Tor

From Wikispooks
Jump to navigation Jump to search

Concept.png Tor 
(Webbrowser,  software,  mass surveillance?)Rdf-entity.pngRdf-icon.png
TOR router.png
Typesoftware
Start2002-09-20
Interest of• Jacob Applebaum
• Roger Dingledine
• Matt Edman
• Yasha Levine
• John Young
A piece of software developed and made by the US Navy and DARPA which claims to offer security and privacy online. CIA withholding FOIA-requests on their work with it indicates it might be honey trap.

Tor is an acronym from The Onion Router, a piece of open source software developed by the US military to complicate identity detection online. Widely used, its de facto cryptographic security remains a matter of debate. In September 2014, the CIA refused a FOIA request on the ground of exemptions b1 (classified information pertaining to an Executive Order) and b3 (information that another federal statute protects).[1] The FBI was more responsive in 2015.[2]

Official narrative

TOR directs Internet traffic through a free, worldwide, volunteer network consisting of over 6000 relays. It is routed through several such routers, and users strong cryptography which provides effective anonymity. An extract of a top secret appraisal by the NSA characterized Tor as "the King of high-secure, low-latency Internet anonymity" with "no contenders for the throne in waiting".[3]

History

A cartogram illustrating Tor usage

The core principle of Tor, "onion routing", was developed in the mid-1990s by United States Naval Research Laboratory employees, mathematician Paul Syverson and computer scientists Michael G. Reed and David Goldschlag, with the purpose of protecting U.S. intelligence communications online. Onion routing was further developed by DARPA in 1997.[4][5][6]

The origins of Tor go back to 1995, when military scientists at the Naval Research Laboratory began developing cloaking technology that would prevent someone’s activity on the Internet from being traced back to them. They called it “onion routing” — a method redirecting traffic into a parallel peer-to-peer network and bouncing it around randomly before sending it off to its final destination. The idea was to move it around so as to confuse and disconnect its origin and destination, and make it impossible for someone to observe who you are or where you’re going on the Internet.

Onion routing was like a hustler playing the three-card monte with your traffic: the guy trying to spy on you could watch it going under one card, but he never knew where it would come out.

The technology was funded by the Office of Naval Research and DARPA. Early development was spearheaded by Paul Syverson, Michael Reed and David Goldschlag — all military mathematicians and computer systems researchers working for the Naval Research Laboratory, sitting inside the massive Joint Base Anacostia-Bolling military base in Southeast Washington, D.C.

The original goal of onion routing wasn’t to protect privacy — or at least not in the way most people think of “privacy.” The goal was to allow intelligence and military personnel to work online undercover without fear of being unmasked by someone monitoring their Internet activity.

“As military grade communication devices increasingly depend on the public communications infrastructure, it is important to use that infrastructure in ways that are resistant to traffic analysis. It may also be useful to communicate anonymously, for example when gathering intelligence from public databases,” explained a 1997 paper outlining an early version of onion routing that was published in the Naval Research Labs Review.

In the 90s, as public Internet use and infrastructure grew and multiplied, spooks needed to figure out a way to hide their identity in plain sight online. An undercover spook sitting in a hotel room in a hostile country somewhere couldn’t simply dial up CIA.gov on his browser and log in — anyone sniffing his connection would know who he was. Nor could a military intel agent infiltrate a potential terrorist group masquerading as an online animal rights forum if he had to create an account and log in from an army base IP address.

