One heartening aspect of the Snowden revelations as a whole is that they have pretty much just confirmed that the things we thought were strong (public crypto research, tor) are in fact strong and the things that we thought were iffy are in fact iffy(Certificate Authorities, Unvetted Crypto, Cloud Services, The Wires, Implementations). This bodes well for the prospect of navigating out of this whole mess successfully since on the whole we seem to have good instincts about what is trustworthy and what is untrustworthy. I think that it actually has tended to clarify thinking about security so that fewer and fewer engineers are able to delude themselves into trusting something that they know deep down is really untrustworthy.
One iffy part I would like to add is government itself. It was generally thought that government would not keep security vulnerabilities hidden, prioritizing to protect citizens rather than having a minor advantage in hacking.
Together with the earlier leaks regarding sabotaged security standard, US government is the most damaging entity to computer security today. Anything they do need to be viewed under the understanding that NSA primary priority is to be able to hack other peoples computers. Be that a encryption algorithm, or a kernel module, NSA priority is 100% clear.
That used to be a tin-foil hat idea just a few months ago, and we know better now. If NSA comes carrying gifts, it warrant being very careful in accepting them from a party with such hostile priorities.
> That used to be a tin-foil hat idea just a few months ago, and we know better now. If NSA comes carrying gifts, it warrant being very careful in accepting them from a party with such hostile priorities.
Well, not really.
The "tinfoil" idea is that NSA is breaking into crypto so that they can blackmail politicians, black-bag innocent citizens, etc.
But it was never widely assumed that NSA wasn't trying to break every bit of encryption they could. Besides the fact that such activities are literally their job, it's one of the few things they'd just as likely tell you directly if you asked them.
"Q: Are you trying to break cipher/cryptosystem FOO?" "A: Yes, we're trying to break all of them, to protect our SIGINT capability".
NSA has spent literally decades analyzing and breaking the military-grade ciphers of other nations. So I don't know where people got the idea that just because civilians obtained access to military-grade encryption, that NSA would suddenly stop with cryptanalysis efforts. But it has nothing to do with civilians per se; the military and national security opponents are using our civilian crypto too!
Is that inconvenient for civilian cryptography? Sure. But let's not act like people are having something chipped and taken away from them, that they've always had.
Before RSA and DH there was essentially no widely-known safe cryptosystems that we could use. You used DES, or you could make up your own Vigenère implementation perhaps (have fun with key exchange!).
And that's just discussing computer communications. Your phones were all tappable, international telegrams easily read if it suited NSA, and good luck if you used one of those new-fangled cell phones.
The claimed threat is that computers make NSA more capable of surveilling the people at large, but the evidence shows that systems like Tor are putting up an exceptional fight, and even cryptosystems like TLS with many known weaknesses mostly work against global passive surveillance.
You would have to get on NSA's specific shitlist to have to really worry, but being on that shitlist 20 years ago meant anything you said would be picked up... and now, even that is not so certain.
> It was generally thought that government would not keep security vulnerabilities hidden
Was that what people thought? Were there vulnerability reports in open-source software that were coming from the NSA or thought to be coming from the NSA? Surely everyone knew that the NSA was capable of finding exploits in software, and I would think that it would be hard to keep secret whether or not they're being reported.
> That used to be a tin-foil hat idea just a few months ago, and we know better now.
It's well-known that the NSA pushed to have DES limited to 56-bit keys. There were suspicions about Dual_EC_DRBG long before there were any leaks from Snowden. In the 90s, they pushed the Clipper chip, in which they'd engineered a back door. I think that everyone understood that the NSA had somewhat of an interest in weaker cryptography. That's why the cryptographic standardization processes happened in the open and when constants were needed, they were taken from the digits of pi or some such sequence.
At a DefCon (15, I think?) I got to ask a panel of FBI/CIA/NSA bigwigs a question at an open Q/A panel. I asked how they made the decision of which exploits they'd keep for themselves and which they'd help the project patch.
The response was 100% boilerplate. "We have a system for evaluating it," was the basic answer, in more words than that. I didn't really expect anything more, but it was worth a shot.
I've never believed that their "system" was in any way primarily for the public interest. I can't point to any specific evidence, it just never felt like the type of thing they would do. Good exploits just seemed far too useful to be worth giving up.
Prior to this one should not have (and arguably should sill not) assumed Tor is safe against the NSA.
Tor was explicitly not designed to protect against a global passive adversary. That's the price it pays for low latency. With the amount of network data the NSA has, they probably constitute such an adversary.
It is actually rather surprising that Tor gives them this much trouble.
