• User-uploading of files is now fully enabled!! Check out our full announcement for details.

    All accounts with 0 posts on them have been purged. If you are coming back to us after a long time and you find you can't log in, then that would probably be why.

German Police Have (Potentially) Compromised The TOR Network

Arnox

Master
Staff member
Founder
Messages
5,658
From: https://www.theregister.com/2024/09/19/tor_police_germany

The Tor project has insisted its privacy-preserving powers remain potent, countering German reports that user anonymity on its network can be and has been compromised by police.

A report by German news magazine program Panorama and YouTube investigative journalism channel STRG_F claims that the German Federal Criminal Police Office (BKA) and the Public Prosecutor General's Office in Frankfurt am Main were able to identify at least one Tor user after carrying out network surveillance.

The report mentions “timing analysis” as the key to identifying Tor users. “Timing individual data packets, anonymised connections can be traced back to the Tor user, even though data connections in the Tor network are encrypted multiple times,” the report states – sadly without explanation of how the technique works.

Tor offers enhanced anonymity for users of its network by routing their traffic through a so-called dark-web of nodes so that the true origin of a connection is obfuscated. Traffic sent to Tor is wrapped in layers of encryption and first reaches an “entry” or “guard” node. Traffic then bounces through at least three servers chosen at random – aka “relays" – before returning to public networks via an “exit node” or connecting to a .onion service. That process hides the source of a connection, and makes it harder to observe what a particular user is doing online just from their network traffic.

Observing long-term usage trends, as suggested by the “timing analysis” methodology, could perhaps erode Tor’s potency by giving observers clues about users who send traffic into the network. Essentially, for instance, someone could add nodes to the Tor network and note the timing of packets observed going in and packets seen coming out. After a while, these timings may help give away who is connecting to a particular .onion service.

Matthias Marx, a spokesperson for famed European hacker collective the Chaos Computer Club (CCC), lent credence to the method by telling the news outlets the available evidence – documents and other information sourced by the journos – "strongly suggest that law enforcement authorities have repeatedly and successfully carried out timing analysis attacks against selected Tor users for several years in order to deanonymize them.”

The Tor Project, while conceding it hasn't seen all the documents involved despite asking the reporters for them, believes German police were able to unmask a Tor user due to that person's use of outdated software as opposed to the plod exploiting some unknown vulnerability or similar.

The German report claims the timing analysis attack was used during investigations into an individual known as “Andres G”, the suspected operator of a .onion website called Boystown that hosted child sex abuse material (CSAM).

“G” allegedly used the anonymous messaging app Ricochet that passes data between senders and recipients over Tor. More specifically, it's said that he used a version of the chat program that failed to secure its Tor connections against the timing-based deanonymization methods used by the police.

The report says German authorities secured the cooperation of carrier Telefónica, which provided data on all O2 customers who connected to a known Tor node. Matching that info with observations of Tor timing info allowed authorities to identify “G”, who was arrested in North Rhine-Westphalia, charged, convicted, and jailed for years in 2022.

Tor has argued that method does not indicate its service is flawed.

The org has instead advanced a theory that by using the insecure Ricochet, “G” was caught by a guard discovery attack. In short, that means the cops were to able to figure out the entry or guard node he was using to send data over the Tor network. The police can ask Telefónica to list the subscribers who connected to that guard, and deduce the identity of the Tor user.

Tor claims that "G" probably used an old version of Ricochet that did not include protections against such attacks. "This protection exists in Ricochet-Refresh, a maintained fork of the long-retired project Ricochet, since version 3.0.12 released in June of 2022," Tor’s write-up states.

"For timing analysis of traffic, you do need to compromise a guard node, since it's the first in the Tor circuit and can see the IP address of the user," Bill Budington, senior staff technologist at EFF, told The Register. If the guard cannot be directly compromised, network timings can be obtained to complete the surveillance.

Tor users are concerned that the network could be overwhelmed with police-controlled nodes that would compromise anonymity. But the number of nodes required to do this would need to be huge. The Tor Project acknowledged that it has seen an uptick in exit nodes being deployed – over 2,000 of late – but claimed this isn't anything to worry about.

"The claim that the network is 'not healthy' is simply not true," Tor's PR director Pavel Zoneff told The Register.

"The Network Health team has implemented processes to identify possible large groups of relays that are suspected to be managed by single operators and bad actors, and not allow them to join the network. As a result, it has flagged numerous bad relays for removal, which then got banned by the Directory Authorities. Many of those likely posed no real threat to users," he said.

The project has also called for help in understanding exactly what the police did. "We need more details about this case," the team said. "In the absence of facts, it is hard for us to issue any official guidance or responsible disclosures to the Tor community, relay operators, and users."

For now the message is: "Don't panic." ®

Long outdated software is blamed, but still, TOR authorities are not completely 100% sure until the police fully detail the attack they used. In any case, I'm posting the story here and letting you all make your own conclusions.
 
bold of you to assume the nsa/cia/fbi/ don't already have their fingers deep in tor
 
Mfw timing analysis mentioned in the year of our lord anything after 1976:
When I thought about this I realized that any dynamically shared resource is a channel. If a process sees any different result due to another process's operation, there is a channel between them. If a resource is shared between two processes, such that one process might wait or not depending on the other's action, then the wait can be observed and there is a timing channel.

Closing the channel Bob demonstrated would be difficult. The virtual memory machinery would have to do extra bookkeeping and extra page reads. To close the CPU demand channel, the scheduler would have to preallocate time slots to higher levels, and idle instead of making unneeded CPU time available to lower levels.
 
Back
Top