Australian Spies Want To Hack Tor After Realizing It Routes Around Their Surveillance

from the how-daft-can-you-get? dept

One of the key flaws with the data retention schemes being proposed by the UK and elsewhere, supposedly to catch terrorists and serious criminals, is that they won't work. It is trivially easy to avoid surveillance by using encrypted connections, for example those provided by The Onion Router (Tor). This means that the only people who are likely to end up being spied on are innocent members of the public.

According to this article in Crikey, the secret services in Australia have apparently woken up to this fact; but rather than convince their government that data retention is therefore an expensive and intrusive waste of time, they have decided to take the damage to the next level:

In a major admission, the Attorney-General's Department has revealed Australia's intelligence and law enforcement agencies are seeking the legal power to break into internet routing encryption services such as Tor, after admitting the centerpiece of its proposed national security reforms, data retention, will be "trivially easy" to defeat.
This is, of course, an incredibly stupid idea, for reasons that one of Tor's developers, Jacob Appelbaum, explains well in the Crikey piece:
"If they wish to break such [encrypted] services, they ensure that when they use such services, they will also be insecure -- this ensures again that only criminals will have privacy, regular people -- including the police fighting crime -- they will be left out of having strong privacy. This opens business people up to industrial and economic espionage. It also promotes the idea that to make ourselves more secure, we should weaken our networks and add the very backdoors that most attackers work day and night to create," he said.
The plan to create detailed, centralized stores of high-value information about people's Internet and telephone usage already exposes the public to an elevated risk of having personal information accessed and misused. Moving beyond that to break key encrypted Internet services like Tor and virtual private networks (VPNs) would deal another serious blow to online privacy and business confidentiality.

Follow me @glynmoody on Twitter or identi.ca, and on Google+



Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, May 31st, 2013 @ 12:42pm

    The idea is that you should create your own private encryption tunnel and not rely on third parties. As "good" as Tor is (remember the javascript that exposed your IP?), there's no better protection than handling your protection yourself.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Zakida Paul (profile), May 31st, 2013 @ 12:45pm

    The only way to 100% secure a computer is don't turn it on, but if you must, don't connect it to the Internet.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Finish The Thought, May 31st, 2013 @ 12:50pm

    Re: Roll Your Own Tunnel

    Got a specific procedure in mind? Describe it...

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    Sean Murphy (profile), May 31st, 2013 @ 12:51pm

    Sounds like a good plan

    The authorities will spy on Tor, and the criminals and hackers will re-implement it with better security and use newTor.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, May 31st, 2013 @ 1:01pm

    Re: Sounds like a good plan

    How are they going to spy on it, exactly? The only reliable way to break tor's encryption is to be in control of a lot of nodes, and I think someone will notice if the majority of the network suddenly became concentrated in Australia.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, May 31st, 2013 @ 1:09pm

    > don't connect it to the Internet

    BREAKING: .gov.au has discovered criminals are evading surveillance by failing to connect to the internet. Voluntary universal internet connectivity program in the works, fines and gaol coming later.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, May 31st, 2013 @ 1:11pm

    Re: Re: Roll Your Own Tunnel

    Indeed, why bother googling. Just set up encrypted filesystems on 2 rented VPS/cloud, then set up a VPN. Or use a proxychain. Or ... etc. No one has to reinvent the wheel. Tor is not unique either.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, May 31st, 2013 @ 1:12pm

    'the only people who are likely to end up being spied on are innocent members of the public'

    have you not yet realised that this is exactly what is wanted? think about it. law enforcement agencies like the FBI will have even more people to set up as terrorists, more people to put their stupid schemes into play against and then more back slapping and praise to get for breaking another terrorist or criminal ring of people that didn't actually do anything wrong at all but were convinced by the agencies that if they didn't plead guilty to doing nothing, they would be charged, convicted and imprisoned for doing whatever the agencies could dream up as charges! and dont forget, there wont be any danger involved as most of these people will be old age pensioners that couldn't think about doing anything subversive, let alone actually able of doing it. unfortunately, just like the entertainment industries, law enforcement and governments wont listen to anyone that talks sense over anything when it involves them in doing the opposite to what they want to do. they want to spy continuously on everyone and that is what will happen. the fact that it wont help in capturing anyone or preventing any major (even minor) crimes, is beside the point. they want to do it, they will do it and the bullshit of how it stopped this, prevented that and helped capture so and so, will coming out thick and fast. all that will happen in reality is there will be so much information collected, it would take an army to sift through it. by then, anything of value will be so out of date, the disaster, if one was in the offing, would be long happened!!

