Home Tags Posts tagged with "tor project"

tor project

An attack on Tor network may have unmasked users for five months, developers of software used to access the network say.

The Tor Project said that it believed the assault was designed to de-anonymize the net addresses of people operating or visiting hidden sites.

However, it said it was not sure exactly how users had been “affected”.

The project added that it believed it had halted the attack on July 4.

Tor allows people to visit webpages without being tracked and to publish sites whose contents does not show up in search engines.

The Tor Project said it believed that the infiltration had been carried out by two university researchers, who claimed at the start of July to have exploited “fundamental flaws” in Tor’s design that allowed them to unmask the so-called dark net’s users.

The two security experts, Alexander Volynkin and Michael McCord, had been due to give a talk at the Black Hat conference in Las Vegas next week. However, the presentation was cancelled at the insistence of lawyers working for their employer, Carnegie Mellon University.

“We spent several months trying to extract information from the researchers who were going to give the Black Hat talk, and eventually we did get some hints from them… which is how we started looking for the attacks in the wild,” wrote Roger Dingledine, one of the network’s co-creators, on the Tor Project’s blog.

Tor's users include the military, law enforcement officers and journalists, who use it as a way of communicating with whistle-blowers

Tor’s users include the military, law enforcement officers and journalists, who use it as a way of communicating with whistle-blowers

“They haven’t answered our emails lately, so we don’t know for sure, but it seems likely that the answer to [whether they were responsible] is yes.

“In fact, we hope they were the ones doing the attacks, since otherwise it means somebody else was.”

A spokesman from Carnegie Mellon University declined to comment.

Tor attempts to hide a person’s location and identity by sending data across the internet via a very circuitous route involving several “nodes” – which, in this context, means using volunteers’ PCs and computer servers as connection points.

Encryption applied at each hop along this route makes it very hard to connect a person to any particular activity.

To the website that ultimately receives the request, it appears as if the data traffic comes from the last computer in the chain – known as an “exit relay” – rather than the person responsible.

Tor’s users include the military, law enforcement officers and journalists – who use it as a way of communicating with whistle-blowers – as well as members of the public who wish to keep their browser activity secret.

But it has also been associated with illegal activity, allowing people to visit sites offering illegal drugs for sale and access to child abuse images, which do not show up in normal search engine results and would not be available to those who did not know where to look.

The Tor Project suggests the perpetrator compromised the network via a “traffic confirmation attack”.

This involves the attacker controlling both the first part of the circuit of nodes involved – known as the “entry relay” – as well as the exit relay.

By matching the volumes and timings of the data sent at one end of the circuit to those received at the other end, it becomes possible to reveal the Tor user’s identity because the computer used as an entry relay will have logged their internet protocol (IP) address.

The project believes the attacker used this to reveal hidden-site visitors by adding a signal to the data sent back from such sites that included the encoded name of the hidden service.

Because the sequence of nodes in a Tor network is random, the infiltrator would not be able to track every visit to a dark net site.

Tor also has a way of protecting itself against such a danger: rather than use a single entry relay, the software involved uses a few relays chosen at random – what are known as “entry guards”.

Even if someone has control of a single entry and exit relay, they should only see a fraction of the user’s traffic, making it hard to identify them.

However, the Tor Project believes the perpetrator countered this safeguard by using a second technique known as a “Sybil attack”.

This involved adding about 115 subverted computer servers to Tor and ensuring they became used as entry guards. As a result, the servers accounted for more than 6% of the network’s guard capacity.

This was still not enough to monitor every communication, but was potentially enough to link some users to specific hidden sites.

Several government agencies are interested in having a way to unmask Tor’s users.

Russia has made an offer of 3.9 million roubles ($110,000) in a contest seeking a way to crack the identities of users of the Tor network.

The Tor Project hides internet users’ locations and identities by sending data on random paths through machines on its network, adding encryption at each stage.

The Russian interior ministry made the offer, saying the aim was “to ensure the country’s defense and security”.

The contest is only open to Russians and proposals are due by August 13.

Applicants must pay 195,000 roubles to enter the competition, which was posted online on July 11 and later reported by the tech news site Ars Technica.

Earlier this month, Russia’s lower house of parliament passed a law requiring internet companies to store Russian citizens’ personal data inside the country.

Russia has made an offer of $110,000 in a contest seeking a way to crack the identities of users of the Tor network

Russia has made an offer of $110,000 in a contest seeking a way to crack the identities of users of the Tor network

Russia has the fifth-largest number of Tor users with more than 210,000 people making use of it, according to the Guardian.

Tor was thrust into the spotlight in the wake of controversy resulting from leaks about the National Security Agency (NSA) and other cyberspy agencies.

Edward Snowden, the whistleblower who revealed the internal memos and who now has asylum in Russia, uses a version of Tor software to communicate.

Documents released by Edward Snowden allege that the NSA and the UK’s GCHQ had repeatedly tried to crack anonymity on the Tor network.

Tor was originally set up by the US Naval Research Laboratory and is used be people who want to send information over the internet without being tracked.

It is used by journalists and law enforcement officers, but has also been linked to illegal activity including drug deals and the sale of child abuse images.

In its 2013 financial statements, the Tor Project – a group of developers that maintain tools used to access Tor – confirmed that the US Department of Defense (DoD) remained one its biggest backers.

The DoD sent $830,000 to the group through SRI International, which describes itself as an independent non-profit research centre, last year.

Other parts of the US government contributed a further $1 million.

Those amounts are roughly the same as in 2012.