Hacker News new | past | comments | ask | show | jobs | submit login
Logs of compromised Tor site released (torproject.org)
317 points by randomfool on Nov 9, 2014 | hide | past | favorite | 77 comments

Am I understanding this correctly?

* Attacker has control of X number of tor nodes

* Attacker DDoS-es a hidden service, sending millions of requests to it

* Attacker hopes that at least one of these requests will be routed exclusively through their own tor nodes, thus revealing the IP address of the hidden service

That sounds neat. Is it a viable way to de-anonimize a hidden service?

That's broadly describing one possible class of attack. It looks more like a combination of attacks may have been used - traffic confirmation via timing of outages and packets is definitely a strong one, and that's what GCHQ's QUICKANT was gunning for; ONIONBREATH was targeted at hidden service enumeration and distinguishability, and Tor is seemingly not perfect at that. (I gather HSes were due for an overhaul anyway?)

Remember, Tor cannot comprehensively protect against a global passive attacker - which is what GCHQ, DSD, NSA, et al are trying to be, as well as every other kind of attacker of course. (Generally speaking, they try every possible angle at once.)

However, they have still not had much success to date identifying users, especially en masse. We're talking here about highly-targeted attacks, combined with a few OPSEC fails.

(I still prefer garlic routing in general, but Tor has a huge advantage which has little to do with tech - a massive, diverse userbase to hide amongst.)

I've studied Tor vulnerabilities for two years. I'm seeing signs of traffic confirmation (active), traffic confirmation (passive), stream watermarking, and a massive willingness to shape control of the network with DoS. Just about every attack on hidden services (active and passive), of which I am aware, was deployed, all at once. The malformed packet DoS was especially clever. And I'm sure a ton more were used that never made it to the academic research.

It was almost comical, like the star ship captain saying "now on my mark, fire all photon torpedoes!" They just revealed a massive amount of capability to send a message: Tor is not safe. They want everyone to know that despite that sticker on Snowden's laptop, Tor remains vulnerable.

But what remains interesting, and glaringly obviously absent, is user identification. The NSA does not appear to be able to deanonymize users at will. That is, given enough time and enough resources, they can ID hidden services and long-term users, but given an arbitrary Tor exit and and TCP stream, they can't simply follow it back to its origin.

A for effort. But in organizaton it looks like a military campaign, not a cyber attack. Straight out of the "total dominance" playbook.

But of course it won't work. Tor isn't a country. Its an idea. You can't force the Internet to "submit."

All this did was make blindingly obvious holes that many researchers have been asking to be fixed for a while.

> But what remains interesting, and glaringly obviously absent, is user identification.

I wonder if using Facebook over Tor would help in that regard.


This is very interesting. Are you suggesting that Facebook over Tor could be a step in the wrong direction? Official NSA Facebook partnerships are for now very unlikely, but I am interested to know how Facebook over Tor could in principle solve the user identification problem listed by grand parent.

Please correct me if I'm wrong, but if someone is logged in to Facebook while browsing over Tor, aren't you just one CSRF from getting all personal details for the user?

You're corrrect. Fast Tor user attribution is a different, much harder problem, and one they don't appesr to have cracked.

If you're using Facebook over Tor, you probably shouldn't be using an account that you created on an non-Tor connection or an account tied to your real-world identity.

If you are, and you're concerned about being identified... :/

I don't think Facebook will let you register new accounts using a Tor IP.

Indeed, it works like freenet IRC where you have to make an account first then log in to it with Tor. This is solved by making a throwaway VPS or virtual desktop you ssh into with Tor, make your account, shred the VPS and then change the password when you log in directly to Fb with Tor.

You can also edit Torrc to temporarily only use your own Tor exit nodes if worried about malicious exits while setting up accounts.

Someone's WIFI connection with a modified MAC is also a good way. Just make sure it's not the neighbours WIFI.

Using Facebokk would be considered harmful, and make tge situation worse.

I'm sure they're disscussing fixes on the tor dev irc and mailing list right now if anyone's interested.

> I've studied Tor vulnerabilities for two years.

Is that academic research, or in what context? I'd be interested to hear what you have to say on that; anything published anywhere? Email in profile if you'd be into that :)

You can't see emails in profiles, but I'd be happy to talk about what I can.

I think you're right. This describes a graph attack that uses a secondary vector of malformed packets to limit other connections.

Is there actually anything you can do to prevent this kind of attack?

I'm assuming once your network is compromised to such an extent there is not much you can do.

One (rather wasteful) workaround to delay the discovery a little bit is to have each node generate an equivalent amount of traffic going somewhere else.

The concept of a hidden service is itself interesting since it must still be "visible" to some extent, or else nothing could communicate with it; but at the same time, it's attempting to hide any indications of its presence. Attacks based on a large volume of traffic will always work if the service is centralised, since that's where all the traffic will (eventually) go. The only real solution I see is to make hidden services highly distributed so that the load is spread out and largely masked by other traffic.

Somewhat related: http://en.wikipedia.org/wiki/Fast_flux

Cut the hardline. Well, but seriously, shut down the network temporarily.

