Research & News in Tor, Privacy, & Security – Nov 16th, 2014

2 minute read

Posted by: Kiell

November 16, 2014

A research paper suggesting that over 81% of Tor users could be deanonymized through a traffic correlation attack was published by Sambuddho Chakravarty et al. The paper outlines how the “NetFlow” technology in Cisco routers, and similar technology included in most routers, can make users susceptible to traffic analysis. Cisco’s NetFlow technology is used to log certain information about the traffic passing through a router. The attack is accomplished by injecting a unique traffic pattern into the TCP traffic from an exit node, then comparing this traffic to a target’s NetFlow records. The attack depends on the attacker having the ability to access NetFlow records of many different routers. The Tor project team responded by writing that while this type of research is useful, it does not reveal a serious vulnerability in the Tor network. The Tor blog post stated that, “In summary, it’s great to see more research on traffic confirmation attacks, but a) traffic confirmation attacks are not a new area so don’t freak out without actually reading the papers, and b) this particular one, while kind of neat, doesn’t supersede all the previous papers.”

According to new research, the Tor exit node recently revealed to be adding malware to executable files was likely operating for a year before it was blacklisted. The exit node was targeting uncompressed executables downloaded over a non-HTTPS connection. The malware has been tied to MiniDuke APT family, which has been used in targeted attacks against NATO and several European government agencies. F-Secure researchers have been calling the malware “OnionDuke”, and they believe the relay operators have been using this attack since October, 2013.


Mozilla has announced that they are going to begin running several Tor relays, and is launching a Tor directory authority (unfortunately, neither company is going to operate exit nodes). Mozilla’s decision is part of their Polaris Privacy Initiative, which includes plans for better engineering support between Tor and Firefox.

The Wall Street Journal published a report that the US Marshals Service has been using small aircrafts equipped with “dirtboxes”, described as high-quality Stingray devices, to conduct cell phone surveillance on targets. Newer “dirtboxes” can also jam signals and intercept communications, such as SMS messages. When flying over an area, the device broadcasts itself as having the strongest local signal, forcing all phones to send their registration information. Information from ordinary citizens’ phones is collected during this process. However, sources have stated that non-target data is not saved.

Senate leader Harry Reid (D-NV) has called for progress towards a vote on the USA Freedom Act. The USA Freedom Act, designed to reform policies introduced in the Foreign Intelligence Service Act of 1978 (FISA), would establish new guidelines for the FBI to follow when submitting an application for tangible records to a FISA court. The act is supported by both the ACLU and the Center for Democracy and Technology, who have said that while the bill is not perfect, it is a step in the right direction. Reid has filed for a “cloture” vote, which would require 60 votes to pass the bill out of the Senate.

Updated: 2014-11-16