Rumors of Tor's compromise are greatly exaggerated

by phobos | October 25, 2011

There are two recent stories claiming the Tor network is compromised. It seems it is easier to get press than to publish research, work with us on the details, and propose solutions. Our comments here are based upon the same stories you are reading. We have no insider information.

The first story has been around 'Freedom Hosting' and their hosting of child abuse materials as exposed by Anonymous Operation Darknet. We're reading the press articles, pastebin urls, and talking to the same people as you. It appears 'Anonymous' cracked the Apache/PHP/MySQL setup at Freedom Hosting and published some, or all, of their users in the database. These sites happened to be hosted on a Tor hidden service. Further, 'Anonymous' used a somewhat recent RAM-exhaustion denial of service attack on the 'Freedom Hosting' Apache server. It's a simple resource starvation attack that can be conducted over low bandwidth, low resource requirement connections to individual hosts. This isn't an attack on Tor, but rather an attack on some software behind a Tor hidden service. This attack was discussed in a thread on the tor-talk mailing list starting October 19th.

The second story is around Eric Filiol's claims of compromising the Tor network leading up to his Hackers to Hackers talk in Brazil in a few days. This claim was initially announced by some French websites; however, it has spread further, such as this Hacker News story.
Again, the tor-talk mailing list had the first discussions of these attacks back on October 13th. To be clear, neither Eric nor his researchers have disclosed anything about this attack to us. They have not talked to us, nor shared any data with us — despite some mail exchanges where we reminded him about the phrase "responsible disclosure".

Here's the attack as we understand it, from reading the various press reports:

They enumerated 6000 IP addresses that they think are Tor relays. There aren't that many Tor relays in the world — 2500 is a more accurate number. We're not sure what caused them to overcount so much. Perhaps they watched the Tor network over a matter of weeks and collected a bunch of addresses that aren't relays anymore? The set of relays is public information, so there's no reason to collect your own list and certainly no reason to end up with a wrong list.

One-third of the machines on those IP addresses are vulnerable to operating system or other system level attacks, meaning he can break in. That's quite a few! We wonder if that's true with the real Tor network, or just their simulated one? Even ignoring the question of what these 3500 extra IP addresses are, it's important to remember that one-third by number is not at all the same as one-third by capacity: Tor clients load-balance over relays based on the relay capacity, so any useful statement should be about how much of the capacity of the Tor network is vulnerable. It would indeed be shocking if one-third of the Tor network by capacity is vulnerable to external attacks.

(There's also an aside about enumerating bridges. They say they found 181 bridges, and then there's a quote saying they "now have a complete picture of the topography of Tor", which is a particularly unfortunate time for that quote since there are currently around 600 bridges running.)

We expect the talk will include discussion about some cool Windows trick that can modify the crypto keys in a running Tor relay that you have local system access to; but it's simpler and smarter just to say that when the attacker has local system access to a Tor relay, the attacker controls the relay.

Once they've broken into some relays, they do congestion attacks like packet spinning to congest the relays they couldn't compromise, to drive users toward the relays they own. It's unclear how many resources are needed to keep the rest of the relays continuously occupied long enough to keep the user from using them. There are probably some better heuristics that clients can use to distinguish between a loaded relay and an unavailable relay; we look forward to learning how well their attack here actually worked.

From there, the attack gets vague. The only hint we have is this nonsense sentence from the article:

The remaining flow can then be decrypted via a fully method of attack called "to clear unknown" based on statistical analysis.

Do they have a new attack on AES, or on OpenSSL's implementation of it, or on our use of OpenSSL? Or are they instead doing some sort of timing attack, where if you own the client's first hop and also the destination you can use statistics to confirm that the two flows are on the same circuit? There's a history of confused researchers proclaiming some sort of novel active attack when passive correlation attacks are much simpler and just as effective.

So the summary of the attack might be "take control of the nodes you can, then congest the other ones so your targets avoid them and use the nodes you control. Then do some unspecified magic crypto attack to defeat the layers of encryption for later hops in the circuit." But really, these are just guesses based on the same news articles you're reading. We look forwarding to finding out if there's actually an attack we can fix, or if they are just playing all the journalists to get attention.