Wouldn't that only make it easier to confirm that this network/ip is associated with given hidden service?

This made me thinking btw about the latest hetzner hiccups which never happened before.

Yeah, assuming a global adversary, you'd just watch which servers went dark and the investigate them. We really need a "defensive mode" for TOR.

What are the odds of that request being routed exclusively through those specific nodes ?

I mean he either tried for a long time or had a very long list of nodes... I don't even know what's the average number of middle node for one route.

What I don't fully understand is why it's necessary for an adversary to have access to all nodes on the complete path from his DDoS machine to the target IP he's trying to unmask.

Wouldn't it only be necessary that I have shared knowledge of what packet I'm sending between the machine that I'm sending my DDoS from and my relay which I'm hoping is the last one that my target is connecting to? Or perhaps I don't understand Tor well enough.

You might be able to use statistics instead. If you flood Tor with requests for a particular service, that service's address should become more common at the relays you control.

Tor works by obfuscating traffic, jumping through 3 or more nodes before exiting the tor network. If an attacker controls those three nodes it is possible for them to determine the source.

You're not going to know the contents of the packet unless you also control the machine in the previous hop.

You can use a timing attack.

I think there's a chance of using malformed packets to disrupt all other nodes.

In other words, a Sybil attack.

ehh a Sybil attack involves breaking identification systems (eg, cracking private keys). In this case it seems like they've broken the underlying protocol (tor) to get the ip address.

A Sybil attack is any attack that involves attacking by brute forcing the number of identities. The identity need not be based on cryptographic systems -- it could simply be the number of IP addresses.

Sure but Sybil generally refers to obscuring identity as opposed to actually actively breaking into systems... This seems like a much more active attack if it involves forged packets.

what do you mean by "hidden service" ?

A web site only available using Tor.

See: https://www.torproject.org/docs/hidden-services.html.en

To grab everything:

  $ mkdir foo
  $ cd foo
  $ wget --mirror --convert-links --adjust-extension --page-requisites --no-parent http://doxbin.strangled.net/
Or you can grab a tarball here: http://evilrouters.net/mirror/doxbin.strangled.net.tar (~37 MB)

I don't understand the context of this post on torproject.org

Who is this guy? Nachash? Is he an operator of one of the illegal websites that were seized as a result of Onymous? He is talking as I would expect a sysadmin, so is that what you'd call him? He talks about inheriting PHP code, is he referring to the original SR source code? If so, how could he have acquired this source code?

>Who is this guy?

He was the guy running doxbin [0] before Onymous seized the servers.

He's trying to provide any relevant information he can to the Tor devs so that they can better prevent attacks against hidden services in the future.

>He talks about inheriting PHP code, is he referring to the original SR source code?

He's referring to the doxbin source code [1], which he didn't write entirely but just improved upon.

[0] doxbinzqkeoso6sl.onion

[1] qhlkmirbijvet2dp.onion

>Who is this guy?

To add on to what tux3 has posted, nachash has been involved in various other illegal happenings on the net over the past few years, usually with other ED hackertypes.

You can just use google to find irc logs to get a general idea of who this guy is.


encyclopedia dramatica?

Thank you - now that I know I feel silly not making the connection, as I had just been looking at some Encyclopedia Dramatica after Googling Nachash.

These guys seem to be pretty smart, but constantly embroiled in some seemingly petty feud or scandal within their scene.


Not knowing much about doxbin, I don't understand why it would have been seized. It doesn't seem anywhere near in the same league as the various drug markets that were seized.

Word on the street is they hosted dox for NSA's Keith Alexander and the Ulbricht/Silk Road judge.

    > one of the illegal websites
Sounds like he's making a point that he either didn't consider it to be illegal, or, illegal enough that there's a chance of him going to jail

What if we just started using keys with tor and setting a few (trusted) default nodes...

Update to clarify: I'm talking about every user setting a few distinct trusted nodes.

A few nodes makes it easier for a global adversary to attack, I'd think.

The FBI could seize those nodes and replace them with rooted boxes. The NSA could use their little boxes in Sprint/ATT/L3's broom closets to forward packets to Ft. Meade.

What Tor needs is lots more traffic going through lots more nodes.

Isn't freenet or I2P more resilient to such attacks ?

I mean tor is great because it allows to browse webpages, but aren't there thicker means to be anonymous ?

Every system is susceptible to a graph attack at some level...

Freenet doesn't have the concept of a server that hosts a site though. Data is distributed across the datastore in nodes in Freenet. When users request a site or data then it is gathered from the nodes that hold the information.

This means sites can't have dynamic functionality but for those that host only static data then it would seem to be an alternative.

They are possibly vulnerable to being discovered when inserting data if the attacker knows what they are inserting.

> They are possibly vulnerable to being discovered when inserting data if the attacker knows what they are inserting.

If we go by the theory that compromising a single Tor user is not feasible, then connecting to the Freenet network through a fresh Tor connection every time you want to insert new data should make it a lot more difficult to find the identity of the person who is inserting this data.

