Has anyone actually used a Telnet Proxy Chain system like Tor?

Discussion in 'privacy problems' started by DesuMaiden, Sep 17, 2013.

Thread Status:
Not open for further replies.
  1. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    I've read on certain sites that Tor is not really that secure and untraceable when a sophisticated adversary (like the FBI, CIA, NSA) controls a significant portion of the Tor network's nodes. So if you were a truly skilled blackhat hacker, you wouldn't solely rely on Tor to hide your IP address. You would control several compromised computers remotely as your telnet and route your connection through the compromised telnet computers. So it would work like this.

    Your IP (best to do this from public wifi like a Starbucks Coffee Shop)----->Telnet Proxy #1---->Telnet Proxy #2--->Telnet Proxy #3----> Tor Proxy #1---->Tor Proxy #2----->Tor Proxy #3--->Destination Web Site for hacking

    Is this set up overkill? I think you would definitely need to be using compromised computers/servers as your OWN proxies rather than rely on proxies set-up by independent, third-parties that you might not be able to trust. Virtually all VPNs keep logs--even if they claim they don't--because all VPN providers are required by law to keep logs in case if the government is tracing somebody in an investigation.

    Also many Tor servers are controlled by intelligence agencies, so what makes you think you are safe if you route your connection through their Tor servers? I think they can either inject malicious scripts into your browser to expose your real IP (so unless you disabled all scripting on Tor Browser Bundle, you are vulnerable to scripting exploits) or they can conduct MiTM (Middle-In-The-Man) attacks against you even if you disable all scripting, flash, javascript and other browser vulnerabilities.

    Has there ever been documented cases of blackhats using Telnets to hide their IP in conjunction with Tor? I recall this one hacker called DemonKiller in Japan and he compromised several people's computers to use as telnet proxies and he also hid behind Tor. The reason Demonkiller wasn't traceable wasn't because of Tor but because he also hid behind a telnet.
     
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Telnet has never been considered secure as a protocol primarily because it was never designed from the start with security in mind.

    From the client's computer, Tor is tunneled through its network, thus not even the user's ISP can decrypt/see the final destination nor the traffic delivered. Only the Tor exit node can see the destination and/or downloads over Tor.

    Making assumptions that "FBI, CIA, NSA" controls a significant portion of the Tor network's nodes is an "unknown" speculative statement bordering on paranoid. While there may be some, certainly not all - which makes it a good idea to configure your Tor client (torrc file) to switch nodes frequently as well as change your Tor identity frequently.

    Best to use trusted VPN chain of services to hide your IP address. Not all are required to keep logs. See:

    Which VPN Service Providers Really Take Anonymity Seriously? dated 2011/10/7
    and
    VPN Services That Take Your Anonymity Seriously, 2013 Edition. dated 2013/3/2

    I seriously doubt whether any black/grey/white hat hackers would even consider using telnet proxies ever in place of VPN proxies.

    -- Tom
     
  3. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    That is correct. I would stick with my Tor Browser Bundle (which I'm using right now by the way).
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Some (evil) people did that ~20 years ago. The modern equivalent would be chaining ssh logins. But rooting people's stuff is evil. And it wouldn't even be very anonymous. Even if you wiped all connections logs on all machines in your chain, you couldn't get at logs on routers etc. Also, getting anything except text through an ssh chain would be a hassle. Just use VPNs and Tor :)
     
  5. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    I just use Tor. I'm using Tor for this site. And every other site that requires anonymity. Tor is the magic tool.
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Just keep an eye on -https://metrics.torproject.org/users.html and -https://metrics.torproject.org/network.html. If the number of relays starts spiking, all bets are off :(
     
  7. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    How does the number of relays going up make the Tor network less secure and more traceable? I don't get it.
     
  8. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Since mid August, the number of clients in the Tor network has increased from about 0.5 million to about four million. It seems that the new ~3.5 million clients are Mevade bots. So far, they're just connecting, and not doing much. But there are only about four thousand Tor relays. Mevade could easily sacrifice a few thousand high-bandwidth bots by making them Tor relays. Although they'd eventually be taken offline, Mevade would (for a while, at least) be running most of the Tor relays. See?
     
  10. redcell

    redcell Registered Member

    Joined:
    Sep 27, 2010
    Posts:
    126
    Can we get a list of suspected botnet IP address and range?
     
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    For (obviously) good reason, Tor doesn't publish IP addresses of users, just for relays. The data collection systems behind the Tor metrics (-https://metrics.torproject.org/) don't even store IP addresses temporarily. The country look up occurs in memory. Mevade seems to be everywhere, except in Israel. Perhaps that's because the operator lives there ;) It's pretty common for botnets to blacklist (i.e., not infect) home country and/or language.
     