More generally, there are two broader lessons to remember here. First, research into anonymity-breaking attacks is how the field moves forward, and using Tor for your target is common because a) it's resistant to all the simpler attacks and b) we make it really easy to do your research on. And second, remember that most other anonymity systems out there fall to these attacks so quickly and thoroughly that no researchers even talk about it anymore. For some recent examples, see the single-hop proxy discussions in How Much Anonymity does Network Latency Leak? and Website Fingerprinting in Onion Routing Based Anonymization Networks.

I thank Roger, Nick, and Runa for helping with this post.

Comments

Please note that the comment area below has been archived.

October 25, 2011

Permalink

lol

October 25, 2011

Permalink

Why tor's not send a paper to Hackers to Hackers (in Brazil) and explain this there? Will be so good...

October 25, 2011

Permalink

Eric Filiol frequently publishes confused nonsense; not only when it comes to practical attacks, but in his theoretical papers too.

October 25, 2011

Permalink

FUCK DIS ALL BASTARDS ... PUBLICK ALL!!!!!!!!!!!!! TORREN EMULE XDCC ... FACEBOOK .. WIKILEAKS

October 25, 2011

Permalink

As the organizer of H2HC I would love to make specific
Questions you have to the speaker during the Q&A session of the talk.

We are not a media oriented conference and we made no claims about the research. What I can tell is the researcher and its lab have a good reputation and I would love to see great questions on the matter.

But about responsible disclosure I need to advice you to not go for this path, researcher will colaborate if THEY want. There is no such obligations and sometimes (for example, if the problems are within the vulnerable machines and not in tor itself) when public/full disclosure is the best/safest way to go.

Regards,

Rodrigo (BSDaemon)

> But about responsible disclosure I need to advice you to not go for this path, researcher will colaborate if THEY want.

This "researcher" happens to be a joke (in 2003 he claimed to have cracked AES, see eprint.iacr.org/2003/022.ps ) and so is your conference.

@ Anonymous: Spot on! Well written.

@ Rodrigo (BSDaemon): Can you save "BURN"?! It's looking more and more like you and your "conference" only included that hack (Eric Filiol) so your "conference" can gain publicity. Shameful, sir. And the fact you don't understand the basic tenets of responsible disclosure proves your ignorance. I'm not a computer scientist, but even I understand the reasons for, and importance of, responsible disclosure. Here's another word for you: "FAIL"! ;-)

@ Eric Filiol: Your sir, are a disingenuous moron. Granted, you may be intelligent but you're also a moron ... I used to think they where mutually exclusive to one another, but you have proven me wrong. Congrats! Oh yea, enjoy your 15 minutes ... tick ... tick ... tick.

For Christs Sake! It's "Tor", *NOT* "tor" or "TOR" or "toR" or "tOr" or "tOR" or any other inane spelling. It really blows my mind that you are the organizer of that "convention", considering you don't even understand how to spell Tor. LOLZ. Moron.

L00l, he 1s jUsT dodg1ng t3h k3yw0rd filt3rs and l1sitening dEvIcEs, OK??

If yoU KeEp spell1ng t0Re d1fferenlee it iz h4rd for them 2 c it. u no hoo i me3n.

Eric Filiol has a good reputation indeed, but that depend to who you ask.
A few example :

- the aes case, where he claimed twice to have broken it. But it turned out to be a issue with randomness, see others comments.

- the perseus project, where he organized something to prove it could not be broken, but he used different binary than the one he distributed, showing a lack of rigor in the best case ( http://news0ft.blogspot.com/2011/06/challenge-fail.html ). He also changed the rules of the challenges, when someone pointed issue in his code, saying people should not focus on problem in the code, but in the system itself.

- perseus again, where he claimed that since no one broke his design 1 month ago, the whole stuff was secure ( seen in a free software conference in Strasbourg, LSM, no video yet unfortunately )

- he also claim that perseus is not design to protect against governement needing to read messages and say this is for legitimate requirement ( http://2011.rmll.info/IMG/pdf/rmll11_filiol.pdf last slideq ). A few weeks later, he say on another project ( davfi, a future antivirus not written yet who will likely just be a fork of clamav ) that he will not bend to the will of the french state ( http://www.channelnews.fr/produits-et-solutions/securite/10735-la-franc… ).

- finally, the whole seclamav project is a joke. The project just produce a patch, without cleaning Makefile.in ), do not show the history or anything, and the patch add some subtil bug ( start by the end until you see FREE (canonical) and seek the problem ).

So while organizers cannot know everybody in the community, especially in others country and I guess people cannot realistally blame you for that, the whole talk is a little bit weird. Claiming to have broken tor is usually two things :
- a old attack already know, or patched
- a lie.

