My article from the July 29th edition of Tech Tails received some interested responses from you the readers. Apparently I’m not the only one concerned about all my information floating out there for everyone to read. Last article I touched on TOR, the onion router and its use in keeping identities anonymous while browsing the internet. One thing I didn’t mention at the time is that its service is primarily supported by volunteers and anyone can volunteer to be a ‘node’, a point at which other service users will either bounce off of within the TOR network or a point where the user traffic will leave the TOR network and reenter the “clear net”, or normal internet. A researcher looking into online anonymity volunteered to be a node in order to see if it could be cracked and what he found out was quite interesting. Though his node was an exit point into the normal internet, he couldn’t determine who the traffic belonged to, but he could read the traffic. TOR data is encrypted while it bounces around inside the TOR network in order to try and protect it from node to node, however that data needs to be unencrypted or in the correct encryption for the destination server to read. Someone managing the exit node is capable of reading the unencrypted data packets, gleaning private information that was intended to not be read by the user using the service. Though the source of the data was hidden from the researcher, what was contained within the data was not.
This is the Achilles heel of the TOR network: one bad apple can spoil the entire recipe. However, there are many good apples trying to make a great dish. Many volunteers that manage network nodes are doing it correctly and maintaining the network so that average users can take advantage of TOR’s designed purpose. TOR is constantly the target of agencies and corporations. If it can be cracked there are organizations out there that want to know that it can be done and how to do it.
TOR isn’t just a tool to hide your identity when browsing the normal internet. It is also the host of many websites that are not indexed by major search engines, i.e. Google or Bing. These sites are privately maintained and in many cases contain illegal content. A few years ago during the rampage of Anonymous, the nefarious hacker group, many sites hosting illegal content on the TOR network were attacked and taken down for periods of time. TOR isn’t the only “Deep Web” network that hosts non-indexed websites and in fact, the statistic is that around 90% of the internet is actually contained in these “Deep Web” networks. These networks aren’t all that easy to get to and can open you up for attack if you are not careful.
I myself haven’t done more than learn how to connect to these networks, and just the three most known networks at that. I’m still researching how to protect myself and how to know if I am in fact coming under attack. Knowing is half the battle, and knowing when someone is trying to connect to your machine is crucial in protecting yourself. Once they are in, usually there is nothing they can’t do to harm everything on it. A lot of this still makes me nervous whenever I attempt to connect because my specialization is primarily hardware and I don’t have all the proper knowledge to protect myself. I hear either on the news or read online about hackers getting all this information and account passwords to all the most commonly used services and I wonder how it’s done. What do I need to know to better protect myself? How are malicious cyber-geniuses able to get into my system and through what vulnerabilities? While on this quest of knowledge seeking I have learned quite a bit about the different types of attacks, but not how they are executed. If the interest is there I will continue this line of research. Or if there is enough interest in another area that people want to know about, please let me know.