Menu
Tor Project says it can quickly catch spying code

Tor Project says it can quickly catch spying code

The organization has worked for three years to improve its ability to catch fraudulent software

The Tor Project is fortifying its software so that it can quickly detect if its network is tampered with for surveillance purposes, a top developer for the volunteer project wrote on Monday.

There are worries that Tor could either be technically subverted or subject to court orders, which could force the project to turn over critical information that would undermine its security, similar to the standoff between Apple and the U.S. Department of Justice.

Tor developers are now designing the system in such a way that many people can verify if code has been changed and "eliminate single points of failure," wrote Mike Perry, lead developer of the Tor Browser, on Monday.

Over the last few years, Tor has concentrated on enabling users to take its source code and create their "deterministic builds" of Tor that can be verified using the organization's public cryptographic keys and other public copies of the application.

"Even if a government or a criminal obtains our cryptographic keys, our distributed network and its users would be able to detect this fact and report it to us as a security issue," Perry wrote. "From an engineering perspective, our code review and open source development processes make it likely that such a backdoor would be quickly discovered."

Two cryptographic keys would be required for a tampered version of the Tor Browser to be distributed without at least initially tripping security checks: the SSL/TLS key that secures the connection between a user and Tor Project servers plus the key used to sign a software update.

"Right now, two keys are required, and those keys are not accessible by the same people," Perry wrote in a Q&A near the end of the post. "They are also secured in different ways."

Even if an attacker obtained the keys, in theory people would be able to check the software's hash and figure out if it may have been tampered with.

Apple is fighting a federal court's order to create a special version of iOS 9 that would remove security protections on an iPhone 5c used by Syed Rizwan Farook, one of the San Bernardino mass shooters.

A ruling against Apple is widely feared by technology companies, as it could give the government wider leverage to order companies to undermine encryption systems in their products.

On Monday, the Justice Department indicated it is investigating an alternative method to crack Farook's iPhone, which if successful would not require Apple's assistance.

Perry wrote that the Tor Project stands "with Apple to defend strong encryption and to oppose government pressure to weaken it. We will never backdoor our software."

Tor, short for The Onion Router, is a network that provides more anonymous browsing across the Internet using a customized Firefox Web browser. The project was started by the U.S. Naval Research Laboratory but is now maintained by the nonprofit Tor Project.

Web browsing traffic is encrypted and routed through random proxy servers, making it harder to figure out the true IP address of a computer. Tor is a critical tool for activists and dissidents, as it provides a stronger layer of privacy and anonymity.

But some functions of Tor have also been embraced by cybercriminals, which has prompted interest from law enforcement. Thousands of websites run as Tor "hidden" services, which have a special ".onion" URL and are only accessible using the customized browser.

The Silk Road, the underground market shut down by the FBI in October 2013, is one of the most famous sites to use the hidden services feature.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Torinternetdark webhacking

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments