PDA

View Full Version : TOR (onion router for secure network access) compromised



Paul
5th August 2013, 09:44
From http://www.ehackingnews.com/2013/08/almost-half-of-tor-sites-compromised-by.html:




Almost Half of TOR sites compromised by FBI
Reported by Suriya Prakash on Monday, August 05, 2013

As many of you might know the US has been pushing for the extradition of Eric Eoin Marques who an FBI agent has called as "the largest facilitator of child porn on the planet."

But most of you might not know that he is also the owner of "freedom hosting" the largest hosting provider for .onion sites within the TOR network . This means that all the sites hosted by "freedom hosting" are at the hands of the FBI. As you can see from the above linked article freedom hosting has been accused of hosting child pornography for a very long time.

I also have a fair idea on how the FBI did the "impossible", tracing a person who is using TOR.And they further might have found details on all the people visiting sites hosted by freedom hosting. First have a look at what a person posted on pastebin on Aug 3rd http://pastebin.com/pmGEj9bV he says he found this code in the main page of "freedom host" this further links to this exploit http://pastebin.mozilla.org/2776374.
There's more at ehackingnews.com (http://www.ehackingnews.com/2013/08/almost-half-of-tor-sites-compromised-by.html).

In my view, this highlights the major weakness of TOR -- compromising the nodes. If one happens to use a compromised TOR node, one is just making it easier for the bastards in power to identify your traffic as "more likely than most to be worth tracking." Apparently also, from this boingboing.net report (http://boingboing.net/2013/08/04/anonymous-web-host-shut-down.html), one is opening up oneself to be more likely to get infected with some malicious Javascript.

Spiral
5th August 2013, 09:59
I have long thought that by using such things one is de-facto flagging oneself to TPTB.

meeradas
5th August 2013, 10:59
I have long thought that by using such things one is de-facto flagging oneself to TPTB.

No need - you're on here. That's completely sufficient.

SKAWF
5th August 2013, 11:16
well thats effin marvelous!, ive recently started using tor.

its not that i care whether they are watching me...,

its more to bypass my ISP blocking me from visiting torrent sites,
and to stop sites opening pages that put registry cleaners and crap like that on my machine.
i had to delete 5 things today... one of them was norton!

so not only am i not in stealth mode,
i also still get crap installed.

its going really well so far!

Bill Ryan
5th August 2013, 13:03
-------

I use the Tor browser simply to disguise/proxify my IP address from casual investigation. (Quite a lot of people I don't know write to me on my Avalon email address.)

Meanwhile, my working assumption is that the agencies know exactly where I am, what socks I'm wearing, and what I had for breakfast.

:)

Sunny-side-up
5th August 2013, 13:10
Big thx Paul that's really good to know info.
I was about to try Tor, good job I'm lazy at doing such things.

And yup Spiral I always think this as well, ya get done either way o;0

I have long thought that by using such things one is de-facto flagging oneself to TPTB.

TargeT
5th August 2013, 14:58
I have long thought that by using such things one is de-facto flagging oneself to TPTB.

No need - you're on here. That's completely sufficient.

I think our egos would like to tell us this; but there is much noise in this forum and nothing overly interesting to "tptb".

I highly doubt this forum garnishes any unusual surveillance; that's simply not how the systems that do this type of things work.. they collect ALL data & then when they have an actionable item that flags you (use of encryption, of the TOR network; certain positions in the financial/government/military industrial complex etc...) then all data is collected (posts here included) and analyzed.

toad
5th August 2013, 17:39
Looks like the exploit only affects certain alpha builds, and only affects those on windows, and those who have javascript enabled. So anyone tempered in the dance of security should be just fine.

Paul
5th August 2013, 22:13
its more to bypass my ISP blocking me from visiting torrent sites

I use the Tor browser simply to disguise/proxify my IP address from casual investigation. (Quite a lot of people I don't know write to me on my Avalon email address.)

Meanwhile, my working assumption is that the agencies know exactly where I am, what socks I'm wearing, and what I had for breakfast.
If I were trying to keep my IP address (which usually provides evidence of one's geographic location) hidden from casual investigation, or trying to keep my Internet activity hidden from my Internet Service Provider's (ISP's) filters and penalties, I'd set up an OpenVPN (http://openvpn.net/index.php/open-source/documentation/howto.html) server on some web server I had rented (cost about $10 to $30 per month for a web server sufficient for this) and run all my Internet traffic through that.

If I didn't have the skill of easily setting up my own web servers, then I'd rent a pre-configured VPN server, such as reviewed here (torrentfreak) (http://torrentfreak.com/vpn-services-that-take-your-anonymity-seriously-2013-edition-130302/), here (about.com) (http://netforbeginners.about.com/od/readerpicks/tp/The-Best-VPN-Service-Providers.htm), or here (pcmag) (http://www.pcmag.com/article2/0,2817,2408596,00.asp). These typically cost between free and $30/month, depending on total traffic (bandwidth) allowed per month.

Purchasing someone else's pre-configured VPN means that you're trusting them not to filter your Internet access, and not to reveal your actual IP address or traffic to anyone else. That's probably better than trusting your ISP, but not as good as using your own VPN server, if you have the skills to set that up. With any such VPN server, whether it is your own or a pre-configured rental, the IP address of the server (and hence approximate geographic location) will be visible to everyone else, but that will be a fixed location that does not reveal your actual location or travels.

One advantage, at least to those of us with separate, configurable, higher end routers in our local network configuration, is that we can setup our router to send all our traffic, from -any- PC, Mac or other wi-fi connected device through the VPN. Sometimes in the past I have had house guests who tended to use my Internet to download stuff that would like piss off some big Hollywood company. Keeping that traffic (going to my house guest's wireless laptop) hidden from my ISP removes the risk of my losing Internet service due to copyright infringement violations.

Here are some web pages that discuss the topic of "VPN vs TOR": here (bestvpn.com) (http://www.bestvpn.com/blog/5888/tor-vs-vpn/), here (torguard.net) (http://torguard.net/blog/tor-vs-vpn/) or here (PrivacyPC) (http://privacy-pc.com/articles/hackers-guide-to-stay-out-of-jail-7-vpns-vs-tor.html).

If I simply wanted to exchange email with others, without revealing my location or travels, I'd use a web-based email service such as fastmail.fm. Actually, this is what I do, because fastmail.fm runs a better email server, for my present needs, than I can do myself. Earlier in my life, when my email needs on several high activity software developer email lists were more challenging, I ran my own email server, but for just my personal needs now, fastmail.fm is excellent. Email sent from my fastmail.fm account does not appear to come from my trailer in North Texas; it appears to come from the fastmail.fm server in New York City.


and to stop sites opening pages that put registry cleaners and crap like that on my machine.
i had to delete 5 things today... one of them was norton!

None of these technologies such as TOR or VPN keep crap off your PC ... they just make the path by which such crap arrives to your PC more circuitous.

TargeT
5th August 2013, 22:52
While I think this deserves it's own thread... perhaps not; since it's sort of technobable to most people....


Researchers say Tor-targeted malware phoned home to NSA
http://cdn.arstechnica.net/wp-content/uploads/2013/08/nsa-ip-640x292.png
Malware planted on the servers of Freedom Hosting—the "hidden service" hosting provider on the Tor anonymized network brought down late last week—may have de-anonymized visitors to the sites running on that service. This issue could send identifying information about site visitors to an Internet Protocol address that was hard-coded into the script the malware injected into browsers. And it appears the IP address in question belongs to the National Security Agency (NSA).

This revelation comes from analysis done collaboratively by Baneki Privacy Labs, a collective of Internet security researchers, and VPN provider Cryptocloud. When the IP address was uncovered in the JavaScript exploit—which specifically targets Firefox Long-Term Support version 17, the version included in Tor Browser Bundle—a source at Baneki told Ars that he and others reached out to the malware and security community to help identify the source.

The exploit attacked a vulnerability in the Windows version of the Firefox Extended Support Release 17 browser—the one used previously in the Tor Project's Tor Browser Bundle (TBB). That vulnerability had been patched by Mozilla in June, and the updated browser is now part of TBB. But the TBB configuration of Firefox doesn't include automatic security updates, so users of the bundle would not have been protected if they had not recently upgraded.

Initial investigations traced the address to defense contractor SAIC, which provides a wide range of information technology and C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance) support to the Department of Defense. The geolocation of the IP address corresponds to an SAIC facility in Arlington, Virginia.

Further analysis using a DNS record tool from Robtex found that the address was actually part of several blocks of IP addresses allocated by SAIC to the NSA. This immediately spooked the researchers.

"One researcher contacted us and said, 'Here's the Robotex info. Forget that you heard it from me,'" said a member of Baneki who requested he not be identified.

