Tor and the Silk Road takedown

We've had several requests by the press and others to talk about the Silk Road situation today. We only know what's going on by reading the same news sources everyone else is reading.

In this case we've been watching carefully to try to learn if there are any flaws with Tor that we need to correct. So far, nothing about this case makes us think that there are new ways to compromise Tor (the software or the network). The FBI says that their suspect made mistakes in operational security, and was found through actual detective work. Remember: Tor does not anonymize individuals when they use their legal name on a public forum, use a VPN with logs that are subject to a subpoena, or provide personal information to other services. See also the list of warnings linked from the Tor download page.

Also, while we've seen no evidence that this case involved breaking into the webserver behind the hidden service, we should take this opportunity to emphasize that Tor's hidden service feature (a way to publish and access content anonymously) won't keep someone anonymous when paired with unsafe software or unsafe behavior. It is up to the publisher to choose and configure server software that is resistant to attacks. Mistakes in configuring or maintaining a hidden service website can compromise the publisher's anonymity independent of Tor.

And finally, Tor's design goals include preventing even The Tor Project from tracking users; hidden services are no different. We don't have any special access to or information about this hidden service or any other. Because Tor is open-source and it comes with detailed design documents and research papers, independent researchers can verify its security.

Here are some helpful links to more information on these subjects:

Technical details of hidden services:
https://www.torproject.org/docs/hidden-services

Our abuse FAQ:
https://www.torproject.org/docs/faq-abuse

For those curious about our interactions with law enforcement:
https://blog.torproject.org/category/tags/law-enforcement
https://www.torproject.org/docs/faq#Backdoor

Using Tor hidden services for good:
https://blog.torproject.org/blog/using-tor-good

Regarding the Freedom Hosting incident in August 2013, which is unrelated
as far as we can tell:
https://blog.torproject.org/blog/hidden-services-current-events-and-fre…

Some general hints on staying anonymous:
https://www.torproject.org/about/overview#stayinganonymous

The Tor Project is a nonprofit 501(c)(3) organization dedicated to providing tools to help people manage their privacy on the Internet. Our focus continues to be in helping ordinary citizens, victims of abuse, individuals in dangerous parts of the world, and others stay aware and educated about how to keep themselves secure online.

The global Tor team remains committed to building technology solutions to help keep the doors to freedom of expression open. We will continue to watch as the details of this situation unfold and respond when it is appropriate and useful.

For further press related questions please contact us at execdir@torproject.org.

Anon

October 03, 2013

Permalink

two completely different and very illegal entities taken down within months of each other after running for years on TOR. I think this points more towards a problem with TOR that the FBI or someone found but didnt report to TOR developers.

Interesting stuff... software is as flawed as us humans... are we truely sorry to see either go though?

Anon

October 03, 2013

Permalink

Tor is still safe, and will always be as long as the developers keep up to date with cryptography developments and other computer developments.

The mistakes that lead the authorities to the Silk Road owner were human errors, not some flaw in Tor or BitCoin or Tor's hidden services. Tor offers warnings clearly written that you need to keep your data safe and improve your browsing habits if you access your email with your full legal name and do the other stuff from Tor at the same time .... well who's fault is this?

I only hope this will advertise Tor to more people and will attract more users whom will run relays.

Thanks. Unfortunately, I disagree with your "as long as the developers keep up to date with cryptography developments and other computer developments" part. There's a thriving research community finding and fixing issues with anonymous communication designs (Tor in particular, because we make an effort to be easy for academics to analyze).

There are a variety of research attacks right now that I think would work if done by a smart attacker with a medium amount of resources. We're working on fixing them, but we'd love some help. See also http://freehaven.net/anonbib/

That said, it's interesting here that even though potential attacks on Tor exist, all the high-profile cases in the news lately found other things as even lower-hanging fruit.

So the lesson is that anonymity and security are really hard, since you have to get it right at every level.

Anon

October 03, 2013

Permalink

Make sure your VPN provider doesn't log/keep logs and is outside of the jurisdiction you reside in.

