TOR Security Concerns and Considerations

Hello again, as you know, I'm Eli, the computer scientist in today's class, for

security

reasons and

considerations

, so now there are many people who are trying to maintain their privacy on the Internet for good and bad reasons, basically they want to do it . Whatever they want to do on the Internet, but they don't want to be tracked by governments or corporations, so they've turned to Tor basically, at the end of the day, what Tor is is a mesh proxy server. So what happens is your computer connects to the Tor network and then any traffic you sent to the Internet bounces through three relays or nodes before going out to the Internet, so it goes from your computer to someone else's computer. and then to someone else's computer. another computer, Zion's computer and then to the Internet, cnn.com, google.com.

I'll applaud accom, whatever, so a lot of people think that this is a very safe way to go out and explore the Internet, and the reality is just Like everything, Tor is simply a tool that can be manipulated and compromised like any other technological tool. , so when you use something like Tor you have to realize that it can be compromised and that you may need to use multiple layers of

security

in order to do so. make sure your privacy is maintained again with lots of security things when you are dealing with your computer, don't just put antivirus software on your computer and say that's it, that's all I do right, you put a firewall on your computer, you put antispyware things on your computer, you put antivirus software on your computer, plus you can set security policies, it does a number of things to keep your computer safe and if you're going to use it. something like the Tor network, you should use multiple layers of security as well because, again, the Tor network can be compromised in different ways, so let's go to my little whiteboard right now so we can talk about the walkthrough. and then you can understand what the different security issues are with Tor, so basically the idea with Tor is that normally you have your computer and you have whatever internet site you go to, like cnn.com, so what normally happens from the way we think? it's your computer that connects to the internet cloud and basically goes directly to cnn.com when this link appears, that means cnn.com or whoever is monitoring this connection can see where the traffic is coming from, they can go oh, this is 208 50 5.66 or they can search for that information and then they can find out who you are, so when you're just serving up on the web, typically all of this information can be tracked, so the idea with the Tor network is that that traffic will bounce. through three other computers on the Internet and when we look at the world, these other three computers can be in many different geographic locations, one could be in the US, one could be in Europe, one could be in Africa, so basically, when your computer goes to connect to cnn.com, it will bounce to your computer in the US, then it will bounce to your computer in Africa, then it will bounce through a computer in Europe, and then it will go to cnn.com.

Anyone is monitoring this. The connection to this website or this website is set up, it is trying to monitor this information, basically what you will see is the information for the exit node, so this end computer, when it jumps to the Internet, will be able to see that information, you will see that the address of this computer is I don't know two 10.55 22.4, so you will be able to see the information of this computer, you will not be able to see the information of your computer, that is why people think that The Tor network maintains your privacy and anonymity, but As with all things, there can be problems with this, so basically there are several ways to get around the security that Tor tries to offer now, once you get into the Tor network, once you're dealing with the three computers on the that your traffic is bouncing through this data is encrypted, so this data is not sent unencrypted, it is encrypted, so when your computer connects to the Tor network, all these data links here and all this information They are encrypted now.

The problem is that people don't think about when you leave the Tor network and go to something like cnn.com, this final link itself is not encrypted by default, so if you are trying to browse a website on a country where they monitor your internet traffic, whether it's China or apparently the United States, basically all this data is sent right here, if you don't use another layer of security, passwords can be read, email information can be obtained, you can read anything you get. Passed on this final link to any website you go to that can be read because now it's clear.

One of the ways you can avoid this is by using something like VPN, so if you can use a virtual private network at all times. up to the endpoint you are reaching, it might be secure, but basically what you need to keep in mind when you are using the Tor network is that while you are inside the Tor network your traffic is encrypted, but as soon as you leave the network Tor, your traffic is not encrypted by default and anyone who can sit here between the exit node and wherever you go can read literally all the things that you are doing on your computer, so we are in the on the Internet, that's the first one of the problems we have with the Tor network.

The next problem we have with the Tor network is your own computer, so everyone thinks like Eli. I'm using a lot of security. I understand security. So I'm bouncing through this Tor network and all this information is getting more and more and then I'm using SSL or VPN or something like that, so this final link is encrypted. I'm end-to-end encrypted, well, one of the things a lot of people don't do. What I don't think about is what happens if your computer is infected with spyware, malware, or a key logger. Basically, that information can be collected immediately as you enter it into your computer and it can be sent in a different way, basically, instead of someone trying to do it. capture the information from your data stream, they can just go and grab the information literally as you type it into the computer, so one of the problems with Tor to worry about is spyware and security malware on your system , you are now a big part of the Americans will say, well, Eli, I use Norton, Eli, I use Kaspersky and I know that my computers are secure and that my fan base is, you know, a global fan base, some of you I know you in Syria and Iraq and all those fun, quirky places, the problem is that in many places in the world you use an Internet cafe, so basically you go to a place where you have ten computers and now you rent the computer by the hour, like me.

I talked about that, you know, if I were in charge of a super secret intelligence agency, you can bet the first thing I would do is go to every internet cafe in my country and infect every computer in those internet cafes with key loggers and spyware, like that. one more thing, like I say, I know I have fans in the Middle East right now and you guys are having all kinds of fun if you go to internet cafes, you realize once you connect to the Tor network, this can Technically It's secure, but when you're typing all that information into your computer, the intelligence agencies in your area may be grabbing that information literally before it hits the network, so that's one of the problems you're facing.

I'm going to have problems with the Tor network now beyond that, one of the things that people don't think about is that hackers aren't just quote-unquote people, they're anti-government people, a lot of times hackers are, in fact. , government types. themselves, so one of the things that happens is that sometimes the servers you try to connect to actually get infected with viruses that government agencies have created to specifically find out who is on things like the Tor network, so you go through of your Internet connection, you connect to a server that has been compromised, that server can try to read information from your computer in the same way that if you go to a bad porn site or a bad torrent site, they will.

Try to compromise your computer and do that kind of thing, so one of the things you have to think about every time you use Tor is how much you trust the computer you're connecting to on the other side. This just showed that the FBI did some neat things where they were able to compromise some Tor servers and that caused all kinds of problems for people who were trying to do a lot of child pornography, so this is something they should think about, so the question is: You're probably thinking, well, Eli, so what can we do to protect ourselves on Tor?

So if we are going to use Tor, Tor is a tool, what are the things we can do to protect ourselves while using Tor Be? It is very important that you understand that Tor Tor is not just a thing that protects you. You have to think about all these other security precautions when you are going to use Tor. Now, the first thing you need to do if you're going to use Tor is you need to use the Tor browser, so the guys who came up with Tor, the nonprofit not only have the Tor network, but they also came up with something called the Tor browser. , why it is very important to use it. a tor browser is because these servers can try to trick normal web browsers into giving away sensitive information, so you basically know through things like flash, through things like JavaScript, through the QuickTime plugin, through through all kinds of add-ons that you have installed in Google Chrome or Firefox. or Internet Explorer that you don't think anything about, they are there and they are so seamless that you don't even realize they are separate from the web browser, all those things can reveal information about you and compromise your systems, so every time you will use the Tor network.

Use the Tor browser. This is a version of Firefox that has been customized to try to keep you anonymous when you are on the Internet and doing things. The other thing is to use the Tor browser. The Tor fact sheet was explained to you that you should read it so they have a security element that you should read there, but make sure that you do not use multiple networking programs while using Tor, so that when you connect to the Tor network you use the Tor browser and then that's it, don't use Tor and Chrome at the same time, don't be like using Tor to view BitTorrent sites or whatever and then using Chrome at the same time to log into your Gmail account, the way networking works It is sometimes the best.

The servers you are connecting to may try to trick other pieces of networked software on your computer that are currently open into trying to connect without using the Tor network, so basically you are now connected to the server using Tor. That server can send a request and then if you have something like Google Chrome open Google Chrome which is not currently using the Tor network you may be able to connect to that server using your normal internet connection and then all your security will be compromised , so that's a bad thing. So when you are going to use Tor, use only the Tor browser and that's it, essentially, if you download software or anything from any of the sites you access with Tor, the first thing you should do, as always, is be careful not to download malware, spyware. viruses or any kind of things again, like I say, when you're dealing with a hacker community, the first thing you learn about the hacker community is that hackers really love to hack hackers.

I don't know, everyone thinks all hackers are in on this. together and they are very gentlemanly with themselves and then they hack everyone else, let me tell you that real hackers hack other hackers, it's kind of like what they do when you go to use something like tor and I'm going to go to hidden services and deep web websites and all that kind of junk, just realize that those sites may be being run by hackers who are more than happy to hack into your computer, so whatever you download and install on your computer. make sure it comes from a trusted source published as a source you trust because you may be downloading bad stuff, the other thing is to make sure that every time you go to look at documents or any type of media file you disconnect your computer from the network for full, we had a class before where I showed you iframes where I frames are basically these little pieces of HTML code that can go out and capture information or take commands from the servers every time that iframe is called, you can do things like embed iframes. in documents, so even if you're not on tour anymore, even if you're not using the Tor browser, you don't have Google Chrome open, you don't have any of that open, you open a document that's web-enabled if it has an iframe.

