Re: [PLUG] Tor project, NSA, and our September presentation

Rich Freeman on 5 Oct 2013 05:04:30 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Tor project, NSA, and our September presentation

From: Rich Freeman <r-plug@thefreemanclan.net>
To: "Eric H. Johnson" <ejohnson@camalytics.com>, "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Tor project, NSA, and our September presentation
Date: Sat, 5 Oct 2013 08:04:25 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=CZdF+X2krxJz7o4uAy90RrsHODX4EFfpBCQO93m5pcw=; b=fdqQcTZRZDawK0pkX/g4Gj2KqJT2fRGbujHakJfXEKxieE02AoPnDNnKNxFskwByxx 2x433O8P78HZDajAyRhxZy47+pYQqINMwuqizeBqQBXuaquLT57ar629pYMQCd8EcYlu BOglndtC6eZ8tc5SBEifZph9gbozUxbuwgWbFYG8X0tZRGL/K0AFb9oORw00IINTmIeW 8g+G6K6jivtstEb43KDwgsrOdDIEShGilnpW5ob2HE/kBbz4LD7HZYpyF4zEBJ4+WY/C t+hm0hvb8VAOxzorS5oJMpMrV5qUVBj7HLDsVv0MF0YDQP8TiYOIrMB5ba7IbsBfWhx8 vQUw==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org

On Sat, Oct 5, 2013 at 7:46 AM, Eric H. Johnson <ejohnson@camalytics.com> wrote:
> I may be speaking out of context since I did not attend that particular
> meeting, but as I read it, that article seems to have a significant
> misunderstanding of Tor.

There are a bunch of articles out on Tor as a result of another leak.

The gist of what I've seen so far suggests:
1.  The NSA tries to monitor traffic to sites it has an interest in
(after the exit node presumably).
2.  The NSA logs all Tor nodes.
3.  The NSA identifies connections after the exit node that are of
interest and will sometimes target these connections for attack, to
compromise the client running tor.

What isn't clear is whether the NSA targets nodes running tor for
attack in general.

When an IP is targeted for attack they direct web traffic/etc from
that host to servers which inject exploits.  They might not even
exploit the connection over tor so much as other connections from the
same IP.  So, if you're running tor on your PC you might find them
attacking random vulnerable PCs on the same subnet, and perhaps using
those PCs to attack other PCs on your LAN.  They would then look to
obtain other data from your PCs.

I have no idea whether they target router nodes in tor in general, or
if they only try to infect clients that are accessing sites of
interest to them.  An obvious reason to target router nodes would be
to subvert the network and make it easier to break anonymity.  If you
control all the nodes in any particular tor connection you can trace
the activity on that connection from source to destination.

I need to keep reading up though.  I run a tor node (non-exit), so for
all I know there is some rootkit on one of the boxes in my house...
:)

Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- Re: [PLUG] Tor project, NSA, and our September presentation
  - From: "Eric H. Johnson" <ejohnson@camalytics.com>

Prev by Date: Re: [PLUG] Tor project, NSA, and our September presentation
Next by Date: [PLUG] CPOSC last day for T shirts
Previous by thread: Re: [PLUG] Tor project, NSA, and our September presentation
Next by thread: [PLUG] CPOSC last day for T shirts
Index(es):
- Date
- Thread