'Tor attack may have unmasked dark net users' diff viewer (0/1)

This article is from the source 'bbc' and was first published or seen on July 30, 2014 20:30 (UTC). It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.bbc.co.uk/news/technology-28573625

The article has changed 2 times. There is an RSS feed of changes available.

Previous version 1 Next version

Previous version 1 Next version

Version 0	Version 1
Tor attack may have unmasked dark net users	Tor attack may have unmasked dark net users
2014-07-30 20:35:15 UTC	2014-07-30 21:10:11 UTC (35 minutes later)
Developers of software used to access Tor - an otherwise hard-to-reach part of the internet - have disclosed that an attack on the network may have unmasked users for five months.	Developers of software used to access Tor - an otherwise hard-to-reach part of the internet - have disclosed that an attack on the network may have unmasked users for five months.
The Tor Project said that it believed the assault was designed to de-anonymise the net addresses of people operating or visiting hidden sites.	The Tor Project said that it believed the assault was designed to de-anonymise the net addresses of people operating or visiting hidden sites.
However, it said it was not sure exactly how users had been "affected".	However, it said it was not sure exactly how users had been "affected".
The project added that it believed it had halted the attack on 4 July.	The project added that it believed it had halted the attack on 4 July.
~~Tor allows people to visit webpages without being tracked and to publish sites whose contents ~~would~~ not show up in search engines.~~	Tor allows people to visit webpages without being tracked and to publish sites whose contents does not show up in search engines.
The Tor Project said it believed that the infiltration had been carried out by two university researchers, who claimed at the start of July to have exploited "fundamental flaws" in Tor's design that allowed them to unmask the so-called dark net's users.	The Tor Project said it believed that the infiltration had been carried out by two university researchers, who claimed at the start of July to have exploited "fundamental flaws" in Tor's design that allowed them to unmask the so-called dark net's users.
The two security experts, Alexander Volynkin and Michael McCord, had been due to give a talk at the Black Hat conference in Las Vegas next week. However, the presentation was cancelled at the insistence of lawyers working for their employer, Carnegie Mellon University.	The two security experts, Alexander Volynkin and Michael McCord, had been due to give a talk at the Black Hat conference in Las Vegas next week. However, the presentation was cancelled at the insistence of lawyers working for their employer, Carnegie Mellon University.
"We spent several months trying to extract information from the researchers who were going to give the Black Hat talk, and eventually we did get some hints from them... which is how we started looking for the attacks in the wild," wrote Roger Dingledine, one of the network's co-creators, on the Tor Project's blog.	"We spent several months trying to extract information from the researchers who were going to give the Black Hat talk, and eventually we did get some hints from them... which is how we started looking for the attacks in the wild," wrote Roger Dingledine, one of the network's co-creators, on the Tor Project's blog.
"They haven't answered our emails lately, so we don't know for sure, but it seems likely that the answer to [whether they were responsible] is yes.	"They haven't answered our emails lately, so we don't know for sure, but it seems likely that the answer to [whether they were responsible] is yes.
"In fact, we hope they were the ones doing the attacks, since otherwise it means somebody else was."	"In fact, we hope they were the ones doing the attacks, since otherwise it means somebody else was."
A spokesman from Carnegie Mellon University declined to comment.	A spokesman from Carnegie Mellon University declined to comment.
Illegal activity	Illegal activity
Tor attempts to hide a person's location and identity by sending data across the internet via a very circuitous route involving several "nodes" - which, in this context, means using volunteers' PCs and computer servers as connection points.	Tor attempts to hide a person's location and identity by sending data across the internet via a very circuitous route involving several "nodes" - which, in this context, means using volunteers' PCs and computer servers as connection points.
Encryption applied at each hop along this route makes it very hard to connect a person to any particular activity.	Encryption applied at each hop along this route makes it very hard to connect a person to any particular activity.
~~To the website that ultimately receives the ~~request~~ it appears as if the data traffic comes from the last computer in the chain - known as an "exit relay" - rather than the person responsible.~~	To the website that ultimately receives the request, it appears as if the data traffic comes from the last computer in the chain - known as an "exit relay" - rather than the person responsible.
Tor's users include the military, law enforcement officers and journalists - who use it as a way of communicating with whistle-blowers - as well as members of the public who wish to keep their browser activity secret.	Tor's users include the military, law enforcement officers and journalists - who use it as a way of communicating with whistle-blowers - as well as members of the public who wish to keep their browser activity secret.
