[tor-talk] Is this a practical vulnerability?

Eugen Leitl eugen at leitl.org
Fri Oct 19 15:38:23 UTC 2012


On Fri, Oct 19, 2012 at 11:25:34AM +0100, Anon Mus wrote:

> e.g. lets say a node is in a server in an IBM/US telecoms company based  
> in France, then that server will almost certainly be routing ALL its  
> traffic through the USA and back to itself (or another node in the same  
> company) before sending it on to the next external node. This diversion  

While it is no secret that intercontinental fiber taps exist, you 
would not route the traffic itself over the Atlantic to an
intercept and analysis point and then back (you would see that
in giant added latency), but to tap the signal not too
far from the fiber landing point, since you would need to
analyze it in a somewhat big box probably not residing on the seabed.

It is probably easier to local intelligence services to 
co-operate intensively, and intercept data close to exchange
points, and share results of analysis (only sharing realtime
communication taps on a very small set of high value targets).
Such sharing can happen over dedicated channels, or over VPN
tunnels over the public Internet.

> is NEVER reported as ONLY a single "virtual node ip" is quoted. The only  
> way you can ever tell its been done is by looking at the time delay,  
> however this is also often difficult/impossible to spot because these  
> routes are often the fastest on the internet. OK - I know this goes on  
> for certain because there are internal tools used within these companies  
> to trace the TRUE route and I have seen such servers send their traffic  
> in this manner 24/7 - 365. Having discussed this as "wasted effort" with  
> a network engineer I was told there is a "payment" made somewhere to  
> compensate. At the same time all of this is camouflaged in apparently  
> nice and legitimate reasons for it being that way, but when you pull it  
> apart you see the lie, but you can't PROVE it.
>
> As about 70% of Europe's internet traffic passes through an IBM/US  
> telco's servers then it almost certain that in any one of these Tor node  
> to Tor node connections there is at least one sub-nodes that passes the  
> traffic through the USA, who is the global adversary using Total Traffic  
> Timing Tracking.

Passive traffic analysis does not require being part of the Tor
network (though operating a noticeable number of compromised Tor 
nodes would give you additional information which is not easily
available with traffic analysis).

>
> You should be able to work the rest out for yourself.


More information about the tor-talk mailing list