We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Making an IP hidden/anonymous surfing
Comments
-
Hi Fwor,
He didn't actually "hack" Tor or infact do anything particularly clever at all.
Tor works by making traffic take multiple hops before hitting an "exit node".
Because each Tor node only knows about the node berfore and after it - the traffic is much harder to "trace back" to it's originator quite often crossing different legal boundaries (i.e countries around the world).
Each Hop between each Tor node is encrypted by the Tor software.
However at the "Tor exit node" the traffic is reverted back to the state it entered the Tor chain.
So if you "put in" unencrypted traffic the "Exit Node" releases it as unencrypted traffic.
What he did was set up several PC's as Tor "exit nodes".
He then just "sniffed" the traffic leaving each exit node (sniffing in this instance just means intercepting and reading).
Inside this "exit" traffic he found a lot of unencrypted data that included the usernames and passwords of a lot of embassy traffic connecting to e-mail servers.
In essence the weakness was that the embassay staff didn't encrypt the traffic when they entered it into the system.
If they'd encrypted the traffic (using SSL for example) he would have just seen the encrypted traffic exit.
I'm not sure if that explains it very well but in essence any data sent over the internet "unencrypted" can potentially be intercepted and read.
Acting as a Tor exit node is a very good place to look for people trying to be secretive (especially when they don't get the security/encryption of the traffic correct).
In essence this is what Alfie said so they get the glory
As for anonymity - there are a lot of tools out there that can allow you to be very difficult to track down (whatever your reasons may be) but on an open communications network (which the internet is) it's very difficult to leave zero footprint.
O and this is my first post - please be gentle 0 -
Ah, ok, that's interesting - so it was mainly the lack of knowledge of the embassy staff, not realising how easy a Tor snoop is to do for unencrypted traffic.
And just to correct something that I got wrong earlier, it seems that Tor doesn't have any problem handling SSL transparently (I had thought it would fail due to the IP address change, but SSL doesn't care about what happens down at the network layer) so they really didn't have any excuse for not using it...
Thanks, I've learned a bit more about Tor now - even though I personally have no use for it!0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.7K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.2K Spending & Discounts
- 246.8K Work, Benefits & Business
- 603.3K Mortgages, Homes & Bills
- 178.2K Life & Family
- 260.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards