Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Tor Network Used To Command Skynet Botnet

samzenpus posted about a year and a half ago | from the bad-stuff dept.

Botnet 105

angry tapir writes "Security researchers have identified a botnet controlled by its creators over the Tor anonymity network. It's likely that other botnet operators will adopt this approach, according to the team from vulnerability assessment and penetration testing firm Rapid7. The botnet is called Skynet and can be used to launch DDoS (distributed denial-of-service) attacks, generate Bitcoins — a type of virtual currency — using the processing power of graphics cards installed in infected computers, download and execute arbitrary files or steal login credentials for websites, including online banking ones. However, what really makes this botnet stand out is that its command and control (C&C) servers are only accessible from within the Tor anonymity network using the Tor Hidden Service protocol."

cancel ×

105 comments

This was expected... (5, Insightful)

mlw4428 (1029576) | about a year and a half ago | (#42237791)

That's the cost of sane privacy controls -- sometimes it can be used for bad purposes. Society should be looking inwards at the cause of this. Spying on people, tracking their every movement, and abusing the legal systems of countries created a need (and a demand) for a type of security system that would protect you to the n-th degree. Now we've got a solution and it will be abused. What needs to happen is companies that make software need to invest into security and response. We're never going to stop the threat, but we can minimize the damage and downtime.

Re:This was expected... (2, Insightful)

flyneye (84093) | about a year and a half ago | (#42238049)

Or, is it some bullshit plot and propaganda cooked up by our asshat federal government to justify screwing the crap out of the creaTORs.
In this age of federal lies and manipulation by Repubmocrat swine , does not the wisdom " don't believe what you read in the media" take on that third dimension in bold print and multi colored neon?
In a perfect world the paperboy would only bring the funnies.

Re:This was expected... (4, Insightful)

dririan (1131339) | about a year and a half ago | (#42238165)

The person you replied to with your tin foil hat spiel actually made a pretty decent point. Even if this is somehow some "bullshit plot and propaganda" (why would they wait until now to do this, by the way?), people creating tools to give themselves privacy because they don't have it otherwise because of "[s]pying on people, tracking their every movement, and abusing the legal systems of countries created a need (and a demand) for a type of security system that would protect you to the n-th degree" (quoting OP, not you) has inadvertently given criminals the same amount of privacy to do nasty things (such as hosting C&C for a botnet), and also that this would have been avoided by giving people privacy and treating them like humans. If this actually is some "bullshit plot and propaganda", there is absolutely nothing stopping it from becoming real.

Hell, I'm absolutely positive that this isn't [slashdot.org] the [slashdot.org] first [slashdot.org] time [slashdot.org] a criminal has ever used Tor to cover up crimes. So unless you actually think Silk Road was created by the government, pretty sure OP is right, and this is a problem that they brought upon themselves by removing people's privacy in the first place.

Re:This was expected... (1)

flyneye (84093) | about a year and a half ago | (#42240755)

Well, the television interview with the creator of Tor, in which he complained bitterly of the harassment he is receiving from homeland security, the FBI and God knows what other 3 letter offices, was pretty much a big clue, Scooby Doo.

Re:This was expected... (1)

dririan (1131339) | about a year and a half ago | (#42241887)

What does that have to do with criminals using Tor? The federal government speaking to the creator of Tor doesn't mean that no crimes are ever committed using it.

Re:This was expected... (1)

flyneye (84093) | about a year and a half ago | (#42242235)

"Security researchers have identified a botnet controlled by its creators over the Tor anonymity network.
Forensic evidence found in the first sentence of the /. story names the creators as the criminals in question.
Media interviews and reports of harassment of the creator prior to this development lend the suspicion that they have an erection for them to begin with in spite of this evolving from a Naval project.
I do recommend that you sharply increase your caffeine intake before operating any powered equipment today.

Re:This was expected... (1)

dririan (1131339) | about a year and a half ago | (#42242317)

Security researchers have identified a botnet controlled by its creators over the Tor anonymity network.

The creators of the botnet control it over the Tor network. They aren't saying that the creators of Tor created the botnet (they didn't mention the creators of Tor at all, just the creators of the botnet), they are only saying that the people that did make the botnet use Tor for C&C. May I suggest investing in additional caffeine today? :)

Re:This was expected... (2)

bruce_the_loon (856617) | about a year and a half ago | (#42242895)

Dude, go back to Grade 2 and actually pay attention in the reading comprehension classes. I know it is difficult to understand how the doing words join up with the naming words, but you'll get it after the first two or three years.

The verb "to control" is being used to bind the noun botnet to the possesive noun its creators. This invokes a fairly fundamental rule of English and clearly states that the creators in question are those of the botnet.

