Anonymous Surfing? Hackers Eavesdropping on Tor

In the news over the last few days has been a story about Wikileaks and where they got their initial documents to post. According to the Wikileaks project page, “WikiLeaks is a multi-jurisdictional public service designed to protect whistleblowers, journalists and activists who have sensitive materials to communicate to the public.”

On Tuesday, Wired.com accused Wikileaks of obtaining their original documents by eavesdropping on the Tor network. The Tor network is a service used to anonymize internet traffic. Supposedly, one of the Wikileaks activists collected documents intercepted on Tor from Chinese hackers and posted a collection of them on the site:

“The activist siphoned more than a million documents as they traveled across the internet through Tor, also known as “The Onion Router,” a sophisticated privacy tool that lets users navigate and send documents through the internet anonymously.”

Wikileaks has since denied the claim, according to an article on The Register:

Assange responded to our inquiries by saying the New Yorker and Wired had each presented a misleading picture, without shedding much light on WikiLeaks use of Tor exit node interception.

The imputation is incorrect. The facts concern a 2006 investigation into Chinese espionage one of our contacts were involved in. Somewhere between none and handful of those documents were ever released on WikiLeaks. Non-government targets of the Chinese espionage, such as Tibetan associations were informed (by us).

If Wikileaks used these documents or not, it would appear from the comment that Wikileaks did in fact intercept documents on the Tor network. This is not the only instance where data has been intercepted from Tor. This leads us to the question, just how safe is Tor?

Let’s take a quick look at Tor. Tor acts as a web proxy. It takes the website that you enter and instead of taking you right to it, Tor encrypts your request and passes your information through a series of nodes around the world, then connects you to the original target. This makes it very hard to backtrack and see where the data came from. The weakness in Tor, and a warning has been posted by Tor regarding this, is that when your data reaches the last exit node, the data is unencrypted. Anyone monitoring this exit node can read your data. Hackers have setup exit nodes and monitor them to intercept passwords, login credentials, credit cards information and in this case, documents.

Because you have no control over the exit node, Tor should not be used to do banking, shopping or anything where you are sending pertinent login credentials or sensitive information. VPN’s or end to end encrypted communications is the best choice for business transactions.

Computer Security: Surf Anonymously with Tor

Whenever you communicate online, send e-mails, or visit websites, your network address is included with every transmission. This address points back directly to your machine, or the proxy that provides access to your machine. With Traffic analysis, your communication on the web can be tracked. Why is that bad you ask?

According to Wikipedia, Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and stored, the more can be inferred from the traffic. Traffic analysis can be performed in the context of military intelligence or counter-intelligence, and is a concern in computer security…

Traffic analysis is also a concern in computer security. An attacker can gain important information by monitoring the frequency and timing of network packets. A timing attack on the SSH protocol can use timing information to deduce information about passwords since, during interactive session, SSH transmits each keystroke as a message.[6] The time between keystroke messages can be studied using hidden Markov models. Song, et al. claim that it can recover the password fifty times faster than a brute force attack.

Continue reading “Computer Security: Surf Anonymously with Tor”

Techniques used to Defeat Oppression in Iran

If you are interested in what is going on in Iran on the electronic side, check out http://iran.whyweprotest.net/. It covers topics from surfing anonymously to protecting your cell phone from being monitored by Iranian authorities. Some of the techniques and ideas are very interesting. It’s just crazy to read what they are going through.

Worried about tipping off the Iranian monitors? No worries, most of the comments are from last summer, and the pro-government movement have left messages on the site, but it is interesting none the less.

Search While Protecting Yourself From – Google?

“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”

– Eric Schmidt, Google CEO

With the Google hack in headlines news recently, there seems to be another war going on. This one is against… Google. It appears that Google tracks EVERYTHING you do while you use its search features. Including the webpages you clicked on when doing your searches, the news you’ve read and the places that you asked directions for.

Moxie Marlinspike, computer software expert, penetration tester and the one who showed the world that SSL can be completely bypassed, is now taking on the privacy issues with using Google. His Firefox plug-in called “Google Sharing” connects you to a Google sharing proxy server that protects you from Google’s tracking methods. A full explanation and the software can be found at http://www.googlesharing.net/index.html.

As with any proxy type software, security is a risk, because you are opening a network path from your PC to an unknown system. But if your privacy concerns outweigh the risk, then Google Sharing may be the way to go.

Daniel W. Dieterle