One of the key components of a secure and private Internet connection is The Onion Relay Project, commonly known as Tor after its browser, a variation of the popular open source Firefox.
Recently the FBI announced that it had arrested 17 people and brought down over 400 sites including the infamous “Silk Road 2.0”.
Does that mean Tor is broken? Not so much apparently.
Did the FBI Break Tor?
By Naomi Gingold, Slate
Dec. 8 2014 8:49 AM
This past July Tor announced it had shut down a five-month-long combined “Sybil” and “traffic confirmation attack,” allegedly carried out by researchers at CERT, a computer security research institute at Carnegie Mellon University.
A traffic confirmation attack is one of the most well-known ways to assault Tor. To carry it out, you need to be able to control the first and last relays of Tor circuits. Once in control, you secretly tag data packets when they enter the network and check those tags when they exit. This way you can figure out who is talking to whom.
A common way to gain control of those relays is through a “Sybil attack,” where you flood the system with your own relays, so that you can dominate parts of the network. (Recent research shows that it’s not that expensive to do this; after all, there are only 6,000-plus relays currently on Tor.) This Sybil attack exploits an inherit vulnerability of Tor’s design: its reliance on volunteers to create the network.
As it turns out the FBI was able to make these cases through traditional police methods (finding a weak link in the organization and threatening and lying to them in order to get them to implicate others). However another group, the Lizard Squad (best known for hacking game servers and consoles), has also been attempting to compromise Tor security using a Sybil attack.
The Attack on the Hidden Internet
Marc Rogers, The Daily Beast
Most recently, it’s Tor’s ability to provide websites with a private “onion” address that has been hitting the headlines. “Onion” addresses are private addresses that can only be reached after connecting through Tor’s layers of anonymity. Ordinary Web browsers can’t see the site, in other words-protecting it from government censors. Seen both as a way to make websites used by activists accessible in countries governed by hostile regimes and as a way to host websites carrying illegal products and services, this part of the Tor network is now known as a central component of the “darknet” or “deep web.”
Over the space of a few hours on Friday, Lizard Squad registered a little more than 3,000 Tor relays. Relays are special computers that Tor uses to anonymously transmit traffic across the Internet. Comprised entirely of volunteered machines, the larger and more distributed this network of relays is, the better for the network and its users. So it’s understandable that the Tor folks wanted to make it as easy as possible to add new relays to the network, allowing it to grow. However, it appears it is this very open nature that the Lizard Squad is attempting to exploit.
Networks like Tor have long been considered to be vulnerable to an attack known as a “Sybil” attack, named after the famous 1973 book about the woman suffering from multiple personality disorder. The attack relies on flooding the network with fake nodes, or identities, until enough of them are present that the operator of those fake nodes can use them to influence or control the network. It’s like poisoning a party by overloading it with assholes.
Just how many fake nodes would be needed in order to pull off a successful Sybil attack against Tor is not known. Luckily, Tor was prepared for this sort of assault, and has built-in defenses to protect against it.
Tor’s administrators have to allow new nodes to connect and play a trusted role in the network. So to enable this while protecting the network, it has a system of evaluation that cycles the new node through several distinct phases before loading it up with traffic. This means that for the first few days the node essentially sees no traffic until the network is confident about it and its reliability.
As a result, while the 3,021 nodes added by Lizard Squad looked like a significant chunk of Tor’s more than 6,000-node network, they actually carried less than 1 percent of Tor’s traffic. Most importantly, they were all deleted long before that percentage could rise any higher. So, while Lizard Squad’s latest attack against the Internet’s most important anonymity network is troublesome, it was also completely harmless-this time. There is a lot of residual concern that Lizard Squad was able to get even this far. One of the biggest concerns is that if they had been more patient and subtler about how they executed this attack, it’s possible that they could have added relays slowly, across a wide range of networks, in such a way that they became trusted integral parts of the Tor network. At that point, who knows what they could have been capable of.
Even so the Tor browser when properly used and end-to-end encryption are the best way to protect yourself against casual snooping, including by Government Agencies. How do we know this? Der Spiegel has just published a piece based on the Snowden Papers showing the “threat” (meaning difficulty in illegally spying on you) the NSA considers various practices and programs.
Prying Eyes: Inside the NSA’s War on Internet Security
By Jacob Appelbaum, Aaron Gibson, Christian Grothoff, Andy Müller-Maguhn, Laura Poitras, Michael Sontheimer and Christian Stöcker, Der Spiegel
For the NSA, encrypted communication — or what all other Internet users would call secure communication — is “a threat”. In one internal training document viewed by SPIEGEL, an NSA employee asks: “Did you know that ubiquitous encryption on the Internet is a major threat to NSA’s ability to prosecute digital-network intelligence (DNI) traffic or defeat adversary malware?”
