* Attacker has control of X number of tor nodes
* Attacker DDoS-es a hidden service, sending millions of requests to it
* Attacker hopes that at least one of these requests will be routed exclusively through their own tor nodes, thus revealing the IP address of the hidden service
That sounds neat. Is it a viable way to de-anonimize a hidden service?
Remember, Tor cannot comprehensively protect against a global passive attacker - which is what GCHQ, DSD, NSA, et al are trying to be, as well as every other kind of attacker of course. (Generally speaking, they try every possible angle at once.)
However, they have still not had much success to date identifying users, especially en masse. We're talking here about highly-targeted attacks, combined with a few OPSEC fails.
(I still prefer garlic routing in general, but Tor has a huge advantage which has little to do with tech - a massive, diverse userbase to hide amongst.)
It was almost comical, like the star ship captain saying "now on my mark, fire all photon torpedoes!" They just revealed a massive amount of capability to send a message: Tor is not safe. They want everyone to know that despite that sticker on Snowden's laptop, Tor remains vulnerable.
But what remains interesting, and glaringly obviously absent, is user identification. The NSA does not appear to be able to deanonymize users at will. That is, given enough time and enough resources, they can ID hidden services and long-term users, but given an arbitrary Tor exit and and TCP stream, they can't simply follow it back to its origin.
A for effort. But in organizaton it looks like a military campaign, not a cyber attack. Straight out of the "total dominance" playbook.
But of course it won't work. Tor isn't a country. Its an idea. You can't force the Internet to "submit."
All this did was make blindingly obvious holes that many researchers have been asking to be fixed for a while.
I wonder if using Facebook over Tor would help in that regard.
If you are, and you're concerned about being identified... :/
You can also edit Torrc to temporarily only use your own Tor exit nodes if worried about malicious exits while setting up accounts.
I'm sure they're disscussing fixes on the tor dev irc and mailing list right now if anyone's interested.
Is that academic research, or in what context? I'd be interested to hear what you have to say on that; anything published anywhere? Email in profile if you'd be into that :)
I'm assuming once your network is compromised to such an extent there is not much you can do.
The concept of a hidden service is itself interesting since it must still be "visible" to some extent, or else nothing could communicate with it; but at the same time, it's attempting to hide any indications of its presence. Attacks based on a large volume of traffic will always work if the service is centralised, since that's where all the traffic will (eventually) go. The only real solution I see is to make hidden services highly distributed so that the load is spread out and largely masked by other traffic.
Somewhat related: http://en.wikipedia.org/wiki/Fast_flux
This made me thinking btw about the latest hetzner hiccups which never happened before.
I mean he either tried for a long time or had a very long list of nodes... I don't even know what's the average number of middle node for one route.
Wouldn't it only be necessary that I have shared knowledge of what packet I'm sending between the machine that I'm sending my DDoS from and my relay which I'm hoping is the last one that my target is connecting to? Or perhaps I don't understand Tor well enough.
$ mkdir foo
$ cd foo
$ wget --mirror --convert-links --adjust-extension --page-requisites --no-parent http://doxbin.strangled.net/
Who is this guy? Nachash? Is he an operator of one of the illegal websites that were seized as a result of Onymous? He is talking as I would expect a sysadmin, so is that what you'd call him? He talks about inheriting PHP code, is he referring to the original SR source code? If so, how could he have acquired this source code?
He was the guy running doxbin  before Onymous seized the servers.
He's trying to provide any relevant information he can to the Tor devs so that they can better prevent attacks against hidden services in the future.
>He talks about inheriting PHP code, is he referring to the original SR source code?
He's referring to the doxbin source code , which he didn't write entirely but just improved upon.
To add on to what tux3 has posted, nachash has been involved in various other illegal happenings on the net over the past few years, usually with other ED hackertypes.
You can just use google to find irc logs to get a general idea of who this guy is.
These guys seem to be pretty smart, but constantly embroiled in some seemingly petty feud or scandal within their scene.
> one of the illegal websites
Update to clarify: I'm talking about every user setting a few distinct trusted nodes.
The FBI could seize those nodes and replace them with rooted boxes. The NSA could use their little boxes in Sprint/ATT/L3's broom closets to forward packets to Ft. Meade.
What Tor needs is lots more traffic going through lots more nodes.
I mean tor is great because it allows to browse webpages, but aren't there thicker means to be anonymous ?
This means sites can't have dynamic functionality but for those that host only static data then it would seem to be an alternative.
They are possibly vulnerable to being discovered when inserting data if the attacker knows what they are inserting.
If we go by the theory that compromising a single Tor user is not feasible, then connecting to the Freenet network through a fresh Tor connection every time you want to insert new data should make it a lot more difficult to find the identity of the person who is inserting this data.
I'm thinking here in the context of operating a black market, where new items are signed with the operator's key, and uploaded to Freenet, along with a list of all items on the market in question, also signed by the operator (with an increasing nonce).
It really confuses me why people insist on thinking about electronic systems of exchange in broken physical world terms: market/store, buyer, seller. See https://github.com/OpenBazaar/OpenBazaar/issues/961
However, I understand your argument that there's really no need to differentiate between "buyers" and "sellers": every node on the network could be either, both or neither at any point in time.
I don't think changing the language used in OpenBazaar really makes much of a difference though. I doubt people are that interested in doing barter trading via an online market. That seems very inefficient (ie. sending a pound of beef jerky in in the mail in exchange for receiving five LED bulbs). The only reason for doing this would be if the two parties don't have proper money available.
It'd be a lot more efficient for either party to sell their good (beef jerky or light bulbs) for money locally (for example bitcoins), and pay for the other item in bitcoins, so only a single good needs to be sent via mail. The party receiving money can then just buy the goods he wants locally.
From the standpoint of someone with root access to a
dedi with OpenVZ vms, finding hidden services that are
hosted by customers is a matter of looking for files
named private_key anywhere under the /vz folder.
2. Cross your fingers and pray really, really hard that
the money trail is correctly obscured.
The following credit cards are accepted through this
payment facility: Visa, Master, Diners and Amex.
Of course if you were setting up an illegal hidden service payment would be the least of your worries. Moving it around every few weeks inside Russia like the inter-dimensional dark fortress in Krull to prevent long term traffic analysis, maintaining your site from a moving location everyday, and making sure you don't blow opsec giving away your identity is probably more difficult than finding creative methods to pay for hosting.
I've never seen an actual cash deposit payment while I lived there, though we do have them in Sweden for example.
Not sure if that's significant in any way, could be just a unique identifier.
What I think is that they probably don't have anything that we don't know about already as being theoretically possible. They just tried every attack we do know about at once, and some of it proved fruitful given their reach. Tor stinks - but it still works, and we can improve it.