Lizard Squad Targets Tor 83
mrspoonsi tips news that Lizard Squad, the hacker group who knocked Xbox Live and the PlayStation Network offline on Christmas morning, has now turned its attention to Tor. After tweeting that they were targeting a Tor-related zero-day flaw, the group is now in control of 3,000 exit nodes — almost half of them. "If one group is controlling the majority of the nodes, it could be able to eavesdrop on a substantial number of vulnerable users. Which means Lizard Squad could gain the power to track Tor users if it infiltrates enough of the network."
Zero-Day Flaw? (Score:3, Informative)
They set up their botnet as tor nodes. How exactly is that a zero-day flaw?
Re: (Score:1)
Are these guys gathering information for the government now or something?
Re:Zero-Day Flaw? (Score:4, Insightful)
Yes, yes you are.
This is why we can't have nice things.
Re: (Score:2)
Of course we can. Reality - including human nature - simply sets the design parameters for those nice things. For example, would it be possible to fit major torrent clients with built-in (non-exit) Tor nodes? That way, torrent traffick would not swamp exit nodes and would actually help hide the kind of traffick Tor was originally designed for.
Re: (Score:2)
Re: (Score:2)
They're not gathering information. Perhaps the targets will make more sense once you understand that the perpetrators are tweeny- and teeny-boppers. Squeakers, and griefers, desperate for attention and approval from their peers. Their message is: "See what we can do? LOL! Please think we are cool."
As for you, please get a VPN.
Re: (Score:2)
NSA is pissed because their tor nodes only make up half of the remaining nodes and this makes it difficult for them to eaves drop. ;-)
The TOR Project was well aware of this a while ago (Score:5, Informative)
so i believe they are working on a fix.
Re: (Score:1)
It must have been happening already for that 'prediction' to be so accurate.
Re: (Score:2)
Almost certainly the US Three Letter Agencies as well as foreign intel have known about this flaw - and how to leverage it - for a long time. Clearly, tor is not secure and hasn't been for awhile.
Re: (Score:1)
> Clearly, tor is not secure and hasn't been for awhile.
If by "clearly" you mean "innuendo, rumors, and undocumented third-party hearsay" you would be correct.
Re:The TOR Project was well aware of this a while (Score:5, Interesting)
This is seriously one of the first things anyone in security would have thought up
Ah, the /. 30-second expert. Indeed, the TOR guys did think of that too.
Malicious exit nodes do not per se compromise TOR, though they are in a position to take advantage of some potential exploits (also, exit nodes are irrelevant to .onion servers) It's been known since the start that if an attacker both controlled the exit node and could directly tap your line, there'd be and endless stream of exploits possible - and IIRC the NSA had just such attacks in its arsenal. But that doesn't scale - you have to be actively monitoring a specific target to de-anonimize them, you can't do it to everyone. If the NSA actually got warrants when they did that to Americans [pause for laughter] I think it's a fine system.
TFA seems to be about taking over more than half of all TOR nodes, which can hardly be done in secret, and really makes 0-days in the TOR bundle visible.
Far more worrying, especially for the conspiracy theorist, is the never-ending stream of vulnerabilities in .onion servers allowing the operators to be de-anonymized. It's hard to believe TOR wasn't designed that way. TOR seemed designed from the start as a system to let Chinese dissidents use American servers safely, but not allow Silk Road-style sites (servers illegal in the US) to stay up. That IMO would be pretty cool if the US itself weren't growing ever more repressive.
Re: (Score:3)
Malicious exit nodes do not per se compromise TOR...
What other obvious use would there be?
I need a car analogy, damn it...
Re: (Score:2)
Malicious exit nodes do not per se compromise TOR...
What other obvious use would there be?
I need a car analogy, damn it...
Ok, Ok, how's this?
What if you were driving down the road, and lost control of your car, and plowed into an onion patch?
How may onions have to be run over for the field to considered compromised?
Re: (Score:2)
Ok, Ok, how's this?
