I have been following the case of Dan Egerstad from Sweden. He is the researcher who earlier this year posted the user names and passwords for 100 accounts on the Internet. Included in those accounts were ones from government embassies and major corporations. How did he obtain them? He used the Tor network.
I first learned of Tor while at the NSA, back then it was more commonly known as Onion Routing. Tor is basically a series of servers setup with software that allows the forwarding of packets while hiding the originating IP address. One of the biggest problems with Tor is the “last hop” or exit router. This is the last Tor server (node) that handles the packet before it reaches the destination. This last node sees everything being passed and is not encrypted, unless the connection to the destination is done using SSL / TLS, IPSec, etc. The other issue with the exit router is that anyone can set one up. Since Tor is an open network you just need hardware to run the Tor software and a network connection. This is where Dan came in.</strong>
Dan simply setup several Tor servers and analyzed the traffic passing through these exit servers. All total he was able to gather over 1000 user names / passwords. In the interest of disclosure he did make some attempts to notify the organizations involved. It seems in most cases he was ignored or not understood. He then posted 100 of those accounts on the Internet.
The moral of the story. Encrypt it end to end if you expect any degree of privacy. Transport level and application level encryption is so common place these days it amazes me the number of people that don’t use it. The Wall of Sheep at DefCon is a good representation of this. Will that solve everything? Of course not but it will definitely help.
–Chris
Technorati Tags: Tor, encryption, Dan Egerstad
Leave a Reply