Unmasking hidden Tor service users is too easy, say infosec bods Security researchers speaking at the Hack in the Box conference in Amsterdam this week have demonstrated that users of hidden services on Tor are putting themselves at risk of being identified – if an attacker is willing to put in the time and resources. The discovery is significant, because browsing hidden services had been …
So the NSA know every line of code in the Tor program, indeed some of it might have been their own handy work.
The NSA also knows every node in the system, indeed many of those nodes are kindly supplied by themselves.
The nodes they don't own will no doubt have been targeted with one of their many rootkits and hence is effectively owned by them.
I have never believed any of the hidden, secret, anonymity offering routes into the web to be effective against such a determined player as the NSA or GCHQ for that matter, but for the sake of national security I'll state my preferred hat can also get the best out of a roast chicken, so all you antisocial types carry on regardless.
What the one or the many can invent, the one or the many can circumvent. That's not even a hard truth to discover as it's happened again, and again ad infinitum. At best your new widget presents a challenge if for a while. The positives to take away are you make 'em sweat (with our tax dollars unfortunately) and we get some wacking neat advances in maths.
Less surprised these days. Would've been surprised if this had been discovered before the Snowden affair and the Silk Road and Freedom Hosting shutdown. And even then, I was still wary on blindly trusting that hidden services are going to be 100% untraceable...
What was shown is that a state level actor such as the NSA, _if_ they can correlate traffic for a significant number of users (not so likely, search "base rate fallacy") _and_ they can control HSdirs for a targeted hidden service, can identify users who have accessed the hidden service (but not see what they are doing). The research is quite good and appears to have demonstrated a valid weakness as well as proposing mitigations.
As a practical matter, any five-eyes-grade agency that has active use of such a capability would be selective in applying it due to the precious value and fragility. Along the lines of breaking VPN forward-secrecy decryption using zetabyte pre-computation tables for 1024-bit group 2 DH primes. Asset is compartmentalized and line-analysts told to "not ask, not think about" how such feats are accomplished.
One can figure out whether or not they should worry about being targeted by this sort of attack, where 99.999% of the time the answer is "no".
There are ways for site operators to protect against this, however. Hidden service providers are advised to be very wary of young HSDir nodes – or even better, to run their own HSDir nodes, which has the benefit of also providing a warning if other HSDir nodes try to attach themselves to the service.
I'm not sure I'd like the idea of Facebook running its own HSDIR nodes as, given their compliance in Prism, they'd likely just be NSA nodes anyhow. I couldn't give a shit about Facebook but it serves as a valid example. It's that age old trust issue surfacing again.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