In both case, checking with tor project seems to be a good idea to avoid hurting the reputation of the conference.

You say:
> But about responsible disclosure I need to advice you to not go for this path, researcher will colaborate if THEY want.

What exactly are you objecting to? Of course researchers will collaborate or not collaborate as they choose. Nobody is saying that Tor has the power to compel you Mr. Filiol to tell them how his claimed attack works. Conversely, neither you nor Mr. Filiol has the power to stop the Tor people from saying, "We asked them how the attack works, and they wouldn't tell us. If this is a viable and previously unknown attack, then their failure to share with us will hurt users. Hurting users is not responsible behavior."

Mr. Filiol will of course do as he choses.

> There is no such obligations and sometimes (for example, if the problems are within the vulnerable machines and not in tor itself) when public/full disclosure is the best/safest way to go.

Even if the problems were with vulnerable machines, Mr. Filiol could well serve the Tor userbase by reporting that and trying to get the vulnerable machines voted off the Tor network before they hurt somebody.

This guy Eric Filliol is already famous enough, his bullshitting is more likely pathological.

The issue here seems more like a conference accepting a presentation based on hype rather than technical merits. It's usual enough in the infosec conference biz for anyone to be seriously going to do something about this.

October 25, 2011

Permalink

What's about "Cyber Crime Scene Investigations (C 2 SI ) through Cloud Computing" (http://www.cs.uml.edu/~xinwenfu/paper/SPCC10_Fu.pdf)

"From our study, with 168 EC2
sentinels, we can achieve over 99% catch probability if the
suspect makes 3 connections. As the traceback utilizes the
“pay-as-you-go” model of cloud computing and the network
forensics session may last for a few hours or a few days,
the strategy is cost effective."

Seems relevant to PlanetLab 512 Tor-nodes excluded from the consensus incindent: https://blog.torproject.org/blog/june-2010-progress-report

October 25, 2011

Permalink

Public disclosure of a vulnerability before the developers are given a chance to fix the problem is not responsible. Public shaming if your efforts to contact the developers are not productive is perfectly valid, but you should be pretty damned sure about your research first. Otherwise you risk driving users of an honest tool to organizations that make exaggerated claims about security and are not open source.

October 25, 2011

Permalink

well thanks for your free service , hope people will colaborate to help :)

dont stop ! tanks you tor staff

October 25, 2011

Permalink

The Brazilian government has a monopoly on the production of oil and minerals. Large companies Petrobras (oil) and Vale (minerals) belongs to the government. These companies divert public money through NGO's. This is the most common kind of corruption in Brazil. Sponsorship of activities of public interest. They divert big money from this large companies with this lovely argument.

The members of these Brazilian NGO's make too much noise to justify the large amount of money they receive. A volume of millions of dollars. The problem is that a big part of this money is shifted to the accounts of politicians and are not used for the research of their NGO's.

Brazil is a real big problem. We can not trust this people, we can not rely on their information. The brazilian group "Anonymous" are handled by politicians for campaign purposes and to justify the weird things that happens in their government over there.

The Soccer World Cup will cost more than US$ 40 billion and they have to create the largest possible number of midia distractions to divert the attention of the Brazilian people of these nonsense numbers.

Petrobras: http://en.wikipedia.org/wiki/Petrobras
64% of the stocks belongs to the brazilian goverment.

Safernet: http://www.safernet.org.br/

This NGO from Salvador, Bahia, Brazil is is supported solely by Petrobras. 100% Petrobras Sponsorship. This organization is behind several attacks on websites, blogs and virtual communities that somehow goes against what they consider a code of conduct.

Several tips that are spread over the Internet in some way links this organization as a cause of attacks in the Darknet. According to the comments and tips raised we understood that they can not act with the conventional tools of Clearnet, so they chose to use these obscure techniques.

October 25, 2011

Permalink

When the guys build Tor they known all the risks and they also know how and where the attacks will came from. I'm sure they also knows what will happen in the future and where exactly the leaks will show. I watch them going from one side to another, changing this, fixing that, talking with others that are trying to break in. It doesn't bother me. I only need to know they are always aware. I only need to know they're always researching and taken care of Tor. I only need to know they are there. Just to be sure. A.P.

