Research and News in Tor, Privacy, and Security – Dec 28th, 2014
This article is part of a weekly series covering developments in Tor and the privacy-related tech world
Thomas White, aka TheCthulhu, has been releasing updates on the recent compromise of his servers. Last week, he reported that he unexpectedly lost control of several servers, which included multiple exit relays and several hidden services. At this time, he has regained access to the servers. He now believes that the compromise was likely not the work of law enforcement, and has (for now) excluded the possibility of direct involvement. It is possible that the “USB device” inserted into the server was actually a KVM reported as a USB device, although this has not been confirmed. The disappearance of certain logs, such as bandwidth information logs, has not been explained. Most servers have been blacklisted from the Tor network, and they will not be brought back online until he has performed a complete analysis.
A group of hackers have announced that they will be, and have already begun, attempting to compromise the Tor network. The group, which calls itself Lizard Squad, posted a message on Twitter announcing that they are testing their “new Tor 0day”. While the group stated that they are employing a zero-day exploit, the attack appears to be a standard Sybil attack. In other words, the attack does not appear to pose an extreme risk to the network. The group may also be targeting directory authorities – ioerror reported that his directory authority suffered a minor DDOS attack. He attributed the attempt to Lizard Squad. The Tor Project released the following statement:
“This looks like a regular attempt at a Sybil attack: the attackers have signed up many new relays in hopes of becoming a large fraction of the network. But even though they are running become a threat, and we don’t expect any anonymity or performance effects based on what we’ve seen so far.”
Damian Johnson announced the release of Stem 1.3. Stem is a Python library for interacting with Tor, and can be used for scripting against a relay or its descriptor data, or even for writing applications such as Vidalia and arm. This version includes better support for working with hidden services, and improves the speed at which relay descriptors can be parsed.
The group of researchers working on collecting statistics about hidden services have asked for relay operators to enable hidden service statistics. They are trying to determine approximately how many hidden services there are, and how much traffic over the Tor network is going to these services. They have written a step-by-step tutorial for enabling the feature.
The 31st annual Chaos Communication Congress (31c3) will be taking place on December 27th through December 30th in Hamburg, Germany. The Chaos Communication Congress is an annual four-day technology conference held by the Chaos Computer Club.
There will be a meet-up for Tor relay operators at the conference that will focus primarily on Torservers.net.
The NSA has released 12 years worth of internal reports after responding to a Freedom of Information Act request. The reports were released late on Christmas Eve – possibly to discourage media attention. The heavily-redacted reports reveal numerous breaches in protocol by the agency, primarily as a result of human error. The reports outline instances of data collected on Americans being emailed to unauthorized recipients, retained after it was supposed to be destroyed, and stored on unsecured computers. In some cases, data continued to be collected on targets even when the target was in the United States. The NSA states that “by emphasizing accountability across all levels of the enterprise, and transparently reporting errors and violations to outside oversight authorities, NSA protects privacy and civil liberties while safeguarding the nation and our allies.”