphanage with it!
You wanted to read what book that you read as a child? Sorry but that's not the state's agree reading list!
You were heard down the pub talking about "the old days", I think a little red-education with a 240v shock to your dangly bits will sort out that head of yours down at the "the hospital"!
Hey-ho we can lock up a couple hundred kiddie-fiddlers so fuck the 100 million people in the country who've done nothing wrong and will no longer be allowed to have their own opinion on anything ever again!
It's too easy for law enforcement to set up any number of exit nodes and stand a good chance of discovering illegality and in far higher concentrations than if they just monitored regular network activity.
That said, someone wishing to stay anonymous for more mundane reasons (torrent sites etc.) probably has nothing to fear.
"Crowing from the rooftop"
Er, no, not while it's clearly 'work in progress'.
Once they'd destroyed the entire TOR network then yes, pull out all the stops to help justify PRISM (yes, I know it's not really related but 'saving the children' is a great carrion cry excuse for anything like this) and anti-freedom actions in general.
I know nothing about the case but I would be suspicious when the FEDs start flinging round paedophile accusations whenever they go after someone who hosts anonymousing services. Such accusations being one of a troike, money laundering, drug dealing and paedophilia. I figure this is a pretext to shut down Freedom Hosting. I guess the only sort of secure and anonymous web sites the security services is one they run themselves.
"troike"
In the Latin alphabet it's spelled troika (nom. sing., fem.) or trojka depending on the language, and in this context it simply means "three" / "three of" / "trio" in various Slavic languages, so why not just use "three" or "trio"?
Unless we're talking about a Swedish troika, that is. Different kettle of fish that one. :)
..where fine is defined as "as advertised".
The problem, it would appear, is the default enabling of Javascript. Further from that, is our incomprehensible dependence on and use of it and its inherent insecurity.
There's the old adage that as functionality increases, security decreases. Java and shockwave have long been labeled the black sheep of the plugin crowd, but it's beginning to come out that HTML5 itself is buggy. It's to be expected - anything that can run things client-side is a potential issue.
As for the snoopong, from my perspective, between monitoring virtually everything, active attacks on privacy-software users and who-knows-what-else, it's hard not to feel a bit embattled. This reminds me of the old old days around 1993-1994 when the NSA was pushing for Key Escrow. During the Computers Freedom and Privacy conference in 1994 in Chicago, PGP had just been released in response to the key escrow issue, and the NSAs attorney basically told the crowd that despite their misgivings, it was going to go through, and there was nothing they could do about it. Their justifications have changed little from todays arguments: Kiddy porn and Terrorism.
I suppose it's a bit ludicrous to base your national policy off of the actions of a minority of sexual deviants, indefensible as it is, but the terrorism has become so broadly defined by the public that the likelihood of the invasion of privacy going away anytime soon - or ever - is nil. In '94 they asked permission. They don't even do that anymore.
or something's fishy ?
Run 3 websites for 8 years, daily subjected to spambot signups and hack attacks.
Every morning check previous day's worth IPs for incorporation into blocking list.
Sunday, quite surprised, (only as in 'first time seen' *), to find one resolving to TOR-RELAY-01, (at 'Freedom Hosting').
So spammer/hacker or other "agency" ?
.
.
.
Today that 'Freedom Hosting' range of IPs is assigned to 'Solido Networks ApS'.
* About two weeks ago had seen first off VPN originating attack.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
