Australian Spies Want To Hack Tor After Realizing It Routes Around Their Surveillance

from the how-daft-can-you-get? dept

One of the key flaws with the data retention schemes being proposed by the UK and elsewhere, supposedly to catch terrorists and serious criminals, is that they won't work. It is trivially easy to avoid surveillance by using encrypted connections, for example those provided by The Onion Router (Tor). This means that the only people who are likely to end up being spied on are innocent members of the public.

According to this article in Crikey, the secret services in Australia have apparently woken up to this fact; but rather than convince their government that data retention is therefore an expensive and intrusive waste of time, they have decided to take the damage to the next level:

In a major admission, the Attorney-General's Department has revealed Australia's intelligence and law enforcement agencies are seeking the legal power to break into internet routing encryption services such as Tor, after admitting the centerpiece of its proposed national security reforms, data retention, will be "trivially easy" to defeat.
This is, of course, an incredibly stupid idea, for reasons that one of Tor's developers, Jacob Appelbaum, explains well in the Crikey piece:
"If they wish to break such [encrypted] services, they ensure that when they use such services, they will also be insecure -- this ensures again that only criminals will have privacy, regular people -- including the police fighting crime -- they will be left out of having strong privacy. This opens business people up to industrial and economic espionage. It also promotes the idea that to make ourselves more secure, we should weaken our networks and add the very backdoors that most attackers work day and night to create," he said.
The plan to create detailed, centralized stores of high-value information about people's Internet and telephone usage already exposes the public to an elevated risk of having personal information accessed and misused. Moving beyond that to break key encrypted Internet services like Tor and virtual private networks (VPNs) would deal another serious blow to online privacy and business confidentiality.

Follow me @glynmoody on Twitter or identi.ca, and on Google+


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 31 May 2013 @ 12:42pm

    The idea is that you should create your own private encryption tunnel and not rely on third parties. As "good" as Tor is (remember the javascript that exposed your IP?), there's no better protection than handling your protection yourself.

    reply to this | link to this | view in chronology ]

    • identicon
      Finish The Thought, 31 May 2013 @ 12:50pm

      Re: Roll Your Own Tunnel

      Got a specific procedure in mind? Describe it...

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 31 May 2013 @ 1:11pm

        Re: Re: Roll Your Own Tunnel

        Indeed, why bother googling. Just set up encrypted filesystems on 2 rented VPS/cloud, then set up a VPN. Or use a proxychain. Or ... etc. No one has to reinvent the wheel. Tor is not unique either.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Jun 2013 @ 12:18am

      Re:

      That assumes you have competence in it. A reasonable assumption in some places but not all. Otherwise you'll end up with something useless or worse, unless you have exceptionally technically skilled grandparents they're probably not up to the task.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous, 1 Jun 2013 @ 3:41pm

      Re:

      Disable Javascript and Active X. They can reveal your real IP even if you are going through a proxy.

      reply to this | link to this | view in chronology ]

  • icon
    Zakida Paul (profile), 31 May 2013 @ 12:45pm

    The only way to 100% secure a computer is don't turn it on, but if you must, don't connect it to the Internet.

    reply to this | link to this | view in chronology ]

  • icon
    Sean Murphy (profile), 31 May 2013 @ 12:51pm

    Sounds like a good plan

    The authorities will spy on Tor, and the criminals and hackers will re-implement it with better security and use newTor.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 31 May 2013 @ 1:01pm

      Re: Sounds like a good plan

      How are they going to spy on it, exactly? The only reliable way to break tor's encryption is to be in control of a lot of nodes, and I think someone will notice if the majority of the network suddenly became concentrated in Australia.

      reply to this | link to this | view in chronology ]

      • identicon
        Will, 22 Jul 2013 @ 12:16am

        Re: Re: Sounds like a good plan

        As opposed to what, being concentrated in the US like they are now? Thank god the United States doesnt spy on its citizens then! lol

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 31 May 2013 @ 1:09pm

    > don't connect it to the Internet

    BREAKING: .gov.au has discovered criminals are evading surveillance by failing to connect to the internet. Voluntary universal internet connectivity program in the works, fines and gaol coming later.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 31 May 2013 @ 1:12pm

    'the only people who are likely to end up being spied on are innocent members of the public'

    have you not yet realised that this is exactly what is wanted? think about it. law enforcement agencies like the FBI will have even more people to set up as terrorists, more people to put their stupid schemes into play against and then more back slapping and praise to get for breaking another terrorist or criminal ring of people that didn't actually do anything wrong at all but were convinced by the agencies that if they didn't plead guilty to doing nothing, they would be charged, convicted and imprisoned for doing whatever the agencies could dream up as charges! and dont forget, there wont be any danger involved as most of these people will be old age pensioners that couldn't think about doing anything subversive, let alone actually able of doing it. unfortunately, just like the entertainment industries, law enforcement and governments wont listen to anyone that talks sense over anything when it involves them in doing the opposite to what they want to do. they want to spy continuously on everyone and that is what will happen. the fact that it wont help in capturing anyone or preventing any major (even minor) crimes, is beside the point. they want to do it, they will do it and the bullshit of how it stopped this, prevented that and helped capture so and so, will coming out thick and fast. all that will happen in reality is there will be so much information collected, it would take an army to sift through it. by then, anything of value will be so out of date, the disaster, if one was in the offing, would be long happened!!

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 31 May 2013 @ 1:17pm

      Re:

      Need that sad but true button still.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 31 May 2013 @ 1:35pm

      Re:

      Meanwhile the real dangerous people will slip under the radar. Also if they want a diversion, hire a botnet, and get the zombie machines exchanging child porn and/or terrorist and extremist material.

      reply to this | link to this | view in chronology ]

  • icon
    pixelpusher220 (profile), 31 May 2013 @ 1:29pm

    "law enforcement and governments wont listen to anyone that talks sense"

    The people who won't listen are the "ZOMG it's Bieber" public. They don't want to be bothered to even listen let alone vote (US - I believe Aussies are required to vote).

    If the public is too much sheep and not enough people actively involved, you only get the truly psychotic in office making the rules. Think about politics in the US. Would *you* want to have your life raked over the coals ever 2/4/6 years? Sane people say no. Only people who have purposely lived a life so devoid of anything interesting can be elected - or people who have actively hidden their true selves from anyone else. Neither are what I'd consider good choices for leadership, yet it's all we get now.

    reply to this | link to this | view in chronology ]

  • identicon
    out_of_the_blue, 31 May 2013 @ 3:12pm

    This "seeking the legal power" means already have the ability.

    TOR was apparently created by the gov't, kids. It's a trap.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 31 May 2013 @ 4:10pm

      Re: This "seeking the legal power" means already have the ability.

      Yes, tor originally came from the government. A different government (the US government; this story is about the AU government).

      But that does not matter. Tor's source code is completely public, meaning anyone can check its security. Not only that, but tor is such a high-profile program, that anyone who breaks it will get instant fame among his peers.

      If you look at the way tor works, you can see that the ones operating it do not have the ability to break it. And that is by design.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 31 May 2013 @ 5:42pm

      Re: This "seeking the legal power" means already have the ability.

      Do you even try to understand what you're talking about?

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous, 1 Jun 2013 @ 3:35pm

      Re: This "seeking the legal power" means already have the ability.

      Holy mackinoli, OOTB! You said something I somewhat agree with!

      reply to this | link to this | view in chronology ]

  • identicon
    horse with no name, 31 May 2013 @ 9:57pm

    So it goes

    Perhaps one day you guys will understand: no matter how much technology you throw at blocking the government, they will show up and work hard to defeat you. It may end up being an endless war, but as it gets more and more difficult and costly to get around the government's agenda, the more people will give in.

    Most of the public just doesn't have stuff worth all that effort to hide. It's incredibly difficult for them to justify an escalating war of technology to try to hide what they don't need to hide to start with.

    reply to this | link to this | view in chronology ]

  • identicon
    Adamant, 1 Jun 2013 @ 7:14am

    Internet

    Get all governments off the internet. Let them fight it out on the some distant moon of Jupiter or Saturn.. or Pluto.

    reply to this | link to this | view in chronology ]

  • icon
    Zoe (profile), 10 Nov 2013 @ 5:24pm

    Need HAcker?

    c

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.