On August 5th, 2013 NBC News reports that “Tor users compromised in child porn takedown.” The Independent reports that Eric Eoin Marques, a 28-year old man from Dublin, appeared before a judge regarding charges of distributing child pornography originating from the FBI. Interestingly at the same time Freedom Hosting, a web host that allows users to host websites using Tor Hidden Services, to which Marques is connected, went down and started to serve up a highly target form of malware that caused affected browsers to reveal their real location to a certain IP address. Is Tor still safe?
What Is Tor
A popular alternative to VPNs is Tor, short for The Onion Router. Tor is free, open source software which enables users to surf the web anonymously by routing their traffic through a random selection (3 nodes to be exact) of more than 3000 relay nodes, mostly run by volunteers. Tor, and many people probably don’t know this, was originally sponsored by DARPA (Defense Advanced Research Project Agency), in other words, the US government. Its first version was released in September of 2002 and the EFF (Electronic Frontier Foundation) financially supported Tor from 2004 to 2005. Today Tor is developed by the Tor Project, a 501 research-education non-profit organization and has many sponsors.
How Tor Works
Tor uses layers of encryption (think about it as messages sent in envelopes with every post office only opening only the outermost envelope to forward the message, hence the onion analogy) to hide a users identity and randomly routes requests through several servers, or nodes as they are called in Tor jargon. Each layer ensures that participating nodes do not know the origin, destination or content of traffic routed through them, with exception of the entry and exit notes.
Exit Nodes are evil, and unavoidable… An exit node is a Vidalia client that is setup to route traffic for the Tor network. Vidalia is the software Tor users use to connect with the network and anyone running this software can setup relaying and become an exit node to donate resources. That is both good and bad. Good, because the more nodes there are the more secure the Tor network becomes, bad because a hostile user can easily setup an exit node and monitor traffic.
Just like other encryption technologies, Tor has other known weaknesses, for example Tor does not protect against traffic monitoring at the boundaries, request entering and exiting the network.
However, Tor’s anonymity function is endorsed by EFF and civil liberty groups as a means of securely contacting whistleblowing sites like Wikileaks; in fact, Edward Snowden used Tor to communicate with Glenn Greenwald when he leaked information about the NSA surveillance state.
Tor Users Compromised
While Tor users have been compromised, this seems to be more a problem with malware than a problem with Tor itself. The really interesting part of the story is that before Freedom Hosting (the company hosting pornography) went down, it began serving up malware to its users, which caused the user’s browser to reveal their “real” IP address to an IP address belonging to a US Department of Defense security contractor called SAIC, found investigators at Baneki Privacy Labs (https://twitter.com/baneki).
A more detailed analysis of the hacking attack on the Tor network published on darkernet.in links the 0-day browser malware exploit to an IP address within a C class block (65.222.202.xxx), which is owned by nsa.gov according to Baneki Privacy, with Wired reckoning it is shared by several US Government agencies. If it turns out that it was in fact an agency of the US Government that intentionally infected computers with malware this may raise interesting legal questions, as those computer users were linked to watching child pornography, an illegal activity for sure, but hardly anything that threatens the national security of the United States.
Is Tor Safe?
It should be clear by now that, for one, there is no 100% security and anonymity online, only highly technically skilled users might be able to achieve anything close to 100%. Both Tor and VPNs have security vulnerabilities that potentially allow third parties to identify a user’s location and Internet activity, hence compromise the user’s anonymity. Tor’s most notable problems are compromised exit nodes and the fact that it doesn’t route all traffic from your device through the Tor network. However, when used correctly and for its intended purpose Tor is safe.
Second, the NSA is doing a fantastic job intercepting all kinds of communications, in the name of national security; however, NSA chief Keith Alexander seems to have a hard time providing the list of terror plots his agency allegedly foiled.
Instead the US Department of State posts a general terror alert on its website, warning Americans of possible al-Qa-ida attacks, citing credible intelligence from anonymous sources, yawn… Coincidence or an attempt to divert attention from the elephant in the room, the Orwellian surveillance state the NSA secretly build with tax payer’s money, the same tax payers who apparently aren’t allowed to know about what exactly their involuntary contributions are financing…
Image Credit: USDA