Tor Gains 1.2M Users in Wake of NSA Scandal Ironically Making It Easier for the NSA
So … TOR is supposed to have gains 1.2 Million users following all the fanfare around the NSA.
If I were to facepalm at this point I fear my face would pushed out the back of my skull, so let me relay a small bit of insight.
TOR is an anonymizing proxy so long as every node along the chain is “behaving”, let’s say fo sake for argument somene sets up a malicious exit node, Jackin’ TOR shows just such a setup used to inject content into http requests.
- inject javascript
- javascript executed by browser, makes request to malicious host
- identifying the browser if exploit exits this can now be used
- malicious payload send back in request
- malicious program now running makes direct request to C&C server (this does not go out via TOR, rquest is no longer anonymous)
- we can pretty much do anything we want now with the system
And if the above does not work?
- inject javascript
- steal cookies
- steal users accounts with banking, email, other services.