[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] GCHQ 'Tor Events' Capture... (scribd.com)

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] GCHQ 'Tor Events' Capture... (scribd.com)
From: Eugen Leitl <eugen@xxxxxxxxx>
Date: Tue, 10 Sep 2013 17:09:30 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 10 Sep 2013 11:11:20 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.21 (2010-09-15)

http://www.reddit.com/r/TOR/comments/1m3jum/gchq_tor_events_capture/

GCHQ 'Tor Events' Capture... (scribd.com)
submitted 3 hours ago by kant_go_on
6 commentssharesavehidereport
all 6 comments
sorted by: best

formatting helpreddiquette
save
[â]kant_go_on[S] 3 points 3 hours ago
Anyone seen this? Although this image provides no technical details, it seems pretty worrying.
permalinkreportgive goldreply
[â]px403 1 point 33 minutes ago
They are likely monitoring all known exit nodes to see what's coming out (from the ISP level). I know most security tools have a "tor only" option, which is used for both illegitimate, and totally legitimate purposes (how does our network react to scans from some random country) etc. I've got to imagine that, in general, watching exit nodes is far more interesting than the rest of the internet. It doesn't mean that it's trivial for them to figure out who is attacking whatever servers, just that those servers are being attacked.
permalinkparentreportgive goldreply
[â]latropf2 2 points 3 hours ago
Where was this posted?
permalinkreportgive goldreply
[â]kant_go_on[S] 2 points 3 hours ago
Found the link in a Slate article posted in /r/privacy, last paragraph: http://www.slate.com/blogs/future_tense/2013/09/09/shifting_shadow_stormbrew_flying_pig_new_snowden_documents_show_nsa_deemed.html
permalinkparentreportgive goldreply
[â]sqrt2 2 points 1 hour ago
The way this article puts it, it looks like GCHQ started keeping records of anyone who encrypts their traffic, and then the Tor interface would probably be an index of connections to the Tor network.
While it demonstrates that they probably have a silly "people who encrypt are probably bad guys" mindset, that by itself doesn't break Tor.
permalinkparentreportgive goldreply
[â]kant_go_on[S] 3 points 1 hour ago
That's true, I guess it's been known since the start of this NSA scandal that they prioritize encrypted traffic, so it could easily be a store of encrypted Tor traffic to store for later analysis (attempts at correlation or cracking, perhaps). But I guess not in itself a sign of successful exploitation.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] GCHQ 'Tor Events' Capture... (scribd.com)
  - From: Andrew Lewman

Prev by Author: Re: [tor-talk] Indirect Tor question
Next by Author: Re: [tor-talk] [Tor-BSD] Running a relay? Update to 0.2.4.17-rc
Previous by thread: Re: [tor-talk] The reasoning behind the 'exit' flag definition
Next by thread: Re: [tor-talk] GCHQ 'Tor Events' Capture... (scribd.com)
Index(es):
- Author
- Thread