Tor anonymizing network Compromised by French researchers
The Hacker News

French researchers from ESIEA, a French engineering school, have found and exploited some serious vulnerabilities in the TOR network. They performed an inventory of the network, finding 6,000 machines, many of whose IPs are accessible publicly and directly with the system's source code. They demonstrated that it is possible to take control of the network and read all the messages that circulate.

But there are also hidden nodes, the Tor Bridges, which are provided by the system that in some cases. Researchers have developed a script that, once again, to identify them. They found 181. "We now have a complete picture of the topography of Tor," said Eric Filiol.

The specific attack involves creating a virus and using it to infect such vulnerable systems in a laboratory environment, and thus decrypting traffic passing through them again via an unknown, unmentioned mechanism. Finally, traffic is redirected towards infected nodes by essentially performing a denial of service on clean systems.

Researchers showed that one third of the nodes are vulnerable, "sufficient in all cases so that we can easily infect and obtain system privileges," says the director. Researchers clone then a part of the network in order not to touch the real network, and they make a virus with which they will be able to take control of the machine."This allows us to set the encryption keys and readers initialization of cryptographic algorithms and thus cancel two layers of encryption on all three," says Eric Filiol. The remaining flow can then be decrypted via a fully method of attack called "to clear unknown" based on statistical analysis.

To guide communication to nodes infected, researchers make unavailable all other nodes. To do this, they apply a double attack: localized congestion, which involves sending a large number of requests Tor on uninfected machines, and spinning the packet, which will enclose Tor servers in a loop circuit to fill them. The Tor protocol will then, naturally, to route calls to infected machines, and that's it.

However, if it is real, details are to be presented at Hackers to Hackers in São Paulo on October 29/30-2011. TOR is no more than an additional layer of obfuscation and should not be relied upon for anonymity or security. Like any darknet, it is a complement to application-layer encryption and authentication, no more.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.