A lot of people use TOR as a sort of anonymity and encryption magic bullet, but that’s really not what it’s designed for. Your packets are encrypted and routed through various TOR nodes, each node only knowing about the node on either side of it and unaware of the full routing path, until finally it pops out of an exit node, is decrypted and then sent along its way to the destination. The fundamental idea is that only the exit node knows the final destination, and it doesn’t know where the packet originated unless the operator of the exit node is in cahoots with all the other nodes along the packets’ route. TOR is a routing anonymization service.
A couple of months ago, 100 government and embassy email account passwords were published by Dan Egerstad. What did these email accounts have in common? Individuals from these organizations were presumably using the TOR network to protect their communications, but by sending unencrypted traffic over the TOR network, they were actually exposing this data to a lot of potentially nefarious parties. But wait, the data moving over the TOR network is encrypted, right?
Which brings us back to the exit node. Your data leaves the TOR network in its raw form. So if you are using an unencrypted protocol, your communication can be read (or modified) by the exit node or anything between the exit node and the destination server. So while your immediate ISP can’t really tell who you are sending packets to, someone at an exit node can, and chances are good that that someone is more interested in your communications than the average server on your normal routing path.
This someone might be a government entity, a criminal organization, or maybe just some Swedish security researcher dude who is interested in what’s going over his five exit nodes and decides to publish the more interesting tidbits for the world to see.
Just to give you something to think about we did look into a few servers out of 1000 we thought looked interesting. We aren’t trying to tell you what to think, you will have to do that yourself.
Example of Exit-nodes that can read your traffic:
â€¢ Nodes named devilhacker, hackershaven…
â€¢ Node hosted by an illegal hacker-group
â€¢ Major nodes hosted anonymously dedicated to ToR by the same person/organization in Washington DC. Each handling 5-10TB data every month.
â€¢ Node hosted by Space Research Institute/Cosmonauts Training Center controlled by Russian Government
â€¢ Nodes hosted on several Government controlled academies in the US, Russia and around Asia.
â€¢ Nodes hosted by criminal identity stealers
â€¢ Node hosted by Ministry of Education Taiwan (China)
â€¢ Node hosted by major stock exchange company and Fortune 500 financial company
â€¢ Nodes hosted anonymously on dedicated servers for ToR costing the owner US$100-500 every month
â€¢ Node hosted by China Government official
â€¢ Nodes in over 50 countries with unknown owners
â€¢ Nodes handling over 10TB data every month
We can prove all this but not the intentions of each server. They might be very nice people spending a lot of money doing you a favor but it could just as well be something else. We don’t however think it’s weird that Universities are hosting nodes, just that you need to be aware of it. Criminals, hackers and Governments are running nodes, why?
The moral of the story is that you shouldn’t use TOR for the purposes of secure communications. You should be using TOR to anonymize routing. If you are passing indentifiable information over the wire that you don’t want read, such as your email or bank information, you need to use a secure end-to-end encrypted channel, like ssh, https, or ssl-imap. What TOR provides is a mechanism for anonymizing the routing of your communications so that people in your routing path don’t know who you’re sending a message to.
Moral #2 is that information you send through the TOR network is more than likely under higher scrutiny by many interested parties. Encryption matters here more than anywhere else.