That’s where onion routing came in. As Michael Reed, one of the inventors of onion routing, explained: providing cover for military and intelligence operations online was their primary objective; everything else was secondary:

The original *QUESTION* posed that led to the invention of Onion Routing was, “Can we build a system that allows for bi-directional communications over the Internet where the source and destination cannot be determined by a mid-point?” The *PURPOSE* was for DoD / Intelligence usage (open source intelligence gathering, covering of forward deployed assets, whatever). Not helping dissidents in repressive countries. Not assisting criminals in covering their electronic tracks. Not helping bit-torrent users avoid MPAA/RIAA prosecution. Not giving a 10 year old a way to bypass an anti-porn filter. Of course, we knew those would be other unavoidable uses for the technology, but that was immaterial to the problem at hand we were trying to solve (and if those uses were going to give us more cover traffic to better hide what we wanted to use the network for, all the better…I once told a flag officer that much to his chagrin).[7]

Developers

The alpha version of Tor, developed by Syverson and computer scientists Roger Dingledine and Nick Mathewson[8] and then called The Onion Routing project, or TOR project, launched on 20 September 2002. On 13 August 2004, Syverson, Dingledine and Mathewson presented "Tor: The Second-Generation Onion Router" at the 13th USENIX Security Symposium. In 2004, the Naval Research Laboratory released the source code for Tor under a free license, and the Electronic Frontier Foundation (EFF) began funding Dingledine and Mathewson to continue its development.[8]

Matt Edman, who worked with the Tor Project for a year until 2009, was subsequently employed by a defence contractor working for the FBI to develop anti-Tor malware.[9]

Wikileaks

Julian Assange, who founded Wikileaks stated in 2006 that he had already "received over one million documents from 13 countries". The New Yorker and then Wired both claimed that these were not knowingly submitted to the site, but captured by him since as he ran a modified Tor exit node, and the documents had been entrusted to the Tor network.[10][11] Asked to clarify whether this was true by The Register, Assange denied the charge, stating that "The imputation is incorrect. The facts concern a 2006 investigation into Chinese espionage one of our contacts were involved in. Somewhere between none and handful of those documents were ever released on WikiLeaks. Non-government targets of the Chinese espionage, such as Tibetan associations were informed (by us)."[12]

Concerns

Hundreds of Tor Relays are Being Used to De-anonymize Users - Mental Outlaw

Cryptographic security and possible exploits of software aside, the Tor network, the way it is currently operating, is not able to ensure the anonymity for all of its users against an adversary that can monitor large portions of the Internet traffic.

Although Tor is an open source project, the history of the software, its popularity - and the fact that the US government continues to fund it - raises a major red flag. In February 2018 the journalist Yasha Levine has released e-mail communication received through FOIA dating back to 2007 from Tor founder Dingledine to his contacts at the Broadcasting Board of Governors about a technical problem concerning TLS connections which made Tor traffic stand out from all the rest and made it easy to fingerprint and single out people who were using Tor from the background data noise of the internet.[13] According to Levine it took years for the Torproject to communicate the problem through their official channels.

Purposes

“The United States government can’t simply run an anonymity system for everybody and then use it themselves only. Because then every time a connection came from it people would say, “Oh, it’s another CIA agent.” If those are the only people using the network.”
Roger Dingledine (2004)  [14]

Several individual hackers have developed methods to somewhat compromise the supposed anonymity it provides, and its does not seem unlikely that the NSA has a suite of software designed to unmask Tor users. If this is in fact the case, then Tor is in fact worse than useless, as it draws attention to the user.[15][16][17]

A FOIA request to the FBI by the Black Vault indicated a June 2013 record indicating that the FBI was concerned about Onion Pi, an implementation of Tor for the Raspberry Pi, observing that although it "improves the ease and portability of accessing the Tor network, it is too early to tell whether extremist actors will widely adopt the device to conceal nefarious activity."[18]

Hacks

Tor network.png

TOR routes internet traffic through many computers and uses multiple layers of cryptography. The last step (handled by an exit node) is of qualitatively different to the other steps. A lot of attacks against the Tor software focus on exit nodes.