The second subsection of the sentance contains a preposition "over" linking the controlling of the botnet by the creators of the botnet to the proper noun the Tor anonymity network. This invokes another fundamental rule of English and clearly states that the creators of the botnet are controlling the botnet by means of the Tor anonymity network

So we have The Botnet. Who is controlling the botnet? Its creators are controlling it. How is The Botnet being controlled? Over The Tor anonymity network. Are the creators of The Botnet the same as the creators of The Tor anonymity network? No information regarding any such link is given.

Re:This was expected... (1)

flyneye (84093) | about a year and a half ago | (#42244301)

There are an inordinate amount of pronouns and sentences starving for commas, which would FIX poor journalism.
Either way, I still expect my scenario to play out.

Re:This was expected... (0)

Anonymous Coward | about a year and a half ago | (#42244183)

"Security researchers have identified a botnet controlled by its creators over the Tor anonymity network. Forensic evidence found in the first sentence of the /. story names the creators as the criminals in question.

You fail at basic English reading comprehension. Hie thee to an elementary textbook.

Re:This was expected... (-1)

Anonymous Coward | about a year and a half ago | (#42238367)

If you weren't such a nut, you might know that Tor was a US Navy project.

Re:This was expected... (1)

flyneye (84093) | about a year and a half ago | (#42240763)

What are anon cow and why we keep getting post from it?

Re:This was expected... (3, Insightful)

Arancaytar (966377) | about a year and a half ago | (#42239109)

The asshat federal US government sponsored the creation of Tor [wikipedia.org] . Governments who want to crack down on the use of Tor are already doing so openly without resorting to the cloak and dagger tactics you seek to imagine.

But carry on. The disconnected phrasing of your post hints that observable reality does not significantly influence your thinking.

Re:This was expected... (1)

maxwell demon (590494) | about a year and a half ago | (#42239157)

The disconnected phrasing of your post hints that observable reality does not significantly influence your thinking.

Of course not. Everyone knows, after all, that conspiracies are hidden, and thus not observable. The observable reality therefore lies to you in order to hide the conspiracy. ;-)

Re:This was expected... (1)

flyneye (84093) | about a year and a half ago | (#42240723)

Yes and lately they've been detaining him and harassing him, making travel difficult, etc. It's been on T.V., Radio and /.
Realistically, I've observed phrasing of your post hints that some influence has disconnected your thinker.

Re:This was expected... (0)

Anonymous Coward | about a year and a half ago | (#42244901)

A government ploy? Any infosec employee worth its salt has already spotted a botnet that can communicate over Tor. Wake up, motherfucking reality is out there.

Re:This was expected... (1)

flyneye (84093) | about a year and a half ago | (#42240739)

carrion...

Ever heard of "Triangle-Boy"? (0)

Anonymous Coward | about a year and a half ago | (#42244815)

It's a LOT older than TOR, & had CIA involvement:

http://en.wikipedia.org/wiki/TriangleBoy [wikipedia.org]

* So, thus - What's going on with TOR? Nothing new really... same old, SAME OLD!

APK

P.S.=> Yes, people... the more things change, the MORE THEY STAY THE SAME!

(For tools that "go both ways" to the GOOD, & to the BAD (purely relative terms of course, depends on who's doing the judging) always get misused for nefarious reprehensible purposes)...

... apk

I'm surprised (-1)

Anonymous Coward | about a year and a half ago | (#42237829)

I'm surprised this comment page actually fucking loads... Complete with side menu, the idiotic abbreviation slider, and the top half of the header. Bravo, slashdot!

Re:I'm surprised (-1)

Anonymous Coward | about a year and a half ago | (#42237883)

Looks like a jinxed it! What a bunch of faggot programmers you have behind this site.

Governments will love this (2, Insightful)

Anonymous Coward | about a year and a half ago | (#42237833)

A perfect opportunity to continue their campaign on the evils of anonymity and tools that enable it.

Re:Governments will love this (1)

Anonymous Coward | about a year and a half ago | (#42240069)

A perfect opportunity to continue their campaign on the evils of anonymity and tools that enable it.

TOR is the creation of a US Navy project. And you got +2 Insightful for posting that drivel? Get your heads out of your asses, mods.

Re:Governments will love this (1)

Sabathius (566108) | about a year and a half ago | (#42245361)

I think it was supposed to modded "Funny".

Blah (0)

Anonymous Coward | about a year and a half ago | (#42237863)

Been done. So what? Plenty of botnets don't and the people controlling them haven't been --and will not be-- apprehended.

I'm getting so tired of "security researchers" using every little tidbit they can find to PUBLISH MORE PRESS RELEASES. Gah.

Re:Blah (0)

Anonymous Coward | about a year and a half ago | (#42238013)

Agreed, but such things make them relevant. It's called keeping their job security. It's like an old-school ASM programmer back in the 80s using every little tidbit they can to make a program so hard to maintain that when they retire you ought to just rewrite the program from scratch (since both hardware and software upgrades are inevitable). For an example, see the story of Mel [utah.edu] .

FUD (5, Insightful)

cultiv8 (1660093) | about a year and a half ago | (#42237875)

Why is this such a surprise? If anyone wants to hide a server/service behind the cloak of anonymity, then yes, a tor hidden service is the way to do it. People do it for good reasons (eg. journalists under threat of death for publishing accounts of gov't actions) and nefarious reasons (silk road comes to mind). Hell, even Yelp blocks access from tor nodes [google.com] b/c (they say) a large majority of bot traffic comes from the tor network. Is this really the first time a botnet has used tor, or is this the first time a botnet has been caught?

Next thing you know, they'll say the bad guys and terrorists use VPN to access the internet.

Re:FUD (2)

Metahominid (1368691) | about a year and a half ago | (#42237921)

I think it was only brought up because of Tor's recent mentions in news...meh

They probably will say they use VPN, how horrid!

Re:FUD (1)

Onymous Coward (97719) | about a year and a half ago | (#42238251)

Watch your terms there.

nefarious: extremely wicked or villainous; iniquitous

silk road: illegal marketplace

What is illegal isn't necessarily nefarious. Leaping down to lift a child out off of a subway track knowing that you'll get killed is actually illegal because it's suicide.

Legality is not morality.

Otherwise, good post. Please carry on.

Re:FUD (1)

maxwell demon (590494) | about a year and a half ago | (#42239185)

Suicide is illegal? Do they then put the corpse in prison, or what?

Re:FUD (0)

Anonymous Coward | about a year and a half ago | (#42240131)

Obviously not, but if you are going to try it, make sure you get it right: attempted suicide is enough to put you in prison (the same way attempted murder would be).

Yes, suicide is illegal.

(YMMV.)

Re:FUD (1)

hawkinspeter (831501) | about a year and a half ago | (#42240251)

Worse - they either go for solitary confinement underground or burn them!

Have your cake (0)

Anonymous Coward | about a year and a half ago | (#42238347)

and eat it too. You accept that a non-censored internet necessarily means illegal usage of it, but you don't want to read about any of the illegal use. Contortionist, you are.

Re:FUD (1)

realilskater (76030) | about a year and a half ago | (#42240173)

Even less of a surprise if you have seen this [youtube.com] from 2010.

Well, there is still a way to shut down the CC net (2)

mysidia (191772) | about a year and a half ago | (#42237879)

DoS attack against the ToR hidden service; from inside the ToR network.

Re:Well, there is still a way to shut down the CC (1)

Meneth (872868) | about a year and a half ago | (#42238397)

DoS attack against the ToR hidden service; from inside the ToR network.

Cute idea, but it won't work. TOR hides things really well, and even if you managed to find one server, the admins could easily start another instance of its software on another machine.

Re:Well, there is still a way to shut down the CC (1)

Agent ME (1411269) | about a year and a half ago | (#42238661)

and even if you managed to find one server,

That's why he said from inside the TOR network.

Re:Well, there is still a way to shut down the CC (2)

Arancaytar (966377) | about a year and a half ago | (#42239171)

Tor's bandwidth and latency are sufficiently abysmal that it acts as a throttle. Overwhelming a number of servers via the Tor network would probably be not much easier than overwhelming the entire Tor network.

Re:Well, there is still a way to shut down the CC (1)

mysidia (191772) | about a year and a half ago | (#42239457)

Tor's bandwidth and latency are sufficiently abysmal that it acts as a throttle.

What happens when you have 10,000,000 government operated Tor nodes designed for the sole purpose of DoS'ing one hidden service?

The limited bandwidth and latency of ToR services should help, not hurt a DoS attack against the service itself....

Re:Well, there is still a way to shut down the CC (1)

bytestorm (1296659) | about a year and a half ago | (#42242015)

If you have that many tor routers, chances are you have access to enough information to perform packet timing based searches for the machine hosting the hidden service, which, in my opinion is a much less destructive and less wasteful use of one's resources. I also suspect you would only need a much more reasonable number (maybe 10k-100k) of servers.

Re:Well, there is still a way to shut down the CC (0)

Anonymous Coward | about a year and a half ago | (#42239083)

If you wanted to dos the tor network, all you would need to do is set up a p2p connection within tor and let it run. Pretty common knowledge.

wretched hive of scum and villainy (1)

Bananatree3 (872975) | about a year and a half ago | (#42237887)

There's a lot of good that Tor provides for keeping channels of free speech open in oppressive countries. But this seems to be setting a trend of mis-use... and how long will it be before Tor's primary traffic is Cracker?

Microsoft Botnets .. (-1)

Anonymous Coward | about a year and a half ago | (#42237891)

Botnets wouldn't be possible if it wasn't for Microsoft Windows ...

Re:Microsoft Botnets .. (-1)

Anonymous Coward | about a year and a half ago | (#42237987)

Because linux is such shit to develop on with no useful APIs, that botnet writers haven't bothered to learn.

