Category Archives: ENCRYPTION

TOR PROJECT : THE ONION ROUTER

 

So what is Tor?

tor-logoTor started out as “The Onion Router” when it was created by the U.S. Navel Research Laboratory, under the guise of DARPA. Tor has been financially supported Electronic Frontier Foundation and under a 501(c)(3) research-education nonprofit organization. As of 2012, over 80% of the Tor Project is funded by the United States Government.

Tor is free software that can be run cross-platform and is currently being used by over 36 million users around the world allowing to bypass government dragnet and blocking of certain websites deemed threatening to their status quo. It is by far one of the best tools to allow whistle blowers and activists worldwide to spread certain information without being exposed by their IP address.

In essence, Tor is nothing more than a proxy server system. Anyone can add their nodes to the Tor network, whether a client, a relay server, or exit node. As a client, all you need to do is install the software and run the modified Firefox browser and you are ready to surf the internet anonymously.

How does it work?

Tor allows a client to disguise it’s clients address, surfing profile and other system actions from observation and investigations of activity by dividing recognizable proof and tracking. Tor encrypts the client’s network traffic and routes traffic through the network of relays run by users that volunteer their node and bandwidth.

Not only does Tor allow for hidden services such as a typical censored website but since Tor relay servers are kept secret, it allows users to bypass to censored websites by certain governments.

The client’s IP address of the sender and recipient are not clear text so no matter what hop your client takes, no one can eavesdrop along the route to decipher the traffic. The receiver will see the communication as traffic coming from the Tor exit node instead of the client’s actual address.

tor-route

Potential Exposure

Tor has many potential exposures that can reveal your identity to the public.

Exit Relay Sniffing

Although your IP is hidden and data encrypted as it moves through the Tor system, the point that it leaves the Tor network it becomes unencrypted traffic. The destination will see the Tor exit node as the IP but any confidential information that ties to the user will immediately be open to sniffing (capturing) data as traffic moves out of Tor. Unless you are using HTTPS (Secure Encrypted Browsing Protocol), the operator of the site will be able to access vital information on the user.

Browser Exploiting

Although your IP and node information will be encrypted, there are many ways that the destination node can trick your browser to offer up information that should be kept hidden. This is done by using Flash code or Java script. To stay anonymous, it is always good to install a browser plug-in that blocks all Java script as you connect to a website. As you connect to the website, a plug-in like NoScript will allow you to accept certain types of scripts but this should be used with caution as you may never know what kind of malicious code may be behind Java.

End to End Timing

This may be the most unlikely style of attack to track your online activity, however it is still a possibility. ETE timing is when someone will watch traffic coming from your computer and also traffic that is landing on the target node. With statistical analysis, it can be used to discover what circuit the user may be on. This is extremely unlikely and very time-consuming for the unlikely payoffs.

DNS Leak

Some applications running through Tor can leak DNS queries. Since a node has to find out the IP address of a target, it will use a DNS query to find out that node’s IP address before sending encrypted data. To any IT security technician, it really isn’t that hard to watch your traffic and make a connect between a DNS query and the following secure connection to the destination over the Tor network.

Welcome to the Darknet

After Tor was picked up as a public project and open to the public, it has been scrutinized as a way for criminals to communicate and leaves Law Enforcement Agencies without much remedy to track activities, i.e. pointing at sites like Silk Road, Atlantis, or Freedom Hosting. This leaves quite the question. Who is to blame for this when the Tor network was originally created by the US Navy. As an activist myself, it seems rather funny that the US Government had created a service that it now attacks as the enemy. Meanwhile, Federal Agents use the Tor network everyday without an oversight to the activities that are performed by these agents. In my opinion, the only reason why it was brought out publicly was to add more information into the network to cover their tracks as well as a possible backdoor to the system to track “criminals”.

At the end of the day, I feel Tor is a valuable tool for citizen’s that would prefer their constitutional privacy and taking down the system would damage the populace by not having a extremely secure way to surf anonymously without worrying about being tracked by rogue corporations that contract with government surveillance.

FIXING DNS LEAK WITH TOR / FIREFOX

 

When surfing the internet through Tor, DNS leakage is one of the biggest concerns when using a browser. If you are not aware of what DNS is, let’s explain this real quick.

Servers on the internet are identified by their IP address so they can communicate with other nodes on the network. This is a set of 4 octets such as 8.8.8.8 (Google’s Public DNS Server). It would be a complete nightmare if we had to remember Facebook’s IP address every time we wanted to login to the website.

Thankfully along the way we came up with a grand solution. We attached what is called an A record to the IP address. This means that when we query a DNS server for, say Facebook.com, the DNS server will look at its A records to point your browser to Facebook’s IP address. (173.252.110.27) Now that a DNS query is granted, your browser can now connect to Facebook servers to login.

This is a potential problem if you are using Tor as it leaves you exposed to what is known as DNS leakage. If you do not have your browser configured right, your browser will first go to your DNS servers to query a website’s IP address, after it grabs the IP it will then go to the target website.

If your traffic is being monitored, it wouldn’t take a rocket scientist to analyze your traffic and see that every time you connected with encryption to an unknown IP address, everytime before you just made a DNS query to your DNS server thus allowing a snooper to see every site you connected to.

Tor Bundle comes with Firefox that is modded to work with Tor. However, without extra configuration, it will leave you with DNS leakage. To get around this we have to go into Firefox’s config file.

Go to Firefox’s address bar, type ‘ about:config ‘ and hit enter.

There are three settings you have to look for :

network.proxy.socks_remote_dns

Default is False, You need to turn this value to True

browser.safebrowsing.enabled

browser.safebrowsing.malware.enabled

Default is True, You need to turn these values to False

That’s it. Now you can surf the internet without your DNS queries giving you away.