Inside the EYE of the TORnado: From Navy spooks to Silk Road

It's hard enough to peel the onion, are you hard enough to eat the core?

The dark side of TOR

Along with more people came the inevitable requests for more questionable content: last year's shutdown of darknet marketplace Silk Road being a high profile example. Security is only as strong as its weakest link. Law enforcement agents have since arrested a person they suspect of being the admin of Silk Road, Ross William Ulbricht. Ulbricht denies the charges.

As it became obvious that IT-aware drug users were buying drugs using the privacy of TOR, the lower dregs of society, paedophiles, were all over it because it provided them with anonymity from law enforcement and from each other. Any leak would have limited repercussions, based solely on what TOR did. Any operation to gather information on them would be much harder, again thanks to the onion protocol.

In fact, a suspect in a case involving Freedom Hosting, which has been linked by the FBI to the creation and distribution of child pornography, was arrested - but, according to security researchers, not by busting Tor itself. Because TOR is encrypted, they say, the FBI was having issues locating their suspect. Researchers speculated that to gain access to a machine belonging to the person suspected of owning the servers, Eric Eoin Marques, the FBI allegedly used a JavaScript exploit in Firefox to gather his real IP addresses.

The Register notes that the federal agency has not admitted to using the zero-day exploit, but rather that security researchers including Hacker News and Brian Krebs hypothesised that it did following a post by the Tor Project on the matter.

The perpetrators of the global Firefox intrusion appeared to be working from an IP address in Virginia.

Marques was arrested in Ireland and is currently awaiting extradition to the US to face charges.

This exploit also came to light independently through users noticing the Javascript exploit in Firefox where they found their real IP addresses being leaked. The existence of the bug was one of many leaks provided to the press by rogue ex-NSA sysadmin Edward Snowden. According to the leaks, Project Egotistical Giraffe, as it was known, was sponsored by the NSA and punched a huge hole in the privacy of the user. This exploit has since been fixed.

The conspiracy theorists would argue that most of the exit nodes are now controlled by the government, as are the hosts. Once an organisation controls a large number of nodes, connecting the dots and tracking the user becomes possible.

However, there are more mundane and above-board people using TOR. Some people just use it to say "Stuff you" to tracking. Some use it to get to sites governments deem unsavoury. Legitimate traffic is plentiful, although no one has ever looked into the distribution of "good" versus "bad" traffic.

All this may sound like an awesome way to get back at the Man, who is, it would seem, currently hooked on your traffic. However, as with running any service that has perceived grey areas in the eyes of the law, it can lead to a door knock or worse (as described here).

For the real nerds amongst us, you can set up a free TOR node on a free Amazon micro instance. However, we are starting to see more people falling foul of the law in regards to setting up a TOR relay. There have been several notable cases where exit node owners have had their equipment seized and even become suspects in drug-dealing, pornography and child abuse cases. To quote someone who fell foul of the law of the land, "Yesterday i got raided for someone sharing child pornography over one of my Tor exits... If convicted i could face up to 10 years in jail (min. six years)."

A lot of people use Tor to browse blocked sites, sites that the UK government has decreed are illegal. (The Pirate Bay, anyone?) In my opinion, using TOR would make you more likely to come under investigation than if you just used your normal browser with ad-blocking and a VPN.

TOR is just one of many privacy tools that can be used together to form a more resistant personal information infrastructure. Other things – such as FDE (Full Disk Encryption), limited use of plugins and Flash et al – also play their part. Flash will give away your real IP in a heartbeat. That is why you won't find it on any decent TOR package. It all comes down to how much your adversary wants your information and the resources they have.

Browsing with TOR to avoid tracking is all well and good. No one will bother you over that, not even the MPAA. You may even get away with some other stuff, but if you read my previous article on e-crime, you will see that the cards are stacked against you if you have done wrong and been arrested for it. Encryption and caution will only get you so far.

The bright side of TOR

So the above discusses some of the less savoury items. Some of the more mundane, but useful ways to use TOR as a more advanced IT user is hiding your details to stick it to The Man, but for more above-board reasons.

Recently, as you may or may not be aware, some larger internet companies have started experimenting with price discrimination - or, to give it a more socially acceptable name, individualised pricing. Although still in its infancy, it is coming.

Using TOR, you can make sure you are not tracked when you are researching and pricing that brand new online item. For the less scrupulous, it avoids the tracking cookies and cuts the middle man out, and sometimes saves money. I leave the ethics to the individual. (Also not forgetting if you try to sign up for a service using an IP from Northern Africa, card verification rules are going to go bonkers!)

As to the privacy argument, it also allows for research in privacy. It allows someone to evade what is commonly termed "the search bubble". Search bubbles are a profile that can be built based around not only clicks, but your IP, location, previous search histories and such. It allows advertisers to build profiles of you. TOR breaks this process to bits, as your exit IP is always different. If there is no persistent data, even an IP address, there is no information upon which to filter what is fed to you.

Another use for TOR is to bypass internet blocking features that the UK government orders to be installed at the behest of big media organisations. Using TOR to pop out from your provider to a Swedish or Spanish IP to get around these blocks can be useful. The way the UK and US seem to be going is in the general direction of blocking everything not Daily Mail-approved. Some of the more well-known alternative media suggest this is done to hinder snooping by the three-letter agencies. ®


*I will shortly be reviewing the TORplug, a plug-in device that will allow you to browse the internet using TOR without installing any software on your computer. ®

Similar topics

Similar topics

Similar topics


Send us news

Other stories you might like