The Snowden documents reveal the encryption programs the NSA has succeeded in cracking, but, importantly, also the ones that are still likely to be secure. Although the documents are around two years old, experts consider it unlikely the agency’s digital spies have made much progress in cracking these technologies. “Properly implemented strong crypto systems are one of the few things that you can rely on,” Snowden said in June 2013, after fleeing to Hong Kong.
As one document from the Snowden archive shows, the NSA had been unsuccessful in attempts to decrypt several communications protocols, at least as of 2012. An NSA presentation for a conference that took place that year lists the encryption programs the Americans failed to crack. In the process, the NSA cryptologists divided their targets into five levels corresponding to the degree of the difficulty of the attack and the outcome, ranging from “trivial” to “catastrophic.”
Things first become troublesome at the fourth level. The presentation states that the NSA encounters “major” problems in its attempts to decrypt messages sent through heavily encrypted email service providers like Zoho or in monitoring users of the Tor network*, which was developed for surfing the web anonymously. Tor, otherwise known as The Onion Router, is free and open source software that allows users to surf the web through a network of more than 6,000 linked volunteer computers. The software automatically encrypts data in a way that ensures that no single computer in the network has all of a user’s information. For surveillance experts, it becomes very difficult to trace the whereabouts of a person who visits a particular website or to attack a specific person while they are using Tor to surf the Web.
The NSA also has “major” problems with Truecrypt, a program for encrypting files on computers. Truecrypt’s developers stopped their work on the program last May, prompting speculation about pressures from government agencies. A protocol called Off-the-Record (OTR) for encrypting instant messaging in an end-to-end encryption process also seems to cause the NSA major problems. Both are programs whose source code can be viewed, modified, shared and used by anyone. Experts agree it is far more difficult for intelligence agencies to manipulate open source software programs than many of the closed systems developed by companies like Apple and Microsoft. Since anyone can view free and open source software, it becomes difficult to insert secret back doors without it being noticed. Transcripts of intercepted chats using OTR encryption handed over to the intelligence agency by a partner in Prism — an NSA program that accesses data from at least nine American internet companies such as Google, Facebook and Apple — show that the NSA’s efforts appear to have been thwarted in these cases: “No decrypt available for this OTR message.” This shows that OTR at least sometimes makes communications impossible to read for the NSA.
Things become “catastrophic” for the NSA at level five – when, for example, a subject uses a combination of Tor, another anonymization service, the instant messaging system CSpace and a system for Internet telephony (voice over IP) called ZRTP. This type of combination results in a “near-total loss/lack of insight to target communications, presence,” the NSA document states.
ZRTP, which is used to securely encrypt conversations and text chats on mobile phones, is used in free and open source programs like RedPhone and Signal. “It’s satisfying to know that the NSA considers encrypted communication from our apps to be truly opaque,” says RedPhone developer Moxie Marlinspike.
Also, the “Z” in ZRTP stands for one of its developers, Phil Zimmermann, the same man who created Pretty Good Privacy, which is still the most common encryption program for emails and documents in use today. PGP is more than 20 years old, but apparently it remains too robust for the NSA spies to crack. “No decrypt available for this PGP encrypted message,” a further document viewed by SPIEGEL states of emails the NSA obtained from Yahoo.
Phil Zimmermann wrote PGP in 1991. The American nuclear weapons freeze activist wanted to create an encryption program that would enable him to securely exchange information with other like-minded individuals. His system quickly became very popular among dissidents around the world. Given its use outside the United States, the US government launched an investigation into Zimmermann during the 1990s for allegedly violating the Arms Export Control Act. Prosecutors argued that making encryption software of such complexity available abroad was illegal. Zimmermann responded by publishing the source code as a book, an act that was constitutionally protected as free speech.
PGP continues to be developed and various versions are available today. The most widely used is GNU Privacy Guard (GnuPG), a program developed by German programmer Werner Koch. One document shows that the Five Eyes intelligence services sometimes use PGP themselves. The fact is that hackers obsessed with privacy and the US authorities have a lot more in common than one might initially believe. The Tor Project, was originally developed with the support of the US Naval Research Laboratory.
Today, NSA spies and their allies do their best to subvert the system their own military helped conceive, as a number of documents show. Tor deanonymization is obviously high on the list of NSA priorities, but the success achieved here seems limited. One GCHQ document from 2011 even mentions trying to decrypt the agencies’ own use of Tor — as a test case.
To a certain extent, the Snowden documents should provide some level of relief to people who thought nothing could stop the NSA in its unquenchable thirst to collect data. It appears secure channels still exist for communication. Nevertheless, the documents also underscore just how far the intelligence agencies already go in their digital surveillance activities.
Having used Tor on an experimental basis I’ll tell you the experience is very much like moving from 98 SE to XP 64 in that it’s mostly notable for the many things you used to do and programs that used to work that simply don’t anymore because they’re insecure. Now this is either an insurmountable hardship for you or it isn’t. I’ve found that as time progresses I have less and less use for my old stuff which I still have available anyway on my dusty machines that worked until I turned them off.