The talk about de-anonymizing Tor at the BlackHat conference has been removed

The talk about de-anonymizing Tor at the BlackHat conference has been removed(tux.so)

203 points by lanbird 11 years ago | 49 comments

wfn 11 years ago |

Roger's response here is probably relevant:

https://lists.torproject.org/pipermail/tor-talk/2014-July/03...

  Hi folks,

  Journalists are asking us about the Black Hat talk on attacking Tor
  that got cancelled. We're still working with CERT to do a coordinated
  disclosure of the details (hopefully this week), but I figured I should
  share a few details with you earlier than that.

  1) We did not ask Black Hat or CERT to cancel the talk. We did (and still
  do) have questions for the presenter and for CERT about some aspects
  of the research, but we had no idea the talk would be pulled before the
  announcement was made.

  2) In response to our questions, we were informally shown some
  materials. We never received slides or any description of what would
  be presented in the talk itself beyond what was available on the Black
  Hat Webpage.

  3) We encourage research on the Tor network along with responsible
  disclosure of all new and interesting attacks. Researchers who have told
  us about bugs in the past have found us pretty helpful in fixing issues,
  and generally positive to work with.

(imho 2) and 3) is a polite way of saying that this particular talk did not feature much in terms of responsible disclosure. But these are not related to 1).)

lawnchair_larry 11 years ago | |

Coordinated disclosure is the proper term.

packetlss 11 years ago |

A Black Hat spokeswoman told Reuters that the talk had been canceled at the request of lawyers for Carnegie-Mellon University, where the speakers work as researchers. A CMU spokesman had no immediate comment.

Source: http://www.reuters.com/article/2014/07/21/cybercrime-confere...

lanbird 11 years ago | |

Thank you for the information packetlss!

http://www.qatar.cmu.edu/iliano/svc/meetings/PX/2004-09-21/s... http://www.cmu.edu/silicon-valley/research/tech-showcase/pdf...

616c 11 years ago | | |

Interesting, they did a talk at Education City in Qatar and I had no idea about it? Very disappointed, and surprised they had talks with these kinds of experts on this talk (censorship avoidance is not looked kindly upon there).

x1798DE 11 years ago | |

I have to imagine that this is for some sort of internal bureaucratic reason. I don't see who is in a position to even want to stop this talk - almost certainly not the Tor project itself.

The mundane (and thus most likely) answer is that the CMU lawyers wanted to pull it either because they want to sort out some sort of intellectual property first, or they're worried about some sort of liability.

tedks 11 years ago | | |

I would imagine the researchers broke quite a few laws verifying this attack on the public Tor network, if they indeed did so. And since Tor is incredibly hard to simulate at that level, it's likely that they did. Even if they developed the attack on a simulated network they may have run the tool for verification against the live network. Maybe they did it to de-anonymize a drug marketplace or something else they thought they could get "ethical hacker points" for. Maybe they sent the information to the feds and thought they were doing the right thing.

This is something that has always been legally murky, enough so that I feel like some technical people could decide that they didn't care and just go with it. More people under them might have as well, pulled along by sheer groupthink if not genuine agreement.

This attack was unique not in that it made strong claims, but that it had unusually specific strong claims that indicated some amount of empiricism. I feel like you could only reasonably claim that number if you actually tested it against a very strong network simulation (which doesn't exist for Tor) or the real network.

It's not like other researchers haven't done similar things to get results about Tor. There are a few workshop and academic conference papers that talk about results obtained by analyzing Tor traffic; this is technically wiretapping according to the Tor project, but previously it's always been mundane enough that nobody has gotten involved. This experiment might have compromised some people's very personal information, and it's incredibly public.

This is all really just an expansion of "they're worried about some sort of liability." In any case that's by far the likelier of the two; I can't imagine you could sell IP related to this.

andor 11 years ago | | |

I don't see who is in a position to even want to stop this talk

A government agency that wants to stay a step ahead of the competition or of its targets?

yalue 11 years ago |

I doubt this removal is anything sinister. Attacks on Tor have been a relatively common theme at many large security conferences. For example, there was a presentation at IEEES&P 2013 on de-anonymizing Tor hidden services (http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf). The Tor people are typically pretty open to this stuff. It was most likely removed due to something mundane, like the presenters having issues getting through their organization's bureaucracy.

dpeck 11 years ago |

Mid summer tends to be pullout season for Blackhat and Defcon speakers. A handful happen every year, thats why they have alternates.

Sometimes the speakers screwed up and didn't get their material together and they weren't important enough to ignore that. Other times they're threatened by their employer or some external forces.

Subway hacking, Padgets RFID (and GSM a few years later IIRC), etc. Theres quite a history of great presentations that have never happened for one reason or another.

bitexploder 11 years ago |

Wild conjecture. Most of the guys on CERT have a security clearance. This talk may have been viewed as crossing streams that he could not cross. He likely had to get the talk approved by whoever manages his clearance to ensure his talk is not leaking secret information. Someone further up the chain may have caught wind and pulled it.

pekk 11 years ago |

Speakers drop out all the time.

Or maybe someone didn't want to compromise Tor in public until the Tor project had a chance to address the issues.

at-fates-hands 11 years ago | |

>>> Or maybe someone didn't want to compromise Tor in public until the Tor project had a chance to address the issues.

To some degree, isn't this what the Black Hat conference is all about?

jackweirdy 11 years ago | | |

Seems to me the public ousting of projects only happens when they refuse to implement a fix, or deny that something's an issue.

eat 11 years ago | | |

Not at all... Black Hat is one of the more commercial, "industry" security conferences out there.

peterwwillis 11 years ago | | |

Every year that some controversial BH talk happens that exposes some company's unpatched security vulnerabilities (or even questions the company's integrity), either the talk is pulled, or the talk materials are literally ripped out of the books or CDROMs given to attendees. As soon as a company gets wind that a talk might catch them with their pants down they threaten to file suit and Black Hat pulls the talk.

The Black Hat conference is about promoting the security industry. DEFCON, on the other hand, is about promoting hacker culture. It's a lot more common to see 0-day talks at DEFCON because there's much less industry spotlight [and thus, fewer general business professionals that could get scared by some new attack being announced].

MacsHeadroom 11 years ago | | |

No, to some degree BH is about compromising X in public after X has been repeatedly contacted with the necessary details AND given ample time to address the issues.

What these "researchers" were doing was just reckless. When it comes to Tor, lives are on the line. This kind of irresponsible disclosure is abhorrent, at best.

ripb 11 years ago |

A lot of "I don't like your post so I'm downvoting it", Reddit-esque behaviour in this thread.

orbifold 11 years ago |

At this point it is not really a good idea to use Tor anyways, given that you are then automatically targeted by the NSA and at the same time potentially provide cover for covert operations of several countries. What is really needed is political action to limit the capabilities of security agencies to indiscriminantly monitor web traffic.