Slashdot Mirror
How The NSA Targets Tor
The Guardian has released new documents from Edward Snowden showing how the U.S. National Security Agency targets internet anonymity tool Tor to gather intelligence. One of the documents, a presentation titled "Tor Stinks," bluntly acknowledges how effective the tool is: "We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users, however, no success de-anonymizing a user in response to a TOPI request/on demand." (Other documents: presentation 1, presentation 2.) The NSA is able to extract information sometimes, though, and Bruce Schneier details what we know of that process in an article of his own. "The NSA creates 'fingerprints' that detect http requests from the Tor network to particular servers. These fingerprints are loaded into NSA database systems like XKeyscore, a bespoke collection and analysis tool which NSA boasts allows its analysts to see "almost everything" a target does on the internet. ... After identifying an individual Tor user on the internet, the NSA uses its network of secret internet servers to redirect those users to another set of secret internet servers, with the codename FoxAcid, to infect the user's computer. FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems." Schneier explains in a related article why it's important that we figure out exactly what the NSA is doing. "Given how inept the NSA was at protecting its own secrets, it's extremely unlikely that Edward Snowden was the first sysadmin contractor to walk out the door with a boatload of them. And the previous leakers could have easily been working for a foreign government."
A few days ago a well known Tor developer was getting angry on Twitter because he thought the Guardian was holding back a story on Tor due to redacting requests and pressure from governments.
The presentations cited date from 2007. That's 6 years ago and tells us diddly squat about their current capabilities. All it tells us, really, is that in 2007 they had developed some working techniques in the lab, and were talking about the same kinds of attacks that were being discussed in public. It also tells us they use custom malware - but that was already revealed previously.
The Snowden files contain a complete copy of GCHQ's internal wiki. It seems highly unlikely that there is no further information on Tor after 2007. Rather, it feels like the British and American governments treat their capabilities against Tor as one of their most valuable secrets and applied significant pressure, the resulting compromise being "you can make a story about Tor, as long as it's based on old information that is no longer relevant".
For Tor browsing you should use a different browser and OS, in a VM, than the one you normally use.
This quote from TFA was particularly insightful:
Other efforts mounted by the agencies include attempting to direct traffic toward NSA-operated servers, or attacking other software used by Tor users. One presentation, titled 'Tor: Overview of Existing Techniques', also refers to making efforts to "shape", or influence, the future development of Tor, in conjunction with GCHQ.
What that says is "hang on to old copies of TAILS and Tor, and don't 'upgrade' them." Sure, they're going to keep trying to attack them, but for right now this is as close to evidence as we'll ever get that says they're effective.
John
You call them "Smart TVs." I call them "telescreens."
I've been running Tor on my home FIOS connection for about six months in non-exit relay mode. Last month I received a registered letter from Verizon notifying me that I was using excessive bandwidth and that my connection would be terminated in ten days if I did not cease and desist. From what I read there were less than 100 FIOS customers that received this letter, and it was sent to folks who used upwards of 10tb per month. The paranoid conspiracy theorist in me says that the NSA encourages ISP's to crack down on Tor relays, while the annoyed consumer in me looks on it as a ploy by Verizon to sell me a commercial fiber service. Either way, I don't have the inclination or money to fight this battle, and so I shut down my Tor relay for now. Interesting to note that we were blocked from accessing Hulu Plus from our home as they had identified my IP as a Tor relay. Now that the relay has been off for a few weeks I should try connecting to Hulu again to see how long they blacklist IP's for.
"We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
What the NSA is doing is unacceptable whether or not a foreign government access any of the data. Unless the US government obtains a warrant, based on probable cause, that specifically describes the places to be searched and things to be siezed, this activity is illegal.
Give me Classic Slashdot or give me death!
so will this result in a theocratic christian government run by the bible belt?
I'm god, but it's a bit of a drag really...
Interesting. If I worked for NSA, I would try to. It would give some more information. Though on the other hand, they may just as well run their own nodes to get that information (oh yes, they do this already), and hacking 'normal' people just for the lulz always increases the chance of information about your operations getting out.
In short: It would be stupid to hack you just because you're running a node, unless you're their target in some other way.
c++;
Not according to this latest leak (who knows about future leaks).
As I read this leak, TOR isn't broken (I the sense that the NSA isn't recording all unencrypted TOR traffic, the way some had feared). The NSA doesn't root all nodes. If they're interested in some specific person, they break their anonymity by rooting them specifically. But I still need to go read Bruce's analysis.
I find it interesting/amusing that when Freedom Hosting was busted, and the FBI left behind a rootkit on the hosted servers to infect users wholesale, that wasn't an NSA payload - it was a 0-day they bought on Silk Road. For all that this spying pisses me off on principle, I love that bit: someone at the FBI has a sense of humor, or at least irony.