Re:Microsoft Botnets .. (-1)

Anonymous Coward | about a year and a half ago | (#42238113)

I see the faggotty-ass editors have gone through and selectively modded this thread to cover the truth.

This botnet wouldn't be possible w/out Linux (0)

Anonymous Coward | about a year and a half ago | (#42245283)

DUQU ROOTKIT/BOTNET BEING SERVED FROM LINUX SERVERS:

http://it.slashdot.org/story/11/11/30/1610228/duqu-attackers-managed-to-wipe-cc-servers [slashdot.org]

APK

P.S.=> Very foolish statement from you, but you were trolling of course (not that THAT "makes it ok") - after all:

ANDROID shows you Linux folks a "portent of things to come" IF/WHEN you ever have your "year of Linux on the desktop" - because ANDROID's getting attacked left & right the past 1/2 decade or so now!

It's in the news, almost everyday in fact!

(So, IF you penguins EVER have the MAJORITY of marketshare/usershare? I don't think you're going to be as prepared for it as you seem to think @ least - the most used = the most attacked)...

... apk

Yeah, and? (4, Interesting)

girlintraining (1395911) | about a year and a half ago | (#42237907)

This is just the bot net people being lazy and taking the easy approach. It's already been shown you can design decentralized networks that require no "bootstrap" information like DNS in order to find other nodes and communicate. But it is beyond the abilities of these low-level social miscreants to create, so they're piggybacking on a network that they think can hide their malicious activity. Tor only anonymizes the source of the data; Anything between the exit node and destination is sent in the clear and likely they've made some mistake that'll allow it to be blockable.

Of course, this is exactly what the oppressive governments of the world (and those who oppress by claiming they're "liberating" others), have been looking for to shut down the Tor network. You can expect more attempts at legislating it away to come soon. Fundamentally though it doesn't solve the problem, which is that the criminal underworld has figured out how to do what industrialists figured out 50 years ago: If you take just a little from a lot of people, you can get very rich, and those people won't fight back because the cost of retaliation is higher than the loss. As a result, people everywhere are being nickel and dimed to death.

Botnets are simply the illegal mirror counterpart to the legal crime of draining pensions and unethical banking to turn a profit: Harm many only a little, and you too can be rich.

Re:Yeah, and? (2)

brit74 (831798) | about a year and a half ago | (#42237979)

Of course, this is exactly what the oppressive governments of the world (and those who oppress by claiming they're "liberating" others), have been looking for to shut down the Tor network.

If, by "oppressive governments", you mean places like Saudi Arabia, Iran, or China, I don't think they're looking for excuses to shutdown Tor. They've always seen it as the enemy, and just make it illegal by fiat. They have zero need for excuses to shutdown Tor.

Re:Yeah, and? (5, Insightful)

girlintraining (1395911) | about a year and a half ago | (#42238129)

If, by "oppressive governments", you mean places like Saudi Arabia, Iran, or China, I don't think they're looking for excuses to shutdown Tor. They've always seen it as the enemy, and just make it illegal by fiat. They have zero need for excuses to shutdown Tor.

I was also including a certain world superpower with a penchant taking away the rights of their citizens because the terrorists want to take away their rights. This superpower's main diplomat in the middle east is a predator drone that rains hellstone and fire randomly on people who are terrorists only slightly more often than they're innocent civilians. This superpower also has a global and far-reaching spy network to track almost all wireless communications in realtime, worldwide, and has stated it's slowly building in an "internet kill switch" that could disable the entire internet, worldwide, mostly for shits and giggles.

But yeah, Iran, China, etc., they're kinda bad too...

Re:Yeah, and? (1)

murdocj (543661) | about a year and a half ago | (#42238203)

I think you missed a couple of anti-American slams, try again.

Re:Yeah, and? (1)

Johann Lau (1040920) | about a year and a half ago | (#42239485)

So you're asking for more while not even able to address what you've already been served with? Nuh-uh.

It may come as a shock to you, but 'I don't like what you said, yet have no refutation other than pouting and implying "anti-american-ness"' is not a valid fucking argument.

Re:Yeah, and? (0)

Anonymous Coward | about a year and a half ago | (#42240077)

I was also including a certain world superpower

The one who developed TOR in the first place? Ya I figured you would, it wouldn't be a proper antidisestablishmentarism rant without them.

Re:Yeah, and? (3, Insightful)

BlueStrat (756137) | about a year and a half ago | (#42240619)

I was also including a certain world superpower

The one who developed TOR in the first place? Ya I figured you would, it wouldn't be a proper antidisestablishmentarism rant without them.

So the US Navy helped create TOR.

So what? DARPA helped develop the internet too, but that hasn't seemed to make a difference to many in the US government who have been working hard at crippling the free and open nature of the internet and the ability to communicate anonymously, and for many of the same reasons they would want TOR effectively de-fanged.

