Tor Project flags Russian 'exit node' server delivering malware

Discussion in 'privacy technology' started by ronjor, Oct 27, 2014.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,722
    Location:
    Texas
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From OnionDuke: APT Attacks Via the Tor Network:
     
  3. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    Slightly unrelated post but: this thread once again reminds me of how happy I am to have left Windows for Linux. Just saying!!
     
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    You're not alone :isay:
     
  6. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    For a year, gang operating rogue Tor node infected Windows executables
    http://arstechnica.com/security/201...or-node-added-malware-to-windows-executables/
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Yes, it's good to hang a little higher :thumb:
     
  8. Enigm

    Enigm Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    188
    What really baffles me is that anyone would trust a TOR-node enough to download windows-executables -
    But then, I don't get why anyone trusts TOR at all !
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    It's the Devil vs deep-blue sea thing ;)
     
  10. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    Enigm,

    What connection method do you trust? Of course you can't be "trust your life on it certain", but talk alternatives. I say you use TOR as part of the chain (a significant but not entirely used alone component). Of all the methods publicly known this is what Snowden relied upon. He warned of exit nodes and what precautions needed to be taken "post exit".

    Open to a better alternative and learning!!
     
  11. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    I would reconsider that. A few weeks ago silk road 2 was entirely compromised, hundreds of hidden tor services were identified and taken down and people arrested. This shows for the second time, tor cannot be trusted to provide anonymity.
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Do you know of anything better?

    I've never been entirely comfortable about Tor, either. It is experimental software, after all. And there's not been focused effort on developing and strengthening hidden services (now aka onion services). If anonymity is very important, it's probably best to combine VPNs, JonDonym and Tor.
     
  13. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    I too can only understand what I know or have heard. For now chaining/combining VPN, TOR (including Whonix) are about the best that I am personally aware of and have significant time with. For me the first thing is goodbye Windows and hello Linux!! We will see if the OS played any part on the compromise.

    The obvious thing - but extremely inconvenient too - is to grab a laptop for "wandering around with" and always connect via some public wifi. At least if all falls apart it tracks back to a coffee shop. With a strong wireless dongle you can be blocks away on a public wifi. For most people this model is over the hill inconvenient, except for "extreme privacy needed" applications.

    If anyone comes across a good link on how silk road 2 was technically taken down please post it here at Wilder's. That would be a separate thread of course. I would love to study the process they employed. Most of the time it comes down to fundamental errors on the operator's part, which contributes to making it possible (not saying TOR is perfect). Remember the outdated TOR FF browser exploit, that was in fact updated, but many lazy users never did the update? Those are the ones that paid the price on the last take down. Even with the outdated browser still being used, they would have been fine IF they used a bridge VPN before joining the TOR circuit. This was studied at length.
     
    Last edited: Nov 17, 2014
  14. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    One of things that is rarely mentioned (the tails guys talk about it in the documentation) is mac addressing and computer fingerprinting. My suspicion is our mac addresses are not just being used for internal networking. I cannot prove this except to say I have done some experimenting with a local wifi hotspot where all users log in with the same username and password.
    I noticed every time i log in my computer is assigned the same internal ip address ending in 141 every time. I said aha they are logging my mac address and using it to identify my computer. So I created a tails thumbdrive and logged in via tails using its mac address spoofing, my ip address was now different, ending in 66 I said ok so now the network thinks this is a different computer.
    Here's the kicker, the next time I went back to the hotspot and logged in using Windows I was surprised to find my internal ip address ended in 66 again.
    Somehow that wifi hotspot knew, my computer was the same one that logged in using tails and kept assigning the same ip address thereafter.
    I have to do some more testing to find out how they did that.
    My suspicion is our mac address and possibly hardware id's are logged when we go online and these may possibly be requestable from outside our local network therefore making anonymity impossible without very good spoofing software.
     
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Based on limited experience, I'm pretty sure that WiFi APs can see through MAC-changing software. It's more reliable, I think, to use multiple USB WiFi adapters.
     
Loading...