3.19.2007

Torment causes Moore harm than good

In August 2006, H.D. Moore of the Metasploit project and Month of Browser Bugs presented an idea that is now stirring up a hornets nest within the Internet. He proposes a “patch” to the Tor server software called Torment (Tor, everyone’s favorite traffic anonymity tool), that allows the traffic to be traced back to the user in an effort to combat "child pornography." This works by analyzing traffic as it passes through the Tor server and watching for keywords. If any keywords are found, the Torment software uses a Java applet to install software on the user’s machine, which then attempts to gather information about the user and phone home with it.

Let me be clear here. I expect nothing short of absolute and unabated outrage at the proposal, and further, the implementation of such an idea.

I’d like to stop child pornography and the many other electronically assisted evils that are banes to the digital age just as much as the next guy, but H.D. Moore’s proposition of Torment is flawed on so many levels that it should be dead long before arrival.

First and perhaps foremost, the entire point behind the creation of Tor was to reach nearer to the holy grail of completely anonymous Internet usage. The Tor project description clearly states this is necessary so that others cannot “track your behavior and interests” using traffic analysis. Tor might as well not exist if Torment is implemented.

Second, H.D. Moore certainly has a black-hat side – evidenced by his Metasploit roots, and more recently, the time he released a new zero-day every day for a month – however, Torment is being flaunted as a white-hat idea. H.D.’s goal is to “turn the tools over to law enforcement for their own use” to fight the aforementioned crimes. The thing he’s not mentioning is that Torment is no better than any other black-hat attack performed by any run-of-the-mill hacker. It sniffs the user’s traffic, injects code into their request, quietly installs software on their machine without their knowledge, gathers private data about them and their machine (external IP, internal IP, ISP, etc.), then sends this illegally obtained data back to the Tor server. This is no different than any other hack, and no different than breaking into a house. This is illegal, and an invasion of privacy.

Third, federal laws require ISPs (or anyone) who discovers the flow of child pornography and similar crimes to report it, however, the ISP is not required to watch their traffic and look for it. This means that if the ISP just ignores all the traffic, they aren’t liable to report anything – saving themselves a great deal of time, effort, liability, and litigation. By installing Torment, traffic will be analyzed on the Tor servers (which qualify as ISPs), and findings will have to be reported. This is an entirely new level of responsibility for which many Tor server operators are not likely to be prepared.

This rant is becoming a bit lengthy, so I’ll just briefly mention a few other salient points. If Moore’s intention is to turn these tools over to law enforcement, does this mean that we can assume they will be in use and that law enforcement will be watching our traffic without our knowledge? Sounds like a wiretap without a warrant to me. Due to the likely inadmissibility in court of any evidence collected through these means, law enforcement may not even be interested in these tools, but by publicly releasing Torment, H.D. Moore will have just opened another black-hat door to anyone with the means to run/control a Tor server.

Through all this doom and gloom, there are some quick fixes to protect ourselves. From my understanding, if Javascript is not enabled in your browser (which Tor recommends anyways), then the key applet will not function. Second, if you need Javascript (as many online activities do), this tool is looking for keywords. As with any signature-based detection, its accuracy depends entirely upon its dictionary, and if even minute changes are made to the traffic, it may not be a signature match any more. Keep these points in mind as you use Tor or any other anonymous communication protocol. The aptly named Torment may do exactly that to Internet users, so I’m glad that we at Vulnerable Minds have Subrosa in the works.

Posted by Tim at 01:09

Labels: , , , , ,

2 comments:

Scott J. Roberts said...

And Tim wins this months Witty Title of the Month Award!

It's an interesting premise. I always debate the usefulness of TOR. It's an interesting project, and you know I love good anonymity, but is there such a thing? TOR has been shown to be vulnerable to timing attacks conducted by large adversaries, and who's bigger than a government (esp our own, or China's, or the EU), and since the people who'd have the easiest time breaking it are the people you're most likely trying to use it to avoid it's really sorta pointless. So what's a boy to do besides write his own anonymity software that runs over common ports and has some protection against timing attacks. Crazy eh? Regardless it's a nice look at this interesting technology.

20/3/07 09:00
GpMidi said...

I read an article a while back that was talking about the government using Tor. Using something like it makes a lot of sense if you want to browse without anyone knowing that the government is doing the looking.

I'm found of both Tor and Freenet. Both taking different approaches to a truly anonymous Internet.

--
"I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say 'Daddy, where were you when they took freedom of the press away from the Internet?'"
--Mike Godwin, Electronic Frontier Foundation

6/7/07 23:12

Post a Comment

Subscribe to: Post Comments (Atom)