Exposed: Establishment-funded ‘security network’ spying on users

(Acclaimed News) An experiment by a Swedish researcher reveals that an online network used to ensure secure Internet communications may itself be under surveillance. Tor is free open source software and a popular open network used to anonymize communications on the Internet.

In 2013 it received more than $1,800,00 in funding from the US government and previous sponsors include; Google, The Ford Foundation and DARPA.

Tor stands for The Onion Router and was originally developed by the U.S. Naval Research Laboratory. In 2002, the Electronic Frontier Foundation took up and developed the project to provide a free means of ensuring the privacy of Internet users. The number of Tor users is estimated to be 2.5 million each day.

Internet security researchers have suspected for a while that security and intelligence agencies might have set up their own nodes to “sniff” or read data as it is routed through the Tor network.

To test this, the researcher known only by the pseudonym “Chloe”, set up an experiment with a honeypot. This was essentially a fake domain name with multiple logins. She then used different nodes to log in, and then waited for a month for any signs that the nodes were being used to steal the login information.

She found that seven of the 1400 nodes she had tested were used to steal passwords and log in. As of now, though the bad nodes have been reported to Tor, they are still in operation.

Chloe also came to the startling conclusion that as a consequence of the data sniffing by some exit nodes, Tor users might actually be drawing attention to their own sites, rather then ensuring their privacy.

She said:

“[The project] BADONIONS is really simple, it works like this: you download a list of all the Tor exit nodes and then you use the Stem API to connect to every exit node out there and login to a website over HTTP.

“If an exit node is sniffing the traffic he will see my login and now when he has my password he probably will do something bad with my account, or sell it, I don’t know. So here’s the catch.

“Every exit node has its unique password and because BADONIONS saves every login I can go back and check if a password has been used more than once, and if that’s the case I can simply look up which exit node that used that password,” wrote Chloe when she set up the experiment in April.”

Chloe also added:

“The results are not so surprising, but what is most surprising about this is that two nodes with the ‘guard’-flag had logged in twice. Also, none of these nodes has been flagged even though I reported them to Tor.

“We can see that there’s passive MITM [man-in-the-middle attack] going on in the Tor network. This is done by setting up a fully functional and trustworthy exit node and start sniffing.

“We can also see that nodes that have been running so long that they have earned the ‘Guard’-flag also sniff traffic. We can also see that not all uses the logins but rather just visiting the website, this indicates that they are sniffing but does not use the provided logins. So by using Tor you are drawing attention to your site.”

  • Max Casey