But it has also been associated with illegal activity, allowing people to visit sites offering illegal drugs for sale and access to child abuse images, which do not show up in normal search engine results and would not be available to those who did not know where to look.	But it has also been associated with illegal activity, allowing people to visit sites offering illegal drugs for sale and access to child abuse images, which do not show up in normal search engine results and would not be available to those who did not know where to look.
Two-pronged attack	Two-pronged attack
The Tor Project suggests the perpetrator compromised the network via a "traffic confirmation attack".	The Tor Project suggests the perpetrator compromised the network via a "traffic confirmation attack".
This involves the attacker controlling both the first part of the circuit of nodes involved - known as the "entry relay" - as well as the exit relay.	This involves the attacker controlling both the first part of the circuit of nodes involved - known as the "entry relay" - as well as the exit relay.
By matching the volumes and timings of the data sent at one end of the circuit to those received at the other end, it becomes possible to reveal the Tor user's identity because the computer used as an entry relay will have logged their internet protocol (IP) address.	By matching the volumes and timings of the data sent at one end of the circuit to those received at the other end, it becomes possible to reveal the Tor user's identity because the computer used as an entry relay will have logged their internet protocol (IP) address.
~~The project believes the attacker used this to reveal hidden-site visitors by adding a signal to the data sent back from such sites that included the name of the hidden service.~~	The project believes the attacker used this to reveal hidden-site visitors by adding a signal to the data sent back from such sites that included the encoded name of the hidden service.
Because the sequence of nodes in a Tor network is random, the infiltrator would not be able to track every visit to a dark net site.	Because the sequence of nodes in a Tor network is random, the infiltrator would not be able to track every visit to a dark net site.
~~Tor also has a way of protecting itself against such a danger: rather than use a single entry relay, the software uses a few relays chosen at random - what are known as "entry guards".~~	Tor also has a way of protecting itself against such a danger: rather than use a single entry relay, the software involved uses a few relays chosen at random - what are known as "entry guards".
So, even if someone has control of a single entry and exit relay, they should only see a fraction of the user's traffic, making it hard to identify them.	So, even if someone has control of a single entry and exit relay, they should only see a fraction of the user's traffic, making it hard to identify them.
However, the Tor Project believes the perpetrator countered this safeguard by using a second technique known as a "Sybil attack".	However, the Tor Project believes the perpetrator countered this safeguard by using a second technique known as a "Sybil attack".
This involved adding about 115 subverted computer servers to Tor and ensuring they became used as entry guards. As a result, the servers accounted for more than 6% of the network's guard capacity.	This involved adding about 115 subverted computer servers to Tor and ensuring they became used as entry guards. As a result, the servers accounted for more than 6% of the network's guard capacity.
This was still not enough to monitor every communication, but was potentially enough to link some users to specific hidden sites.	This was still not enough to monitor every communication, but was potentially enough to link some users to specific hidden sites.
"We don't know how much data the attackers kept, and due to the way the attack was deployed, their... modifications might have aided other attackers in de-anonymising users too," warned Mr Dingledine.	"We don't know how much data the attackers kept, and due to the way the attack was deployed, their... modifications might have aided other attackers in de-anonymising users too," warned Mr Dingledine.
Several government agencies are interested in having a way to unmask Tor's users.	Several government agencies are interested in having a way to unmask Tor's users.
Russia's interior ministry is currently offering a 3.9m roubles ($110,000; £65,000) prize to anyone who cracks such identities. It says it wants to protect the country's "defence and security".	Russia's interior ministry is currently offering a 3.9m roubles ($110,000; £65,000) prize to anyone who cracks such identities. It says it wants to protect the country's "defence and security".
A report by the German broadcaster ARD suggests US cyberspies working for the NSA have also made efforts to overcome Tor's system, despite the fact the Tor Project is partly funded by other US government departments.	A report by the German broadcaster ARD suggests US cyberspies working for the NSA have also made efforts to overcome Tor's system, despite the fact the Tor Project is partly funded by other US government departments.
And leaked documents released by whistleblower Edward Snowden also indicate the UK's GCHQ has attempted to track Tor users.	And leaked documents released by whistleblower Edward Snowden also indicate the UK's GCHQ has attempted to track Tor users.