Many people use the Tor privacy service to cloak their identities online. But Tor developers have uncovereda flaw in the service's software — akin to a hole in the cloak — as well as evidence that someone may have been peering through those holes to uncover the identities of Tor's users.
In a blog posting yesterday (July 30), Tor developers said anyone who used the network between February and July 4, 2014 should assume they had been compromised. Those unmasking Tor users are thought to be researchers at Carnegie Mellon University in Pittsburgh, who are known to have been conducting an experiment on the Tor network, but this has not been confirmed by CMU officials.
The issue arises from a group of malicious relays, or servers hosted by volunteers, that make up the Tor privacy network, a sort of dark area in the Internet. All the attacking relays joined the Tor network on January 30, and all of them began to try to deanonymize users in early February.
The Internet in general works like a sort of maze, sending users' traffic on a varied route through many different servers before it reaches its final destination. Tor essentially turns off the lights in part of the maze so that observers can't see where traffic is going or where it's come from, and Tor users won't know through which Tor relays their traffic passed through at any given time.
Before data is sent through the Internet, it's chopped up into small chunks, each of which is bundled into a "packet" encapsulated by delivery information comprised of "headers" — just as a letter would be placed into an envelope bearing a destination address and a return address.
Like some other Internet protocols, Tor encrypts the data payload of the packet. But Tor goes a step further by encrypting the headers as well — akin to encrypting the destination and return address on an envelope — thus hiding the letter's sender and intended receiver. No Tor relay can see the full delivery information of any given packet.
The attacking Tor relays were modifying the encrypted headers of the packets that passed through them, in order to do two different types of attacks: traffic-confirmation attacks and Sybil attacks.
In a traffic-confirmation attack, an attacking relay would inject a signal into a packet, and then another attacking relay later in the packet's journey would receive that signal. The attacking relays would secretly communicate with each other, comparing information about the packets that had passed through them (which relays are not supposed to do).
So if one attacking relay had learned the Internet Protocol address of the original sender, and another attacking relay had learned the packet's intended destination, the relays might be able to recreate the packet's original header information.
In their blog posting, Tor developers described the method of this attack as "actually pretty neat from a research perspective," because it operated differently from previous traffic-confirmation attacks.
The Sibyl attack, named after the famous case of a woman with multiple personalities, was more conventional: The relays forged their identities in the Tor relay network. The Tor Project blog says that Tor officials actually noticed these forged relays when they joined the network, but decided they didn't pose a significant threat.
"It's clear there's room for improvement in terms of how to let the Tor network grow," the post read.
What does this all mean for Tor users? Even the Tor developers aren't entirely sure yet.
"It's still unclear what 'affected' includes," reads the post on The Tor Project's blog.
The developers said the attacking relays seemed to have been looking for users who were accessing Tor hidden-service descriptors, or lists of websites that can be reached only through Tor, not through the regular Web. The recently closed Silk Road illegal-drug marketplace was one such hidden service.
"The attack probably also tried to learn who published hidden-service descriptors, which would allow the attackers to learn the location of that hidden service," the post continues.
The Tor Project blog post says the attackers were probably not able to see which pages Tor users visited, or if they accessed hidden services.
The attackers may also have been able to trace a packet from its source (i.e. a Tor user's computer) to its destination (the Web page the user is trying to anonymously access), thus entirely deanonymizing that packet. However, the Tor researchers say that none of the attacking relays appear to be exit nodes (the final relays that packets hit in the Tor network before re-entering the regular Internet), so this kind of deanonymization probably didn't occur.
Meanwhile, Tor has released an update for its relay software: 0.2.4.23 or 0.2.5.6-alpha. People who operate Tor relays should upgrade to this newest version as soon as possible. An upgrade to the Tor browser plugin for regular Tor users is also on its way. Meanwhile Tor also recommends that people who operate hidden services should move them.
A group of Carnegie Mellon researchers had planned to give a presentation entitled "You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget," at the Black Hat security conference in Las Vegas next week. That caused Tor developers to search for bugs the researchers were apparently exploiting — which the developers now believe have been patched.
Last week, the Carnegie Mellon team abruptly cancelled its talk without explanation. Tor developers say they've asked Carnegie Mellon officials if the university was behind the attacking nodes it identified on July 4, but so far, Carnegie Mellon has not confirmed anything.
Carnegie Mellon jointly operates the United States Computer Emergency Response Team (US-CERT) with the Department of Homeland Security. But to muddle any conspiracy theories, Tor itself began as a U.S. Navy project and is now a Cambridge, Mass.-based nonprofit that receives most of its funding from U.S. government agencies. (Earlier this week, the Russian government announced a cash reward for methods to unmask Tor users.)
Carnegie Mellon can be trusted not to use any data it gleaned through such an experiment for malicious purposes. However, the Tor operators say that these attacks may have also opened up a means for other attackers to deanonymize Tor traffic.
"Due to the way the attack was deployed... their protocol-header modifications might have aided other attackers in deanonymizing users too," the blog post reads.
Tor's users include cybercriminals, political dissidents, businesspeople protecting trade secrets and privacy advocates. If this attack does help other kinds of attackers — such as security agencies, spies or oppressive governments — break Tor's anonymity, all Tor users may be at risk.
Many other questions still remain. Tor officials don't know if they've identified all the attacking relays, or what is happening to the data that was presumably collected during these attacks.
- Best Free PC Antivirus Software 2014
- How Your Next Hotel Room Could Be Hacked
- 9 Tips to Stay Safe on Public Wi-Fi
Jill Scharr is a staff writer for Tom's Guide. She covers security, 3D printing and video games, and likes to make Tor-turous puns whenever possible. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.