Tor traffic torrent: It ain't the Syrians, it's the BOTS The recent spike in traffic on the Tor anonymizing relay network is probably due to botnet activity rather than any recent political developments, research by Tor Project members has concluded. The overall number of clients accessing the Tor network on a daily basis has more than doubled since around mid-August, but so far …
"And finally, I still maintain that if you have a multi-million node botnet, it's silly to try to hide it behind the 4000-relay Tor network ..."
Just what I was thinking. Millions of compromised computers turned into Tor relays.
There was an article on El reg about it taking the 3 months to identify a heavy Tor user to 95% accuracy with the current 4000 or so nodes. Anyone want to to the maths with, say, 2-3 million nodes?
"Anyone remember the Pirate Bay punting a special version of FireFox with Tor included recently??
Maybe it is more popular than expected."
Unfortunately not. The register article doesn't mention this, but the blog post they link to has this quote:
"Others have speculated that it's due to massive adoption of the Pirate Browser (a Tor Browser Bundle fork that discards most of Tor's security and privacy features), but we've talked to the Pirate Browser people and the downloads they've seen can't account for this growth"
Those that you the TOR are far more aware about computing than most people, It would be very surprising that those same people are infected by the various BOT malwares....
Those that are careful about hiding their identity or that keep a low profile are usually clever enough to keep their machines clean.....
BitTorrent rather than Botnet......is the likely cause
I mean imagine having a million-node Tor network. You could hide the source of your packets in /your own private onion routing system/. Even just having that many end-points would make the system so much more secure that you'd be able to charge crims/spooks for using it.
Which is probably what'll start happening shortly- criminals using billion-node TOR-like strategies to hide their communications. And the NSA will, once again, be more or less powerless.- monitoring 4,000 nodes is realtively simple, but monitoring 1,000,000 constantly changing (as users cleanse their systems and others get infected) nodes would be a considerable increase in difficulty.
Remembering that each computer on the node connects to other nodes unknowingly but also carrys legitimate traffic, let's say a node links to 100 other computers a day in both knowing and criminal-TOR-ed traffic. That's a number picked out of the air and would suggest a LOT of traffic or a very low-packet-density routing system. That means the NSA would have to track >100,000,000 nodes rather than the 400,000 nodes that would have to be tracked with the current 4000-node system. You're talking an increase in complexity of 3 orders of magnitude for anyone wanting to build a map of the system for the purposes of monitoring it, and assuming the same traffic you'd have 3 orders of magnitude less traffic per node to work with.
Unfortunately this just means that taxes will go up in the US to fund a trillion-dollar mega-giga-exaFLOP supercomputer for the spooks...
with ramifications for the stability, security, and privacy of the Tor network.
So if you find yourself being distracted by the name Roger Dingledine, you should probably not comment here.
These comments should be reserved for serious discussion, and not juvenile repetition of the name Roger Dingledine.
Anyone repeating the name Roger Dingledine for comedic effect should be ashamed of himself.
People acting with selfish interests on a shared resource means it will almost inevitably ultimately be degraded. If you have common grazing rights, why would you graze 10 sheep if you could graze 100 for the same cost? So everyone grazes 100+ sheep, land is degraded as it isn't infinite. Same applies to TOR. The benevolence of the node hosts is abused.
For more on this...
http://en.wikipedia.org/wiki/Tragedy_of_the_commons
The potential for this to cause trouble is certainly real, but at the moment, as long as it's still functioning, I'm not sure having the network flooded with junk traffic is such a terrible thing. On the face of it, it would appear that more users, whether bots or human, just makes it that much harder to figure out who's who.
This is something I didn't realise about TOR - there are relays and there are clients. Perhaps if every node joining TOR was a relay, it would be "stronger" (provided the network could do what Gnutella does and have other nodes/relays hold stats on their peers' speed) - then there would not be 4000 relays, there would be millions. And the network could theoretically become faster the larger it got.
1st September Reg article regarding tracing nodes by utilising a huge amount of "controlled nodes":
http://www.theregister.co.uk/2013/09/01/tor_correlation_follows_the_breadcrumbs_back_to_the_users/
Given that article is based on the publication of the PDF on Cryptome, which was published in August, around the time that the massive increase in nodes appeared it's altogether possible some entity is trying to flush the identities of the other nodes on the network.
"The compromise isn't something available to the trivial attacker. The models that Johnson developed assume that an adversary has access either to Internet exchange ports, or controls a number of Autonomous Systems (for example an ISP). However, it's probably reasonable to assume that the instruments of the state could deploy sufficient resources to replicate Johnson's work."
Assuming that a large quantity of bots (roughly the same number of bots as existing nodes on the network according to the reports) could provide the same level of information, it sounds very much like what's actually happening.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