> It is actually rather surprising that Tor gives them this much trouble.
I am not really convinced that what we have seen demonstrates conclusively that it does. There is the possibility that we are looking at parallel construction, or that these attacks are genuine but they are sitting on more dramatic capabilities for targets they think are worth it (perhaps because the Chinese continuing to trust and use Tor is a better situation for the NSA to be in than the Chinese doing everything the old fashioned way with microfilm and dead-drops).
The best way to go forward is to continue to assume that Tor does not present any significant difficulty to the NSA.
It's a question of opportunity cost. The NSA has extensive resources, but it's unlikely that they can employ overwhelming resources (such as would be theoretically necessary to break tor) for every situation where overwhelming resources specifically directed are a theoretical weakness. At the moment, implementations are a much easier target, and so I don't necessarily think that it's surprising that they do have trouble with strong but imperfect systems like tor.
Perhaps once all implementation issues are removed from the security equation (I'll hold my breath while I wait...) it will be necessary to think up better systems. But right now, what's hard for us is hard for the NSA, and so that should be the guiding principle for strengthening current systems and developing new ones. I find that an empowering idea.
The weak point as usual are the endpoints. The attack vector described in these documents is JavaScript via some library called E4X. Makes me wonder why Tor bundle doesn't come with NoScript enabled by default.
Utopistically, how nice would be if the whole web provided no-javascript versions of the sites? In the end 90% of the cases javascript is used just to do fancy things, while actual functionalities could be achieved with much less pain (and vulnerability).
I agree with your post generally, but has Snowden said anything about CAs? I did expect to hear that at least one has signed anything the NSA put in front of them, but I don't recall Snowden providing "proof"* of this.
* I'm in no position to verify anything Snowden leaks.
The main thing is that CAs are centralized proxies for trust combined with the revelations that confirm that the NSA directly targets such central entities. There was a lot of general uneasiness about the reliance on CAs before the Snowden revelations, and I think the fact that NSA documents show that it leans on such central entities confirms the wisdom of that unease.
I don't know about the NSA, but I've personally negotiated a deal with a CA to add whatever domains we wanted to a certificate without validation. They just "trusted us."
not to be a downer but I do feel these systems and exploits are designed by us the hackers we so much want to belive are good, but it looks like most hackers have a price and probably derive joy from designing these systems for the government.
we know what is trustworthy we know how to build and do the right thing. yet look there is tens of thousands of brilliant minds working for the nsa against everybody else.
The disheartening things is, though, we don't really have novel technologies (quantum crypto?) to guarantee security anymore and the existing ones will soon be exploitable on a mass scale. This is bad for internet commerce, and for internet itself as a medium. In the eyes of the layman, the internet is untrustworthy. I won't be surprised if in the future we will see closed, privately owned physical networks that guarantee security to their customers.
quantum crypto is going to be available to governments first and to civilians later, if at all, ever. we should be be making plans on how to protect ourselves from the cracking powers of quantum computers with our traditional computers instead: http://www.pqcrypto.org/
> But the documents suggest that the fundamental security of the Tor service remains intact. One top-secret presentation, titled 'Tor Stinks', states: "We will never be able to de-anonymize all Tor users all the time." It continues: "With manual analysis we can de-anonymize a very small fraction of Tor users," and says the agency has had "no success de-anonymizing a user in response" to a specific request.
So only with "manual analysis" can intel agencies have any success, and that appears to be with a small subset of users who have other vulnerabilities. But when targeting a specific user, the NSA appears to have had no success in de-anonymizing them.
This needs to be higher. I think this was the best scenario anyone who knows Tor could hope for. The attacks against Tor, when used correctly, are well understood. And, assuming this presentation is accurate,the capabilities of adverserial semi-global attackers aren't much different from what we were expecting.
I would love to see if they have similar slide-decks for I2P, which is often compared with Tor for Hidden Service/eepsite usage.
The more we learn about the NSA's capabilities, the more it seems like the Manhattan Project. They are developing the "cyberwarfare" equivalents of weapons of mass destruction. This exploit delivery network goes so far beyond any legitimate purpose it might serve that it belongs in the same moral category as hydrogen bombs.
EDIT: The above is somewhat hyperbolic and unclear. The NSA's capabilities may have legitimate uses. Similarly, there may be legitimate military uses for nuclear weapons. But building nuclear weapons creates the risk of worldwide nuclear destruction. Similarly, building this kind of highly efficient exploit system creates the risk of destroying all Internet security. The potential destruction far outweighs whatever good the weapons might accomplish. That is why I said they belong in the same category.
I think that's a pretty serious exaggeration. Designing tools to let you spy on Tor traffic has to be in a separate category from designing bombs that could kill millions.
Besides, are there no ends that could justify these means? I think the means are altogether reasonable given the ends. Put aside whether you think the NSA is genuinely pursuing its national security mission: If it were, wouldn't it make perfect sense to figure out how to attack Tor?
The Stasi and the Gestapo were genuinely pursuing a national security mission. They also did more self-inflicted harm to Germany than the A-bomb did to Japan from the outside. He's not exaggerating the amount of damage an intelligence agency can do.
Attacking Tor by passive analysis is one thing. Installing spyware, creating a botnet, and making the infection process quick and easy is another. There might be some justification for the former. The latter is too risky.
Sucks you are being downvoted for not agreeing with the hyperbole, but I think you are correct.
The NSA's job is to spy on things. TOR represents a place where illegal things occur, so it is a perfectly reasonable thing that they would be tasked with trying to stop such illegal things there.
Maybe the NSA cyberwar effort did not produce new earth shaking insights; the manhattan project did that of course. Now both efforts may be compared in terms of their price tag: both did cost billions of tax dollars to implement.
Interesting that instead of reaching out for the stars we turn inwards - snooping as the new frontier that is pushing technology forward, now here is a great prospect ...
Hardly. The NSA's techniques, as described thus far, appear to be your basic computer security fodder. The same techniques that any modest black hat could do.
I've taken a jaundiced view of "liberation tech" efforts in the past and this is as good an illustration as any of why. Among "amateur" libtech projects, Tor is about as good as you get --- an active community, extremely widespread use, technical people with their heads screwed on right and as much humility as you can reasonably expect of people whose projects are (candidly) intended to thwart world governments.
If Tor can't provide meaningful assurances (here, there's a subtext that Tor actually made NSA's job easier), you'd need an awfully convincing reason for how you're going to do better than they are before "liberating" the Chinese internet, especially given that it your users who assume the real risks.
I didn't read it that way at all, in fact, it sounds like Tor is sufficiently robust that a good number of NSA employees were tasked with finding exploits. In terms of the exploits found, it looks like all were against the browser.
Tor is a well-designed and robust anonymity tool, and
successfully attacking it is difficult. The NSA attacks we
found individually target Tor users by exploiting
vulnerabilities in their Firefox browsers, and not the Tor
application directly.
Tor enabled them to filter down Internet traffic to a subset, and then they simply violated the security premise behind real-world Tor usage (that the rest of the stack was secure) to pierce the veil completely.
I'm not indicting Tor. The opposite. But in Iran, China, or Belarus, you don't get to call a foul ball when your libtech stack breaks somewhere you weren't working on.
And again, my concern isn't Tor, but the (far more amateurish) things people come up with as new Tor alternatives to e.g. "circumvent the great firewall".
The principle I'm trying to communicate is that there's a degree of chauvinism implicit in amateur libtech --- that despite the billions of dollars any real country can leverage against Internet privacy, indie developers have a fighting chance against Iran, because after all they're just a tinpot dictatorship.
The other more general principle I try to communicate is that it doesn't matter how nice, or even how necessary, any given bit of security technology is. What matters is the engineering: will it work as deployed. Not having a better answer doesn't change the engineering fact of whether the best current solution is viable.
I don't think your fears are justified by the article. The first thing you read is a pull-out quote that says:
>Tor is a well-designed and robust anonymity tool, and successfully attacking it is difficult.
Maybe you're referring to:
>The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the internet, makes it easy to differentiate Tor users from other web users.
Your kind words about the Tor project are accurate, but they have never claimed that it's possible to reliably hide Tor use.
The next sentence is:
>On the other hand, the anonymity provided by Tor makes it impossible for the NSA to know who the user is, or whether or not the user is in the US.
There is no Tor exploit or new information here. The NSA has enough resources to recognize Tor users in the USA enmasse, as well as single-out individual connections. From this point on, FoxAcid works the same whether you're using Tor or not.
>(here, there's a subtext that Tor actually made NSA's job easier)
I'm not sure how you reached that conclusion.
The slides mention that Tor is:
* Very difficult to identify on the network-level, since Tor-tls traffic is indistinguishable from Apache-tls traffic as of 2011
* Impossible to fully deanonymize
* Only exploitable via a handful of browser exploits.
Further, later in the "Tor is the King" slide deck, there's this rather glowing endorsement of the TAILS livecd:
"Tails... adds severe misery to CNE equation."
