Tor network exposes sensitive information

A MYSTERY was solved today that emphasises a feature of the Tor network that many users either never understood or had forgotten.

On August 30, Swedish computer security researcher Dan Egerstad posted the user names and passwords for 100 email accounts that he had obtained without the owners' knowledge. He also posted their email servers' IP addresses.

The information posted was just a sample of at least 1,000 instances he had collected along with thousands of emails belonging to embassy employees, legislators, civil rights workers and others throughout the world.

At the time, he wouldn't say how he had gained access to all that data, except that it didn't involve hacking any desktop computers or servers but instead was accomplished through a network sniffing attack against a free encryption program installed by all of the vulnerable users.

Friday, Egerstad revealed that he gathered that information as a research project by hosting five Tor network exit nodes at various Internet locations.

Tor is a mesh network of servers that provides anonymous, untraceable web access and communications. It's supported by the Electronic Frontier Foundation, which hosts its software, and other civil liberties organizations. The Tor network is used by international human rights workers, charitable groups, whistleblowers, journalists, diplomatic employees, legislators, military arms, intelligence agencies and law enforcement personnel.

However, there's a common misperception about Tor, which Egerstad's exploit has not so much revealed but emphasised: that Tor is an end-to-end encryption service. It's not, but as Egerstad has shown, most if not all users aren't taking the necessary additional steps needed to protect their identities and communications from interception.

Egerstad believes others might also be taking advantage of this misperception among Tor users. Wired quotes him as saying:

"I am absolutely positive that I am not the only one to figure this out. I'm pretty sure there are governments doing the exact same thing. There's probably a reason why people are volunteering to set up a node."

The Tor network vulnerability is a feature, not a bug. TOR stands for The Onion Router, which describes the essence of its operation. The Electronic Frontier Foundation's overview and description of how the Tor network works is here.

When a user wants to access a remote system using Tor, he or she identifies the target site to a Tor access node and Tor dynamically routes a random path through its network to the destination.

The Tor access node receives the user's encrypted message and applies additional layers of encryption, one layer for each server in the path. As the message is routed through the Tor network, each server strips off a layer of encryption and passes the message on to the next server in the chain.

The vulnerability of the Tor network resides at the very last server in the chain, the exit node, which transmit the fully decrypted message to the destination system.

The Tor network description does not merely acknowledge this vulnerabilty but highlights it. However, many users apparently either didn't read or fully understand that, or they forget about it.

It remains to be seen whether this publicity about the Tor network's vulnerability to exit node traffic interception will in effect kill off the service or motivate changes to make it really, truly end-to-end secure. µ

L'INQ
Wired