The use of a hard-coded IP address traceable back to the NSA is either a strange and epic screw-up on the part of someone associated with the agency (possibly a contractor at SAIC) or an intentional calling card as some analyzing the attack have suggested. One poster on Cryptocloud's discussion board wrote, "It's psyops—a fear campaign... They want to scare folks off Tor, scare folks off all privacy services."
http://arstechnica.com/tech-policy/2013/08/researchers-say-tor-targeted-malware-phoned-home-to-nsa/

Welcome to the internet.........

EYES WIDE OPEN
6th August 2013, 15:35
If I were trying to keep my IP address (which usually provides evidence of one's geographic location) hidden from casual investigation, or trying to keep my Internet activity hidden from my Internet Service Provider's (ISP's) filters and penalties, I'd set up an OpenVPN (http://openvpn.net/index.php/open-source/documentation/howto.html) server on some web server I had rented (cost about $10 to $30 per month for a web server sufficient for this) and run all my Internet traffic through that.

If I didn't have the skill of easily setting up my own web servers, then I'd rent a pre-configured VPN server, such as reviewed here (torrentfreak) (http://torrentfreak.com/vpn-services-that-take-your-anonymity-seriously-2013-edition-130302/), here (about.com) (http://netforbeginners.about.com/od/readerpicks/tp/The-Best-VPN-Service-Providers.htm), or here (pcmag) (http://www.pcmag.com/article2/0,2817,2408596,00.asp). These typically cost between free and $30/month, depending on total traffic (bandwidth) allowed per month.

Purchasing someone else's pre-configured VPN means that you're trusting them not to filter your Internet access, and not to reveal your actual IP address or traffic to anyone else. That's probably better than trusting your ISP, but not as good as using your own VPN server, if you have the skills to set that up. With any such VPN server, whether it is your own or a pre-configured rental, the IP address of the server (and hence approximate geographic location) will be visible to everyone else, but that will be a fixed location that does not reveal your actual location or travels.

I have just stated using the free spotflux VPN. http://www.spotflux.com/

toad
6th August 2013, 16:47
It should be duly noted that TOR itself was not compromised, TOR functioned just as it should, it was end to end security failings that led to this namely out of date FFLTS in the TBB and having JS enabled and lastly ,... using windows. There has been widespread speculation however that the NSA has been setting up and is in the process of trying to control all the exit nodes, leaving anonymity to be merely an illusion.

TargeT
6th August 2013, 17:39
the NSA has been setting up and is in the process of trying to control all the exit nodes, leaving anonymity to be merely an illusion.

unless you are using a proxy that is local enough that your traffic does not go through a major hub site, anonymity is ultimately an illusion.

you can make it harder for certain orginisations to get your traffic data, but as we have seen the NSA is gathering everything for later analysis from major hubs.

Bob
1st December 2014, 00:29
The thread is worthy of a :bump2:




its more to bypass my ISP blocking me from visiting torrent sites

I use the Tor browser simply to disguise/proxify my IP address from casual investigation. (Quite a lot of people I don't know write to me on my Avalon email address.)

Meanwhile, my working assumption is that the agencies know exactly where I am, what socks I'm wearing, and what I had for breakfast.
If I were trying to keep my IP address (which usually provides evidence of one's geographic location) hidden from casual investigation, or trying to keep my Internet activity hidden from my Internet Service Provider's (ISP's) filters and penalties, I'd set up an OpenVPN (http://openvpn.net/index.php/open-source/documentation/howto.html) server on some web server I had rented (cost about $10 to $30 per month for a web server sufficient for this) and run all my Internet traffic through that.

If I didn't have the skill of easily setting up my own web servers, then I'd rent a pre-configured VPN server, such as reviewed here (torrentfreak) (http://torrentfreak.com/vpn-services-that-take-your-anonymity-seriously-2013-edition-130302/), here (about.com) (http://netforbeginners.about.com/od/readerpicks/tp/The-Best-VPN-Service-Providers.htm), or here (pcmag) (http://www.pcmag.com/article2/0,2817,2408596,00.asp). These typically cost between free and $30/month, depending on total traffic (bandwidth) allowed per month.

Purchasing someone else's pre-configured VPN means that you're trusting them not to filter your Internet access, and not to reveal your actual IP address or traffic to anyone else. That's probably better than trusting your ISP, but not as good as using your own VPN server, if you have the skills to set that up. With any such VPN server, whether it is your own or a pre-configured rental, the IP address of the server (and hence approximate geographic location) will be visible to everyone else, but that will be a fixed location that does not reveal your actual location or travels.