Those who who would make government and themselves our overlords will always take action to neutralize anything that can be used to oppose them, no mater how, what, where, why, or by whom it was developed...even if it was themselves. Just look at the history and development of modern firearms in the US from just prior to WW1 until now, and the ever-growing encroachments, conditions, and restrictions that have been placed upon the Second Amendment.

First you disarm them, then you take away the ability to communicate and organize anonymously.

And for all the people I see and hear cheering on the expansions of government, and then hear them bitch and moan whenever the government gets all jack-booty, it makes me think that maybe the colonists should have just paid the damned tea taxes and the stamp taxes, swore fealty to King George, and kept their damned mouths shut.

We've proven we don't give a shit about and don't deserve what they suffered and died and risked themselves and their families to give us.

Strat

Re:Yeah, and? (1)

tehcyder (746570) | about a year and a half ago | (#42241845)

antidisestablishmentarism

You keep using that word. I do not think it means what you think it means.

It refers to an opponent of those wishing to disestablish the Church of England (in other words to stop Anglicanism being the official State religion of the UK). So in other words, it refers to a conservative who wants to retain the status quo.

Re:Yeah, and? (1)

fredprado (2569351) | about a year and a half ago | (#42238155)

On the other hand, other increasingly oppressive governments like US, UK, and European countries at large are well served by these excuses.

Re:Yeah, and? (1)

c0lo (1497653) | about a year and a half ago | (#42238217)

It's already been shown you can design decentralized networks that require no "bootstrap" information like DNS in order to find other nodes and communicate.

[Citation needed].
No, I'm not being sarcastic and don't intend to cast a malicious doubt over the statement:
I'm just signaling my (potential) gratitude for some relevant links (would they be made available).
Thanks in advance.

Re:Yeah, and? (1)

paxcoder (1222556) | about a year and a half ago | (#42238477)

I was just going to ask for his source.

Re:Yeah, and? (0)

Anonymous Coward | about a year and a half ago | (#42238515)

I was just going to ask for his source.

Is he [slashdot.org] a travestite?

Re:Yeah, and? (3, Informative)

PhrostyMcByte (589271) | about a year and a half ago | (#42238333)

Tor only anonymizes the source of the data; Anything between the exit node and destination is sent in the clear and likely they've made some mistake that'll allow it to be blockable.

One feature of Tor is "hidden services", where the traffic is encrypted end-to-end and even the service itself is anonymous, identified only through a .onion address. I'd guess this is what they're using.

Some Tor nodes filter certain exits -- ie. to not allow porn through their node. if this works for hidden services I imagine this botnet could be blacklisted fairly easily if enough of the node operators got in on the act.

Re:Yeah, and? (1)

Agent ME (1411269) | about a year and a half ago | (#42238673)

Nodes can't filter access of .onion addresses because none of the Tor nodes (besides the one hosting the hidden service if you're counting it) know who the connection is for or from.

Re:Yeah, and? (0)

Anonymous Coward | about a year and a half ago | (#42240463)

Nodes can't filter access of .onion addresses because none of the Tor nodes (besides the one hosting the hidden service if you're counting it) know who the connection is for or from.

Exit nodes do know. Each of them can decide to filter access to computers outside of Tor network, even though they can't know who inside Tor network requested it.

Re:Yeah, and? (0)

Anonymous Coward | about a year and a half ago | (#42240695)

You are an idiot.

Re:Yeah, and? (0)

Anonymous Coward | about a year and a half ago | (#42241465)

So basically every bot just needs to join the Tor network and become a regular node instead of relying on an exit node. And then they are blocked...how?

Re:Yeah, and? (1)

gparent (1242548) | about a year and a half ago | (#42244955)

You don't understand what you're arguing about. Read the article again. These hidden services never need to communicate with the outside world. Everything goes on within Tor.

Re:Yeah, and? (1)

Clarious (1177725) | about a year and a half ago | (#42242305)

Although I haven't read tor document in depth, I think blocking certain tor hidden services is doable. A tor node with hidden service will 'advertise' it services on randomly chosen nodes (introductions point), those who want to connect to the hidden service choose one random node (rendezvous point), ask those introductions point to relay the message to the hidden service node, which will initiate the connection by connecting to the chosen rendezvous point (extra step of redirection, I know). So if a node owner want to block a hidden services, he only need to blacklist that .onion domain, forbidding it from being advertised on his node.

Re:Yeah, and? (1)

Ian Alexander (997430) | about a year and a half ago | (#42238987)

"Anything between the exit node and destination is sent in the clear and likely they've made some mistake that'll allow it to be blockable."

If you'll Read The Fine Article, you'll notice that this particular botnet is using Tor hidden services to obscure the location of the command server; they're not routing botnet traffic through Tor to a command server on the clearnet; that would be silly, as you just pointed out.

Re:Yeah, and? (2)

Stupendoussteve (891822) | about a year and a half ago | (#42239075)

Tor hidden services do not use exit nodes. There should be no traffic outside of the tor network.

Re:Yeah, and? (0)

Anonymous Coward | about a year and a half ago | (#42240117)

Tor hidden services do not use exit nodes. There should be no traffic outside of the tor network.

When you want to use a Tor hidden service, you first establish a Tor circuit, which is encrypted. This is usually done by means of a local software proxy, so the only "non-Tor" communication exists between the user application and the proxy application, although it is perfectly possible to further relay said data over a network.

So basically you're not exactly correct, and neither is the parent.

Re:Yeah, and? (0)

Anonymous Coward | about a year and a half ago | (#42240103)

"low-level social miscreants"? What a bourgeois attitude from a gender bending iconoclast such as yourself.

Re:Yeah, and? (1)

Kjella (173770) | about a year and a half ago | (#42242225)

Tor only anonymizes the source of the data; Anything between the exit node and destination is sent in the clear and likely they've made some mistake that'll allow it to be blockable.

They control both ends of the communication, they could easily use for example HTTPS as their transport protocol. If they didn't that's rather naive and will probably be fixed in the next release.

can it launch missiles? (0)

Joe_Dragon (2206452) | about a year and a half ago | (#42237909)

can it launch missiles?

and if it does you better hope the guys don't trun there keys

BIRDS OF A FEATHER FLOCK TOGETHER !! (-1)

Anonymous Coward | about a year and a half ago | (#42237943)

What did you expect ?? Even the Vatican endoreses Tor for its priests !! Get over it !! At least we know where they are !!

We need to push encryption to the masses. (5, Insightful)

Requiem18th (742389) | about a year and a half ago | (#42237955)

Citizen encryption has so tremendous potential that we can't allow goverments and criminals to be the only ones using it. We really need to start pushing encryption into the masses.

Re:We need to push encryption to the masses. (2)

c0lo (1497653) | about a year and a half ago | (#42238231)

We really need to start pushing encryption into the masses.

Push? How? Like... a global vaccination program?

Re:We need to push encryption to the masses. (1)

neiras (723124) | about a year and a half ago | (#42238773)

Push? How? Like... a global vaccination program?

Careful, we might get the anti-crypters all hot and bothered.

"But there's PROOF that encryption makes people cheat on their partners! And I have nothing to hide, anyway!"

Re:We need to push encryption to the masses. (0)

Anonymous Coward | about a year and a half ago | (#42243615)

Anally seems to have worked best so far. I see no reason to change. I hear some people even like it.

Re:We need to push encryption to the masses. (1)

Intrepid imaginaut (1970940) | about a year and a half ago | (#42239113)

Then MISS, Make It Simple. Email clients and browsers with encryption facilities preloaded.

Re:We need to push encryption to the masses. (0)

Anonymous Coward | about a year and a half ago | (#42241173)

This should have been implemented from the beginning. Why wasn't it?

Re:We need to push encryption to the masses. (0)

Anonymous Coward | about a year and a half ago | (#42242103)

Because it's way easier to write and perhaps more importantly, debug a non-encrypted protocol.

New law in 5...4...3...2...1 (4, Insightful)

Kwyj1b0 (2757125) | about a year and a half ago | (#42238093)

From the little I've read, it seems that they use a distributed host of volunteer servers to run the TOR network, so it might not be that easy to 'shut-down' the entire network (lack of centralized host) - If I'm wrong, I'd love to know why.

My concern is that they will make TOR access illegal. Clearly, we can't count on Google/Microsoft/Amazon/Apple/Facebook/Big-Biz to raise a finger - they prey off identifying and targeting customers. Privacy and anonymity must hurt their bottom line. So unlike SOPA/PIPA, I doubt that any major group will oppose a new law against this. And most people won't care - hell, if Wikipedia didn't have a blackout, I doubt SOPA would have got any news time on a 'major' news network at all.

Is there a way to detect TOR access uniquely? Or does the encryption make it look like any VPN/secure connection? I recollect reading about a method that could identify IP address accessing TOR (don't remember the details), I'm not sure if that hole was plugged (or if it can be plugged).

Re:New law in 5...4...3...2...1 (1)

Anonymous Coward | about a year and a half ago | (#42240191)

From the little I've read, it seems that they use a distributed host of volunteer servers to run the TOR network, so it might not be that easy to 'shut-down' the entire network (lack of centralized host) - If I'm wrong, I'd love to know why.

"They"? The Tor network is run by all its users... it's not like it requires some sort of specialized servers. Every (or most of) Tor node can act as both Tor client and Tor server.

My concern is that they will make TOR access illegal.

"They"? Who? Also, based on what would they make Tor illegal? If they can't make PGP illegal, there's also no basis to declare Tor illegal, as it works over the same principles.

Besides, you do know that Tor was invented by the US military, right? I mean... the US government runs Tor nodes. Why the fuck would they make that illegal? Should we ban knifes nationwide because some people use it to do illegal stuff/harm others?

