Rich Freeman on 5 Oct 2013 05:04:30 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Tor project, NSA, and our September presentation

On Sat, Oct 5, 2013 at 7:46 AM, Eric H. Johnson <> wrote:
> I may be speaking out of context since I did not attend that particular
> meeting, but as I read it, that article seems to have a significant
> misunderstanding of Tor.

There are a bunch of articles out on Tor as a result of another leak.

The gist of what I've seen so far suggests:
1.  The NSA tries to monitor traffic to sites it has an interest in
(after the exit node presumably).
2.  The NSA logs all Tor nodes.
3.  The NSA identifies connections after the exit node that are of
interest and will sometimes target these connections for attack, to
compromise the client running tor.

What isn't clear is whether the NSA targets nodes running tor for
attack in general.

When an IP is targeted for attack they direct web traffic/etc from
that host to servers which inject exploits.  They might not even
exploit the connection over tor so much as other connections from the
same IP.  So, if you're running tor on your PC you might find them
attacking random vulnerable PCs on the same subnet, and perhaps using
those PCs to attack other PCs on your LAN.  They would then look to
obtain other data from your PCs.

I have no idea whether they target router nodes in tor in general, or
if they only try to infect clients that are accessing sites of
interest to them.  An obvious reason to target router nodes would be
to subvert the network and make it easier to break anonymity.  If you
control all the nodes in any particular tor connection you can trace
the activity on that connection from source to destination.

I need to keep reading up though.  I run a tor node (non-exit), so for
all I know there is some rootkit on one of the boxes in my house...

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --