A Threat Actor Has Been Running Hundreds of Malicious Tor Relays Since 2017

ConcernedCitizen · 01-14-2022, 03:04 PM

(01-14-2022, 02:50 PM)Marshland Wrote: Honestly I had no idea this was possible. I wonder how they would be able to manipulate the traffic. Pretty scary stuff

By deep packet inspection (DPI) and editing sent packets as they're in transit from to or from exit node. Traffic isn't that hard to manipulate. You only need to fake the destination, pretend to be the sender or simply intercept the information and repackage it. Government has been doing this for decades at the request of the NSA to place backdoors in hardware components - sometimes during shipping - to their intended (presumably criminal) buyer. It's similar to that except on a software level which is much easier and costs a fraction of the time.

https://www.theverge.com/platform/amp/20...-plant-spy
https://techcrunch.com/2014/05/12/nsa-al...backdoors/

Marshland · 01-14-2022, 03:13 PM

(01-14-2022, 03:04 PM)vittring Wrote:
(01-14-2022, 02:50 PM)Marshland Wrote: Honestly I had no idea this was possible. I wonder how they would be able to manipulate the traffic. Pretty scary stuff
By deep packet inspection (DPI) and editing sent packets as they're in transit from to or from exit node. Traffic isn't that hard to manipulate. You only need to fake the destination, pretend to be the sender or simply intercept the information and repackage it. Government has been doing this for decades at the request of the NSA to place backdoors in hardware components - sometimes during shipping - to their intended (presumably criminal) buyer. It's similar to that except on a software level which is much easier and costs a fraction of the time.

https://www.theverge.com/platform/amp/20...-plant-spy
https://techcrunch.com/2014/05/12/nsa-al...backdoors/

ooh thats interesting!. I assumed with everything https encrypted nowadays it would be much be difficult to alter traffic.

ConcernedCitizen · 01-14-2022, 03:25 PM

(01-14-2022, 03:13 PM)Marshland Wrote:
(01-14-2022, 03:04 PM)vittring Wrote:
(01-14-2022, 02:50 PM)Marshland Wrote: Honestly I had no idea this was possible. I wonder how they would be able to manipulate the traffic. Pretty scary stuff
By deep packet inspection (DPI) and editing sent packets as they're in transit from to or from exit node. Traffic isn't that hard to manipulate. You only need to fake the destination, pretend to be the sender or simply intercept the information and repackage it. Government has been doing this for decades at the request of the NSA to place backdoors in hardware components - sometimes during shipping - to their intended (presumably criminal) buyer. It's similar to that except on a software level which is much easier and costs a fraction of the time.

https://www.theverge.com/platform/amp/20...-plant-spy
https://techcrunch.com/2014/05/12/nsa-al...backdoors/
ooh thats interesting!. I assumed with everything https encrypted nowadays it would be much be difficult to alter traffic.

With sufficient control over a network you can do whatever you want.

Marshland · 01-15-2022, 02:53 PM

Is there anyway to circumvent this problem or is this just an inherent weakness of Onion Routing? I've grown quite fond of using TOR for anonymity

testaccount · 01-15-2022, 05:43 PM

(12-30-2021, 10:50 PM)echo_blini Wrote:
(12-07-2021, 03:42 PM)mothered Wrote: I've never used Tor purely on Its own. It's a poor decision to do so.

Tor over VPN and VPN over Tor (at the least) for added layers of anonymity. Primary and secondary DNS server encryption, Is also part of the equation.
How do you keep websites from timing out through all that? Tor even without a VPN seems to be slow enough to timeout frequently on many sites.

Security over speed I guess. It is inevitable that the connection will be slow due to multiple relays and encryption

Drako · 01-15-2022, 11:48 PM

(01-15-2022, 02:53 PM)Marshland Wrote: Is there anyway to circumvent this problem or is this just an inherent weakness of Onion Routing? I've grown quite fond of using TOR for anonymity

You could always use a VPN alongside Tor. I would recommend you use something like Mullvad or iVPN.

2nd2N0NE · 01-16-2022, 03:01 AM

(01-14-2022, 03:04 PM)vittring Wrote:
(01-14-2022, 02:50 PM)Marshland Wrote: Honestly I had no idea this was possible. I wonder how they would be able to manipulate the traffic. Pretty scary stuff
By deep packet inspection (DPI) and editing sent packets as they're in transit from to or from exit node. Traffic isn't that hard to manipulate. You only need to fake the destination, pretend to be the sender or simply intercept the information and repackage it. Government has been doing this for decades at the request of the NSA to place backdoors in hardware components - sometimes during shipping - to their intended (presumably criminal) buyer. It's similar to that except on a software level which is much easier and costs a fraction of the time.

https://www.theverge.com/platform/amp/20...-plant-spy
https://techcrunch.com/2014/05/12/nsa-al...backdoors/

That's why it is absolutely necessary to make a relay search for every Tor Bridge you use! Always! Compromiseless!
If anyone does not know how to do this:
In case you are not using Whonix Gateway but a normal Tor Browser - open Settings and request 3 New Custom Bridges:
[Image: 0000000001.jpg]

Then copy this section to the clipboard:
[Image: 0000000002.jpg]

Open Relay search in a new TAB: https://metrics.torproject.org/rs.html and paste it here & click search:
[Image: 0000000003.jpg]

Bandwidth should not be less than 2MB (better higher) and "Additional Flages" must be "NONE"! These are the most important 2 points!
[Image: 0000000004.jpg]

You should always have 9 but at minimum 3 bridges fit. And renew them at least once a week.

Dismas · 01-16-2022, 03:51 AM

(01-16-2022, 03:01 AM)2nd2N0NE Wrote:
(01-14-2022, 03:04 PM)vittring Wrote:
(01-14-2022, 02:50 PM)Marshland Wrote: Honestly I had no idea this was possible. I wonder how they would be able to manipulate the traffic. Pretty scary stuff
By deep packet inspection (DPI) and editing sent packets as they're in transit from to or from exit node. Traffic isn't that hard to manipulate. You only need to fake the destination, pretend to be the sender or simply intercept the information and repackage it. Government has been doing this for decades at the request of the NSA to place backdoors in hardware components - sometimes during shipping - to their intended (presumably criminal) buyer. It's similar to that except on a software level which is much easier and costs a fraction of the time.

https://www.theverge.com/platform/amp/20...-plant-spy
https://techcrunch.com/2014/05/12/nsa-al...backdoors/
That's why it is absolutely necessary to make a relay search for every Tor Bridge you use! Always! Compromiseless!
If anyone does not know how to do this:
In case you are not using Whonix Gateway but a normal Tor Browser - open Settings and request 3 New Custom Bridges:
[snip]

Then copy this section to the clipboard:
[snip]
Open Relay search in a new TAB: https://metrics.torproject.org/rs.html and paste it here & click search:
[snip]

Bandwidth should not be less than 2MB (better higher) and "Additional Flages" must be "NONE"! These are the most important 2 points!
[snip]

You should always have 9 but at minimum 3 bridges fit. And renew them at least once a week.

If I was a 3-letter, I wonder what my advertised bandwidth would be...

ConcernedCitizen · 01-16-2022, 11:50 AM

@Oni
I'm gonna go with either 69 Mbps or 4.20 Mbps.

Marshland · 01-16-2022, 12:12 PM

(01-15-2022, 11:48 PM)Drako Wrote:
(01-15-2022, 02:53 PM)Marshland Wrote: Is there anyway to circumvent this problem or is this just an inherent weakness of Onion Routing? I've grown quite fond of using TOR for anonymity

You could always use a VPN alongside Tor. I would recommend you use something like Mullvad or iVPN.

A vpn could work yeah i suppose, altho would that not make everything unbearably slow?