, SecurityFocus 2007-03-08
The Tor network--a distributed system of computers that anonymizes the source of network traffic--has a slew of beneficial uses: Human-rights workers, the military and journalists all use the system. However, the anonymity of Tor has also attracted seedier elements as well: digital pirates, online criminals and, quite possibly, child pornographers.
Now, one security researcher aims to make the distributed network less of a haven for the shadier side of the Internet.
HD Moore, the lead developer of the Metasploit Project, has created a rough set of tools that allows anyone operating a Tor server to attempt to track the source of network data. Moore originally created the software to block file sharers from eating up his computer's bandwidth, but soon targeted potential child pornographers who appeared to be using the network, he said.
"I don't want my network connection to be used to transfer child pornography or pictures of child models," Moore wrote in an e-mail to SecurityFocus on Thursday. "I don't want my server confiscated by law enforcement because of some Tor user who thinks they are anonymous."
The tools, which Moore dubbed "Torment," use a number of known techniques to link content handled by the exit servers--the computers that manage the border between the Tor network and the Internet--to their source.
The Tor Project uses a method known as onion routing to obfuscate the source of data. (Tor originally stood for "The Onion Router.") Data from a user is encrypted in layers using keys from each of the servers that will handle the data--or "cell"--and delivered to an entry node into the Tor network. The data is passed to one or more servers, each removing a layer of encryption until the cell reaches the exit node. Thus, only the exit node sees the data fully decrypted.
Moore's Torment code modifies the normal Tor proxy server software to implement the necessary functions, resulting in a poisoned proxy server.
Unsurprisingly, Moore's actions have stirred up controversy. Tor operators have criticized the project as endangering the vast majority of legitimate Tor users to pursue a smaller number of bad actors.
"This is a general-purpose attack tool--there's no reason it can't be just as useful for identifying the IPs of misconfigured Tor users looking for information on democracy in China, or for the nearest VD clinic, or for information on how to run for office, or whatever," said one poster to the Onion Routing Talk (OR-Talk) mailing list. "Snoops everywhere should be pleased."
Shava Nerad, executive director of the Tor Project, agreed that any technique that could be used by law enforcement to track down criminals, could also be used by authoritarian regimes to track down democracy activists or by the United States' enemies to track down the military intelligence officers that use the network.
"Mr. Moore's solution will not solve the problem he is trying to solve, and in the process, he will hurt a lot of people that he should be helping," Nerad said.
Moreover, Moore's reliance on keywords to identify potential illegal transactions would likely have a high false positive rate, Nerad said.