You Can Hide, but You Can't Run

Privacy is a big concern when surfing theInternet. One major application has attempted to make Internetactivities somewhat anonymous. “Tor”is an anonymous Internet communication system that allows users to surfthe Web, send email, and use IM; all the while attempting to avoidnetwork surveillance, traffic analysis, and state security. Tor users’IP addresses (a computer’s basic identity) and exact locations are keptsecret as the users read important stories on the Web, send theirgrandmother an email, or chat with their new best friend.

Unfortunately, Tor also opens up other avenues of attack and one mustbe aware of the risk, in return for the benefit of being partlyanonymous. The way Tor works is that packets sent from your computeractually go to someone else’s computer, to someone else’s computer, andso on and so forth. Eventually, your data reaches what is known as an“exit node” (which is just another person’s computer), which connectsto the Web site you were trying to reach. The data then comes back toyou in a similar fashion. This way, when you browse Web sites, theremote Web site only sees the exit node and doesn’t know that yourmachine initiated the original request.

However, as your data traverses the Tor network it can easily bemodified, in particular at exit nodes. This differs when the averageuser doesn’t use Tor. For example, when you surf to symantec.com, youexpect to get data back from Symantec. You trust that your ISP and theISPs in-between don’t modify the data as it travels between you andsymantec.com. And, for the most part, that is true; although, this maynot always be the case—especially in some countries. But, when you useTor, you are not going through a trusted ISP anymore. You are goingthrough random users on the Internet, located all over the world, withquite a few of them being exit nodes. So, now when you go tosymantec.com, the person serving up the requested data fromsymantec.com has the ability the send you back whatever they want.This, of course, could be with malicious intent.

This can be used as a mechanism to inject exploit code, worms, orany other malicious entity from an exit node out onto the Tor network.A recent studyeven used this technique to inject code to determine the originatingmachine’s IP address. Furthermore, be aware that while your data isencrypted in the middle of the Tor network, at the exit nodes it mustbe decrypted and depending on what you are doing, you may not be asanonymous as you think (for example, don’t search for your own name).These risks are actually well documented on the Tor Web site.

So, when using Tor, be sure you understand the risks involved. Tordoes defend against traffic analysis, but it also opens your data up tobe easily sniffed by random users and those users can inject maliciouscode. In this case, closing one door opens up another.