...which is what you'd expect, given that TAILS is entirely ephemeral, and so all of their callbacks and APT-style attacks are useless against it.
I had previously considered TAILS a rather "amateur" system myself, because of the glut of livecds bundling Tor. But it turns out they're actually adding severe(!) misery to the NSA's exploitation team! I'm downloading the TAILS cd now so I can switch over to using it in a VM rather than running Tor Browser Bundle on my own machine.
Will tails still only use ram and no disk within a vm? If not, you'll just have a slightly better tor browser bundle (plus other features) right? I always thought the "ram only" portion of tails was one of the biggest anonymity wins.
Even TAILS worries me slightly. Why? Homogeneity. The same thing that makes a freshly booted TAILS "clean" and exactly the same as any other freshly booted TAILS also means that it's a "known quantity" to an attacker.
A lot of obscure vulnerabilities that would normally require a "perfect storm" to be used together to compromise a system are much easier to construct once you know a lot about the target system. And it would be well worth the time for an attacker to develop an exploit that would work against all TAILS users.
In the same way the Firefox heap spraying attack was specifically targeted against users of the Tor Browser Bundle. There, homogeneity was a large part of victims' downfall. TAILS is arguably many times more homogeneous.
ASLR and related technologies are a (very very basic) start but we may not have better answers to things like this until we have the likes of binary diversity as described in http://lwn.net/Articles/565113/ being usable (Even then, a final binary compilation stage would need to be taken by an application user before use).
Edit: and yes, you don't need to point out that the TBB vulnerability did heap spraying in Firefox's JIT and so binary diversity would probably have been minimally effective.
here, there's a subtext that Tor actually made NSA's job easier
Are you reading anything from that subtext beyond, "Tor has a high concentration of the kind of users we're interested in, so let's keep it a juicy target rather than squeezing too hard?"
As I understand it, which admittedly isn't well, it made surveillance jobs easier when its users mistook anonymity and privacy. That is, sending something through the tor network means that it's more likely that your traffic is going through a node belonging to a group that records everything than if your traffic randomly found a point to point route across the internet.
I don't see how using the Tor network could make you less anonymous, unless as you point out, it's use suggests a user's greater likelihood of sending and receiving interesting information.
It hurts the system that exit nodes have been targeted for content that other users were responsible, but from how I have read, Tor can provide people meaningful anonymity that is difficult breach.
As an aside: What is the effect of such parenthetical statements? I think they just create a vague idea of uncertainty and fear. If there is a vulnerability, there has to be a mechanism, not just a sense of omnipotent government surveillance.
Maybe that mechanism is the probabilistic likelihood of an organization controlling a large portion of the Tor nodes' ability to identify users. Maybe it's a flaw that has been surreptitiously put into the source code. I'm pretty sure more people who know would suspect the former as far more likely than the latter. It's easier to address the questions when you know what the parenthetical utterance was even referring to in the first place.
I don't know that it really is subtext here, but I suspect that Tor has many people communicating electronically where they would otherwise refuse to do so at all. In other words, "Normally I would refuse to talk about this on the internet and would meet you in the back of the bar instead, but I trust Tor so let's discuss this now."
It therefore puts communications that previously would not have been available to the NSA into the realm of things that the NSA can access.
What chance does a ragtag team of people from various backgrounds working part time on a open source project have against a determined enemy with billions in funding and hordes of PHDs working full time with single goal of violating privacy of netizens.
That's entirely not the point. Even with 1000x the amount of funding, TOR would still be theoretically proven to be insecure. Only physicially secure hardware (including cables and routers) stands a chance against side-channel traffic analysis.
This is one way the NSA can attack Tor. if they just want to de-anonymize a connection, not get access to the content, (.e.g to locate the Silk Road Sever), in theory they can just analyze all their passively collected data form major fiber backbones to identify and locate the user.
Tor, including hidden services, was never designed to protect against someone who could observe all or almost all traffic in the Tor network. Given that data, it's rather easy to correlate timing information. Indeed, Tor fundamentally allows this since it aims to be a low latency network.
Given the NSA's extensive tapping of key fiber lines, we should assume they can actually observe the necessary traffic.From the original paper announcing Tor: "A global passive adversary is the most commonly assumed threat when analyzing theoretical anonymity designs. But like all practical low-latency systems, Tor does not protect against such a strong adversary." --- Tor: The Second Generation Onion Router [0]
[0] https://svn.torproject.org/svn/projects/design-paper/tor-des...
