Friday, 22 November 2013

Tor Attack!!

Security Agencies Target Tor Network

The NSA has repeatedly tried to attack people using Tor, a popular tool protecting their Internet anonymity. This is despite the fact the software is primarily funded and promoted by the government of the United States itself.

According to secret NSA files, disclosed by Edward Snowden, the agency successfully identified Tor users and then attacked vulnerable software on their machines. One NSA technique targeted the Firefox Internet browser used with Tor and gave the agency full control over targets’ computers, including access to files, all keystrokes and all Internet activity. However, the files suggest that the fundamental security of the anonymity service remains intact.

Tor (The Onion Router) is an open-source public project which redirects its users’ traffic via other PCs, called “relays” or “nodes”, in order to keep it anonymous and avoid filtering tools. Journalists, activists and campaigners in America, Europe, China, Iran and Syria rely on Tor network to maintain the privacy of their communications and avoid reprisals from the authorities. The network currently receives around 60% of its funding from the American government, primarily the State Department and the Department of Defense.

Despite the importance of the network to dissidents and human rights groups, the National Security Agency and its British counterpart GCHQ have devoted their efforts to attacking Tor. They claim that the service is also used by people engaged in terrorism, trade of child abuse images, and virtual drug dealing.

While it seems that the agency hasn’t compromised the core security of the Tor software or network, the leaked files detail proof-of-concept attacks, including some relying on the large-scale Internet surveillance systems used by the NSA and GCHQ via Internet cable taps.

Foremost among the concerns is whether the agency has acted against users in the United States when attacking the network. The matter is that one of the functions of the anonymity service is to hide the country of all of its users, which means that any attack could be hitting members of Tor’s American user base.

A less complex attack against the network was also disclosed in July 2013, with its details leading to speculation that it had been built by the FBI or another American agency. While at the time the FBI refused to admit it was behind the attack, it subsequently claimed in a hearing in an Irish court that the agency did operate malware to target an alleged host of pictures of child abuse, with the attack also hitting Tor network.

No comments: