November 19, 2007
Tor Traffic Apparently Compromised
One of the inventions of the privacy and anonymity crowd on the Internet is the Tor network. All traffic is encrypted and sent over circuitous routes to maintain the secrecy of content and sender. Sounds like the perfect thing to keep dissidents out of the hands of hostile governments who stifle democracy. Could we be thinking of China, perhaps? Sounds great until we come across the case of one Dan Egerstad. He pulled off a neat little trick that exposed a weakness in Tor and possibly one that is being exploited by government sponsored intelligence agencies.
Egerstad apparently set up five Tor exit nodes in Europe, Asia, and the United States. Traffic coming off the nodes becomes unencrypted and easily intercepted. Egerstad did this and posted about 1,000 login account details for embassies, corporations, and human rights organizations. The web site has been taken down.
Sweden, however, took an interest in Egerstad when it received complaints from at least two foreign countries. One is reported to be China. Speculation is that the traffic Egerstad picked up was possibly that hacked by a foreign intelligence agency and monitored over Tor. He was merely reading the same traffic as diverted by the spy.
This suggests that the encrypted and anonymous network as a weapon of democracy can fall a little short if governments put effort into attacking its weaknesses. If China indeed monitors Tor traffic, dissidents would not be shielded from the regime. The United States probably has some interest in this as well for the same intelligence reasons as anyone else. I'll just add, though, how ironic it is that one one hand Congress can rail against the companies such as Yahoo for cooperating with China in dissident prosecutions while considering immunity for U.S. telecoms who routinely (allegedly) turn over the entire Internet stream to the National Security Agency without a court order. If anyone is using Tor, be advised that a government, somewhere, is probably trying to listen in, and probably with some success.
November 19, 2007 | Permalink
TrackBack URL for this entry:
Listed below are links to weblogs that reference Tor Traffic Apparently Compromised: