Deep in the dark places of the Internet, someone is watching you. Actually, quite a few people are, but this time we're not talking about the NSA, Google or your ISP. This time you're being watched by someone who isn't even pretending to have your best interests at heart. Welcome to the seedy side of the web: a place where somebody somewhere in Russia really, really wants to know what you're doing at all times.
Identified by Philipp Winter and Stefan Lindskog of Karlstad University in Sweden, the snooping has been going on in one of the places most of us would consider safer than average on the internet: Tor. Oft-maligned as a hiding place for drug smugglers and gun-runners, Tor is an Internet privacy tool that helps you maintain your online anonymity by bouncing your signal trough numerous relays located across the globe. These relays mask your location and identity by making it very difficult to locate you. Since last year, and thanks in no small part to the NSA, the Tor community has ballooned from 500,000 daily users to 4 million.
It's easy to see how Tor could be seen as the "dark web" it's often said to be, but it was originally developed by the U.S. Navy, not some nefarious Silk Road-esque mastermind. One of the strengths of Tor is the group of anonymous volunteers all over the world who operate its relays. That anonymity, however, can work as a double-edged sword. Eventually, your Internet activity has to exit the safety of Tor's relays, and that's when it's vulnerable. A corrupt exit node operator can read your data just as easily as a snoopy house-keeper holding your mail up to a light fixture.
WikiLeaks rose to fame in much this way, by looking in on Chinese hackers through one such exit node. And now someone in Russia is using the same trick to check out your Internet activity. Specifically, this Russian spy seems interested in what you're doing on Facebook. To find out who your best friends are and when you last got wasted, the unknown hacker is using, not one, but 19 bogus exit nodes. The nodes pose as Tor exit nodes, intercept your data, and re-encrypt it before sending it on. Since Tor slows down connection speeds anyway, any added delay from this process is likely unnoticeable.
All of the bogus exit nodes had digital certificates issued to something called the "Main Authority." Official as it may sound, there is no real entity within Tor that goes by that name. Black-listing these nodes did little good, since new "Main Authority" nodes would pop up soon afterward. All this faux jurisdiction and hands-on snooping seems to point to a single voyeuristic individual rather than the Russian government, say Winter and Lindskog. Voyeuristic it may be, but even if all this snooping is the work of an email spammer rather than the world's newest Anna Chapman, it serves as a stark reminder that the folks sifting through your online activity don't always have your best interests at heart.