French magazine 01net reports (article in French) that researchers from ESIEA, a French engineering school, have found and exploited some serious vulnerabilities in the TOR network.
According to the article, they performed an inventory of the network, finding ca. 6,000 machines, many of whose IPs are accessible “publicly and directly with the system’s source code” (?), as well as a large number of hidden nodes.
There’s a lack of detail, but supposedly the attack involves creating a virus (?) and using it to infect such vulnerable systems in a laboratory environment, and thus decrypting traffic passing through them – again via an unknown, unmentioned mechanism. Finally, traffic is redirected towards infected nodes by essentially performing a denial of service on clean systems.
I’m skeptical, as the piece contains just too much “oh, and then you hack component x and compromise component y and voilà, you’re in” to necessarily be plausible. Furthermore, the ESIEA page has a large video presentation on French backwardness in “cyberwarfare” – any time a reputable institution uses such terms, it makes me wonder how much it’s angling for more funding from buzzword-prone politicians, with resulting pressure on researchers to provide supporting, news-grabbing headlines.
However, if it is real, details are to be presented at Hackers to Hackers in São Paulo on October 29/30. TOR is no more than an additional layer of obfuscation and should not be relied upon for anonymity or security. Like any darknet, it is a complement to application-layer encryption and authentication, no more.
I agree with you on the poor details-to-buzzwords ratio. We’ll see what it’s all about after they show it. However, concerning the inventory phase, I might be able to clarify a thing.
In the article they say most nodes’ IP addresses are accessible publicly or using the system’s source code from which I infer all TOR exit nodes are public, some other nodes are hardcoded in the source, most nodes can be discovered using public APIs.
The rest of the attack, you got that part, involves the compromise of existing nodes or adding rogue nodes, and DoSing all the others (lame, but they mention a way of essentially making messages loop through fixed nodes in TOR, which sounds great-if-real)
So, a french engineering school can do something the FBI and DOJ can’t, with their resources? by DDOSing FBI nodes (presumably clean)? Wonder if they got “Anonymous”, who’ve been attacking some of the sites too.
We’ll see.