By Ajay Kumar
International Digital Times
Tor has been compromised, the Tor Project has recently suffered from two security setbacks which have called into question just how safe users on the anonymity service are. The first big major setback was the cancelation of CERT’s attendance the Black Hat 2014 talk which would have dealt with attacks on Tor and how it is possible for Tor to be breached. The cancelation was troubling because it raised the possibility that government or intelligence agencies put pressure on CERT (a division of SEI at Carnegie Mellon which “workers closely with the Department of Homeland Security”) to cancel. Some researchers later said that lawyers had blocked the Black Hat demo which showed how Tor could be de-anonymized. The Tor blog posted the following information about the cancelation of Black Hat:
Journalists are asking us about the Black Hat talk on attacking Tor that got cancelled. We’re still working with CERT to do a coordinated disclosure of the details (hopefully this week), but I figured I should share a few details with you earlier than that.
1) We did not ask Black Hat or CERT to cancel the talk. We did (and still do) have questions for the presenter and for CERT about some aspects of the research, but we had no idea the talk would be pulled before the announcement was made.
2) In response to our questions, we were informally shown some materials. We never received slides or any description of what would be presented in the talk itself beyond what was available on the Black Hat Webpage.
3) We encourage research on the Tor network along with responsible disclosure of all new and interesting attacks. Researchers who have told us about bugs in the past have found us pretty helpful in fixing issues, and generally positive to work with.
In any case, it’s best to assume that Tor has been compromised by the NSA, DHS, FBI and pretty much any other government intelligence agency, domestic and foreign. To make matters worse Tor suffered from an attack in early July where a group of relays were discovered trying to de-anonymize Tor users. Tor Blog explained, “The attacking relays joined the network on January 30 2014, and we removed them from the network on July 4. While we don’t know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected.” Tor removed those relays from the network and closed the protocol vulnerability with an update, but once again the attack emphasizes that Tor is not fool-proof and the anonymity it provides can be breached.
Tor has been a great and useful tool to the point the NSA referred to it as, “The king of high-secure, low-latency anonymity.” They also suggested that there were “no contenders for the throne in waiting.” Fortunately that’s where they are wrong. While the NSA may have breached Tor, there are now several alternatives to Tor that can offer better and supplementary security. Here are a list of programs you can use now that Tor has been breached (Note that some of them like Disconnect and Peerblock are not full-scale replacements for Tor and Tails uses Tor):
Tails is without a doubt the best and most secure supplement to Tor. It’s a Linux based live operating system that can work on any computer. The Tails OS can be booted from pretty much any removable device like a DVD, USB or SD card. The main benefit of Tails is that it has built-in pre-configured applications that provide a web browser, IM client, email client, office suite, image and sound editor and other applications. Tails does use the Tor network by routing all internet connections through Tor, but Tails provides excellent additional security and may serve to keep you anonymous where Tor might otherwise have been compromised. The main benefit is the fact that even if you are caught, it leaves no evidence:
Use anywhere but leave no trace
Using Tails on a computer doesn’t alter or depend on the operating system installed on it. So you can use it in the same way on your computer, a friend’s or one at your local library. After shutting down Tails, the computer can start again on its usual operating system.
Tails is configured with special care to not use the computer’s hard-disks, even if there is some swap space on them. The only storage space used by Tails is the RAM, which is automatically erased when the computer shuts down. So you won’t leave any trace neither of the Tails system nor of what you did on the computer. That’s why we call it “amnesic”.
This allows you to work on sensitive documents on any computer and protect you from data recovery after shutdown. Of course, you can still explicitly save some documents to another USB or external hard-disk and take them away for future use.
I2P is a full alternative to Tor. It acts as an anonymous overlay network, “a network within a network” and can protected against dragnet surveillance and monitoring from ISP’s or other third parties.
Freenet is another Tor alternative, similar to I2P it offers a full alternative to Tor and allows you to anonymously share files, chat, browse, and publish, “Communications by Freenet nodes are encrypted and are routed through other nodes to make it extremely difficult to determine who is requesting the information and what its content is.
Subgraph OS is fairly similar to Tails, meaning that it utilizes Tor but with a focus on security and usability, “Subgraph OS is designed to be difficult to attack. This is accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also places emphasis on the integrity of installable software packages.” There are several layers between Subgraph OS and Tor such as a Metaproxy, firewall and hardened kernel.
Freepto is yet another software similar to Tor, it is a Linux based OS on a USB stick. It can be used on any computer and any data saved is automatically encrypted. It’s easy to use and seems to be geared toward activists.
iPredia OS, again is a Linux based OS that automatically encrypts and anonymizes network traffic.
JonDo Live-DVD another Debian GNU/Linux based OS. JonDo has pre-configured applications to be used for web surfing, has Torbrowser, Thunderbird, Pdigin and other programs.
Lightweight Portable Security
LPS is a Linux based OS that boots from a CD or USB and can then be mounted onto the local hard drive.
Whonix is an anonymous Linux operating system based on the Tor network and works by isolation. It is impossible for DNS leaks or malware to find the real IP address of a user, “Whonix consists of two parts: One solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible.”
Peerblock isn’t a full scale privacy software and shouldn’t be relied on to protect you by itself. You should run it in addition to other programs. Peerblock allows you to control who your computer interacts with:
PeerBlock lets you control who your computer “talks to” on the Internet. By selecting appropriate lists of “known bad” computers, you can block communication with advertising or spyware oriented servers, computers monitoring your p2p activities, computers which have been “hacked”, even entire countries! They can’t get in to your computer, and your computer won’t try to send them anything either.
And best of all, it’s free!
Disconnect offers a number of privacy options for browsing and search for desktop, iOS and Android devices. It’s no replacement for Tor or other privacy software but it can be useful for your phone and browser, “We crawl the web to find the companies that track people, then Disconnect blocks those companies’ tracking requests in your browser.” As with Peerblock, Disconnect is a supplement, not a replacement.
Tox isn’t a full replacement for Tor, but it can serve to provide messaging services. Tox offers private and encrypted IM, video conferencing and calls that is fairly easy to use.