Hacker News new | comments | show | ask | jobs | submit login

Assume that Tor is broken. With this level of deep network monitoring, low-latency onion routing is essentially useless.

Hidden services are still secure, presumably, because there is no exposed section of the network to inspect. All they can do is monitor and do statistical analysis, and maybe mess with the traffic to try to get more ideas of flow.

I wouldn't for a second bet on it. A hidden service has exactly the same issue as traffic that exits the network. The topography looks like this.

    httpd > tor node > tor node > tor node > rendezvous point < tor node < tor node < tor node < client
With enough monitoring, the location of the web server (or other hidden service) can just be found out by bombing the hidden service with traffic and seeing what end point lights up with traffic. With fine enough monitoring you wouldn't really need long to find out the real location of the server. It's just not something the network can effectively hide, even if it used chaff (padding) to hide the wheat.

There's practical attacks for enumerating hidden service public keys, and so I wager that there's somebody somewhere with a complete map of the real server locations as well.

According to tor metrics only 17% of tor endpoints [1] and a similar percentage of relays [2] are in the USA. The kind of monitoring you propose would require a much higher portion of them to be under NSA control.

[1] https://metrics.torproject.org/users.html [2] https://metrics.torproject.org/network.html?graph=relaycount...

The question isn't how many endpoints the NSA has, it is how much bandwidth they have at the endpoints (actually, it is more about how many unique users use their endpoints). But, assume that 1% of Tor connections goes through an NSA exit node. 1% of that 1% would go through both an NSA exit node at both ends, and is therefore comprimised. Tor tries to mitigate this by always using the same exit nodes for your connection (reducing the chance of ever being compromised, but if you are compromised, it is for much longer). However, inevitably you occasionally do need to change your exit nodes, which gives the NSA another roll of the dice. Additionally, when talking about drag-net surveillance, 1% of 1% is still a lot.

The bigger protection is the ease with which the NSA can mount this attack on TOR. I have no doubt that they could do it, however I do question if they can do it on a massive scale.

"Tor tries to mitigate this by always using the same exit nodes for your connection"

Think you're getting your entry and exit nodes mixed up there. Tor chooses a small number of entry nodes (entry guards) and attempts to only use those.

I imagine that when you have taps at all the colocation centers (which each node would need to go through - and even a surprising number of hops overseas go through the US due to the cheaper price of bandwidth) you may not need to control the endpoints to break anonymity, with enough statistical analysis of the packets entering and exiting the known tor nodes. Tor doesn't work against attackers who can monitor the whole network, and the developers say so up front.

The NSA seems to have extensive monitoring in many countries, not just the United States.

Who said the NSA had to limit its nodes to the United States?

I would think Silk Road provides enough incentive that if the government could defeat tor hidden services, they would have busted Silk Road.

Absolutely not. The government is not one unitary piece. The NSA is not the ATF is not the FBI. These capabilities were likely kept secret from other governmental agencies as much as the public.

Furthermore intelligence agencies are well aware that every action communicates information back to their adversaries. It's a no-brainer to let Silk Road exist if you think doing so gives you the edge on terrorism, or otherwise furthers the national interest.

Silk Road is a few pennies and few gram transactions. [See the data here http://arxiv.org/abs/1207.7139] It would be foolish to expose their snooping capabilities for this, right? Wow, Tor is not considered safe... Amazing

No way. What you forget is that once they bust it -- then they've REVEALED that they have the capability to do that.

Once they've revealed that, then people take account of it, and it becomes harder for the NSA to monitor them.

Half of the signals intelligence game is keeping your capabilities secret, so you can keep monitoring the signals, rather than have your target change their game.

That is to say, if they can get into Silk Road, then they probably ARE already monitoring everything that happens on Silk Road, and they'd rather it stay UP so they can keep monitoring the people on it (being very careful never to reveal that they can monitor it), then bust it so the people go elsewhere.

If every police officer had access to these tools, the news would leak much sooner.

So I would think these tools are available only to a select few, and those are more interested in more high-profile tasks like catching extremists or going after political opponents.

I, frankly, don't think SR is that high on government list. Not yet.

Historically, it has proven unwise to underestimate the NSA. Not being a booster, just thinking about Keyhole, tapping submarine cables, etc., etc.

Thanks for pointing this out. Good to see a peer preacher.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact