[tor-talk] List of ways to attack Tor

windows95 at national.shitposting.agency windows95 at national.shitposting.agency
Thu Jan 5 01:55:20 UTC 2017 

Hello
I'm tasked with doing a short report on the ways in which Tor can be 
attacked.
I've brainstormed and done research for few hours and this is the list 
I've come up with.
Is there anything big that I've missed?
I feel I might be a bit light on more technical attacks.

Your help is greatly appreciated.
Thanks

Realistic attacks against Tor:
-DDoS directory authorities, possibly knocking the entire network down 
after a time
-DDoS hidden service directories to keep a specific hidden service 
offline
-DDoSing specific hidden services to keep them offline
-Hacking the directory authorities and spreading false network 
information, perhaps to direct more people to malicious relays
-Repeatedly requesting information about bridges until you've built a 
list of all of them
-Traffic sniffing and analysis at the exits relays, perhaps leading to 
discovery of personal identity information
-Traffic modification at the exit relays (e.g. JavaScript injection when 
a client visits a website using HTTP)
-Traffic analysis resulting in end-to-end correlation
-Traffic tagging resulting in end-to-end correlation (are there any ways 
to do this with current Tor?)
-Sniffing for hidden service addresses by becoming a hidden service 
directory and logging all the onion addresses you observe
-Inserting relays strategically so they become hidden service 
directories of a specific hidden service, then denying access to it
-Flooding the network with fake hidden services until the hidden service 
directories can no longer handle them all and run out of memory
-Tracking techniques (e.g. cookies, fingerprinting) being used for 
deanonymisation when the same browser is used for Tor and non-Tor 
browsing
-Tracking clients between exit relays via techniques such as 
fingerprinting
-Application layer attacks
	-Exploiting underlying browsers and applications
	-Taking advantage of insecure protocols being used such as BitTorrent
	-Getting clients to download and open files that call home with 
applications that aren't configured to use Tor (e.g. what I heard 
happened with the FBI pedo hacks or a trojan)
-Embedding yourself in the Tor community then advocating design 
decisions or inserting code that weakens Tor
-Same as above except for protocols and software that Tor relies upon 
such as encryption standards and libraries
-Taking advantage of existing weaknesses or back-doors in software that 
Tor replies upon (Heartbleed)
-Providing unofficial versions of Tor that contain back doors (as I 
assume is what is happening on mobile app stores, which are filled with 
unofficial Tor)
-Hacking the official Tor file servers to distribute back-doored 
versions of Tor
-Finding out what websites (and maybe hidden services) an improperly 
configured client is looking at by examining the DNS requests they make
-Breaking of encryption (in the theoretical situation that you have a 
computer powerful enough to do this, such as a quantum computer)
-Identifying Tor users and hacking them (isn't this what the FBI intends 
to do from now on?)
-Social engineering
	-Ruin the reputation of tor
		-It was invented by and funded by the government, therefore:
			-It's contains back-doors
			-It's a honey-pot
		-The FBI arrests paedophiles who use Tor every other day, obviously 
it's not secure
		-Using it will make you a target. You connect once and you're a person 
of interest for the rest of eternity; you'll have NSA agents reading 
your email and CIA agents going through your trash
		-Only criminals use Tor
		-How could something that is free be more secure than something that 
costs money? Use a VPN
	-Ruin the reputation of developers
	-Encourage the project to get overly political on unrelated issues, 
dividing the community
	-Dictate that certain kinds of research cannot be done about Tor so 
that vulnerabilities will never be discovered and fixed
-Government or ISP blocking of Tor (e.g. the Great Firewall)
-Making use of Tor a crime
-Websites blocking Tor exit relays or crippling Tor users' ability to 
use the site
-Have law enforcement and copyright holders harass exit relay owners 
until they shut down

More information about the tor-talk mailing list