Siphoning Documents from TOR

According to Lance Cottrell of Anonymizer, TOR may actually reduce your privacy. He describes the case of WikiLeaks which captured over one million stolen government documents by operating a TOR exit node (see this article).

The lesson:

 

yes, it is easer to create a leak from inside the tor network.

 

"In the burgeoning field of intelligence contractors, an especially aggressive upstart is Abraxas Corp., a privately held company that has assembled a deep roster of CIA veterans to handle a wide range of clandestine assignments -- including secret work for an elite team of overseas case officers."

A Bold Upstart With CIA Roots - Los Angeles Times

"Richard Helms, CEO and Founder of Abraxas Corporation announced today the acquisition of San Diego-based Anonymizer, Inc."

Abraxas Corporation acquires Anonymizer, Inc.

Just sayin'

 

Doesn't sound like a TOR weakness to me. This was always a possibility.
TOR provides anonymity, not data security or whatever you want to call it.

Now if someone were to say they found out where the documents came from, that would be news.

 

Plaintext over Tor is still plaintext

 

While all anonymity providers could potentially retain users’ documents transmitted on their own networks, this weakness appears to be magnified with TOR because of its openness: nearly anyone can setup a TOR server, whereas attaching to a commercially secure anonymity service is more problematical. Thus, the weakness is not specific to TOR -- but, the ease with which that weakness can be manipulated by an adversary seems to be substantially greater with TOR.

Of course, the solution to the privacy issue is end-to-end encryption.

 

Lance is correct. All participation based systems can always be gamed, defeated, and should be explicitly distrusted. If you have to use tor, visit only https destinations, and do not trust the certificates you are presented with either.

This behavior is totally predictable, and not even the tip of the iceberg regarding the monsters lurking inside the tor network...

 

Pedro is right. TOR is about anonymity on the other end, not data security. Nothing here to see. In fact, it's wrong to act as if there is.

 

So there is only going to be one speed, yours?
If I stay in the shadow of the mountain I'll be O.K.

 

As others have said, this is not news. This is merely a case of the Anonymizer guy trying to scare ignorant users into buying his service by concocting lots of FUD about TOR.

The truth is that the Tor documentation makes it abundantly clear that unless your connection is encrypted end-to-end by some outside means (i.e., an SSL connection), it is always possible for the exit node to listen in on your connection. This is because Tor cannot magically encrypt the whole Internet; it can only encrypt the circuits within its own network. Therefore, it should be made clear that Tor is for anonymity and not privacy! You should never assume privacy on Tor (unless you are using SSL). In fact, one should never assume privacy on any unencrypted Internet connection. (BTW, the exit node cannot see your IP, but can only see the data you are sending/receiving).

Someone mentioned that you shouldn't trust SSL certs on Tor since its possible for a rogue node to be running a MITM appliance. That's true, they could. But then again, they don't need Tor to do this! Anyone anywhere, either on Tor or not, can run a MITM appliance. There's a good chance governments are doing this sort of thing on the "regular" Internet already anyway, and they would have an easier time doing it on the regular internet than they would on Tor since Tor is mostly made up of paranoid technical people. NSA has been running secret operations at various Tier-1 ISP exchanges since at least 911. All data that traverses Tier-1 (backbone) providers *is* without a doubt being mined by NSA, as several whistle blowers have testified. Ergo, you are no safer on the regular Internet than on Tor.

The truth is the whole SSL/Certificate Authority system is badly broken (and has nothing to do with Tor). Everyone knows it. Noted crypto expert and CS professor, Matt Blaze, wrote a good piece about why the certificate authority model sucks. The problem is there are hundreds of root CA's out there and some of them are probably rogue and will issue forged certs to anyone with some $$ (read: the NSA or criminal organizations). It's also likely some of these so called "trusted" CA's are nothing but fronts for NSA. This means NSA probably has access to tons of so-called encrypted web traffic thanks to this flawed CA model. It's worth quoting Matt Blaze here:

Think about it, NSA has a budget of at least 30 billion a year and its sole and only job is to spy on communications (SIGINT). And we are supposed to think they sit there scratching their heads when it comes to SSL? Nope. They can, and do, decrypt most of it (by using forged/fake certs) and then put it through their supercomputers for analysis. Remember, it only takes one bad root CA to spoil the whole bunch.

 

To put it simplly how can someone configure tor or a browser to only use SSL, I recently got a free Usertrust Net cert from Comodo with their "Secure Mail" utility. Is it depent on the website or can you specify. And once they have it configured how can it be tested.