The Tor network is often hailed as a fantastic tool for protecting the privacy of Internet users. Many are working to build simple anonymity products for the mass market based on Tor. However, the network is not as bulletproof as it may seem, and with more companies tying into it, there will surely be further attempts to crack Tor.
Josh Pitts, an IT specialist at Leviathan Security Group, found a rather serious problem recently. While using Tor, Windows updates were being replaced with malware: “By using a wrapper for the original binary, the malware authors do not invoke the NSIS error and bypass simple self-checking mechanisms,” Pitts wrote.
Because the malware was wrapped inside Windows files, the files either bypassed system update checks or gave users an error code, which led to users installing an unauthorized patch. Once the patch was installed, the malware had a direct path to the user’s system.
According to Larry Seltzer, a contributing editor for ZDnet, the problem may not be the malware, but the way the Tor network operates:
At no point in the path of a communication through Tor are both the real source and destination IP addresses unencrypted, and the routes through the Tor network are randomized, making eavesdropping within the network difficult at a minimum.
This function of the Tor network is the cause of the problem, which makes it nearly impossible for Windows to detect malware within its own update system. Indeed, malware has been deployed on the Tor network before, and some have noted that it may be “impossible to shut down” if it’s implemented in a certain way.
In addition to the malware, identifying information can be gathered by those seeking it. Since Tor relies on entry and exit nodes, users can be tracked through them, as was the case with the FBI. However, even the act of using the Tor network makes you a target for government surveillance.
“The NSA has given people a devil’s bargain: Either go along with its programs and accept that some of your information will be collected, or attempt to resist the NSA and get labelled a ‘target’ for caring about your digital security,” wrote Nathaniel Mott, a staff writer for PandoDaily. Mott also identified a number of problems Tor currently has, which make it less than perfect.
Tor may be important, but it’s still a fairly new service concept within the framework of the Internet. Anyone currently using Tor is testing the boundaries of what it is and what it does, even if they are just using it to access Facebook.