Menu
Tor Project says it can quickly catch spying code

Tor Project says it can quickly catch spying code

The organization has worked for three years to improve its ability to catch fraudulent software

The Tor Project is fortifying its software so that it can quickly detect if its network is tampered with for surveillance purposes, a top developer for the volunteer project wrote on Monday.

There are worries that Tor could either be technically subverted or subject to court orders, which could force the project to turn over critical information that would undermine its security, similar to the standoff between Apple and the U.S. Department of Justice.

Tor developers are now designing the system in such a way that many people can verify if code has been changed and "eliminate single points of failure," wrote Mike Perry, lead developer of the Tor Browser, on Monday.

Over the last few years, Tor has concentrated on enabling users to take its source code and create their "deterministic builds" of Tor that can be verified using the organization's public cryptographic keys and other public copies of the application.

"Even if a government or a criminal obtains our cryptographic keys, our distributed network and its users would be able to detect this fact and report it to us as a security issue," Perry wrote. "From an engineering perspective, our code review and open source development processes make it likely that such a backdoor would be quickly discovered."

Two cryptographic keys would be required for a tampered version of the Tor Browser to be distributed without at least initially tripping security checks: the SSL/TLS key that secures the connection between a user and Tor Project servers plus the key used to sign a software update.

"Right now, two keys are required, and those keys are not accessible by the same people," Perry wrote in a Q&A near the end of the post. "They are also secured in different ways."

Even if an attacker obtained the keys, in theory people would be able to check the software's hash and figure out if it may have been tampered with.

Apple is fighting a federal court's order to create a special version of iOS 9 that would remove security protections on an iPhone 5c used by Syed Rizwan Farook, one of the San Bernardino mass shooters.

A ruling against Apple is widely feared by technology companies, as it could give the government wider leverage to order companies to undermine encryption systems in their products.

On Monday, the Justice Department indicated it is investigating an alternative method to crack Farook's iPhone, which if successful would not require Apple's assistance.

Perry wrote that the Tor Project stands "with Apple to defend strong encryption and to oppose government pressure to weaken it. We will never backdoor our software."

Tor, short for The Onion Router, is a network that provides more anonymous browsing across the Internet using a customized Firefox Web browser. The project was started by the U.S. Naval Research Laboratory but is now maintained by the nonprofit Tor Project.

Web browsing traffic is encrypted and routed through random proxy servers, making it harder to figure out the true IP address of a computer. Tor is a critical tool for activists and dissidents, as it provides a stronger layer of privacy and anonymity.

But some functions of Tor have also been embraced by cybercriminals, which has prompted interest from law enforcement. Thousands of websites run as Tor "hidden" services, which have a special ".onion" URL and are only accessible using the customized browser.

The Silk Road, the underground market shut down by the FBI in October 2013, is one of the most famous sites to use the hidden services feature.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Torinternetdark webhacking

Featured

Slideshows

Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Veritas honours top performing trans-Tasman partners

Veritas honours top performing trans-Tasman partners

Veritas honoured its top performing partners across the channel in Australia and New Zealand, recognising innovation and excellence on both sides of the Tasman. Revealed under the Vivid lights in Sydney, Intalock claimed the coveted Partner of the Year 2017 (Pacific) award, with Data#3 acknowledged for 12 months of strong growth across the market. Meanwhile, Datacom took home the New Zealand honours, with Global Storage and Insentra winning service provider and consulting awards respectively. Dicker Data was recognised as the standout distributor of the year, while Hitachi Data Systems claimed the alliance partner award. Photos by Bob Seary.

Veritas honours top performing trans-Tasman partners
Show Comments