Drug-busting authorities “lied” about Tor weakness, devs claim

The November takedown of Silk Road 2.0 and other “dark markets” for drugs and weapons – originally touted as 410 hidden services by the authorities, then quietly revised down to 27 – was misrepresented as evidence of Tor’s vulnerability, developers of the anonymizing service have claimed.

Tor (The Onion Router) is a network of layers through which users can route their internet traffic, so as to obscure which sites and services they are visiting or using. Some so-called hidden services can only be accessed through Tor and, while many of these .onion addresses are legitimate attempts to evade censorship and surveillance, many are also gateways to illegal platforms for criminal activity.

“Psychological operation”

Speaking on Tuesday at the Chaos Communication Congress hacker conference in Hamburg, Germany, Tor project lead Roger Dingledine and developer Jacob Appelbaum accused Europol of a “psychological operation” that aimed to convince people that Tor was insecure. When it announced the success of Operation Onymous, Europol claimed that “criminals have considered themselves beyond reach” when on Tor, adding: “We can now show that they are neither invisible nor untouchable.”

“The Silk Road 2.0 guy wrote his name down somewhere so they brought him in and asked him questions,” Dingledine said, citing a chat he’d had with a contact in U.S. law enforcement, and presumably referring to Blake “Defcon” Benthall, who allegedly used his personal email address to set up the drugs marketplace. “He named 16 names, then they put out a press release saying they had an amazing Tor attack.”

Dingledine said the Tor team had taken away two lessons from the episode: this was another case where operational security had failed, as opposed to the underlying tech failing, and “these large law enforcement adversaries are happy to use press spin and lies and whatever else it takes to try and scare people away from having safety on the internet.”

“Europol’s people spoke about having some terrible attack,” Appelbaum added. “They really hyped it as much as they possibly could. It is a psychological operation against the civilian population.” Then again, he noted: “They could have some super-secret exploit, but as far as we can tell they don’t.”

Scare list

The developers also ran through various scares that have, through 2014, called Tor’s security into question. For example, the Russian government’s $110,000 “bounty” for cracking Tor was, according to Dingledine, a mistranslated misrepresentation of an unremarkable research call.

More serious, though, were several stories relating to the apparent ability of attackers to de-anonymize Tor users. The first involved the bogus Tor relays that aimed to de-anonymize users early in the year. The Tor crew seem convinced that this was the work of Carnegie Mellon researchers whose Black Hat talk about their Tor-attacking capabilities was cancelled at the behest of the university’s lawyers – Dingledine said Tor had subsequently built defences against such an attack, and Appelbaum said it was “disturbing that that talk was pulled… even if there’s egg on our face.”

Then, in November, reports of a research paper by Columbia professor Sambuddho Chakravarty said that more than 81 percent of Tor clients could be de-anonymized using a traffic correlation attack. This kind of attack involves being able to see both traffic going into Tor and traffic reaching certain services from Tor, and being able to correlate who’s visiting what as a result – it was also part of the apparent Carnegie Mellon attack.

As Dingledine noted, Chakravarty himself said journalists had misinterpreted his results — this was only an in-the-lab study, and the 81 percent figure referred to the proportion of his experiments that had resulted in successful de-anonymization within that environment. “Traffic correlation attacks are a big deal; they probably do work if you have enough resources,” the Tor lead said. “But that paper did not do the attack. The attack is real but the paper doesn’t tell us anything.”

A Der Spiegel report on Sunday – co-authored by Appelbaum with his “journalist hat” on – said the documents leaked by NSA contractor Edward Snowden had shown the agency has “major problems” in decrypting traffic flowing through Tor.