[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] List of ways to attack Tor

I'm tasked with doing a short report on the ways in which Tor can be attacked. I've brainstormed and done research for few hours and this is the list I've come up with.
Is there anything big that I've missed?
I feel I might be a bit light on more technical attacks.

Your help is greatly appreciated.

Realistic attacks against Tor:
-DDoS directory authorities, possibly knocking the entire network down after a time -DDoS hidden service directories to keep a specific hidden service offline
-DDoSing specific hidden services to keep them offline
-Hacking the directory authorities and spreading false network information, perhaps to direct more people to malicious relays -Repeatedly requesting information about bridges until you've built a list of all of them -Traffic sniffing and analysis at the exits relays, perhaps leading to discovery of personal identity information -Traffic modification at the exit relays (e.g. JavaScript injection when a client visits a website using HTTP)
-Traffic analysis resulting in end-to-end correlation
-Traffic tagging resulting in end-to-end correlation (are there any ways to do this with current Tor?) -Sniffing for hidden service addresses by becoming a hidden service directory and logging all the onion addresses you observe -Inserting relays strategically so they become hidden service directories of a specific hidden service, then denying access to it -Flooding the network with fake hidden services until the hidden service directories can no longer handle them all and run out of memory -Tracking techniques (e.g. cookies, fingerprinting) being used for deanonymisation when the same browser is used for Tor and non-Tor browsing -Tracking clients between exit relays via techniques such as fingerprinting
-Application layer attacks
	-Exploiting underlying browsers and applications
	-Taking advantage of insecure protocols being used such as BitTorrent
-Getting clients to download and open files that call home with applications that aren't configured to use Tor (e.g. what I heard happened with the FBI pedo hacks or a trojan) -Embedding yourself in the Tor community then advocating design decisions or inserting code that weakens Tor -Same as above except for protocols and software that Tor relies upon such as encryption standards and libraries -Taking advantage of existing weaknesses or back-doors in software that Tor replies upon (Heartbleed) -Providing unofficial versions of Tor that contain back doors (as I assume is what is happening on mobile app stores, which are filled with unofficial Tor) -Hacking the official Tor file servers to distribute back-doored versions of Tor -Finding out what websites (and maybe hidden services) an improperly configured client is looking at by examining the DNS requests they make -Breaking of encryption (in the theoretical situation that you have a computer powerful enough to do this, such as a quantum computer) -Identifying Tor users and hacking them (isn't this what the FBI intends to do from now on?)
-Social engineering
	-Ruin the reputation of tor
		-It was invented by and funded by the government, therefore:
			-It's contains back-doors
			-It's a honey-pot
-The FBI arrests paedophiles who use Tor every other day, obviously it's not secure -Using it will make you a target. You connect once and you're a person of interest for the rest of eternity; you'll have NSA agents reading your email and CIA agents going through your trash
		-Only criminals use Tor
-How could something that is free be more secure than something that costs money? Use a VPN
	-Ruin the reputation of developers
-Encourage the project to get overly political on unrelated issues, dividing the community -Dictate that certain kinds of research cannot be done about Tor so that vulnerabilities will never be discovered and fixed
-Government or ISP blocking of Tor (e.g. the Great Firewall)
-Making use of Tor a crime
-Websites blocking Tor exit relays or crippling Tor users' ability to use the site -Have law enforcement and copyright holders harass exit relay owners until they shut down
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to