Rogue Nodes Turn Tor Anonymizer Into Eavesdropper's Paradise (Wired) [LWN.net]

As should probably be obvious to anyone who thinks about it, Tor (aka The Onion Router) exit nodes can see unencrypted traffic sent through that network. A Swedish security researcher signed up five servers as exit nodes and analyzed the the traffic that passed through them. Wired has coverage of the kinds of information he was able to see. "Victims of Egerstad's research project included embassies belonging to Australia, Japan, Iran, India and Russia. Egerstad also found accounts belonging to the foreign ministry of Iran, the United Kingdom's visa office in Nepal and the Defence Research and Development Organization in India's Ministry of Defence."

(Log in to post comments)

PEBCAK

Posted Sep 10, 2007 15:41 UTC (Mon) by moltonel (guest, #45207) [Link]

It is really disturbing to learn that people who have some level of
security awareness (since they use tor) would ignore the basic principle
of encrypting the data.

Perhaps tor needs to put an even more visible warning explaining the
difference between anonymity and encription ?

PEBCAK

Posted Sep 10, 2007 19:34 UTC (Mon) by bni (guest, #27103) [Link]

Maybe it is different people managing the web mail or whatever that is allowing plain unencrypted http.

Those are the guys that has really caused this.

Just replace "tor" with "network hardware found at ISPs" in this story and you have the same problem (ISP network admins could be the really bad guys).

PEBCAK

Posted Sep 11, 2007 18:15 UTC (Tue) by smoogen (subscriber, #97) [Link]

I would actually say that they had very little security awareness. Tor provides privacy... not security. They are related concepts in some ways, but one does not provide the other.

PEBCAK

Posted Sep 20, 2007 11:21 UTC (Thu) by arcticwolf (guest, #8341) [Link]

Actually, Tor provides anonymity, not privacy. They are related concepts in some ways, but one does not provide the other. ;)

Way to go, Tor!

Posted Sep 10, 2007 16:24 UTC (Mon) by zooko (subscriber, #2589) [Link]

I had no idea that Tor had this kind of widespread user base. That's great! The fatal flaw of Tor's ancestors (anonymity services) has always been that people didn't use them. This shows that Tor has overcome that problem.

Way to go, Tor!

Posted Sep 10, 2007 20:31 UTC (Mon) by eru (subscriber, #2753) [Link]

What I'm wondering is why these embassy officials really were using Tor in the first place? Perhaps for hiding tracs when peeking at dissident web sites (or naughty pics), but how would their official email account and password get revealed doing that?

Way to go, Tor!

Posted Sep 11, 2007 0:28 UTC (Tue) by ewan (subscriber, #5533) [Link]

Presumably they were connecting to the embassy systems from somewhere
else, and logging in to collect their email. They may have been using Tor
to hide the destination from the operators of the network they were
connecting from, or (less likely) hide the source of the connection from
the embassy.

Or it might not have been the actual account owners, but the secret
services of other countries using Tor to hide their identities.
</conspiracy theory>

Way to go, Tor!

Posted Sep 11, 2007 18:18 UTC (Tue) by smoogen (subscriber, #97) [Link]

My guess is that it was more likely the personell were using it to 'hide' traffic that they didn't want to get caught by the use/abuse programs. E.G. it seems to be common to use it to get around porn filters and then forget that it does all traffic.