Tor Network - How Insecure Is It Really?

[Infiltrator]

French researchers from ESIEA, a French engineering school, have found and exploited some serious vulnerabilities in the TOR network. They performed an inventory of the network, finding 6,000 machines, many of whose IPs are accessible publicly and directly with the system’s source code. They demonstrated that it is possible to take control of the network and read all the messages that circulate.

But there are also hidden nodes, the Tor Bridges, which are provided by the system that in some cases. Researchers have developed a script that, once again, to identify them. They found 181. "We now have a complete picture of the topography of Tor," said Eric Filiol.

The specific attack involves creating a virus and using it to infect such vulnerable systems in a laboratory environment, and thus decrypting traffic passing through them again via an unknown, unmentioned mechanism. Finally, traffic is redirected towards infected nodes by essentially performing a denial of service on clean systems.

Researchers showed that one third of the nodes are vulnerable, "sufficient in all cases so that we can easily infect and obtain system privileges," says the director. Researchers clone then a part of the network in order not to touch the real network, and they make a virus with which they will be able to take control of the machine."This allows us to set the encryption keys and readers initialization of cryptographic algorithms and thus cancel two layers of encryption on all three," says Eric Filiol. The remaining flow can then be decrypted via a fully method of attack called "to clear unknown" based on statistical analysis.

To guide communication to nodes infected, researchers make unavailable all other nodes. To do this, they apply a double attack: localized congestion, which involves sending a large number of requests Tor on uninfected machines, and spinning the packet, which will enclose Tor servers in a loop circuit to fill them. The Tor protocol will then, naturally, to route calls to infected machines, and that's it.

However, if it is real, details are to be presented at Hackers to Hackers in São Paulo on October 29/30-2011. TOR is no more than an additional layer of obfuscation and should not be relied upon for anonymity or security. Like any darknet, it is a complement to application-layer encryption and authentication, no more.

Web reference: http://thehackernews.com/2011/10/tor-anonymizing-network-compromised-by.html

[Infiltrator]

I've been reading some articles about Tor Network in general and I've been wondering how insecure/vulnerable to attacks Tor Network really is?

[hexophrenic]

I believe the TOR project has already patched the issues you mention.

[Infiltrator]

I believe the TOR project has already patched the issues you mention.

Do you know of any web site or article that mentions about the patch?

[hexophrenic]

https://blog.torproject.org/blog/tor-02234-released-security-patches

[flood]

What are some good use cases for TOR? I see they have projects where it's embedded into the browser for secure browsing. But is that really a secure network to trust?

[hexophrenic]

One use for TOR might be "secure" browsing in a hostile environment, ie hotel networks. Another might be to bypass content filtering restrictions as TOR connections are "encrypted." I would not recommend performing any kind of secure transactions (online banking, etc.) via TOR though as endpoints may capture your traffic. While they *may* not be able to decode whose credentials they are capturing, they can grab the credentials and the site potentially, which is really what is most important. To answer your last question, no I do not trust the TOR network, but it has its uses.

[digip]

They said TOR network, but is it client specific, or the protocol itself. I'd be interested in how in fact, they get code to execute on nodes in the network. They mentioned virus, but I imagine someone in the network would have to run something infected that they downloaded before it would become part of the researchers controlled network of nodes. Also, many tor clients let you use proxies and ssh tunnels, but even when doing so, your real IP will still show up on the TOR list at some point if you are uploading. The only thing the tunnels do, is transport your local info past your ISP so all they see is SSH traffic, but the TOR network still gets your real IP at the other end at some point. TOR is not anonymous, and to some regard not meant to be. You have to make a connection to the other parties with whom you are swapping packets with, and at some layer the encapsulated traffic will reveal your IP in the node list. Just open uTorrent and look up the people sharing. All of their IP addresses are listed. Not hard to target those on the list directly, with or without TOR once you have the endpoints address.

Creating a bogus TOR file in general is a good way to harvest potential victims, since many on that list of TOR users, will be reachable directly and 99% of them will be windows users. A good percentage will still probably be windows XP users too.

Edited November 21, 2011 by digip