And make sure your VPN provider's upstream doesn't keep logs either. And their upstream's upstream. And make sure none of the traffic transits an ISP with mandatory data retention requirements (like most of Europe).

Read as "Impossible". You'll have additional point of traffic logging and connection to your bank account. Commercial VPN companies surely are/will be forced/willing traffic logs to agencies. They can promise you anything it does not mean they will do it. Words are very cheap now.

Anon

October 03, 2013

Permalink

According to Reddit, the Feds shut the SR down completely and lots of dealers are up a creek without a paddle. Bitcoins are gone and there is no way to recover. Lots of people are in hot water now.

Anon

October 03, 2013

Permalink

It is looking like the government is finding new ways to track down Tor servers to stop the entire Tor Network they are even giving US citizens grief for running exit relays with our own home computers. The US government is becoming unsafe for its citizens and people are unable to do business without the government getting kickbacks from either taxes or unfair attacks on the government.

>>... they are even giving US citizens grief for running exit relays with our own home computers...

Some cases/evidence oto support this claim would be nice?

Anon

October 03, 2013

Permalink

It seems like the discussion is focused on pointing out this guy's mistakes that led to the server's exposure. I agree that that is the most reasonable explanation for what has happened and it is difficult to imagine a breach in Tor. However it is important to note that it is very difficult to not make any mistake over the course of years administering a hidden service.

Part of the problem for me is that services that provide anonymity on the internet like Tor are not yet fully integrated with one's system. I think that in order to succeed these services need to find ways to be readily available and be as transparent as possible to the user.

I don't have a solution for the problem but it seems to me that if Tor continues to depend so much on the exceptional behavior of its users, then every single one's anonymity will eventually be compromised.

Anon

October 03, 2013

Permalink

But what about this:

If we are using TBB to hide our traffic from our ISPs ect., which does work or doesn't it. A VPN provider is just an additional service provider. The encrypted traffic from the Tor client passes the ISP, the VPN and enters an entry guard. Thus both cannot see contents or connection details. Or is this all wrong? From what i gather from the site 'how tor works' it has to be like this. If not, why?

Thats correct but if it exits the VPN and crosses a tapped cable before entering the entry guard then it isnt any different than just connecting to Tor directly, from the perspective of a global adversary. Using a VPN will still protect against a local adversary (ISP level).

Anon

October 03, 2013

Permalink

Nodes I thought could be opened by anyone including NSA and the likes, if so how safe could TOR be in these circumstances.????

Well, the goal is to distribute trust over multiple relays, so it shouldn't matter if one relay in your path is trying to track you.

But we do need to grow the Tor network more, to raise the bar for an adversary trying to do this attack. Right now it's not that hard to run 5% of the Tor network. Check out https://compass.torproject.org/ for the tool we wrote to explore this issue.

That said, if it's actually the NSA you're worried about, you should be worried that they're monitoring pieces of the Internet that include honest Tor relays. Monitoring Tor relays is pretty much just as good as running them, for the attacks we're talking about here.

Anon

October 03, 2013

Permalink

I think it's only safe to assume at this point that Tor is primarily controlled by US government forces (NSA, FBI, etc.) and they will be using this to their advantage. Since timing attacks are about the only thing the Tor network has been consistently vulnerable to, they've realized they need to control a majority of the network. There's no doubt they have the resources to do so at their disposal...

Personally, I no longer feel comfortable using Tor and believe the network to be compromised. There have been two major takedowns of hidden services in the past few months. Whether or not these things should have been taken down is moot. Ends can't always justify the means. It isn't an issue of morality but one of integrity. I will continue to run my pass-through relay for the betterment of the network...however, at this point, it's only a drop in the pond.

I think you're right to be worried that these large organizations are working on ways to infiltrate Tor. That said, I don't think they run the majority of the network (or anywhere close).

But that shouldn't be as good news as it sounds. You skipped something else to be worried about -- they don't have to run relays if they can just watch existing relays.
See my libtech post for more explanation:
https://mailman.stanford.edu/pipermail/liberationtech/2013-August/01059…

Note that I did not say they run the network, but merely that they control it. As you said (which I agree with), they could be just watching a majority of the relays. Perhaps I should have used a better word, but I meant to encompass the two.

