Tor Exit Nodes Harvest Huge Amounts of Sensitive Information

November 21st, 2007

Relying on Tor for security/anonymity is as dumb as relying on proxy servers. If you read the ugly truth, you already know that.

But, as usual, it’s not that bad, it’s worse.

Dan Egerstad, a Swedish security researcher, set up several Tor servers and used basic traffic analysis techniques to glean lots of foreign government email traffic that was just passing through. Twits were sending clear text email via Tor. HAHA. I know: Tell me another one!

Tor makes it VERY easy to become the man in the middle. Point, click and the next thing you know, total bozos will be compromising themselves in unimaginable ways because they think nobody is watching if they’re using Tor.

Egerstad tried to warn the governments involved. Iran was the only country to express any interest in the issue. Predictably, within days of this information spewing across the Internet, Egerstad was arrested, interrogated and had his computers confiscated.

There are lots of stories about this situation out there, but look at this from heise-security:

Members of the Teamfurry community got curious and took a look at the advertised configurations of a few randomly selected TOR exit-nodes. They stumbled on some extremely interesting results. There are, for example, exit-nodes which only forward unencrypted versions of certain protocols. One such node only accepts unencrypted IMAP and POP connections (TCP ports 143 and 110) and only forwards messenger connections from AIM, Yahoo IM and MSN Messenger if they are received on ports on which traffic is handled as plain text. The same procedure is applied to Telnet and VNC connections, used for remote access to systems. Further, there are systems which are only interested in specific destinations and, for example, exclusively forward HTTP packets bound for MySpace and Google. HTTPS traffic to these destinations is, however, blocked.

These peculiar configurations invite speculation as to why they are set up in this way. The Teamfurry blog declines to go so far as to impute nefarious motives to these nodes. Nevertheless, the report does raise the question of whether users should route personal data via such nodes. It is certainly generally believed that Chinese, Russian and American government agencies operate TOR exit-nodes. Large companies and illegal hacker groups are also thought to operate exit-nodes. Looking through the list of TOR exit-nodes, it is striking that the number of exit-nodes in China and the US has increased disproportionately over the last year.

Tor exit nodes that only forward unencrypted traffic…

* chuckle *

You’ve almost got to feel sorry for anyone who sends clear text data through that thing (thinking it’s secure). The fact that several governments do it, apparently on purpose, is even more hilarious/frightening/absurd.

Don’t work for the NSA?

Set up some Tor servers and you can run your own little ECHELON system. For kids 8 and up only.

Research Credit: JD

Leave a Reply

You must be logged in to post a comment.