Socialism: a lie told by totalitarians and believed by fools.
How about we not personify the government? I find it more useful. Understanding the factors and motivations at work will allow us to respond appropriately, or at least properly understand why this keeps happening.
Here's how I see it: Government agencies tend to take the path of least resistance to accomplish their assigned goals. Spy agencies goals are to monitor and identify threats. It's much easier to monitor everyone online rather than the comparatively difficult task of getting a proper subpoena for each individual being monitored.
The reason this is easier is because it's allowed by the government and tolerated by the people (at least enough to let it stand, we're not taking to the streets with torches and rope). Due process has not been updated to cover this in a way most of us feel would be appropriate. There are probably other barriers against this type of behavior that more knowledgeable people could come up with. They should be there, but they're not.
The officials in charge likely know that there is only so much they can abuse that power before it's taken away from them. If it came out that the NSA had found a way to listen in on every conversation and track you at the moment, and the public understood it and wasn't successfully distracted from it, the NSA would have it's powers trimmed. And then their job would be harder again.
So it's not that they're just voyeurs who will stop at nothing to have a live feed on your sphincter. It's more that we want to have our cake and eat it too. We want the NSA to protect us from the boogeymen terrorists, and we don't want them to spy on us either. But we're more flexible on the latter, so there you have it.
We'd need to keep limiting the NSA from taking the easiest paths we don't want them to take, but we're also lazy and apathetic as a nation.
I think you've misunderstood the attack.
1. They can identify anyone using TOR by looking at the encrypted traffic. Doesn't matter what you're running.
2. Using their privileged position on the internet backbone, they can perform MitM attacks by responding faster than the real servers, so they server you their malware package while serving the original content. Doesn't matter what you're running.
3. The NSA has 0-days for everything, so now you're rooted. Doesn't matter what you're running. And likely de-anonymized at this point.
4. If you're using a live CD, you might stop being rooted when you power down. Unless the NSA has a 0-day for your BIOS, which is certainly possible, in which case even that didn't help.
This is the full financial power of a Cold War military intelligence branch being directed against individual citizens. Doesn't matter what you're running, you brought a knife to a gun fight, and they brought an armor division.
Socialism: a lie told by totalitarians and believed by fools.
Because he knew that if there was an indiscriminate data dump, governments would use that to distract from the real meat. By getting professional journalists to digest the data into understandable stories, he ensured that would not happen. Also he feels details about specific operations or sites or whatever isn't really important to the debate, which is what he cares about the most.
Now that said, we'll have to see if he is happy with the current level of disclosures. My impression so far is that he has been very happy with how things worked out. But this is a guy who had EFF and Tor stickers on his laptop. If he knows Tor is broken and the Guardian do stories implying that it's not, it'll be interesting to see if he has any reaction to that. Right now he's lying low because he wanted to fade away so the stories focus on the material - and that's something he has done amazingly well.
This is absurd.
Listen, I've read the analysis and I've read all the available documentation. I agree with Schneider's analysis, but you're exaggerating.
1. They can identify anyone using TOR by looking at the encrypted traffic. Doesn't matter what you're running.
Maybe. But they do this by injecting cookies and then trying to find those cookies later on the unencrypted Internet, once you've turned off Tor. This doesn't work so well if you're using the browser bundle, or some sort of Live CD, but it may work on
2. Using their privileged position on the internet backbone, they can perform MitM attacks by responding faster than the real servers, so they server you their malware package while serving the original content. Doesn't matter what you're running.
The race-condition man-on-the-side capability of the NSA was never doubted, though nobody was really sure until recently how/where/if it was deployed and how often it was used. It looks like it's a rather common thing they use these days. In that vein, they can probably intercept the traffic between the exit node and the hosted content, unless, of course, you're using a .onion site, in which case, they most certainly cannot (unless they own the exit node, which they will only sometimes do).
3. The NSA has 0-days for everything, so now you're rooted. Doesn't matter what you're running. And likely de-anonymized at this point.
If you're rooted, you are also de-anonymized. That's almost a sure bet. Avoiding getting rooted is the key.
4. If you're using a live CD, you might stop being rooted when you power down. Unless the NSA has a 0-day for your BIOS, which is certainly possible, in which case even that didn't help.
Doing a blind root on a BIOS is pretty unlikely. In fact, rooting someone who doesn't have a browser/OS combination that has a pre-built exploit make is much less likely. Especially even moreso if you spoof the user agent.
Regardless, the tone of your post is a bit over the top, and doesn't match the evidence- just figured I would point that out.