October 27, 2011

Permalink

Nobody wants to see Tor used for trafficking child abuse material. Frankly, it is deplorable and gives the Tor network a bad name. However, Tor is a very useful, necessary tool for those in some unsavory places. Tor must be robust enough to protect those who truly need it.

I dare say, this actually includes the child abusers. There seems to be no group that is hated more, and as a result the Tor network becomes the target of these attacks in an effort to get to the child abusers. That said, the attacks provide useful and helpful information in strengthening the Tor network, thus providing greater protection for those in said unsavory places.

It is an evil within the network, but as I see it, it is a necessary evil (at least for the time being).

October 29, 2011

Permalink

This attack isn't new. See:

"Compromising Anonymity Using Packet Spinning" by Vasilis Pappas, Elias Athanasopoulos, Sotiris Ioannidis, and Evangelos P. Markatos.
http://freehaven.net/anonbib/#torspinISC08

From the abstract:

> We present a novel attack targeting anonymizing systems. The attack involves placing a malicious relay node inside an anonymizing system and keeping legitimate nodes "busy." We achieve this by creating circular circuits and injecting fraudulent packets, crafted in a way that will make them spin an arbitrary number of times inside our artificial loops. At the same time we inject a small number of malicious nodes that we control into the anonymizing system. By keeping a significant part of the anonymizing system busy spinning useless packets, we increase the probability of having our nodes selected in the creation of legitimate circuits, since we have more free capacity to route requests than the legitimate nodes. This technique may lead to the compromise of the anonymity of people using the system.

In other words, Filiol is a plagiarist.

October 31, 2011

Permalink

It's Oct. 31 now, meaning the conference has passed. Does anyone have any new information about this?

November 02, 2011

Permalink

http://pastebin.com/hquN9kg5

Take a look, they claim they created a modified torbutton that traced ip's with mozilla's help and put a dl link to it on a pedo hidden wiki site and claimed it as a security update as part of a recent tor release.

http://www.huffingtonpost.com/2011/11/02/anonymous-ip-addresses-child-p…

The news article claims they modified tor itself (insinuating they hacked tors servers), but as usual the reporter doesnt understand what they're reporting on and releases fud into the atmosphere.

According to them 190 people were dumb enough to download a sketchy link on an apparently frequently vandalized page, and most of them are in NYC.

USA! USA! USA!

Now, if I understand you correctly, you're telling me that they've published the Internet addresses of 190 alleged pedophiles. Sounds like more surreptitious Nazism to me!
And yes, I'm one of those who activated the "update" button on Hard Candy and all that resulted was that Tor gave up working. No problem at all because I know where I can get a duplicate copy... And no one has come bustling into my offices demanding the surrender of the “offending” party either.
And viewing Hard Candy doesn't make me a paedophile either - I'm sure there are many other law enforcement personnel checking it out on a regular basis too in the hope of picking up a lead. And I (and my task force) certainly haven't been informed of any 190 alleged pedophiles who's IP addresses have been published on any network. I'm also very sure that any site host would take legal advice to confirm bona fides lest he or she be sued down to their pajama buttons.
It all sounds like this Anonymous 'hacktivist' group are a collection of malicious and immature fools too cowardly to step forward and testify as to evidence as witnesses in a court-of-law...

November 03, 2011

Permalink

The personal attacks by anonymous contributors shows clearly who lacks understanding here:

- the conference exists for 8 years and we had many important research comming out of it
- we never contacted the media, so saying that we accepted an interesting nd controversial talk for grtting media is stupid. We never even accepted to give ANY declarations to the media, since the con is completely not media-aware
- I coordinated dozens of critical vulnerabilities with major players in the industry and open-source projects and for that reason I'm sure in better position than a man who is not even mn enough to say who he is to talk about vuln disclosure policies
- I replied to the tor (and I dont care how you want me to spell it since I'm the one spelling it and I'm sure that even with a minor IQ somebody can understand what I'm talking) exactly to open questions to the presenter. I never created a condition of been in the con to ask him questions and was more than willing to forward doubts. Nobody here made any.
- Regarding past research by Eric, the comment was right in defining that it is difficult to measure or judge. Even more because mistakes on the past does not mean there is no good comming in the future. Our metric is based on previous publications too, but not only on that.