It will call the Internet, it will call the server from wherever it is programmed and then it can take information about you and send it to the server, so be careful with that, if you download any of these documents, make sure you don't read them. while it is connected to the network and I mean, it is not not connected to the network, since when pullingfrom the network cable, disable your NIC card, that's what I'm talking about. I'm not saying don't have Outlook. open I'm not saying don't have Google Chrome or Firefox open. I'm saying that you literally pull the cable out of the back of your computer if you're going to read any document you find while you're in the deep end.

Web, the last thing is that with Tor you can use more pieces of software on network type software other than the tor browser, you can use things like FTP and you can even use a BitTorrent, basically using something called Sox cs or-- c KS, if it supports sox, you can use that software. When using the Tor network, just be careful because if you're going to use things like FileZilla FTP BitTorrent, you have to make sure that you can figure it out perfectly, you know, as we've talked about in the past, if you get lost. a checkbox if you miss some stupid little thing when you are setting up a server, whatever software you are doing may not work well, the problem is if you are using tor to keep your privacy and on emiti and you are in a place where they will break down the door and they will hit you over the head with the butt of their gun if you make a mistake and the checkbox is not checked correctly.

That mistake can be very, very costly for you, so realize it. that with torie any Sox compatible software can use tor to route network information, but make sure you configure it perfectly now. The last thing I'm going to talk about with Tor security

considerations

is one of the problems I see every time I see my fanbase talk or hackers talk is that for some reason they have a very small view of how the Tor works. real world when they think about government when they think about how they are going to bypass systems they don't fully understand Think big enough about how the real world actually works and how much money and resources they face, so as I've talked about, the only thing of the Tor network that may be the biggest weakness of the Tor network is the The last final leg of network traffic from the exit node to whatever website you are going to write, that is the weak point because anything that comes out of that exit node, if there's some kind of man in the middle attack there, if there's some kind of log attack there all that information can be captured and read one of the things you have to think about when you're when you're when you're thinking about interaction with things like nation-states when you're thinking about yourself What intelligence agencies know is that they have billions and billions of dollars to spend, so when you think about exit nodes, you may be thinking on one compromised exit node or one hundred compromised exit nodes or one thousand compromised exit nodes with modern virtualization.

Well, you could, you could, you could, you could turn on an exit node, basically a computer that all it does is be an exit node and log all the traffic that goes through that exit node. You could activate it for a dollar in about five minutes, so imagine with intelligence agencies and today, you know, real static IP addresses only cost about ten dollars each, if they were willing to spend a million dollars a year , they could generate ten thousand exit nodes, it's not that difficult, like if someone gave me the money, I could generate ten. thousand exit nodes in a month with all the configurations and all the registrations and just recording everything that would happen there, so that's something to worry about again if you are, especially if you're in the Middle East, if you're in these authoritarian countries, you know those exit nodes, you know, if you go to Egypt, who knows if 50 percent of the exit nodes are actually owned by the government, that's something you don't know.

On the Tor network, you don't know who owns all those exit nodes and whether the exit nodes are literally logging every piece of traffic that passes through them. Now imagine if the US owns a million exit nodes and Russia owns five hundred thousand exit nodes and Egypt owns I don't know fifty thousand exit nodes very soon it becomes really scary to use it for the end point, let's go back to the drawing board again. . I want you to think again when you deal with nation-states, to think about the size of the things they are doing. When you're thinking about using the Tor network to maintain your anonymity, you know that's how we think about it, so we think about: you know there are three computers in the cloud, you connect to the cloud, you connect one computer, two computers, three computers and then you go to whatever website you're going to deal with, but the reality is that's not how the Internet works from a real structural point of view, what really happens is you have this cloud here, you have your computer and you have any website you go to cnn.com and then we have the three computers that your traffic will go through, so we think of it as kind of a straight line, well what really happens is you connect to the cloud to the Internet and then from there your computer connects to the cloud and the traffic goes down to your computer and then up from computer number one to the cloud and down to computer number two, from computer number two to computer number three, from computer number three and it goes to cnn.com or whatever goes to everyone.

Of these points here are being managed by ISPs, Internet Service Providers, Verizon is looking at Egypt Telecom and again, in many countries, the telecommunication service is totally controlled or basically controlled by the government, so one of the things in The way Tor is trying to maintain your anonymity is to route all the data through these different computers so that the endpoint can't quite see where the traffic came from if all these computers connect to a single ISP, let's say Verizon , Verizon can track all of that. traffic so Verizon can that's it so I see okay I see where this guy's computer connects to Verizon and then the data goes down to this computer and then up and then down up and then down up and then out and so Verizon can track all this data again like with everything related to security and hacking and all that, yes, it depends on how many resources are involved, but this is eminently feasible now if you are dealing with something like the NSA, right?

