French researchers from ESIEA, a French engineering school, have found and
exploited some serious vulnerabilities in the TOR network. They performed
an inventory of the network, finding 6,000 machines, many of whose IPs are
accessible publicly and directly with the system's source code. They
demonstrated that it is possible to take control of the network and read
all the messages that circulate.
But there are also hidden nodes, the Tor Bridges, which are provided by the
system that in some cases. Researchers have developed a script that, once
again, to identify them. They found 181. "We now have a complete picture of
the topography of Tor," said Eric Filiol.
The specific attack involves creating a virus and using it to infect such
vulnerable systems in a laboratory environment, and thus decrypting traffic
passing through them again via an unknown, unmentioned mechanism. Finally,
traffic is redirected towards infected nodes by essentially performing a
denial of service on clean systems.
Researchers showed that one third of the nodes are vulnerable, "sufficient
in all cases so that we can easily infect and obtain system privileges,"
says the director. Researchers clone then a part of the network in order
not to touch the real network, and they make a virus with which they will
be able to take control of the machine."This allows us to set the
encryption keys and readers initialization of cryptographic algorithms and
thus cancel two layers of encryption on all three," says Eric Filiol. The
remaining flow can then be decrypted via a fully method of attack called
"to clear unknown" based on statistical analysis.
To guide communication to nodes infected, researchers make unavailable all
other nodes. To do this, they apply a double attack: localized congestion,
which involves sending a large number of requests Tor on uninfected
machines, and spinning the packet, which will enclose Tor servers in a loop
circuit to fill them. The Tor protocol will then, naturally, to route calls
to infected machines, and that's it.
However, if it is real, details are to be presented at Hackers to Hackers
in S?o Paulo on October 29/30-2011. TOR is no more than an additional layer
of obfuscation and should not be relied upon for anonymity or security.
Like any darknet, it is a complement to application-layer encryption and
authentication, no more.