There's a subtle but profound point there. Most warrantless searching of internet stuff has been done under the banner of "no reasonable expectation of privacy". But a TOR user has taken active steps to ensure his privacy - this traffic is as much "not public" as we have the technology to make it. If you don't (legally) have a reasonable expectation of privacy when you go that far, It gives lie to the excuse in the first place.
Socialism: a lie told by totalitarians and believed by fools.
1. They can identify anyone using TOR by looking at the encrypted traffic. Doesn't matter what you're running.
Maybe. But they do this by injecting cookies and then trying to find those cookies later on the unencrypted Internet, once you've turned off Tor. This doesn't work so well if you're using the browser bundle, or some sort of Live CD, but it may work on
Sorry, I was unclear. They can easily identify TOR traffic as TOR traffic - they can identify that you are a user of TOR. Governments with far less resources can do this, and block all TOR traffic. There was a /. story about this some years back, on the TOR team trying to respond but admitting it would always be an arms race.
Doing a blind root on a BIOS is pretty unlikely. In fact, rooting someone who doesn't have a browser/OS combination that has a pre-built exploit make is much less likely. Especially even moreso if you spoof the user agent.
Yes - this is the one area where I do doubt even the NSAs capabilities. But the user agent has nothing to do with it - TOR tries to make everyone's browser fingerprint look the same anyhow - if you changed it in some way there are attacks based on having that unique fingerprint (no clue how real such attacks are). Regardless, most TOR users are running a recent browser bundle on a very limited choice of OSs, and this is one case where Windows likely isn't the biggest target.
Socialism: a lie told by totalitarians and believed by fools.
Second to last slide mentions that too - paraphrased "could be worse - people might find alternatives to tor or improve it if they knew what we could do".
This is the full financial power of a Cold War military intelligence branch being directed against individual citizens. Doesn't matter what you're running, you brought a knife to a gun fight, and they brought an armor division.
Yeah, I agree. We're pretty fucked, but I do think there's hope, however. The common man is disposed to do nothing until they feel the jack-boot at their own throat. The founding fathers knew of this:
Prudence, indeed, will dictate that Governments long established should not be changed for light and transient causes; and accordingly all experience hath shewn, that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed. But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security.
USA Declaration of Independence.
The important thing to note is that they also gave us tools such that we would not have to throw off our government in order to fix it. We actually can fire congress. We actually can hold accountable the traitors to the constitution they swore to uphold. They keep this shit up, and more folks will come around to the idea of using them. They may have an armor division, but note that it's actually on our side. The pen is mightier than the sword, and the Army is not the NSA or CIA or individual sessions of congress.
I developed a fairly weak encryption system with hash based CBC, and a simple substitution cipher prior to XOR to reduce effectiveness of chosen plain text attacks (random throw-away nonce initialization vector also helps). It's going to be part of the reverse-DRM system for my games (give the users the power: They can ensure game updates and mods can be trusted / signed), but since it's for games and the mods are scripts not native code, and will distribute online (thus internationally), I don't need anything super secure, or copyright encumbered (so I can open & close source as needed to mitigate cheaters in online games).
I was looking at my router bandwidth log a few days ago and there was an upload of about 375 megabytes in the middle of the night, over an hour and a half 11pm to 12:30ish. No one was uploading anything here, I know for a fact. I recall a few days prior to that my Firefox browser had oddly glitched and crashed on adobe flash content (this rarely ever happens, since I don't consume much flash). The next day I noticed on my private game dev forum that a post I had made somehow got duplicated and glitched up, marking it as a global sticky announcement, and quite tellingly, none of the BBCode markup was parsed into the board's internal format -- My post somehow made it into the SQL database twice, and one copy apparently didn't go through the board's posting filter -- The posts are transactional, if the forum had glitched the DB wouldn't have been populated, let alone twice, and it would have been filtered for markup PRIOR to even touching the DB... This post was a list of all the improvements I recently made to my custom cipher. Coincidence? Yeah, right.
In addition to being a cryptographer, I frequently make politically inciteful comments (see above), and since I make games as a hobby research some crazy stuff for plot ideas, sometimes I post in-character as a machine mastermind; And am also writing a novel about machines holding the government for ransom. (Spoiler: the machines autopiloted airplanes into bulidings as a show of force on 9/11 to get the government to expand the world wide neural network... you can imagine red flags everywhere doing research and collaborative writing for that, eh?) I also tinker with electronics hardware and hobby OSs coded in ASM and my own toy languages. Being that I email enc@nsa.gov directly to comply with encryptio
"Our goal was to analyse Tor source code and determine any vulnerabilities in the system. We set up an internal Tor network to analyze..." http://apps.washingtonpost.com/g/page/world/nsa-research-report-on-the-tor-encryption-program/501/
Belief is the currency of delusion.
They are going to root my BeOS 4.5 VM? Methinks not!
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson