Security Watch

Keeping Track of patches and hacks in the IT security world.

What Latest Knock Against Tor Tells Us: Beware of Any Download

A security firm warns that Tor is adding malware; the truth is a bit more nuanced, and it's a problem that has been known about since 2006.

Download the authoritative guide:

Tor adding malware

The Tor Project is an open-source effort to help enable a degree of privacy and anonymity for users. A recent report from security firm Leviathan Security alleges that a Tor exit node was adding malware to user traffic. The real story, however, isn't so simple.

The way that Tor works is that traffic is routed through a series of Internet routers in a bid to hide the origination point of the user request. Tor is an acronym for The Onion Router, which also helps describe what the technology aims to do by providing multiple layers for user traffic. A Tor exit node is the point at which user traffic is delivered.

"After creating and using a new exitmap module, I found downloaded binaries being patched through a Tor exit node in Russia," Leviathan Security researcher Josh Pitts wrote. "Tor is a wonderful tool for protecting the identity of journalists, their sources and even regular users around the world; however, anonymity does not guarantee security."

For its part, the Tor Project has already taken action to mitigate the risk of the bad exit node.

"We've now set the BadExit flag on this relay, so others won't accidentally run across it," Tor developer Roger Dingledine wrote in a Tor mailing list message.

Dingeldine also notes that bad exit relays are not a new phenomena for Tor and, in fact, were first reported eight years ago.

"It turned out to be a Tor relay in China that was getting attacked by its ISP, and all the Tor users were just collateral damage from the ISP attacking all its users," Dingledine wrote about the 2006 incident.

The simple truth is that any download point from any service, be it Tor or just a software mirror, could potentially be tampered with. Both Pitts and Dingledine noted that users shouldn't just blindly trust the bits that they download from the Internet.

Good hygiene, which includes anti-malware technologies, needs to be in place for any type of software download from any location. Going a step further, for some downloads, users can check the cryptographic hash provided by the software author and match it up against the software they download to ensure authenticity.

Tor is a technology that has faced multiple challenges over the years. In 2013, it was revealed that the National Security Agency (NSA) has been trying to go after Tor users.

Somewhat ironically, though, the U.S. government is one of the largest financial backers of Tor with U.S. federal grants accounting for 90 percent of Tor's 2013 revenue.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.