One advantage, at least to those of us with separate, configurable, higher end routers in our local network configuration, is that we can setup our router to send all our traffic, from -any- PC, Mac or other wi-fi connected device through the VPN. Sometimes in the past I have had house guests who tended to use my Internet to download stuff that would like piss off some big Hollywood company. Keeping that traffic (going to my house guest's wireless laptop) hidden from my ISP removes the risk of my losing Internet service due to copyright infringement violations.

Here are some web pages that discuss the topic of "VPN vs TOR": here (bestvpn.com) (http://www.bestvpn.com/blog/5888/tor-vs-vpn/), here (torguard.net) (http://torguard.net/blog/tor-vs-vpn/) or here (PrivacyPC) (http://privacy-pc.com/articles/hackers-guide-to-stay-out-of-jail-7-vpns-vs-tor.html).

If I simply wanted to exchange email with others, without revealing my location or travels, I'd use a web-based email service such as fastmail.fm. Actually, this is what I do, because fastmail.fm runs a better email server, for my present needs, than I can do myself. Earlier in my life, when my email needs on several high activity software developer email lists were more challenging, I ran my own email server, but for just my personal needs now, fastmail.fm is excellent. Email sent from my fastmail.fm account does not appear to come from my trailer in North Texas; it appears to come from the fastmail.fm server in New York City.


and to stop sites opening pages that put registry cleaners and crap like that on my machine.
i had to delete 5 things today... one of them was norton!

None of these technologies such as TOR or VPN keep crap off your PC ... they just make the path by which such crap arrives to your PC more circuitous.

Anchor
1st December 2014, 11:28
For anonymity and source protection needs, TAILS is worth a look - the Journalists privacy/anonymity "kit"

https://tails.boum.org/

Essentially tails provides you with a well configured operating environment that uses TOR by default that is separate from your normal en

If you are journalist, a spy, an activist etc and are as you should be assuming you are targeted by TPTB then TAILS is probably worth the effort to use if you need a close approach to privacy and anonymity - and using TAILS can help you avoid mistakes that you will otherwise make (unless you know about IT Security - and even then its still easy to make mistakes).

---

One of TOR's problems is compromised exit nodes - the last TOR node in the chain between you and your destination. Assume the CIA and NSA run a good number of TOR exit nodes and monitor exiting traffic - also a lot of other bad actors monitoring them for lots of naughty reasons (trying to steal bitcoin for example)

TOR aims to protect anonymity not so much privacy ( in so far as data transmitted from end to end ).

If you need to keep secrets ensure your encryption runs END to END, so the traffic leaving the exit nodes is still encrypted. For websites that means everything has to be https and with secure encryption methods (TAILS will help sort this out for you ).

---

Silo
1st December 2014, 19:16
Can't take credit for this, saw it somewhere:

Using TOR is like using Sauron's ring. Makes you invisible to the average person, but highly visible to the Nazgul.

EYES WIDE OPEN
9th December 2014, 11:19
If I were trying to keep my IP address (which usually provides evidence of one's geographic location) hidden from casual investigation, or trying to keep my Internet activity hidden from my Internet Service Provider's (ISP's) filters and penalties, I'd set up an OpenVPN (http://openvpn.net/index.php/open-source/documentation/howto.html) server on some web server I had rented (cost about $10 to $30 per month for a web server sufficient for this) and run all my Internet traffic through that.

If I didn't have the skill of easily setting up my own web servers, then I'd rent a pre-configured VPN server, such as reviewed here (torrentfreak) (http://torrentfreak.com/vpn-services-that-take-your-anonymity-seriously-2013-edition-130302/), here (about.com) (http://netforbeginners.about.com/od/readerpicks/tp/The-Best-VPN-Service-Providers.htm), or here (pcmag) (http://www.pcmag.com/article2/0,2817,2408596,00.asp). These typically cost between free and $30/month, depending on total traffic (bandwidth) allowed per month.

Purchasing someone else's pre-configured VPN means that you're trusting them not to filter your Internet access, and not to reveal your actual IP address or traffic to anyone else. That's probably better than trusting your ISP, but not as good as using your own VPN server, if you have the skills to set that up. With any such VPN server, whether it is your own or a pre-configured rental, the IP address of the server (and hence approximate geographic location) will be visible to everyone else, but that will be a fixed location that does not reveal your actual location or travels.

I have just stated using the free spotflux VPN. http://www.spotflux.com/

Spotflux still seems pretty good (been using for a while now) plus its free. Its also worth looking at the Blocknet and the currencies within it which provide MANY ways to keep your self private.