Regards,

Rodrigo (BSDaemon)

November 03, 2011

Permalink

Anonymous Fighting Anonymity

Next step of Anons' campaign of frontier justice (aka OpDarknet) - or should it now be called "War on Tor"?

http://arstechnica.com/business/news/2011/11/anonymous-collects-publish…

"Anonymous collects, publishes IP addresses of alleged pedophiles

... the Anonymous 'hacktivist' group has published the Internet addresses of 190 alleged pedophiles. To do so, they allegedly collaborated with members of the Mozilla Foundation to create a modified Tor browser plugin which collected forensic data about the users. Members of the group also claim that a member of Tor’s developer team is the operator of the hosting service that serves up several child pornography sites.

The Tor privacy network uses a set of special protocols that can be used to allow anonymous browsing of the Internet and access to hidden “.onion” sites—a “darknet” of webpages, collaborative spaces and other Internet resources hidden from the view of the wider Internet. The Tor network conceals the location of these services, though attacks within the network can “fingerprint” them to gain information about them and use other methods to get a general idea of their location.

A recent security update to Tor corrected some vulnerabilities that made it possible to identify users by the security certificate they used to connect to sites. Anonymous claims to have used the update as the basis for a social engineering attack on pedophiles that it used to install an altered version of the Tor software so that it could collect forensic information..."

Whatever happened to the principle of confronting one's accusers/opponents in a public forum?
I'm informed by alleged this' and alleged thats' and when I first - many months ago - objected about this Anonymous 'hacktivist' groups' underhanded Nazi-like tactics against Amazon et al which brought them nor Assange any success whatsoever.
Now, if I understand you correctly, you're telling me that they've published the Internet addresses of 190 alleged pedophiles. Sounds like more surreptitious Nazism to me!
And yes, I'm one of those who activated the "update" button on Hard Candy and all that resulted was that Tor gave up working. No problem at all because I know where I can get a duplicate copy...
And viewing Hard Candy doesn't make me a paedophile either - I'm sure there are many other law enforcement personnel checking it out on a regular basis too in the hope of picking up a lead. And I (and my task force) certainly haven't been informed of any 190 alleged pedophiles who's IP addresses have been published on any network. I'm also very sure that any site host would take legal advice to confirm bona fides lest he or she be sued down to their pajama buttons.
It all sounds like this Anonymous 'hacktivist' group are a collection of malicious and immature fools too cowardly to step forward and testify as to evidence as witnesses in a court-of-law.
It also appears that they have been so advised and in consequence have started a rumour mill to rival the most mundane "soapie" in the hope of gaining their oft hoped for "15 minutes".
I can only express my contempt for their way of doing things and hope that I'll be the one arresting some of their ilk for "running with the hare and hunting with the hounds"
if you get my drift. I heartily dislike dishonesty of any kind from whomsoever it may be!

November 11, 2011

Permalink

Good to hear, phobos, that there be someone NOT stampeded by wet-dream rumours.

My understanding is that if'n the equipment systems are up to date and one doesn't lollygag around with 'torrents it is werry unlikely that any sort of trace can be put upon one.

That said I should also add that there are sooo many "techie' wannabees craving attention that they all fall over themselves to pass remarks where the non-cognicenti [that's me] can see them.

I'fn y'all don't believe me then check out the "solutions" offered by these so-called expurt sites.These wanabee "techie" types are also simply known as "trolls" and should be recognised as such

November 11, 2011

Permalink

Filiol put up slides and data here:

http://cvo-lab.blogspot.com/2011/11/tor-attack-technical-details.html

Note the typical French MO: take bright students' work (usually from Africa, French people just don't get math), slap your name on it, fly around the world mouthing off at those "arrogant" and "aggressive" English-speakers, etc.

I like how he uses the word "buzz" over and over again. It's called peer-review. Don't like it? Go back to the military. Or are you talking about the kind of "buzz" that happens when one claims to have broken AES like an idiot? Oh, oops, there's that buzz (peer-review) again...

Tool.

November 12, 2011

Permalink

I wonder if anyone could assist please...

I can't connect to the Onion Forum using the url 'onion.is-found.org/linklist/5/7' and the Tor Browser Bundle (2.2.34-2) just repeatedly advises that "Firefox can't establish a connection to the server at l6nvqsqivhrunqvs.onion." which ain't the same url at all.

Is Firefox (Aurora) now configured to selectively block site access?

I've checked access to the pedo sites on the .onion network and they "appear" to be operating freely so I don't really understand the problem but my communication process is being disrupted and consequently lives may now be in jeopardy.

Thank you for this oppoptunity