Comment by sigmoid10

Comment by sigmoid10 a day ago

14 replies

View on Hacker News

That assumes you could run thousands of malicious tor nodes for several years without being detected. Unless you have vast resources and time, this is unlikely.

alasdair_ a day ago

My point is that it doesn't require "vast resources". A VPS is $5 a month. A thousand of them would be in the disposable income budget of a single FAANG engineer never mind a nation state.

Pay people on Fiverr to set them up for you at different ISPs so that all the setup information is different. You can use crypto to pay if you want anonimity (this is actually the main reason I used to use bitcoin - I'd pay ISPs in Iceland to run TOR exit nodes for me without linking them to my identity).

This isn't a difficult problem. A single individual with a good job could do it.

And sure, each connection only has a very small chance of being found, but aggregate it over a year or two and you could catch half of the users of a site if they connected with a new circuit one time per day.

I honestly can't see why a nation state or two hasn't already done this.

Reply View 3 replies
  • jiveturkey a day ago

    > A VPS is $5 a month.

    With insignificant data caps. To get the data needed I believe you're looking at a couple hundred a month, to start.

    Reply View 2 replies
    • judge2020 a day ago

      Running exit nodes is also likely to result in getting booted from most VPS or even bare metal providers, maybe unless you BYOIP.

      Reply View 1 reply
      • AstralStorm a day ago

        And if you BYOIP, and run a large node, Tor volunteers will try to contact you and verify...

        Reply View 0 replies
worldsayshi a day ago

But it doesn't seem unfeasible for a state actor that wants to track their population then?

Reply View 2 replies
  • ziddoap a day ago

    The comment that spawned this chain starts with:

    >Let's say I as a private individual

    Reply View 1 reply
    • worldsayshi a day ago

      Yes that's why I said 'but'. It still seems relevant to the discussion and I wasn't aware that such attack was possible.

      Reply View 0 replies
Spivak a day ago

But given the attack is just logging the cleartext at the ends how are you going to detect that the servers are malicious?

Reply View 0 replies
AndyMcConachie a day ago

What detection? A malicious node is only different from a non-malicious node because all the traffic is being logged. If that's our definition of a malicious node in this case then there is no way to detect one.

Reply View 1 reply
mistercheph a day ago

I can't think of anyone with vast resources and time that would want to deanonymize cybercriminals

Reply View 2 replies
  • colechristensen a day ago

    Outside of 3 letter agencies which is obvious, I have known people who would do this for fun or whatever other personal motivation.

    A lot of "hacker" mentality projects involve putting a tremendous amount of effort into something with questionable utility.

    People climb mountains because they're there.

    Reply View 0 replies