  12. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Snowden documents make mention of NSA being able to "query Tor events." No idea what this means, but just thought I would throw it out there. If they have broken SSL (which Tor uses), then it stands to reason they might have broken Tor.

    At this point, I would not trust *anything* electronic for any sort of secure or anonymous communications. There is a good chance that even your hardware is riddled with NSA backdoors. Good luck with that.
     
  13. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    Then don't do something that ~ Snipped as per TOS ~ off the NSA :D

    NSA is more powerful than LE, so even if they broke Tor that doesn't necessarily mean LE (Law Enforcement) also broke Tor. Tor may be traceable to NSA, but not necessarily LE. So if you are hiding from LE, Tor may still be reliable.

    To get rid of NSA backdoors, use Linux open source rather than closed source Windows :0
     
    Last edited by a moderator: Sep 20, 2013
  14. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Please read post #689 @ NSA has direct access to tech giants' systems for user data, secret files reveal.

    There is no reason to believe that NSA has broken Tor encryption at this point in time. However, they do have the resources to do the traffic analysis. Since Bruce Schneier has mentioned that NSA tends to go after bulk data - they probably are not targeting you or me. If you choose to be paranoid that NSA has riddled your hardware with backdoors - that is your choice, just stay away from the PRNG recommended by NIST previously (Dual_EC_DRBG) ref msg #686 in the above linked thread, and use Linux since it took measures to avoid use of only the Intel RNG instruction to apply more entropy to what Linux delivers in the final result.

    -- Tom
     
  15. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    Yes the NSA can conduct timing-and-correlation attacks against all Tor users if they wanted. I doubt they can do it at the global level. I'm pretty sure the NSA can only monitor traffic at the ISP level in real time for the USA, where they operate.

    Other sophisticated nation-state level adversaries are capable of this. This includes China, Russia, Canada, Iran and the UK. I doubt an impoverished third world country could do this. Somalia, Uganda and North Korea... I doubt it.

    Many ISPs automatically alert the NSA when someone is using Tor. And if the NSA can see a certain amount of data is entering the Tor network--from your computer-- and leaving the Tor network at the same time, they can figure out you were a part of the same circuit to figure out your ip. They see a 50mb packet entering the Tor network at 10-50kp/s and the same size and bandwidth packet leaving the Tor network at the same time, they can figure you you were a part of the same network

    I only think a nation-state level adversary as powerful as the NSA has the resources to do correlation-timing attacks against the Tor network. Law enforcement don't have the resources to do that. But they can plant malicious Tor exit nodes and inject malicious scripts to expose someone's real ip address---assuming the Tor client did not globally disable scripts with NoScripts.

    This requires far less resources than correlation-and-timing attacks, which requires real-time monitoring of all traffic at the ISP level. Since Tor is open source, a skilled programmer can write some malicious code into the software. Become an exit node. And inject malicious coding into any Tor browsers, which don't have scripting disabled, to expose their real ip.

    Explain what you mean by "bulk data". I'm interested. :)
     
  16. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    "Bulk data" is nothing more than drinking from the tap aka the Internet backbones that are already tapped in various cities in the U.S. that carry International traffic (San Francisco (Pacific), New York(Europe), Washington D.C.(South America)). I may have a bookmark that had a map of those connections. A good depiction of the Internet backbone is Global Traffic Map 2010.

    What proof is there that "Many ISPs automatically alert the NSA when someone is using Tor"? Or, is that statement speculative conjecture?

    One would think, given the recent admission, that the FBI is way more involved in Tor than the NSA given their separate missions, and that the ISPs would instead alert the FBI.

    -- Tom
     
    Last edited: Sep 22, 2013
  17. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    While I don't recall anything about Tor specifically, it has come out that the NSA keeps encrypted data indefinitely. I presume that they don't just decide to save some encrypted data after they randomly stumble across it.

    We know about the Internet taps, as you've noted re "bulk data". And we know from the 2007 XKeyscore presentation that "[t]he system's computer infrastructure is based on a 'massive distributed Linux cluster', and has 500 servers distributed around the world." <-http://www.zdnet.com/us-spy-system-xkeyscore-allows-nsa-to-wiretap-anyone-7000018825/->.

    It's arguable that those "500 servers" are the Internet taps, using hardware (I forget the name) that does deep packet inspection on the fly, and diverts selected traffic to NSA storage for subsequent analysis. As I understand it, each of the servers executes the same set of queries on its stream, in parallel. In 2007, they had 500 servers and could store about three days worth of selected traffic. Six years later, it's arguable that they can store 10-100 times as much.

    Anyway, I do think that they select and store all encrypted traffic, including Tor, VPNs, gpg encrypted email, etc.
     
Loading...
Thread Status:
Not open for further replies.