A 2013 research paper came to conclude that: '80% of all types of users may be deanonymized by a relatively moderate Tor-relay adversary within six months' - with far greater success the more resources are available.[19] In 2013 Gizmodo reported that the FBI admitted "hacking into the tor network" to collect users' IP addresses.[20]

In 2015, Roger Dingledine accused Carnegie Mellon University of providing its Tor-breaking research in secret to the FBI in exchange for a payment of “at least $1 million.”[21]

In July 2016, researchers announced that over 72 days they had found at least 110 malicious Tor nodes which were spying on hidden services.[22]

Deanonymization

In 2019, a hack revealed that the FSB was paying SyTech to work on de-anonymising Tor.[23]


 

A Tor victim on Wikispooks

TitleDescription
DilawarA taxi driver who was in the wrong place at the the wrong time. Tortured while in US custody and dead within the week. A leaked autopsy revealed "homicide", but the US authorities have not taken any action in this regard.

 

Related Quotations

PageQuoteAuthorDate
CryptomeCryptome raises serious questions that nobody else on the left or in the media want to talk about, including how Omidar has created a business from Snowden's cache; what exactly Snowden may have been doing while he was working for the CIA prior to his time at NSA (and what else he may have been doing at NSA itself); and why Snowden and The Intercept continue to proselytize for Tor, the anonymization tool, despite its massive funding from the U.S. government, the Pentagon and the national security state.”Tim ShorrockFebruary 2016
Roger Dingledine“The United States government can’t simply run an anonymity system for everybody and then use it themselves only. Because then every time a connection came from it people would say, “Oh, it’s another CIA agent.” If those are the only people using the network.””Roger Dingledine2004
Many thanks to our Patrons who cover ~2/3 of our hosting bill. Please join them if you can.



References

  1. http://documents.theblackvault.com/documents/cia/cia-torbrowser.pdf
  2. https://www.wired.com/2014/12/fbi-metasploit-tor/
  3. http://www.theguardian.com/world/interactive/2013/oct/04/tor-high-secure-internet-anonymity
  4. Fagoyinbo, Joseph Babatunde (2013-05-24). The Armed Forces: Instrument of Peace, Strength, Development and Prosperity. AuthorHouse. ISBN 9781477226476. Retrieved 29 August 2014
  5. Leigh, David; Harding, Luke (2011-02-08). WikiLeaks: Inside Julian Assange's War on Secrecy. PublicAffairs. ISBN 1610390628. Retrieved 29 August 2014.
  6. Ligh, Michael; Adair, Steven; Hartstein, Blake; Richard, Matthew (2010-09-29). Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code. John Wiley & Sons. ISBN 9781118003367. Retrieved 29 August 2014.
  7. https://web.archive.org/web/20140717204616/http://pando.com/2014/07/16/tor-spooks/
  8. a b http://pando.com/2014/07/16/tor-spooks/
  9. http://www.techeye.net/news/tor-developer-helps-spooks-hack-tor
  10. http://www.newyorker.com/magazine/2010/06/07/no-secrets
  11. http://www.wired.com/2010/06/wikileaks-documents/
  12. http://www.theregister.co.uk/2010/06/02/wikileaks_tor_snooping_denial/
  13. https://surveillancevalley.com/blog/claim-tor-does-not-provide-backdoors-to-the-u-s-government
  14. https://web.archive.org/web/20140717204616/http://pando.com/2014/07/16/tor-spooks/
  15. http://www.zdnet.com/article/fbi-used-hacking-team-services-to-unmask-tor-user/#!
  16. https://hackertarget.com/tor-exit-node-visualization/
  17. http://motherboard.vice.com/en_ca/read/badonion-honeypot-malicious-tor-exit-nodes
  18. http://documents.theblackvault.com/documents/fbifiles/FBI-Tor.pdf
  19. http://archive.is/9riI3
  20. http://gizmodo.com/the-fbi-just-admitted-to-hacking-into-the-tor-network-1310273550
  21. http://www.wired.com/2015/11/tor-says-feds-paid-carnegie-mellon-1m-to-help-unmask-users
  22. https://motherboard.vice.com/read/over-100-snooping-tor-nodes-have-been-spying-on-dark-web-sites
  23. https://www.zdnet.com/article/hackers-breach-fsb-contractor-expose-tor-deanonymization-project/
Retrieved from "https://wikispooks.com/w/index.php?title=Tor&oldid=310710"