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, May 31st, 2013 @ 1:17pm

    Re:

    Need that sad but true button still.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    pixelpusher220 (profile), May 31st, 2013 @ 1:29pm

    "law enforcement and governments wont listen to anyone that talks sense"

    The people who won't listen are the "ZOMG it's Bieber" public. They don't want to be bothered to even listen let alone vote (US - I believe Aussies are required to vote).

    If the public is too much sheep and not enough people actively involved, you only get the truly psychotic in office making the rules. Think about politics in the US. Would *you* want to have your life raked over the coals ever 2/4/6 years? Sane people say no. Only people who have purposely lived a life so devoid of anything interesting can be elected - or people who have actively hidden their true selves from anyone else. Neither are what I'd consider good choices for leadership, yet it's all we get now.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, May 31st, 2013 @ 1:35pm

    Re:

    Meanwhile the real dangerous people will slip under the radar. Also if they want a diversion, hire a botnet, and get the zombie machines exchanging child porn and/or terrorist and extremist material.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    Zakida Paul (profile), May 31st, 2013 @ 1:43pm

    Re: Re: Re: Roll Your Own Tunnel

    You do realise that the average computer user would not understand what you just said, never mind how to go about doing it, don't you?

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, May 31st, 2013 @ 2:27pm

    Re: Re: Re: Re: Roll Your Own Tunnel

    You realize there are companies, like Tor, that handle everything for you, don't you?

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    out_of_the_blue, May 31st, 2013 @ 3:12pm

    This "seeking the legal power" means already have the ability.

    TOR was apparently created by the gov't, kids. It's a trap.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, May 31st, 2013 @ 4:10pm

    Re: This "seeking the legal power" means already have the ability.

    Yes, tor originally came from the government. A different government (the US government; this story is about the AU government).

    But that does not matter. Tor's source code is completely public, meaning anyone can check its security. Not only that, but tor is such a high-profile program, that anyone who breaks it will get instant fame among his peers.

    If you look at the way tor works, you can see that the ones operating it do not have the ability to break it. And that is by design.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, May 31st, 2013 @ 5:42pm

    Re: This "seeking the legal power" means already have the ability.

    Do you even try to understand what you're talking about?

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    AC Unknown, May 31st, 2013 @ 7:48pm

    Re: Re: This "seeking the legal power" means already have the ability.

    OOTB never even tries.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    horse with no name, May 31st, 2013 @ 9:57pm

    So it goes

    Perhaps one day you guys will understand: no matter how much technology you throw at blocking the government, they will show up and work hard to defeat you. It may end up being an endless war, but as it gets more and more difficult and costly to get around the government's agenda, the more people will give in.

    Most of the public just doesn't have stuff worth all that effort to hide. It's incredibly difficult for them to justify an escalating war of technology to try to hide what they don't need to hide to start with.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Jun 1st, 2013 @ 12:18am

    Re:

    That assumes you have competence in it. A reasonable assumption in some places but not all. Otherwise you'll end up with something useless or worse, unless you have exceptionally technically skilled grandparents they're probably not up to the task.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Adamant, Jun 1st, 2013 @ 7:14am

    Internet

    Get all governments off the internet. Let them fight it out on the some distant moon of Jupiter or Saturn.. or Pluto.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, Jun 1st, 2013 @ 7:34am

    Re: Re: Re: Re: Re: Roll Your Own Tunnel

    You do realize that is not handling your security yourself right?

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous, Jun 1st, 2013 @ 3:35pm

    Re: This "seeking the legal power" means already have the ability.

    Holy mackinoli, OOTB! You said something I somewhat agree with!

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous, Jun 1st, 2013 @ 3:41pm

    Re:

    Disable Javascript and Active X. They can reveal your real IP even if you are going through a proxy.

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    btrussell (profile), Jun 2nd, 2013 @ 7:12am

    Re: Re: Re: Re: Re: Roll Your Own Tunnel

    "...there's no better protection than handling your protection yourself."

    Circle jerk?

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Pragmatic, Jun 3rd, 2013 @ 6:01am

    Re: Internet

    Adamant, do a search using the terms "Internet DARPA," then get back to us.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Will, Jul 22nd, 2013 @ 12:16am

    Re: Re: Sounds like a good plan

    As opposed to what, being concentrated in the US like they are now? Thank god the United States doesnt spy on its citizens then! lol

     

    reply to this | link to this | view in thread ]

  27.  
    icon
    Zoe (profile), Nov 10th, 2013 @ 5:24pm

    Need HAcker?

    c

     

    reply to this | link to this | view in thread ]

  28.  
    icon
    alipa (profile), Feb 10th, 2014 @ 8:58pm

    Need Hacker

    Do you need a hacker for anything? contact samhart095@gmail.com. Serious clients only, NO BS

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This