I'm thinking here in the context of operating a black market, where new items are signed with the operator's key, and uploaded to Freenet, along with a list of all items on the market in question, also signed by the operator (with an increasing nonce).

new items are signed with the operator's key, and uploaded to Freenet, along with a list of all items on the market in question, also signed by the operator (with an increasing nonce).

It really confuses me why people insist on thinking about electronic systems of exchange in broken physical world terms: market/store, buyer, seller. See https://github.com/OpenBazaar/OpenBazaar/issues/961

I don't see what's "broken" about these terms. People understand them, and they serve their purpose: explaining the roles of various nodes in the network.

However, I understand your argument that there's really no need to differentiate between "buyers" and "sellers": every node on the network could be either, both or neither at any point in time.

I don't think changing the language used in OpenBazaar really makes much of a difference though. I doubt people are that interested in doing barter trading via an online market. That seems very inefficient (ie. sending a pound of beef jerky in in the mail in exchange for receiving five LED bulbs). The only reason for doing this would be if the two parties don't have proper money available.

It'd be a lot more efficient for either party to sell their good (beef jerky or light bulbs) for money locally (for example bitcoins), and pay for the other item in bitcoins, so only a single good needs to be sent via mail. The party receiving money can then just buy the goods he wants locally.

And even if its only the money flow graph...

Regardless of source graph attacks are one of the oldest LEO techniques, even if they don't fit the modern definition...

    From the standpoint of someone with root access to a 
    dedi with OpenVZ vms, finding hidden services that are 
    hosted by customers is a matter of looking for files   
    named private_key anywhere under the /vz folder.

    2. Cross your fingers and pray really, really hard that 
    the money trail is correctly obscured.
Hetzner is a popular German hoster and as far as I know payment requires either a valid credit card or a German bank account. How is it possible to obscure the money trail at all?

It looks like they bought a VPS on a hetzner box. The reseller was probably a lot less picky about their money source.

Can you use a prepaid credit card?

I think this is about debit cards, probably not accepted by Hetzner.

From their payments page [1]:

    The following credit cards are accepted through this  
    payment facility: Visa, Master, Diners and Amex. 
I don't know if any of those companies offers prepaid credit cards.

[1] http://www.hetzner.co.za/helpcentre/index.php/articles/conte...

There are prepaid cards in almost every US grocery and convenience store, typically Mastercard and Visa. They don't require any ID to buy and have a fee around $5. Most can't be reloaded.

Most of those cards say that payment can only happen in the United States. I wonder if that applies to online services?

You can exchange bitcoins on IRC for prepaid virtual visas and mastercards, paypal, any 3rd party payment you want. There's a few web services for exchanging coins to visa too, which I can't remember right now but are posted to bitcointalk forums.

Of course if you were setting up an illegal hidden service payment would be the least of your worries. Moving it around every few weeks inside Russia like the inter-dimensional dark fortress in Krull to prevent long term traffic analysis, maintaining your site from a moving location everyday, and making sure you don't blow opsec giving away your identity is probably more difficult than finding creative methods to pay for hosting.

They all do (maybe not Diners, I didn't realize they were still a thing). I use them from time to time to get around the geofencing of purchases, or when I really don't trust the site.

I know Visa and Amex do. Recent darkweb busts have displayed a level of arrogance that is somewhat disturbing.

This page states they also support Direct Deposit, which means you can walk into any bank and deposit cash, no ID required.

No, Direct Deposit in Germany usually refers to Giro[1] which is a payment between bank accounts. (Credit cards and even debit Visa/MasterCards are relatively uncommon in Germany)

I've never seen an actual cash deposit payment while I lived there, though we do have them in Sweden for example.

[1]: http://en.wikipedia.org/wiki/Giro

Seems like that should also open one up to an identifying attack of sorts. Find out when deposits were made (assuming there is more than one), grab all the security video from those times, and try to identify the person who is in all of those clips. Facial recognition software should get one the rest of the way. I imagine you would only need 3 or 4 deposit events to reliably identify someone?

Yeah, because banks have no cameras, you can go in wearing a mask and everything, just to remain anonymous while paying your hidden service server.

In the US there's no option for this... Most banks will not allow you to deposit funds into another persons account.

This is false; I've done it several times with no issue.

So this is perhaps a little naive but could any of these boxes be shell shock vulnerable? If they were that would make this whole thing trivial...

%5C%22 stands for \"

Not sure if that's significant in any way, could be just a unique identifier.

It looks like guard discovery was one component of the attack, and DoS could have been used to boot HSes into choosing a malicious guard, or at least, a raided (but no logs?) or somehow-rooted guard. So it's probably just a badly-coded script-kiddie-grade DoS script. It doesn't have to be an amazing, novel DoS to have an effect - it just has to be a DoS, and they don't have to show their hands by using anything particularly amazing.

What I think is that they probably don't have anything that we don't know about already as being theoretically possible. They just tried every attack we do know about at once, and some of it proved fruitful given their reach. Tor stinks - but it still works, and we can improve it.

Applications are open for YC Winter 2023

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact