Many of the articles I’ve written thus far have been how-to guides to help others successfully do the things they want or need to. This article will be a little different, though. On this, I’m going to go over how not to be compromised by something that would seem secure, but turns out not to be. There are plenty of articles on how to install and use it, and even a few to extend it. Very few on what to watch out for, how to stay safe, and how others can get at you without your consent through using it.
You can visit the official TOR project page (along with setup information and anything else you might need for your web browser and network setup in-general) here:http://www.torproject.org
TOR (also known as an Onion network) has been around for a while, although most people have not really been aware of it. It was designed to provide anonymity to people online by diversifying connections across large regions of the internet, making it possible to use volunteer-operated relays, exit-nodes, and client software to carry out nearly anonymous communications without an easily identifiable central point of origin. Ideally, this is the best thing since sliced-bread for freedom online. Your ISP cannot really see what your data is directly, and it is a lot easier to post or discuss things in private on forums and other places online without placing a beacon over your head with a static IP address and a GPS location. But is it truly secure?
Yes and no. Nothing is ever 100% secure if it is connected to any internet connection (or for that matter, accepts or receives interfence from other devices – check the FCC labels of your computer and other equipment for a shocking surprise on that one). For this reason, many corporations make sure that their employees handling sensitive information have no internet connectivity of any kind (and a few go as far as to ensure that flash drives don’t make it past checkpoints of building security that aren’t authorized or cleared for use). When companies managing sensitive information have to go to such extremes even for sneaker-net leakage of data, you can be certain that they have valid reasons for not trusting internet-connected devices of any kind, in any capacity, when it comes to the safety of their information and it not being compromised. So your internet connection (and all the sensitive information you might want to use it for) will always have one or more levels of insecurity (hackable aspects) that can be exploited even if you are extremely careful.
TOR Networks may help to protect you, but they may also help to compromise you. Here’s how:
On a TOR network, your web traffic gets tunneled through various places to mask your origin and the tracks you might leave behind. You have exit nodes and relays that are never really verified to perform this for you. You can choose to connect to them or not, but there is often no way to tell who runs them or why they run them. There are a lot of good guys out there who run volunteer networks and believe in freedom of speech, net neutrality, and privacy. They ARE your friends. Without even knowing you, they believe in your right to freely communicate online and get the most out of your online experience without paying a dime for it. Awesome!
But what about the bad guys? Yes, they’re out there too. They run volunteer networks too, they say they believe in freedom of speech, and they proclaim net neutrality just as well…but in reality they are sniffing the packets of data that you send and receive over their networks. And they are able to do a lot more with that than just track you or know where your IP address came from. In many cases, they can compromise the information you thought was secure more easily than if you had stayed with your ISP by default, clone sessions on certain types of log-ins, and bounce data back off of your system to cover THEIR tracks if they want or need to do something you would never let anyone do from your home or work connection.
Some other people, select private detectives for example, may be able to exploit this too. Although usually in most cases the exit-node honeypots are just set up for stealing financial information, performing identity theft, or the establishment of bot-nets for future use.
The biggest problem is the exit node; the off-ramp from the highway so to speak. If you don’t use encryption over your TOR network, you’re pretty much a sitting duck if you connect to the wrong exit node. The exit-node is the point that your traffic leaves the route of a random TOR network path and becomes “public” again. But here’s the kicker – your information is completely public to the operator of an exit-node if you don’t use any encryption! They might as well be on your home network or your wi-fi connection without security. It won’t matter if you use SSL either, because there are ways to compromise that on a local network (and ways to inject packets as-needed to spoof requests and initiations DURING secure sessions. When the server of a remote computer the user connected to cannot tell the difference between your machine and the routed packet that has been reverse-tunneled, it approves whatever it is sent with the credentials of your computer, including a spoof of your network MAC address and a secondary server as a go-between to cascade this from the user). It goes well beyond grabbing cookies and sessions to make things happen if they want it to, and can get pretty dangerous for the unsuspecting user.
Whenever you use a proxy server of any type (onion or otherwise), you always run the risk of such insecurities. On top of this – even if you connect to a good guy’s volunteer proxy or tor network, there’s no guarantee that THEIR ISP doesn’t monitor your data on the volunteer network (even if the host for the volunteer network keeps his pledge not to do so). Re-identification is possible through packet fragments that can be recovered from tracing back networks that THEIR ISP connected to en-route to the destination for your data (and requesting datagrams from other ISPs if need be to help them complete their puzzle) if you are doing something that might be deemed necessary to “watch”. If you don’t use encryption, you might as well treat a TOR network as if it were a library computer with the possibility of a library network admin watching everything you say or do remotely and recording it.
To stay safe, you should ALWAYS USE ENCRYPTED CONNECTIONS ONLY whether you are on standard proxies or TOR networks. SSL, TLS, or other is fine. And the stronger the encryption the better, even if it increases the TTL of your packets slightly. Much better to be safe than sorry, I assure you.
The only thing better than using encrypted connections is to use a known and trusted SSH server that you can connect and transfer through (one where you know the person and trust the connection completely), or better yet one that you run at home and bounce off of another trusted network with auxiliary layers of encryption which compound that.
Although you can use TOR for a lot of things, I strongly suggest you evaluate your individual situation for private communications first (things like online banking, online shopping, sensitive conversations, etc) and contrast that to what your security is like right now before you decide to install and use it actively.
You always have the option of using it over a virtualbox/virtual machine’s emulated OS, or a USB portable-app web browser (check out VMWare’s ThinApp) instead of installing it onto your actual system, too. As long as you remember that your emulated system is set up to use TOR networks on browsers and other things, you can virtually keep your settings and configurations separate that way and not have to worry about it as much.
And remember, even the best encrypted sessions over any TOR node can still be compromised long before it enters the TOR network by a rogue exploit of a wi-fi connection you might be using, or an undetected process running in the background. There are ways to get around the best of encryption and network security just by simple methods, social-engineering, and other little things that are often overlooked or not considered a potential threat as they should be.
To maintain the best network security, you should always look at your own systems and networks as if it were you yourself trying to hack them, and consider every possible strategy you would use to gain access and keep access transparently (anything the root user left unsecured enough for you to try to use is certainly viable).
When you establish and set up your TOR, I would look at it the same way. Encrypt everything, and don’t use untrusted networks.