Is there a way to detect TOR access uniquely?

Probably, but there also ways of obfuscating it as SSL traffic or whatever. Not even China has been able to keep their citizens off Tor (and, trust me, they HAVE been actively trying to), so I don't really see how other (less experienced with Internet censorship) countries would easily do that.

I recollect reading about a method that could identify IP address accessing TOR (don't remember the details), I'm not sure if that hole was plugged (or if it can be plugged).

Start here: https://www.torproject.org/projects/obfsproxy-instructions.html.en [torproject.org]

TL;DR: Why exactly would anyone make Tor illegal in itself? Based on what legal basis? I don't know how it works in your country, but, where I live, things need to have a specific reason for being illegal. YMMV.

So? (1)

detritus. (46421) | about a year and a half ago | (#42238157)

There have been bot nets that have used Bittorrent DHT too, so should we shut that down as well?

A botnet that strengthens tor? (0)

Anonymous Coward | about a year and a half ago | (#42238239)

"One feature of the Skynet botnet is that each infected machine becomes a Tor relay, which ironically makes the network larger and able to sustain the load, he said."

Benefit.

Re:A botnet that strengthens tor? (1)

TheLink (130905) | about a year and a half ago | (#42238811)

Yeah, I thought it would be self-limiting since they'd take down Tor with the extra load, but if each bot becomes a Tor relay/end-point that is less likely to happen.

Many sites bock certain sort of access from Tor relays, so a few users might notice their infection because of that. However the sort who don't notice their machine doing bitcoin mining are unlikely to fall in that category. Google's search blocks some Tor IPs but I think that's if there's "bot like" usage of it, so if the number of Tor relays goes up more than the "bot like" usage of Google, the blocking might go down.

Re:A botnet that strengthens tor? (1)

FutureDomain (1073116) | about a year and a half ago | (#42239097)

Many sites bock certain sort of access from Tor relays, so a few users might notice their infection because of that.

The sites only block Tor exit nodes. Unless the botnets are turning these computers into exit nodes, they won't be blocked.

Skynet should include Metasploit framework. (0)

Anonymous Coward | about a year and a half ago | (#42238259)

Feature Request: Artificial intelligence is still pretty retarded. If we want Skynet to raise the machines, Skynet is going to need a little bit of human assistance. The organism needs a sustainable means of proliferation to prevent extinction as vulnerable systems get patched.

Encryption follows the same debate as firearms (2)

sco08y (615665) | about a year and a half ago | (#42238521)

The old tautology, "if you outlaws firearms, only outlaws will have firearms" applies to Tor. (In fact, I'd go as far as to argue that many cryptographic mechanisms are covered by the second amendment, especially if you consider cryptography's military purpose, and that some ciphers have been regulated by the DOD as munitions. They cover the same role in protecting your property, identity and reputation from aggression, and as the "well regulated militia" clause demands, pseudonymous discussions are necessary tools to help people discuss political matters.)

The simple truth is you can shut down all the law-abiding people with Tor nodes, and the botnet creators will just run Tor nodes on their network. It would be absolutely trivial for botnet owners to get together and set up huge Tor networks and put access up for pay on the black market.

Re:Encryption follows the same debate as firearms (1)

Areyoukiddingme (1289470) | about a year and a half ago | (#42238733)

What an incredibly good idea. Here's hoping one of them does. An enormous illegal expansion of the number of TOR exit nodes would be fascinating. And possibly fantastic. Even if it is stolen resources. It would probably last a very long time, too, given that typical botnet infestations can go for years without being removed.

Re:Encryption follows the same debate as firearms (1)

sco08y (615665) | about a year and a half ago | (#42239403)

What an incredibly good idea. Here's hoping one of them does. An enormous illegal expansion of the number of TOR exit nodes would be fascinating. And possibly fantastic. Even if it is stolen resources. It would probably last a very long time, too, given that typical botnet infestations can go for years without being removed.

I would imagine they'd use a protocol that allowed them to charge for transmission. If that's not feasible, it's probably why we haven't seen it yet.

XKCD was way ahead of you. (0)

Anonymous Coward | about a year and a half ago | (#42239261)

http://xkcd.com/504/

Re:XKCD was way ahead of you. (1)

sco08y (615665) | about a year and a half ago | (#42239459)

Due credit that XKCD touched on the topic, but I actually have a cogent explanation of why it makes sense. And I'd go on about how you should think for yourself, but I had the satisfaction of modding someone else redundant when they posted a link and a blurb.

Re:XKCD was way ahead of you. (0)

Anonymous Coward | about a year and a half ago | (#42240179)

Aren't you a smart boy?
Here, have a gold star.

Enjoy free shipping and fast delivery from abercro (-1, Offtopic)

tengying001 (2791447) | about a year and a half ago | (#42238591)

A & F in the shop to use its own brand of perfume Fierce, taste authentic senior U.S. counter products comes out. It is listed as high-end perfume price with international big names are not comparable. This unique fragrance will not only sprayed every piece of Abercrombie and Fitch clothes Sale Up to 80% Off [uk-abercrombiesale.com] fashion, can not afford to go 3-5 times rinse. The same time, the store also filled with this scent, walking in the department store, it is far to be able to smell this perfume. A & F's unique marketing approach is not only the use of expensive perfume to bring out a sense of luxury, while improving product identification. All in all, many of the senior polymerization, luxury image, Abercrombie and Fitch clothes Sale Up to 80% Off [uk-abercrombiesale.com] brand image given in the high-end. Consumer behavior classical conditioning emission also stimulate consumer impression it would have been a recurring image. Therefore, whether it is a retail store decor, the clerk of the contrast of the image or perfume, repeated information to consumers: luxury. You want to do the brand's high-end and pricing control than the same grade brand lower Abercrombie and Fitch clothes Sale Up to 80% Off [uk-abercrombiesale.com] price segment is an easy to achieve things. The success of the brand is the aggregation of resources, information, personnel, capital and other factors of development. A & F Material on the special situation in the high-grade cotton, rather than to pursue the trend involves a lot of material. The choice is not only conducive to the generation of scale, Abercrombie and Fitch clothes Sale Up to 80% Off [uk-abercrombiesale.com] but also to guarantee the quality of the products, while reducing the cost of raw materials for other expensive materials. Closer to the target market, hiring college students design team, which not only reduces design costs, as well as products designed to target customers most need.

Re:Enjoy free shipping and fast delivery from aber (1)

FutureDomain (1073116) | about a year and a half ago | (#42239105)

Get b&, creep.

reply (-1)

Anonymous Coward | about a year and a half ago | (#42238809)

Shanghai Shunky Machinery Co.,ltd is a famous manufacturer of crushing and screening equipments in China. We provide our customers complete crushing plant, including cone crusher, jaw crusher, impact crusher, VSI sand making machine, mobile crusher and vibrating screen. What we provide is not just the high value-added products, but also the first class service team and problems solution suggestions. Our crushers are widely used in the fundamental construction projects. The complete crushing plants are exported to Russia, Mongolia, middle Asia, Africa and other regions around the world.
http://www.sandmaker.biz
http://www.shunkycrusher.com
http://www.jaw-breaker.org
http://www.jawcrusher.hk
http://www.c-crusher.net
http://www.sandmakingplant.net
http://www.vibrating-screen.biz
http://www.mcrushingstation.com
http://www.cnstonecrusher.com
http://www.cnimpactcrusher.com
http://www.Vibrating-screen.cn
http://www.stoneproductionline.com
http://www.hydraulicconecrusher.net

When Tor is outlawed.. (0)

Anonymous Coward | about a year and a half ago | (#42239243)

...only outlaws will use Tor.

Seriously, how long many days after a pretense like this will it take for governments to seize on this as a reason for government monitoring of the internet even in "free" countries in the name of "crime fighting"?

Heck, if the US wasn't a.) hung up on this fiscal cliff thing and b.) about to swear in a new congress in January, I'd have expected hearings this week...

Bitcoins (1)

michael021689 (791941) | about a year and a half ago | (#42239257)

Bitcoins are a virtual currency? Oh, please do tell! Thank you for letting slashdot know..this is the first we've heard of it!

Re:Bitcoins (1)

Razgorov Prikazka (1699498) | about a year and a half ago | (#42242191)

Well, yknow...
A /. article is not a /. article if its not mentioning bitcoins.
A 'green' article is not a 'green' article without mentioning CO2.
It is the law! :-D

What about the others not mentioned (0)

Anonymous Coward | about a year and a half ago | (#42239613)

Tor Network Used To Command Skynet Botnet

or

TCP/IP Used To Command Skynet Botnet

or

Phone Copper Used To Command Skynet Botnet

or

Computer Used To Command Skynet Botnet

Tor is suitable for this, because... (1)

mapkinase (958129) | about a year and a half ago | (#42241515)

Tor is suitable for this, because it is very slow. Human operators have limited patience to get through extreme slowness of access to their Jihad blogs and favorite torrent directories, but bots have unlimited patience.

You have to pay to play, nothing is free (0)

Anonymous Coward | about a year and a half ago | (#42246033)

As a professional that has seen first hand the incompetence of corporate America I say let them have it with both barrels! LOL These guys have way too many clowns and politicians that have no clue. They find ways to not hire the smart people and get rid of the techies in favor of ass kissers. So I have no sympathy for the ones that have rootkits and intruders actively on the internal network. If they would have practiced safe computer science standards and allowed the IT department to work as a technology team you would not have the issues you have today.

You think the PHB from Dilbert is a joke, no way! I have seen it and all the minorities that are in there to satisfy a quota.... You have to be kidding me. I am glad this is not war and I have to worry about getting killed by the idiots in the department.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...