The Italian developer of government spyware Hacking Team had thought an attack on users of the Tor network, according to a presentation that was captured at the company and analyzed by the Tor Project. The Italian company said recently that it had an exploit for Tor Browser, the browser used to connect to the Tor network can be made.
Based on a preliminary analysis of the data by Hacking Team were stolen this turns out not to be the case. This week published an attacker about 400GB of files were from Hacking Teams network. Including a presentation on attacking encrypted connections and Tor users were found. The attack Hacking Team had thought comes down to that first briefly a target had to be chosen.
Next to be determined is how users connect to the internet. After this, the hardware would Hacking Team on the local network, such as the ISP, be put down. Next, wait until the user was using it with a different browser. By adding an exploit on the pages visited by the user, for example via the Adobe Flash Player flaw which Hacking Team disposal, the computer might be infected with malware.
If the control was obtained over the computer users of the Tor Browser could be set to use a socks proxy on a remote server that is owned by Hacking Team. This way, the user would not use the Tor client that is part of the Tor Browser, but the Tor client Hacking Team. Thus Hacking Team can view traffic before it goes to the Tor network.
Scalable
According to Tor Project, the organization that maintains the Tor network, the attack of the Italian company is not very scalable. In addition, attackers who control over a user's computer also have many other ways have to fall further users. At issue in this case mass surveillance but targeted surveillance. As a solution, the Tor Project recommends Tails, an operating system focused on privacy that does not use local "resources".
"Ultimately, security down here on having secure browsers. That's why we work hard to Tor Browser to create more resistant to attacks, but the lesson in this case is that they attack the weakest link in your system, and in the case of Hacking Team Tor Browser is not the weakest link, " says Tor developer Roger Dingledine.
No comments:
Post a Comment