Attack on Tor with stolen private keys of main nodes

Question

What could attacker do with stolen private keys of main nodes?

Tor is based on 10 main nodes: moria1, tor26, dizum, Tonga, etc.

IP Addresses of this nodes hard-coded into client.

./src/or/config.c:

static void
add_default_trusted_dir_authorities(dirinfo_type_t type)
{
  int i;
  const char *authorities[] = {
    "moria1 orport=9101 no-v2 "
      "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 "
      "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
    "tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
      "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
    "dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
      "194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
    "Tonga orport=443 bridge no-v2 82.94.251.203:80 "
      "4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D",
    "turtles orport=9090 no-v2 "
      "v3ident=27B6B5996C426270A5C95488AA5BCEB6BCC86956 "
      "76.73.17.194:9030 F397 038A DC51 3361 35E7 B80B D99C A384 4360 292B",
    "gabelmoo orport=443 no-v2 "
      "v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 "
      "212.112.245.170:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",
    "dannenberg orport=443 no-v2 "
      "v3ident=585769C78764D58426B8B52B6651A5A71137189A "
      "193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
    "urras orport=80 no-v2 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C "
      "208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417",
    "maatuska orport=80 no-v2 "
      "v3ident=49015F787433103580E3B66A1707A00E60F2D15B "
      "171.25.193.9:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810",
    "Faravahar orport=443 no-v2 "
      "v3ident=EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 "
      "154.35.32.5:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC",
    NULL
  };

Say, NSA agents travel across the Western Union, and steal private keys of main authority directories.

128.31.0.39
Country:        US [Cambridge, United States]
86.59.21.38
country:        AT [Villach, Austria]
194.109.206.212
country:        NL [Amsterdam, Netherlands]
82.94.251.203
country:        NL [Amsterdam, Netherlands]
76.73.17.194
Country:        US [Denver, United States]
212.112.245.170
country:        DE [Wallsbuell, Germany]
193.23.244.244
country:        DE [Hamburg, Germany]
208.83.223.34
Country:        US [San Francisco, United States]
171.25.193.9
country:        SE [Stockholm, Sweden]
154.35.32.5
country:        MU [Not Mauritius: Washington, United States]

10 cities on world map, not so many.

Thereafter, they move back to the USA, sitting down in their laboratory.

Obviously, they can easy attack any Tor node point-blank, in the middle on the provider side, AT&T, Verizon, whatever.

Client connect to malicious Tor-network copy, which will be identical to original. He lost hidden-service in one moment, while he would checking Tor-network, NSA agent will disappear, client reconnect to original Tor-network, without any warning.

What would attacker done remotely ? Or what else attacker could with this 10 priv_keys?

Answer 1

The directory authorities votes on what the Tor network consensus that lists all relays should look like so that a majority of the authorities need to behave badly in order to publish a malicious consensus for clients. See https://metrics.torproject.org/consensus-health.html for how the voting goes. All the private keys is not needed to win the vote and perform attacks you already mention.

You might get a more detailed answer over at the newly opened Tor Stack Exchange.

Answer 2

For my understanding, as tor use such called onion routing, each level of router don't know what behind each other level (inner/outer communication).

So holding all privates key at only 1 level (even the root level) won't be enough...

This is the way tor used to establish trust on himself. (sorry for my poor english...)