TOR Nodes could Turn Bogus as Hackers Misuse Them
Dan Egerstadt, a Swedish researcher, has warned users to use TOR (The Onion Router) anonymisation network with caution. By establishing five exit-nodes, Egerstadt was able to intercept large volumes of data from e-mails of different government agencies and embassies. He then published some of the hacked data on the Web.
A network of proxy nodes, The Onion Router provides anonymity and privacy to users of the system. Originally, the US Naval Research Laboratory backed TOR but since three years now, it has become an Electronic Frontier Foundation project. The network mechanism provides workers of human rights and whistleblowers a unique way to send and receive information from journalists. However, the system has weaknesses too for miscreants to exploit.
People belonging to the Teamfurry association uncovered TOR exit-nodes that transmit Web traffic related to ports employed for unencrypted protocols consisting of POP e-mail, IM (Instant Messaging), and IMAP traffic. Some other nodes forward traffic of Google searches or those of MySpace. While the legitimate use of the system is tricky to guess, its malign purposes are relatively easy to imagine.
The peculiar configuration in the TOR system makes one ask why the set up is in such a way. The blog of the Teamfurry community declines to associate nefarious purposes with these nodes. Even then a question arises - whether or not it is safe for users to relay private data via these nodes? The government agencies of the United States, China and Russia generally operate with TOR exit-nodes. Analyzing the list of users of TOR exit-nodes, a striking observation is that the United States and China have increased the number of exit-nodes in operation in 2007 over the preceding year.
But Teamfurry warns that the exit-nodes should not be touched though a doubtful configuration does not label them as malicious.
One other TOR exit-node with counterfeit SSL certificates facilitated 'man in the middle' type of phishing attacks. The data on the bogus node was passed to German officials who quickly recorded the node. That exit-node was the one out of the 400 nodes examined for running 'man in the middle' attacks.
Related article: Three New Threats With Highest Percentages in Top Ten
» SPAMfighter News - 05-12-2007