What if you were driving down the road, and lost control of your car, and plowed into an onion patch?
How may onions have to be run over for the field to considered compromised?
Depends on the number of onion plants. If it's around 6000 onion plants, maybe around 3000 or so?
And you better be driving a big 'ol redneck Haus pickup truck with a cow catcher on the bumper.
Re: (Score:2)
that depends, how much tyre rubber needs to be deposited before you can't taste onion anymore?
Re: (Score:3, Informative)
Actually the parent appears to be correct- they aren't actually taking over relays. There's a 5 hour old tweet on the torproject's twitter with the following statement:
"This looks like a regular attempt at a Sybil attack: the attackers have signed up
many new relays in hopes of becoming a large fraction of the network.
But even though they are running thousands of new relays, their relays
currently make up less than 1% of the Tor network by capacity. We are
working now to remove these relays from the network before they become
a threat, and we don't expect any anonymity or performance effects based
on what we've seen so far."
Re: (Score:2)
you have to be actively monitoring a specific target to de-anonimize them, you can't do it to everyone. If the NSA actually got warrants when they did that to Americans [pause for laughter] I think it's a fine system.
You laugh, but at what point in an investigation would you be aware of the target's nationality?
Do you know the nationalities of the Lizard Squad members, for example? When would you, before or after this process?
Am I an American citizen? I can't get a driver's license without something like three forms of proof I live here, so tell me how does this work on the Internet?
Warrants for de-anonimizing Americans on the Internet... explain that paradox.
IP addresses are not people, the Internet has no borders, i
Re: (Score:2)
"low-ID"? WTF are you talking about?
Re: (Score:2)
Keep believing your US Government honeypot is "secure". The rest of us will be laughing when you get arrested for browsing your pedo sites.
Considering the type of attack in question, tor can be anyone's honeypot.
That it is "sold" as something like a "darknet" is shameful.
Re: (Score:1)
It was made for them.
Also they found out who was running that drug store.
Re:The TOR Project was well aware of this a while (Score:5, Informative)
Not the same issue at all. All this is is IdiotSquad starting up a bunch of Google Compute VMs as tor exit nodes.
Oops (Score:2, Interesting)
They have just kicked the hornets nest..... people who have the ability to track them down and take their revenge
Re: (Score:2)
no kidding
there ARE groups you just DO NOT PISS OFF
the non govt. professionals like the ones behind offensive security and like
are not to be messed with lightly
Re:Oops (Score:4, Insightful)
no kidding there ARE groups you just DO NOT PISS OFF
the non govt. professionals like the ones behind offensive security and like are not to be messed with lightly
I'm more concerned about dissidents in dangerous places and the reporters who cover such places. They deserve to have secure channels. I hope the community can come up with something.
Sybil attack? (Score:4, Informative)
Not really an 0day exploit (Score:5, Informative)
https://twitter.com/kaepora/st... [twitter.com]
https://twitter.com/kaepora/st... [twitter.com]
You can see this whole list of tor nodes here: https://torstatus.blutmagie.de... [blutmagie.de]
All Lizard nodes resolve to *.bc.googleusercontent.com
Re: (Score:2)
Re: (Score:2)
You can see this whole list of tor nodes here: https://torstatus.blutmagie.de... [blutmagie.de]
All Lizard nodes resolve to *.bc.googleusercontent.com
That's not the whole list. I've been running a node for years, and it's not listed on that page.
Re:Wonder what 0 days are in use... (Score:5, Informative)
Eavesdropping... (Score:2)
If one group is controlling the majority of the nodes, it could be able to eavesdrop on a substantial number of vulnerable users.
I'm willing to bet the NSA has prior art on this.
Re:Eavesdropping... (Score:5, Funny)
I'm willing to bet the NSA has prior art on this.
You think the Lizard Squad is teenagers? The conspiracy theorists have been warning us that the NSA is run by the NWO and Lizard People for decades.
