[tor-talk] Attack against Tor: Statistic Manipulation Attack

adrelanos adrelanos at riseup.net
Fri Aug 10 00:28:24 UTC 2012

Hash: SHA512

There are not only technical attacks against the Tor network. Another
strong attack against Tor are legal attacks (i.e. attacking with laws,
not saying the attack is legal). The adversary tries to put Tor into
the worst light and tries to convince politicians to issue laws to
forbid Tor.

Recently it has been discussed to create statistics about for what Tor
is being used most. There are claims and discussions, that Tor is
mostly used for "bad" things.

Many powerful groups would gladly see Tor and any anonymous proxy
dead. Even whole countries are blocking Tor. (China, Iran, etc.) Also
other groups were happy if there were no anonymous proxies. (anti
copyright infringement, anti drug abuse, etc.)

Exit nodes:
- - by Tor design, don't know who is requesting the traffic
- - resolve DNS
- - obviously must know the IP of the destination are asked to connect to
- - can log the amount of traffic transfered
- - can log at which times how much traffic was transfered to a specific IP
- - can even log a curve, how much/less traffic was transfered, when it

The attack:
- - The adversary writes a program, a robot.
- - He keeps the source code of the robot secret.
- - He either rents anonymously a few virtual servers or a state-wide
adversary can also force a few local internet service providers to
grant many different IP's in different subnets and self host the servers.
- - He uploads only an obfuscated version of the robot to the servers.
- - Additionally he could put something legitimate on the servers for
distraction of the real purpose.
- - The robot will fetch "bad" www or .onion websites and imitate a human.
- - Imitation will be done by imitating mouse clicking, perhaps by
imitating using Tor Browser Bundle (for traffic fingerprint), by
randomizing the time between "mouse clicks", by randomizing the time
"viewing" a site, by randomizing how long he "stays" on the website,
by randomizing or imitating etc.
- - From one IP/connection the adversary can run many instances of Tor
or build many Tor circuits.
- - At the beginning only a very few robots will do that, to avoid the
fraud being detected. The amount of "Tor users" (which are actually
robots) from the attacking country will grow slowly, so it looks
- - Optionally, to strengthen the attack, the adversary could also host
or support "bad" hidden services. Run an exit node as well and push
for "creating Tor statistics" to "prove" Tor is mostly used for "bad"
things to get a reason to ban it.

I am sure, if the robot and attack is well designed, neither exit
nodes nor anyone else are able to distinguish between robots and
humans. They also can not find out that such a attack was run from one
specific country.

In conclusion, even if we had a statistic, they're possibly or likely
manipulated by a (powerful*) adversary who wants to see Tor shut down.

*powerful: The actual programming of the robot can be probable done
even by a low skilled programmer or otherwise cost very little (below
1000$) compared to a powerful adversary who can easily spend a lot
money. Perhaps also running the attack is cheap, it would have to be
tested how well many circuits and robots scale on low cost vps to have
a significant impact on the statistics.

Best defense against this attack is to develop the robot, to test-wise
run it and to prove it's working. That would make any statistics about
Tor less credible.



More information about the tor-talk mailing list