Re: [tor-talk] Tor spying

[Andrew Lewman <andrew@xxxxxxxxxxxxxx>]

On Wednesday, September 07, 2011 22:21:21 Indie Intel wrote:
> Apparently people are spying on Tor users by setting up their own exit
> nodes and sniffing traffic?!

Yes, as noted, this is old news.  Go back even further in time and you'll see 
a string of people wanting attention at 'hacker cons' by presenting nothing 
more than 'i ran wireshark on my exit relay and look what I found! aren't I 
super hacker cool?' Throwing the words 'tor network' into your presentation or 
talk title are fine ways to get listed, get press, and pretend you are a super 
hacker to those who don't know any better.

Moxie however, does have many skills, and doesn't need to pretend.  He ran an 
exit node with sslstrip enabled, which would essentially phish the users.  
From the Forbes story mentioned in your original email, 

"By hosting the substituted fraud site at an arbitrary HTTPS address and 
adding a look-alike series of characters to the front of the URL, a user's 
browser can be tricked into showing all the signs of an HTTPS site."  

Say sslstrip replaced https://www.paypal.com with 
https://www.paypal.com.ijjk.cn with a valid cert for *.ijjk.cn. Many users 
won't notice the ruse.  They think they have a lock icon, and see 
www.paypal.com in their URI bar. So clearly, this is the real paypal.

Many of the current browsers display the domain name of the ssl cert in 
response to these sorts of phishing attacks, so today, the user would see 
ijjk.cn in the green or blue ssl cert portion and then notice it says 
www.paypal.com next to it. That should tip you off that something is wrong.

There are far more sophisticated attacks with ssl and phishing around, but 
almost all of them rely on tricking the unwary user.

The general answer we give about Tor exit nodes is as follows:

Yes, the guy running the exit node can read the bytes that come in and out 
there. Tor anonymizes the origin of your traffic, and it makes sure to encrypt 
everything inside the Tor network, but it does not magically encrypt all traffic 
throughout the Internet.

This is why you should always use end-to-end encryption such as SSL for 
sensitive Internet connections. (The corollary to this answer is that if you 
are worried about somebody intercepting your traffic and you're *not* using end-
to-end encryption at the application layer, then something has already gone 
wrong and you shouldn't be thinking that Tor is the problem.)

Tor does provide a partial solution in a very specific situation, though. When 
you make a connection to a destination that also runs a Tor relay, Tor will 
automatically extend your circuit so you exit from that circuit. So for 
example if Indymedia ran a Tor relay on the same IP address as their website, 
people using Tor to get to the Indymedia website would automatically exit from 
their Tor relay, thus getting *better* encryption and authentication 
properties than just browsing there the normal way. 

> This Moxie Marlinspike is even a well-respected researcher, apparently. He
> gives talks at Blackhat to government hacker wannabes. But stealing email
> passwords and credit card information? How is this legal in the US?

It's not legal, assuming it was run in the US, EU, etc. See 
https://www.torproject.org/eff/tor-legal-faq.html.en#ExitSnooping. Of course, 
botnets and phishing aren't legal either, but that hasn't stopped their growth 
into the tens of millions of infected machines.

> The more I research this, the more it seems this sort of ``research'' is
> more common than not. Wikileaks, Jacob Appelbaum, Adrian Lamo, Moxie
> Marlinspike... who else? Iran?!

For the wikileaks/jacob rumors, we have this answer, 
https://blog.torproject.org/blog/plaintext-over-tor-still-plaintext.  In fact, 
it's a fine answer for anyone who worries their non-encrypted traffic is 
traversing the Internet.  We've helped write https everywhere with the EFF to 
help encrypt the traffic end to end, https://www.eff.org/https-everywhere/

The recent DigiNotar, Comodo, and possibly other CAs breaks are a different 
sort of attack.  We don't have all of the details, one of the certs handed out 
by DigiNotar is *.*.com.  This means www.amazon.com, www.facebook.com, and 
well, anything .com could be spoofed.  This is unrelated to Tor. 

However, if a government ran an exit node, and inserted their fake *.*.com 
certificate into the traffic, how would users know that their credit agency 
website, https://www.experian.com/, is the real one or not?  Try and call up 
Experian and ask for their SSL certificate serial number and fingerprint.  I 
tried. I was routed to security because they thought I hacked their website, 
see https://blog.torproject.org/blog/life-without-ca for more details.

How do you know you're talking to the real torproject.org for that matter?  
Well, for starters, we publish our SSL cert fingerprints, 
https://www.torproject.org/docs/faq.html.en#SSLcertfingerprint. Other than 
that, how do you know? Current versions of Mozilla and Chrome, and maybe IE9, 
hard code our ssl cert fingerprint into their browser so if the cert doesn't 
match, you'll get a warning message.

How far down the rabbit hole shall we go?  Let's start with 'trusting trust' 
by Ken Thompson and work our way up to the current state of CAs today. 

https://secure.wikimedia.org/wikipedia/en/wiki/Backdoor_%28computing%29#Reflections_on_Trusting_Trust

Moxie is a smart guy, his answer to the CA issues, and therefore his own 
sslsniff/sslstrip attack is currently http://convergence.io/. I think Moxie's 
on the list, he can reply as well.

-- 
Andrew
pgp 0x74ED336B
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk