back to article Tor at heart of embassy passwords leak

Tor advertises itself as a means for people and groups to improve their privacy. And when used properly, the distributed, anonymous network does just that. But a Swedish security consultant has used the very same system to gain access to login credentials for a thousand or so individual email addresses, including those of at …


This topic is closed for new posts.
  1. Steven Hewittt

    Nothing to do with TOR

    This is case of not using decent encryption, TOR just allows for the traffic that client sends to be routed around an virtual network - the exit node just sniffed the traffic and either ran a cracker on the password or the password was plain text.

    Either way it's the fault of the network admins for allowing non-encrypted passwords (that are well encrypted)


  2. Shava Nerad

    Encryption is key to online safety

    It is important, I think, to understand that you should never give a username and password to a web site that has an "http" address, only to "https" addresses. A connection through Tor can be encrypted end-to-end -- but only if one is communicating with a secure protocol -- https: or encrypted chat both would be examples of this.

    We are very careful, usually, to only put a credit card into a web page that has a "lock" symbol in the corner of the browser window. Everyone should be equally careful never to give a username and password to a page that is not "locked" -- not secure.

    You should at the least use different passwords for insecure accounts, like those at, which require you to give a username/password on an unencrypted link. But even this can open you up to people posting things you wouldn't wish to have said in your name.

    It is only through understanding our security online -- through understanding tools such as Tor, and what https: means, and what a phishing attack is, and so on, that we can manage our risks online.

    The last node through which traffic passes in the Tor network does not in fact need to pass data to the destination unencrypted -- if the origin and destination are using a protocol that supports encryption.

    You wouldn't say that the people who make your backup software are at fault if they don't force you to back up your files regularly. We, like the backup software creator, warn people in our documentation that the protection of Tor is not foolproof without educated and disciplined use. And like backup software, if you don't use it right, it can do nothing to change what has already occurred.

    We have advised, and continue to advise users of the Tor network to use encryption end-to-end whenever it is prudent and/or possible. But those end-to-end encrypted products (https, encrypted versions of email and chat) are available to the users in many forms -- it would not be proper for us to dictate what people should use, but only encourage them to take precautions.

    Shava Nerad

    Development Director, The Tor Project

  3. Anonymous Coward
    Anonymous Coward

    Sweden is the 52nd state?

    Since local US law enforcement (unless it's the CIA, then I'm under the impession that they're all local within US borders) suddenly got given a new mandate under the UN, can I ask why they were closing down servers in Swedish territory? Is this similar to what happened with RIAA et al vs The Pirate Bay? Are we starting to see the spread of the US legal (and illegal) systems into the rest of the world in force? Just because it's not popular in the USA doesn't give them the right to police the rest of us. Use Belgium's example!

  4. amanfromMars Silver badge



    If you push encryption to keep Information Private, it must by very

    default, render the Service attractive to Governments/Societies/Terrorism Drivers and may even have one thinking that it is their Creation to Mine Metadata which is obviously thought to be too Sensitive and/or Harmful to Share Transparently.

    That must surely have one pondering as to the Real Constructive Worth/Value of any such Information .....and collaterally, Tor.

  5. Ash

    FAO: Shava Nerad

    Nicely worded reply, but not really required; Anybody who has any idea of how the Tor network works, even at its most basic, will be able to tell that this isn't a flaw in Tor's implementation any more than it's a car manufacturers fault that people crash cars.

    I think Tor's reputation is safe, at least regarding readers of this site.

  6. IanKRolfe

    @Sweden is the 52nd state

    I think you will find that the intelligence communities communicate between nations, and in the absence of active hostilities between those nations, governments are inclined to co-operate on matters relating to "national security" - especially when a troublemaker is not "in the club", so to speak.

    I would imagine that someone from the US probably had a quiet drink with someone from Sweden and got a promise to sort it out over canapes.

  7. Anonymous Coward
    Anonymous Coward

    It's the embassies' fault - and Tor was pretty pointless anyway

    A real security breach in this story is the embassies' failure to use even basic encryption in communications to their mail servers.

    It must be taken for granted that all internet communications can, and usually will, be monitored by the host country. Especially those to embassies, but also to private organizations such as corporations and social activist organizations such as Greenpeace.

    However, even if the communications are encrypted, there is value is traffic analysis - the 'chatter'. This is why services such as Tor are used. It makes it harder to see who is talking to who.

    This expose shows two different activities at work.

    The first is the use by embassies of the Tor product to obfusticate their communications. This is a reasonable response to the assumed traffic monitoring by the host country.

    The second is the provision of obfusticating services by private operators. This per-se is not a problem. However it is a problem when the 'private' operators are actually the host country or friends thereof. It is also a problem in that anyone can now monitor *some* traffic without the benefit of a court order on a carrier's switch.

    So the major issues are:

    1. Private obfustication services such as Tor are open to hijack by the host country(s) and by private operators. As such they are not necessarily a benefit to their users even if encryption is used.

    2. Even with obfustication in place, not using https or other encryption service is plain criminal neglect on behalf of the managers of these compromised systems - as they should know that the host country can and will monitor every communication that is not encrypted.

    3. A couple of questions for Tor. (1) How many Tor nodes are run by genuine operators and how many by government agencies. (2) How many nodes on average are required to be 'owned' so that meaningful traffic analysis can be performed on source and destination based on packet timings and sizes? At least to identify source and destination of a conversation.


  8. Anonymous Coward
    Anonymous Coward

    Ultimate encryption

    Just have all of your emails written by amanfromMars - no bugger can decrypt that.

  9. Landreth

    Re: Sweden is the 52nd state?

    Well, the site was hosted on servers located in Texas...

  10. Simon Edwards


    It seems to me a bit odd that someone would go to the trouble of using Tor (to avoid traffic analysis, presumably) and then fail to use both encryption and a decent password (or either, for that matter). From what I can remember about the original story, some of the passwords were ridiculously simple.

    I guess my question would be, how sure can we be that Tor was used to capture this data? Just an observation...

  11. Anonymous Coward
    Anonymous Coward

    Peter Addison was here!

    It's just like the idiot burglar who got caught the other week. Tor can prevent anyone knowing where the graffiti came from, but if you use it to sign your own name... well duh!

  12. Mike Bremford Silver badge

    No, Tor is at fault.

    Hang on a minute. Onion routing involves packets that would normally be routed straight to destination (via your ISP and its upstream networks) being sent on to other nodes for retransmission, correct?

    The fact Onion routing was used is the only way this "researcher" (that leaves a bad taste) could get access to those packets in the first place - with regular routing he'd need to have access to the embassy's ISP's network, or their upstream networks, to sniff those packets.

    Yes of course end-to-end encryption would have fixed this, but without it Onion routing actually exacerbates the risk of packet sniffing.

  13. Steven J. Murdoch

    Unencrypted traffic through Tor is bad, but sometimes better than no Tor

    "Onion routing actually exacerbates the risk of packet sniffing"

    Sometimes, but not always. Tor protects against local sniffing, but permits exit nodes to do so. Allowing either is pretty bad, but without using Tor it means that someone snooping the wireless or staff at the local ISP can read their email.

    In the case of an embassy, local sniffing could be particularly bad as they are, by definition, in a foreign country. Someone sitting outside an Internet cafe, reading what goes past could be very interested in foreign intelligence. Sending data through a random exit node is a risk, but in most cases they won't care about the traffic.

    Clearly the solution is end-to-end encryption, and there's not much Tor can do about that. Whether Tor makes things better or worse is a complicated question and depends on the scenario. I discuss this more on my blog:

  14. Francis Boyle Silver badge

    It's not like crashing your car

    More like driving into the city and getting mugged. You trade safety for anonymity. If your not equiped to deal with the risk, stay home.

  15. Anonymous Coward
    Anonymous Coward


    It is not Tor's fault at all, it is the fault of the people who trust an OpenSource programm run by third parties where there is no trust established. Tor is open so every idiot can run a node, but can we trust every idiot running a node as well? I don't think so.

    It is the fault of the people who use such a service for seinsitive information such as logons to embassies via POP3 with plain text passwords. In an embassy i would expect that access to ANY data can only happen via strong encrypted VPNs with 2-factor authentication etc.

    It is the fault of the security departments responsible to protect the networks against unauthorized access. It should start already with a security policy stating clearly that plain text logons are not permitted and that the use of third party proxy services which are not under control of the Security department is not permitted. Then the technology should be implemented to enforce these policies.

    Every hacker and script kiddie can setup a tor node and therefore everyone can sniff the traffic on exit nodes and record the entire conversation. Even with SSL connections the use of Tor is still dangerous. Theoretically one could create a nice man in the middle attack and surely catch out one or the other stupid user who simply accept Certificate warnings without further checking.

    Possible access of third party admins are a reason why i don't use my ISPs mail systems, proxies and so on. On my own servers i know at least who has access and i don't need to worry that due to technical inability of the IPSs Adminteam my data gets compromised. In essence i don't trust anybody but myself.

    Tor is used to hide the tracks and yet Tor can as well be used for exactly the opposite and make data visible to people who shouldn't see it at all.

  16. Anonymous Coward
    Anonymous Coward

    re: Ultimate encryption

    But then how does the intended recipient decode it?

  17. Steven J. Murdoch

    Tor could be useful for embassy staff

    "the use of third party proxy services which are not under control of the Security department is not permitted"

    Actually, this could put staff at more risk than necessary. If I'm in an unfriendly country, logging into an embassy VPN would signal to anyone looking that I'm working for a foreign government. Whereas if I use Tor, it's not clear who I'm working for or what I'm doing. In certain situations, consular staff could find this very important for their safety and that of the people they meet.

    Of course, Tor is not a silver bullet, and they need to be using end-to-end encryption as well. This fact has clearly been missed by their IT staff.

  18. Andy Bright

    Tor by itself is neither safe nor unsafe

    It's true that some people use it along with other tools to protect their privacy, but most people in the west just use it to beat web filtering software like websense.

    Not that it works any more, if you are on top of your network. Any use of TOR screams out loud if you are properly monitoring your network traffic. In the hands of an inexperienced user, it's dead easy to track the IP of the computer using it.

    So what this tells me, is that either no one is protecting these embassies networks, that is they have no admin staff - or the admins don't have the necessary knowledge, training or software to adequately protect those networks.

    Most likely they don't have the software and hardware, no doubt they were told that such things were an unnecessary expense, tying up money that could be better spent on paper clips or bic pens.

    Unfortunately, they'll probably get lumped with the blame tho, network admins make for easy-to-use scapegoats in ready made packages, rather than the arseholes trying to get to porn sites and youtube.

  19. amanfromMars Silver badge

    re: Ultimate encryption

    If IT is in English, engage Google and Brain and think the Big Picture/New World Order Programming. IT doesn't hide anything, but reveals everything, Steganographically.

  20. Jon Tocker

    Re: Ultimate encryption

    Posted Monday 10th September 2007 10:22 GMT:

    "Just have all of your emails written by amanfromMars - no bugger can decrypt that."

    Hmmm, but I want the RECIPIENT to be able to understand it! Or is that "IT"?

  21. Jeff

    Why use Tor?

    So what exactly is the benefit of Tor for honest people? If you use it simply as a proxy, you put your data in the hands of other people and risk exposing sensitive data instead of protecting it. If you run a server that acts as an exit node, you are likely to be relaying illegal activity such as child pornography, illegal software, hate speech, and God knows what else people are trying to hide. And the worst part is it all shows up in the logs at your own ISP, making it look like you accessed it.

  22. Rick

    Re: Sweden is the 52nd state?

    Although I've been away for awhile, the last I checked we only had 50 states. Who was 51 then? Canada? I would have opted for Mexico myself.

  23. Doc


    The 51st state is not Canadia it's Australia 8-)

    Our PM does whatever George Dubya tells him

    Doc in Oz

  24. Shava Nerad

    Dan's blog was hosted in Texas

    Just a clarification, for those who wondered about the reach of US law enforcement. There is a good question of what basis they used, but really, most ISPs here have a clause in your contract that says they can take your site down "on suspicion of wrong-doing." Unconstitutionally vague.

    When I was managing a 6,000 user free-net in Eugene, OR, we got LE coming in the front door every couple months wanting the list of emails on a conservation (read: eco-terrorist these days...) group's listserv or some such. And they'd say, "Wait a sec, gotta get Shava!"

    I'd come up front and ask the officer to see his subpoena, and invariably the response would be a variation of, "Well, but no one *else* asks to see a subpoena."

    For the person who thinks no one honest would need anonymity, please consider how many good things can be done that irk people with power in government. My own father worked with MLK and the SCLC in the civil rights movement. His FBI file was voluminous, as we found after the FOIA went through.

    Consider also the human rights workers, journalists, and bloggers all over the world who use Tor because they feel that it ensures their personal safety in what can be hazardous work.

    We'd like to see this technology freely available to honest people, since dishonest people could always rent a botnet.

    Shava Nerad

    Tor Development Director

    2nd Generation Card Carrying Member of the ACLU

  25. amanfromMars Silver badge

    $64,000 Question.

    "Consider also the human rights workers, journalists, and bloggers all over the world who use Tor because they feel that it ensures their personal safety in what can be hazardous work."


    If the work that one does is legal and original and therefore not in [Intellectual Property] violation of any known interests, and should it be designed to, let us say for the sake of argument, eliminate Conflict and Inequity for a Mutually Beneficial New World Order Program, which we can all surely agree, could never be Bad and would always be Good, are you saying that Tor would guarantee their personal safety in such work?

    Unless it does, the belief in its use " because they feel that it ensures their personal safety in what can be hazardous work." would/could seriously endanger them if it didn't.

    Given that you have shared with us ... "For the person who thinks no one honest would need anonymity, please consider how many good things can be done that irk people with power in government. My own father worked with MLK and the SCLC in the civil rights movement. His FBI file was voluminous, as we found after the FOIA went through." ...... the likelihood of such a guarantee is Zero and even the suggestion that anonymity is possible is a very dangerous fiction, which could be very expensive/costly if damage is caused.

  26. EJ

    DEranged Security back online

    I'm even less impressed by this guy after having suffered through reading his comments.

    "There are hundreds of thousands ToR-users but finding these kinds of accounts was… hmm… chocking! … They only people on the list who has been willing to talk to me so far are Iran. A big gold medal to Iran! Very nice talking to you and I appreciate our chat greatly."

    There's plenty more drivel to discover...

  27. Anonymous Coward
    Anonymous Coward

    The real point here

    The real point here is everyone must realize any router which data goes through can be compromised in the same way...These were just routers owned by the TOR network which were explicitly requested by the sender to use... doh!

This topic is closed for new posts.

Other stories you might like