[Noisebridge-discuss] Tor hacked and mapped by the French, or so they say

Andy Isaacson adi at hexapodia.org
Tue Oct 25 01:59:26 UTC 2011 

On Mon, Oct 24, 2011 at 06:12:03PM -0700, L E wrote:
> Tor hacked and mapped by the French, or so they say
> http://seclists.org/fulldisclosure/2011/Oct/780
> http://thehackernews.com/2011/10/tor-anonymizing-network-compromised-by.html

This is classic "science by press release", the researchers haven't
published their research but they're happy to talk to the press and brag
about what an awesome attack they've created.

So, we (being the rest of the world) don't have any idea what they're
talking about beyond the poorly translated fragments that have made it
through their media interviews; but their claims appear to be that

0. They don't claim (AFAICS) to have found a new code execution,
privilege escalation, private key disclosure, execution control, or
other significant bug in Tor itself.  The most generous reading I've
found is that they may have a new network metadata disclosure, but even
that is questionable.

1. If you run software (such as Tor) on an insecure operating system,
then an attacker can hack the OS and cause the software to malfunction.
<sarcasm> Shocking news! </sarcasm>

2. They claim that they can find out more information about the Tor
network than they claim is intended to be published by the network.
Since they haven't explained what information, exactly, they can find
out, that's a difficult claim to verify.  Since Tor protects various
different pieces of information to differing levels, it's entirely
possible that this might be true in some unimportant way; or it's
possible that they found a new mapping technique that provides
interesting insight; or it's possible that they've found some critical
flaw that completely destroys the security of the network.

Or it might be possible that they simply didn't understand that the
information they found is intended to be public.  Since they didn't ask
anyone in the Tor community to review their results before going to the
press (AFAIK), it's hard to say.

3. (the most far-fetched): They claim that they can decrypt Tor traffic
by compromising a small percentage (<30%) of the network.  Since Tor is
designed to be resilient against decryption attacks unless the attacker
controls your entrance, middle, and exit nodes; and since the network
would simply cease to function if you disabled (DDoS or legal DoS) a
significant fraction of the exit node bandwidth; this claim seems
ludicrous based on the existing information.

There's a thread on tor-talk:

https://lists.torproject.org/pipermail/tor-talk/2011-October/021730.html

Looking forward to any actionable information, and shaking my head at
the gullibility of the news cycle once again,
-andy

More information about the Noisebridge-discuss mailing list