Headline is wrong and sensationalistic (Score:5, Informative)
Re: (Score:1)
You do realize what site you're on right? I'm pretty sure the only reason the logo bore the "news for nerds slogan" was that "wrong and sensationalistic" would be too honest and too hard for the editors to spell properly.
Re: (Score:1)
You're correct, they seem to be bringing up new tor nodes in an attempt to intercept traffic, but they are hardly routing anything at all.
Close enough to the truth as makes no difference. (Score:2)
They haven't taken over 3000 Tor relays - they have set up 3000 new relays of their own, thus having control of over 50% of the available relays.
If you capture over half of the traffic that moves over Tor haven't you for all practical purposes taken control of the network?
Re: (Score:3)
They have half of the nodes, but 1-2% of the traffic. They set up a bunch of new nodes, not took over existing nodes. As a result, they have a bunch of nodes that not many people are using. As the issue gets more attention, more of their new nodes are cut out of the loop.
Flag them all as bad (Score:3, Interesting)
... and be done with it. Isn't this what the BadExit [torproject.org] flag is for?
Prove it. (Score:2)
Clip art squad (Score:5, Funny)
Each time this group makes the news, the sales of lizard stock art skyrockets. I'm starting to think the whole thing is a PR stunt funded by Getty Images.
Why are the Loser Squad still walking free? (Score:4, Interesting)
"Lizard Squad" has been DOS'ing game servers, twitch.tv, and more for months. Surely the NSA has tracked these idiots down, and the FBI has had more than enough time to parallel construct a plausible investigation that didn't involve getting tipped off by NSA. Right? So why are these morons still sitting around in their parents' houses interfering with millions of regular people who are just trying to play games or browse the web? Big companies are being targeted, lots of money is being lost through the game server outages, why haven't these morons been put under the jail by now? They threw the entire weight of the federal government at Aaron Swartz for downloading a bunch of PDF files and yet the Loser Squad has been DOS'ing many companies for months with impunity? Makes me wonder if NSA et. al. aren't the ones behind the attacks.
Re: (Score:2)
They should not bother being behind the attacks. They can just wait a lil longer until auntie and nephew both agree when a politician comes up on TV shouting: Damn hackers! we need internet regulation!
The (cyber) antagonists, are likely useful idiots when two things occur:
1- their target is made of mostly normal people, and does not involve structural damage or structural revolution of the status quo.
2- their act gets lots of attention in the media.
One would be really antagonist if you made useful FOSS, new
All suspect nodes must be blacklisted (Score:2)
You have to be able to control which exit nodes you use.
There is something to be said for E2E encryption (Score:2)
the outward node has a public key, the receiving node has the private key, nothing in between gets anything useful.
I mean, why overcomplicate shit?
Hell, for that matter - airgap it.
Re: (Score:2)
You know the senders and receivers. That's what Tor tries to stop.
Re: (Score:2)
I don't get it. I mean, what would be the point of an anonymous broadcaster if you don't know where to go to authenticate the information? Yes, that'd be a valid use-case IMO, but it falls on its arse when it comes to actually validating stuff.
I have information that *needs* to be out there, but I'm not going to broadcast it and not stand by it, that nullifies its value completely. I will stand by what I say, I will claim right when I piss people off because I will offer what they will not: evidence.
When I'
fruit loops (Score:5, Insightful)
Are they the lizardsquad or the lowest hanging fruit squad? If they had skills they'd do something that isn't totally gay.
Stupid and sad ... (Score:5, Insightful)
Bunch of bored kids over Christmas break that got fed up with CounterStrike and Call of Duty, so they are wreaking havoc for fun and getting way too much news time for it. I have almost gagged when I have seen a reporter saying on TV with a straight face that "it is not confirmed whether the attackers are linked to North Korea" and that "The attack is not thought to be a terrorist attack". *double facepalm*
I am not sure what is more sad, whether these jerks getting off on griefing others or the mom of one kid who couldn't play XBox over Christmas because of the DDOS and she lamented on camera - "What is he going to do now? He has nothing else to do!" I don't know - like going outside for a while?
Our society is really going downhill :(