I think this depends vastly on the number of rogue tor nodes. However, picture this: NSA isn't the only organization going after TOR right? Probably there are others.So if you are China, Iran, Syria, Russia, etc. What do you do? You set up your 'own' poisonous tor relays. What you end up doing is disrupting and diminishing the potential of a single agency or a group of agencies of controlling a big % of tor traffic.
So all in all, might be a good thing and way more difficult thatn it was 7 years earlier. Not to mention that at the time we were browsing through tor at 50 kb/s while now we browse at 400 kb/s.
If you are doing something that would make the NSA interested in you (and I would highly highly discourage that), you'd need to focus more on tradecraft. Get the laptop from a source that can't be traced to you, like a thrift store in a city where you don't live or normally frequent. Disguise yourself, pay in cash, and either make sure there are no security cameras or wait a good year before you do whatever you are going to do (nobody keeps camera data longer than that). When you do whatever you are doing, use a Live CD like tails. Disguise yourself. Wear gloves. Go to a city you don't live in or frequent regularly, and only use cash during the trip. Park a long distance from your wifi source where there are no cameras and walk to where you will access the wifi. Use a cantenna to hit an open wifi some distance away, preferably a public connection like a busy coffee shop. Do whatever you are going to do. Walk back to your car, drive to a nearby town, smash the laptop and dispose of in a dumpster. Drive home.
The NSA might be able to query their databases for anyone who recently visited the city where the wifi involved is located, and you might match that if there were license plate scanners on the way, even if you paid for gas in cash. If that information isn't collected by the NSA today, it probably will be tomorrow.
The NSA might be able to query their databases for anyone who "went off the grid" for a day or two around the event they're interested in. That's not good enough to id a suspect, but it narrows the pool. If you stopped making google searches from your normal internet connection within a day of the event in the other city, and you normally use your computer every day, or if your phone was off within a day of the event, that's suspicious. Enough of those kinds of data points and you become a suspect.
Even simpler, and a staple of crime fiction, stuff happens that you have no control over that can place you in the vicinity at the time of the event. If you have bad luck and get a ticket or get in a car accident in the city in question, for instance...
Far from suggesting that you simply need to be more careful, my view is that you can't take sufficient precautions to get risk down to a tolerable level if whatever you're doing brings you to the attention of the NSA.
This is such random advice. What threats are you defending against here?
"Wear gloves": Why? Are you thinking someone will pierce the veil of all these other precautions but then be stymied when they find a smashed laptop with no fingerprints on it?
"Sir, we followed him for a year, watched him buy a laptop and use it in a park, but when we recovered the laptop from the dumpster, there were no fingerprints on it!"
Ideally you'd want to be running Tor with transparent proxying of all traffic on a physically separate (and locked down) host. I believe there are guides on how to do all that on a raspberry pi out there.
On your primary browsing/whatever machine, I believe (but have not exhaustively researched) that it would still make sense to run inside a VM/container, because that would provide a much more 'generic' set of system characteristics (MAC address, clock jitter stats, CPUinfo, etc) than your actual hardware. It does provide a greater attack surface, so you'd have to weigh up the value of potentially masking physical identity vs likelihood of gaining root due to VM exploits.
There's also the risk of overconfidence because of these measures, which might lead you to overlook important details in the host OS, or in your communication habits.
It's probably the best you can do, but it still doesn't prevent your anonymity from being compromised. As soon as the malware is installed, it can phone home, even if you end up wiping it after you are done.
> Once the computer is successfully attacked, it secretly calls back to a FoxAcid server, which then performs additional attacks on the target computer to ensure that it remains compromised long-term
It would be nice if somebody could honeypot them to find out the vulns and malware types they are using.
Readit News
Together with the earlier leaks regarding sabotaged security standard, US government is the most damaging entity to computer security today. Anything they do need to be viewed under the understanding that NSA primary priority is to be able to hack other peoples computers. Be that a encryption algorithm, or a kernel module, NSA priority is 100% clear.
That used to be a tin-foil hat idea just a few months ago, and we know better now. If NSA comes carrying gifts, it warrant being very careful in accepting them from a party with such hostile priorities.
Well, not really.
The "tinfoil" idea is that NSA is breaking into crypto so that they can blackmail politicians, black-bag innocent citizens, etc.
But it was never widely assumed that NSA wasn't trying to break every bit of encryption they could. Besides the fact that such activities are literally their job, it's one of the few things they'd just as likely tell you directly if you asked them.
"Q: Are you trying to break cipher/cryptosystem FOO?" "A: Yes, we're trying to break all of them, to protect our SIGINT capability".
NSA has spent literally decades analyzing and breaking the military-grade ciphers of other nations. So I don't know where people got the idea that just because civilians obtained access to military-grade encryption, that NSA would suddenly stop with cryptanalysis efforts. But it has nothing to do with civilians per se; the military and national security opponents are using our civilian crypto too!
Is that inconvenient for civilian cryptography? Sure. But let's not act like people are having something chipped and taken away from them, that they've always had.
Before RSA and DH there was essentially no widely-known safe cryptosystems that we could use. You used DES, or you could make up your own Vigenère implementation perhaps (have fun with key exchange!).
And that's just discussing computer communications. Your phones were all tappable, international telegrams easily read if it suited NSA, and good luck if you used one of those new-fangled cell phones.
The claimed threat is that computers make NSA more capable of surveilling the people at large, but the evidence shows that systems like Tor are putting up an exceptional fight, and even cryptosystems like TLS with many known weaknesses mostly work against global passive surveillance.
You would have to get on NSA's specific shitlist to have to really worry, but being on that shitlist 20 years ago meant anything you said would be picked up... and now, even that is not so certain.
Was that what people thought? Were there vulnerability reports in open-source software that were coming from the NSA or thought to be coming from the NSA? Surely everyone knew that the NSA was capable of finding exploits in software, and I would think that it would be hard to keep secret whether or not they're being reported.
> That used to be a tin-foil hat idea just a few months ago, and we know better now.
It's well-known that the NSA pushed to have DES limited to 56-bit keys. There were suspicions about Dual_EC_DRBG long before there were any leaks from Snowden. In the 90s, they pushed the Clipper chip, in which they'd engineered a back door. I think that everyone understood that the NSA had somewhat of an interest in weaker cryptography. That's why the cryptographic standardization processes happened in the open and when constants were needed, they were taken from the digits of pi or some such sequence.
The response was 100% boilerplate. "We have a system for evaluating it," was the basic answer, in more words than that. I didn't really expect anything more, but it was worth a shot.
I've never believed that their "system" was in any way primarily for the public interest. I can't point to any specific evidence, it just never felt like the type of thing they would do. Good exploits just seemed far too useful to be worth giving up.
Tor was explicitly not designed to protect against a global passive adversary. That's the price it pays for low latency. With the amount of network data the NSA has, they probably constitute such an adversary.
It is actually rather surprising that Tor gives them this much trouble.
I am not really convinced that what we have seen demonstrates conclusively that it does. There is the possibility that we are looking at parallel construction, or that these attacks are genuine but they are sitting on more dramatic capabilities for targets they think are worth it (perhaps because the Chinese continuing to trust and use Tor is a better situation for the NSA to be in than the Chinese doing everything the old fashioned way with microfilm and dead-drops).
The best way to go forward is to continue to assume that Tor does not present any significant difficulty to the NSA.
Perhaps once all implementation issues are removed from the security equation (I'll hold my breath while I wait...) it will be necessary to think up better systems. But right now, what's hard for us is hard for the NSA, and so that should be the guiding principle for strengthening current systems and developing new ones. I find that an empowering idea.
* I'm in no position to verify anything Snowden leaks.
we know what is trustworthy we know how to build and do the right thing. yet look there is tens of thousands of brilliant minds working for the nsa against everybody else.
> But the documents suggest that the fundamental security of the Tor service remains intact. One top-secret presentation, titled 'Tor Stinks', states: "We will never be able to de-anonymize all Tor users all the time." It continues: "With manual analysis we can de-anonymize a very small fraction of Tor users," and says the agency has had "no success de-anonymizing a user in response" to a specific request.
So only with "manual analysis" can intel agencies have any success, and that appears to be with a small subset of users who have other vulnerabilities. But when targeting a specific user, the NSA appears to have had no success in de-anonymizing them.
I would love to see if they have similar slide-decks for I2P, which is often compared with Tor for Hidden Service/eepsite usage.
So... Somewhere in the bowels of the NSA is a graphic artist that slaps beards and guns to stock clip-art. fun job.
http://www.theguardian.com/world/interactive/2013/oct/04/tor...
EDIT: The above is somewhat hyperbolic and unclear. The NSA's capabilities may have legitimate uses. Similarly, there may be legitimate military uses for nuclear weapons. But building nuclear weapons creates the risk of worldwide nuclear destruction. Similarly, building this kind of highly efficient exploit system creates the risk of destroying all Internet security. The potential destruction far outweighs whatever good the weapons might accomplish. That is why I said they belong in the same category.