However, none of this changes the fact that I believe the network to be compromised and unsafe. It's really sad because I've been really enthusiastic about Tor and its vision since I first heard about it about four years ago.

Did you know the NSA use TOR as a secure network . I would be rather "chuffed" about such a agency that relies on a network. You lot are obviously doing a better job in secure communications than a 50.000 dollar waged NSA employer .

Anon

October 03, 2013

Permalink

What about a "serverless" architecture as in Freenet? Totally bad idea?
I'am not claiming that it is better than the present solution, but wondering nevertheless..

It's worth exploring. Freenet is a "storage" service, whereas Tor is a "communication" service. In Freenet you basically store documents and they get cached around. Whereas Tor can handle a broader variety of protocols (web, irc, voip if we can get it fast enough, etc).

So it won't be as easy to have what seems like a normal web browsing experience.

Also, the set of anonymity attacks that work against a design like Freenet is overlapping but not the same as the set that work against a design like Tor. Don't make the mistake of thinking that since fewer academics have written papers analyzing Freenet that it is therefore safer to use. Much research remains all around.

Anon

October 03, 2013

Permalink

Hey guys

Guys

Can you help me a bit: how can I connect to a Tor hidden service using curl in php?

Thanx!

Well, that's certainly *an* issue. See also https://blog.torproject.org/blog/hidden-services-need-some-love

But it's interesting to notice that so far as we can tell, that *isn't* the real issue here. The real issue is that things are even worse. Somebody trying to maintain anonymity with a large organization over a long period of time has to do everything perfectly.

I liked the way one of the commenters phrased it on http://arstechnica.com/security/2013/10/silk-road-mastermind-unmasked-b… :

"""
The thing is, not everyone starts out intending to be a criminal mastermind. That's the problem. Most of these things he was nailed by, they were things he did before he actually started Silk Road. It's obvious he very quickly realized that he was going to turn into a criminal mastermind, and started to take precautions, but this guy did (if his linkdin profile is at all genuine) have a pretty legitimate life going before this.
"""

Maybe Tor wasn't compromised in this case. Maybe it was.
A parallel construction is in fact not an entirely unlikely scenario.

Hidden Services are apparently not safe as this credible document points out.
http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf

As the document hasn't (to my knowledge) been refuted by the project means that the server locations of Hidden Service sites can be revealed without much effort.

Why no security alert?

Depends what you mean by "without much effort".

You might like the discussion at
https://blog.torproject.org/blog/tor-nsa-gchq-and-quick-ant-speculation…

As for why no security alert, I've been trying to get a free moment to write up the issues so people can understand them, but instead things keep catching fire and I have to help make sure journalists don't write wrong things about Tor that will make even more work for us.

See https://trac.torproject.org/projects/tor/ticket/8240 if you want to help out. And see the 'hidden services need some love' post for more things that need work.

Anon

October 03, 2013

Permalink

It is clear after reading the complaint that every evidence they provided came from imaging the server in July and accessing the logs. It is explained in the complaint, they located the internet cafe after accessing the VPN provider, and after reading the SR logs. Not in the opposite way. The stackoverflow posting and the initial publishing of SR could never reveal that information.

The important point here is how they could locate the server's real IP address.

Have you actually read the Maryland indictment? It's certainly a plausible hypothesis that they got the IP address from the employee-turned-witness (the dates fit), but it certainly doesn't say that anywhere. The NY complaint lists the responsibilities of the employees (pg. 19); it's not clear that knowledge of the IP address of the server would have been necessary to carry out these tasks.

This site has links to both documents (NY/Maryland) and a legal analysis:
http://www.popehat.com/2013/10/02/the-silk-road-to-federal-prosecution-…

Anon

October 04, 2013

Permalink

The discussion here seems to focus on how they busted the hidden service server operators, which is of course of high interest. But please let me ask another question: Do the visitors of hidden services have to worry these days, assuming they don't do anything completely stupid like posting information that could be associated with their identities?

