Breaking security of Tor Network

4 years ago
French researchers from ESIEA, a French engineering school, have found and
exploited some serious vulnerabilities in the TOR network. They performed
an inventory of the network, finding 6,000 machines, many of whose IPs are
accessible publicly and directly with the system's source code. They
demonstrated that it is possible to take control of the network and read
all the messages that circulate.

But there are also hidden nodes, the Tor Bridges, which are provided by the
system that in some cases. Researchers have developed a script that, once
again, to identify them. They found 181. "We now have a complete picture of
the topography of Tor," said Eric Filiol.

The specific attack involves creating a virus and using it to infect such
vulnerable systems in a laboratory environment, and thus decrypting traffic
passing through them again via an unknown, unmentioned mechanism. Finally,
traffic is redirected towards infected nodes by essentially performing a
denial of service on clean systems.

Researchers showed that one third of the nodes are vulnerable, "sufficient
in all cases so that we can easily infect and obtain system privileges,"
says the director. Researchers clone then a part of the network in order
not to touch the real network, and they make a virus with which they will
be able to take control of the machine."This allows us to set the
encryption keys and readers initialization of cryptographic algorithms and
thus cancel two layers of encryption on all three," says Eric Filiol. The
remaining flow can then be decrypted via a fully method of attack called
"to clear unknown" based on statistical analysis.

To guide communication to nodes infected, researchers make unavailable all
other nodes. To do this, they apply a double attack: localized congestion,
which involves sending a large number of requests Tor on uninfected
machines, and spinning the packet, which will enclose Tor servers in a loop
circuit to fill them. The Tor protocol will then, naturally, to route calls
to infected machines, and that's it.

However, if it is real, details are to be presented at Hackers to Hackers
in S?o Paulo on October 29/30-2011. TOR is no more than an additional layer
of obfuscation and should not be relied upon for anonymity or security.
Like any darknet, it is a complement to application-layer encryption and
authentication, no more.

Web reference:

4 years ago
I've been reading some articles about Tor Network in general and I've been wondering how insecure/vulnerable to attacks Tor Network really is?

3 years ago
I believe the TOR project has already patched the issues you mention.

3 years ago
They said TOR network, but is it client specific, or the protocol itself. I'd be interested in how in fact, they get code to execute on nodes in the network. They mentioned virus, but I imagine someone in the network would have to run something infected that they downloaded before it would become part of the researchers controlled network of nodes. Also, many tor clients let you use proxies and ssh tunnels, but even when doing so, your real IP will still show up on the TOR list at some point if you are uploading. The only thing the tunnels do, is transport your local info past your ISP so all they see is SSH traffic, but the TOR network still gets your real IP at the other end at some point. TOR is not anonymous, and to some regard not meant to be. You have to make a connection to the other parties with whom you are swapping packets with, and at some layer the encapsulated traffic will reveal your IP in the node list. Just open uTorrent and look up the people sharing. All of their IP addresses are listed. Not hard to target those on the list directly, with or without TOR once you have the endpoints address.

Creating a bogus TOR file in general is a good way to harvest potential victims, since many on that list of TOR users, will be reachable directly and 99% of them will be windows users. A good percentage will still probably be windows XP users too.


You are not logged in. Login or register to reply on this thread.