Besides, are there no ends that could justify these means? I think the means are altogether reasonable given the ends. Put aside whether you think the NSA is genuinely pursuing its national security mission: If it were, wouldn't it make perfect sense to figure out how to attack Tor?
The NSA's job is to spy on things. TOR represents a place where illegal things occur, so it is a perfectly reasonable thing that they would be tasked with trying to stop such illegal things there.
Interesting that instead of reaching out for the stars we turn inwards - snooping as the new frontier that is pushing technology forward, now here is a great prospect ...
The difference is in the scale and dedication.
I've taken a jaundiced view of "liberation tech" efforts in the past and this is as good an illustration as any of why. Among "amateur" libtech projects, Tor is about as good as you get --- an active community, extremely widespread use, technical people with their heads screwed on right and as much humility as you can reasonably expect of people whose projects are (candidly) intended to thwart world governments.
If Tor can't provide meaningful assurances (here, there's a subtext that Tor actually made NSA's job easier), you'd need an awfully convincing reason for how you're going to do better than they are before "liberating" the Chinese internet, especially given that it your users who assume the real risks.
I'm not indicting Tor. The opposite. But in Iran, China, or Belarus, you don't get to call a foul ball when your libtech stack breaks somewhere you weren't working on.
And again, my concern isn't Tor, but the (far more amateurish) things people come up with as new Tor alternatives to e.g. "circumvent the great firewall".
The principle I'm trying to communicate is that there's a degree of chauvinism implicit in amateur libtech --- that despite the billions of dollars any real country can leverage against Internet privacy, indie developers have a fighting chance against Iran, because after all they're just a tinpot dictatorship.
The other more general principle I try to communicate is that it doesn't matter how nice, or even how necessary, any given bit of security technology is. What matters is the engineering: will it work as deployed. Not having a better answer doesn't change the engineering fact of whether the best current solution is viable.
>Tor is a well-designed and robust anonymity tool, and successfully attacking it is difficult.
Maybe you're referring to:
>The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the internet, makes it easy to differentiate Tor users from other web users.
Your kind words about the Tor project are accurate, but they have never claimed that it's possible to reliably hide Tor use.
The next sentence is:
>On the other hand, the anonymity provided by Tor makes it impossible for the NSA to know who the user is, or whether or not the user is in the US.
There is no Tor exploit or new information here. The NSA has enough resources to recognize Tor users in the USA enmasse, as well as single-out individual connections. From this point on, FoxAcid works the same whether you're using Tor or not.
I'm not sure how you reached that conclusion.
The slides mention that Tor is:
* Very difficult to identify on the network-level, since Tor-tls traffic is indistinguishable from Apache-tls traffic as of 2011
* Impossible to fully deanonymize
* Only exploitable via a handful of browser exploits.
Further, later in the "Tor is the King" slide deck, there's this rather glowing endorsement of the TAILS livecd:
"Tails... adds severe misery to CNE equation."
...which is what you'd expect, given that TAILS is entirely ephemeral, and so all of their callbacks and APT-style attacks are useless against it.
I had previously considered TAILS a rather "amateur" system myself, because of the glut of livecds bundling Tor. But it turns out they're actually adding severe(!) misery to the NSA's exploitation team! I'm downloading the TAILS cd now so I can switch over to using it in a VM rather than running Tor Browser Bundle on my own machine.
A lot of obscure vulnerabilities that would normally require a "perfect storm" to be used together to compromise a system are much easier to construct once you know a lot about the target system. And it would be well worth the time for an attacker to develop an exploit that would work against all TAILS users.
In the same way the Firefox heap spraying attack was specifically targeted against users of the Tor Browser Bundle. There, homogeneity was a large part of victims' downfall. TAILS is arguably many times more homogeneous.
ASLR and related technologies are a (very very basic) start but we may not have better answers to things like this until we have the likes of binary diversity as described in http://lwn.net/Articles/565113/ being usable (Even then, a final binary compilation stage would need to be taken by an application user before use).
Edit: and yes, you don't need to point out that the TBB vulnerability did heap spraying in Firefox's JIT and so binary diversity would probably have been minimally effective.
I know quite a few folks who are sitting on escapes for popular VM products. They are not at all uncommon.
I would be absolutely shocked if the NSA's little toolkit didn't detect virtualization, pop out, and backdoor the host OS.
Here's the original patent from 1998:
http://patft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=...
Are you reading anything from that subtext beyond, "Tor has a high concentration of the kind of users we're interested in, so let's keep it a juicy target rather than squeezing too hard?"