You know the NSA is trying to track down all that data. Basically you have your computer, you know where you're going and what can happen is you have these three computers in the middle and we have the cloud, well, let's say you go up and you connect to Verizon and then it goes down and basically this guy is using Quest and then it goes up and this guy uses Egypt Telecom and then it goes down and this guy uses I don't know French Telecom and then it goes up and then it goes out to cnn.com well, why what?

What the NSA is doing right now is important if they put little logging computers at each of these ISPs and then they send all that data back to a main database server so that data can be extracted, they can basically reconstruct this transmission of data they can see. in this millisecond the traffic came from your computer to Verizon which went down to Quest and in the next millisecond it went from this computer to Egypt in the next millisecond it went from Egypt to France and during the next millisecond blah, blah, blah, blah, blah , and then all that information goes to their big servers so they can Mayer.

Now this is not an economical solution. It is not something that they are going to do to absolutely everyone on the Internet because it is difficult and requires resources, but that is how it is. something that is eminently imminent, so these are the considerations you should think about if you are going to use Tor. This is one of the reasons I say I don't give a damn about Tor because yeah, I don't know. It's, it's just in daycare, I mean, yeah, I can't imagine why I would use Tor other than to paint a target on my forehead because there are a lot of problems with this particular technology and to use it correctly in To use Tor in a way that it's really secure and really provide anonymity and privacy, many other layers of security need to be added.

I have to believe that there is simply a better solution. That's my personal opinion about Tor. If you're going to use Tor, what you need to worry about is remembering that that final exit node, a final link from the exit node to whatever site you go to, that information is sent in the clear unless you do something else. All of that information can be read if your computer is infected with malware or spyware or if you go to an internet cafe that already has spyware keyloggers installed. All of that information can be captured before it is even sent to the Tor network.

The information that is sent on the Tor Network, one of the things you also need to think about now is basically all the information that is sent, but from computer to computer on the Tor network can be recorded and captured now. One of the things people say is yes, you lie. but all that information is encrypted if you've been following everything related to the NSA leaks and all that you know is that the NSA is doing everything they can to not only break the encryption but also try to remove the faulty encryption that the people already know about. issues.

So even though the data is encrypted, one has to wonder what the real value of that encryption is. One of the other interesting things that has come up with the whole encryption dynamic is that, from what I've read, the NSA is not a lawyer. He's not very specific with us, but from what I understand, any encrypted data that the NSA doesn't can discard immediately one way or another, you can actually retain it indefinitely, so the computers we're thinking about. technology, the iPhone, the iPhone that I have in my pocket is as powerful as the computer that I had on my desk twelve years ago, you know, decrypting encrypted data can now be encrypted to the point that it cannot be decrypted if the NSA believes which is valuable data, they put it on their servers and let it sit for seven or eight years until a new technology comes along that can destroy the encryption that you put there and that can cause some very serious problems for you. a long way to go, if they keep that data for ten years then they will be able to decrypt it, then you will have done something wrong, the police or intelligence services may come knocking on your door, so again, something to think about. there and also remember that we are talking about the NSA.

There is another one, you know, Egypt, Iran, Russia, that knows how long they will keep the data and to what extent in the future it could come back to you and cause you problems now again. If you are going to use the Tor network, remember to use the Tor browser. It is very important that you use a Tor browser. Google Chrome Firefox Internet Explorer. They may be secure, they may protect themselves, but they already have the Tor browser. Why bother again? the Goethe papers, any documents you download, make sure that if you're going to read them, you completely disconnect your computer from the network when you do so, and again, if you look at the Tor documentation, you'll notice that any network software that supports Socks can use tor to send and receive data, just make sure you can understand that software completely and absolutely perfectly because if you don't, you don't want to accidentally divulge information and not realize it.

I suggest that if you are going to do it. use other software FTP software BitTorrent software any attempt to use the Tor network build your own server connect to your own server from the client you set up and see if it is leaking data that way I would do a test with your own servers to make sure it is not you are leaking data that you are not aware of and again with any of the servers you are connecting to if they are compromised if they have malware if they have viruses if they have been taken over by hackers I am trying to get information from you again.

The Tor network doesn't protect you from those types of attacks, so those are the things you need to think about when using it. I know a lot of my followers are like tours too. let me tell you again if you have an ounce of respect for me what you don't have to have two ounces you respect me if you have an ounce of respect for me just realize that I wouldn't use tor if I had a reason to use tor I still wouldn't use tor , there have to be better solutions, so as you know, I'm Eli, the computer scientist in today's class, for security

concerns

and considerations, as always, I enjoy recording this class and look forward to watching the next one.