I think there are three possible scenarios:

a) A flaw in the underlying software, like the firefox exploit on FH.

b) Traffic correlation, which is already discussed in the Tor warnings.

c) Passive interception of all tor traffic streams and brute force to decrypt it later, which would be the worst scenario.

Am i right with this assumption? And further:

- As far is i know, with traffic correlation the attacker would be able to find out which user is connected to which hidden service at a given time, which is bad. But since all traffic is end-to-end encrypted, he would still not be able to see the content that was transmitted?
- Assuming the last scenario, where the attacker is able to decrypt the recorded traffic completely (at some point in the future or even now), he would see the transmitted content as well as the clients and servers IP, is this correct? To deanonymize one completely, the attacker would still need to get the correlation between the IP and the user of this IP at the same time, which means he has to "ask" the ISP - If the ISP doesn't store any logs, you would be fine?

I answered a similar question at
https://blog.torproject.org/blog/tor-nsa-gchq-and-quick-ant-speculation…

If you intercept the Tor stream *at the client* (or at the entry guard, or in between) and break all the crypto later then you know her IP address and also her destination.

If you intercept it elsewhere, you only know the previous hop in the Tor circuit, no matter how good you are at breaking crypto.

Hidden services make the story a bit more complicated, because it's actually two Tor circuits glued together. So the same analysis is accurate for each of them separately.

That said, breaking the end-to-end encryption on hidden services is even trickier for an attacker who runs or observes some relays and plans to break the crypto, since the first half of the crypto handshake goes over the introduction point circuit, and the second half goes back over the rendezvous point circuit.

All of *that* said, yes, hidden services do have to worry these days against a smart and medium-resourced attacker:
https://blog.torproject.org/blog/hidden-services-need-some-love
but see also
https://blog.torproject.org/blog/tor-and-silk-road-takedown#comment-356…

Thank you very much for going so much into detail! Just to be clear if i understand you right: Intercepting at client side means it could be:

a) Directly at the client
b) At the clients ISP
c) At the entry guard
d) At the entry guards ISP

Is this correct? Thanks again!

Another user here. This is an interesting topic. First of all, thanks for your excellent work on tor and also for keeping us all up to date!

Concerning your cited answer to this question (https://blog.torproject.org/blog/tor-nsa-gchq-and-quick-ant-speculation…), i'm a bit confused. You said 'So in this case it doesn't really matter what the ISP keeps or doesn't keep'. In my understanding this should only be true if the intercept happens at the client itself or at the clients ISP. If they are intercepting the traffic at the entry guard or somewhere in between, they may get the clients IP, but still have to cooperate with the Clients ISP, right? And same thing for the other side at the hidden service.

Ah! I see. You are imagining a world where they track the user back to a Comcast IP address, but then they go to Comcast to ask who it is and Comcast says "oops, I deleted my logs already, sorry bye". Yeah, maybe this works sometimes. But a lot of places either give you a static IP address, or a dynamic IP address that happens to stay the same for months at a time. And "we tracked it back to a Comcast user in San Francisco but we're not sure which one" can by itself be a lot of information for an attacker.

Once you've gotten to the point where your defense is "You can learn my IP address but I hope it doesn't help you learn who I am" ...something has gone wrong before this point.

Anon

October 04, 2013

Permalink

Nice, can't even use a TOR product to post a comment here. ORBOT Fail
http://www.imgur.com/JD0LbFR.jpeg

Sigh. I really want to believe in this product, I really do but when simple things like posting an annonymous comment fail, how can it truly be trusted to leave cookies around with the plethora of browser attacks combined with stupid kids who download Windows 8 XTRA-SUPER-ULTIMATE-UBER Edition and wind up with more infections than actual operating system files?

Luckily the savvy users won't have a problem but the secure-minded won't use cookies and i guess they won't be commenting here either....

Hm? You might want to use the Tor Browser Bundle, the package that Tor provides.

We like the Guardian Project, and we're happy they're working on an Android port of Tor, but if you're going to use phrases like "this product" then that's not our product.

That said, it seems you're complaining that Orbot's configuration was too locked down to let you interact with the blog. That sounds at least better than 'not locked down enough'.