I don't see how using the Tor network could make you less anonymous, unless as you point out, it's use suggests a user's greater likelihood of sending and receiving interesting information.
It hurts the system that exit nodes have been targeted for content that other users were responsible, but from how I have read, Tor can provide people meaningful anonymity that is difficult breach.
As an aside: What is the effect of such parenthetical statements? I think they just create a vague idea of uncertainty and fear. If there is a vulnerability, there has to be a mechanism, not just a sense of omnipotent government surveillance.
Maybe that mechanism is the probabilistic likelihood of an organization controlling a large portion of the Tor nodes' ability to identify users. Maybe it's a flaw that has been surreptitiously put into the source code. I'm pretty sure more people who know would suspect the former as far more likely than the latter. It's easier to address the questions when you know what the parenthetical utterance was even referring to in the first place.
It therefore puts communications that previously would not have been available to the NSA into the realm of things that the NSA can access.
http://cyber.law.harvard.edu/getinvolved/fellowships
And I'm sure the EFF is looking too.
Tor, including hidden services, was never designed to protect against someone who could observe all or almost all traffic in the Tor network. Given that data, it's rather easy to correlate timing information. Indeed, Tor fundamentally allows this since it aims to be a low latency network.
Given the NSA's extensive tapping of key fiber lines, we should assume they can actually observe the necessary traffic.From the original paper announcing Tor: "A global passive adversary is the most commonly assumed threat when analyzing theoretical anonymity designs. But like all practical low-latency systems, Tor does not protect against such a strong adversary." --- Tor: The Second Generation Onion Router [0] [0] https://svn.torproject.org/svn/projects/design-paper/tor-des...
It looks like they had some trouble picking out users 5 years ago... lord only knows how easy it must be for them now.
So all in all, might be a good thing and way more difficult thatn it was 7 years earlier. Not to mention that at the time we were browsing through tor at 50 kb/s while now we browse at 400 kb/s.
- always have an update to date version of tor bundle!
- compile the bundle yourself from source
- run it virtually, and always roll back to a clean snapshot (before installing it tor) when done
- if possible use from a network that is not your own (open wifi, public wifi, etc.)
- spoof your mac address
- do not run JS, Java applets, etc.!
I know this seems extreme, but from what I read, it's the best you can do to protect yourself.
The NSA might be able to query their databases for anyone who recently visited the city where the wifi involved is located, and you might match that if there were license plate scanners on the way, even if you paid for gas in cash. If that information isn't collected by the NSA today, it probably will be tomorrow.
The NSA might be able to query their databases for anyone who "went off the grid" for a day or two around the event they're interested in. That's not good enough to id a suspect, but it narrows the pool. If you stopped making google searches from your normal internet connection within a day of the event in the other city, and you normally use your computer every day, or if your phone was off within a day of the event, that's suspicious. Enough of those kinds of data points and you become a suspect.
Even simpler, and a staple of crime fiction, stuff happens that you have no control over that can place you in the vicinity at the time of the event. If you have bad luck and get a ticket or get in a car accident in the city in question, for instance...
Far from suggesting that you simply need to be more careful, my view is that you can't take sufficient precautions to get risk down to a tolerable level if whatever you're doing brings you to the attention of the NSA.
"Wear gloves": Why? Are you thinking someone will pierce the veil of all these other precautions but then be stymied when they find a smashed laptop with no fingerprints on it?
"Sir, we followed him for a year, watched him buy a laptop and use it in a park, but when we recovered the laptop from the dumpster, there were no fingerprints on it!"
"Curses, our plan is foiled!"
Still, I completely agree with you.
This implies that you've been driving round (in your disguise of course) in a car. With a registration plate.
Deleted Comment
On your primary browsing/whatever machine, I believe (but have not exhaustively researched) that it would still make sense to run inside a VM/container, because that would provide a much more 'generic' set of system characteristics (MAC address, clock jitter stats, CPUinfo, etc) than your actual hardware. It does provide a greater attack surface, so you'd have to weigh up the value of potentially masking physical identity vs likelihood of gaining root due to VM exploits.
There's also the risk of overconfidence because of these measures, which might lead you to overlook important details in the host OS, or in your communication habits.
Drive by download, cookie fs drop, etc. Attack the indexing server, file previews, etc.
You really want to run the VM on an external host like a raspberry pi and the VM should different than the host running Tor.
Tor should really be rewritten in a Coq proven Haskell program.
It would be nice if somebody could honeypot them to find out the vulns and malware types they are using.
what freaked me out is that they deliver sensible exploits for techie people. go damnit.
Dead Comment