Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»Latest Breaking News»Attacking 'Tor': How the ...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Latest Breaking News

Related: General Discussion, Editorials & Other Articles

Indi Guy

(3,992 posts) Fri Oct 4, 2013, 02:43 PM Oct 2013

Attacking 'Tor': How the NSA Targets Users' Online Anonymity...

This discussion thread was locked as off-topic by Turborama (a host of the Latest Breaking News forum).

Source: the guardian


"Tor" is a well-designed and robust anonymity tool, and successfully attacking it is difficult.

The online anonymity network Tor is a high-priority target for the National Security Agency. The work of attacking Tor is done by the NSA's application vulnerabilities branch, which is part of the systems intelligence directorate, or SID. The majority of NSA employees work in SID, which is tasked with collecting data from communications systems around the world.

According to a top-secret NSA presentation provided by the whistleblower Edward Snowden, one successful technique the NSA has developed involves exploiting the Tor browser bundle, a collection of programs designed to make it easy for people to install and use the software. The trick identified Tor users on the internet and then executes an attack against their Firefox web browser.

The NSA refers to these capabilities as CNE, or computer network exploitation. The first step of this process is finding Tor users. To accomplish this, the NSA relies on its vast capability to monitor large parts of the internet. This is done via the agency's partnership with US telecoms firms under programs codenamed Stormbrew, Fairview, Oakstar and Blarney.

The NSA creates "fingerprints" that detect http requests from the Tor network to particular servers. These fingerprints are loaded into NSA database systems like XKeyscore, a bespoke collection and analysis tool which NSA boasts allows its analysts to see "almost everything" a target does on the internet....

Read more: http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity

InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 17 replies, 3031 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post Cannot edit, recommend, or reply in locked discussions
17 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Attacking 'Tor': How the NSA Targets Users' Online Anonymity... (Original Post) Indi Guy Oct 2013 OP
Is Tor like No-Script or is it something else? JDPriestly Oct 2013 #1
Here's the link to Tor... Indi Guy Oct 2013 #2
More on Tor... Indi Guy Oct 2013 #14
I wouldn't be the least bit surprised cosmicone Oct 2013 #3
It's a product of the Dept of State, EFF and the Navy n/t nebenaube Oct 2013 #5
Gotta link? n/t Indi Guy Oct 2013 #6
wikipedia... nebenaube Oct 2013 #7
Tor appears to be what it portends to be... Indi Guy Oct 2013 #16
More interesting from the article is FoxAcid and Quantum servers Jesus Malverde Oct 2013 #4
Thanks that could explain something azurnoir Oct 2013 #11
And just imagine if the government gets its way regarding net neutrality, given that... Indi Guy Oct 2013 #12
Message auto-removed Name removed Oct 2013 #8
"The majority of NSA employees work in SID" SID?? I knew it, I knew it. rhett o rick Oct 2013 #9
. Cooley Hurd Oct 2013 #13
This will help explain, 'Everything you need to know about the NSA and Tor in one FAQ'... Indi Guy Oct 2013 #10
bump..nt Jesus Malverde Oct 2013 #15
Hi, Indi Guy. Turborama Oct 2013 #17

JDPriestly

(57,936 posts)
1. Is Tor like No-Script or is it something else?
Reply to Indi Guy (Original post)
Fri Oct 4, 2013, 02:58 PM
Oct 2013
TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  Cannot edit, recommend, or reply in locked discussions

Indi Guy

(3,992 posts)
2. Here's the link to Tor...
Reply to JDPriestly (Reply #1)
Fri Oct 4, 2013, 03:02 PM
Oct 2013
"What is Tor?
Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security." -- https://www.torproject.org/
TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  Cannot edit, recommend, or reply in locked discussions

Indi Guy

(3,992 posts)
14. More on Tor...
Reply to JDPriestly (Reply #1)
Fri Oct 4, 2013, 06:31 PM
Oct 2013
Overview

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor's hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.

Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they're in a foreign country, without notifying everybody nearby that they're working with that organization.

Groups such as Indymedia recommend Tor for safeguarding their members' online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online...
https://www.torproject.org/about/overview.html.en
TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  Cannot edit, recommend, or reply in locked discussions
 

cosmicone

(11,014 posts)
3. I wouldn't be the least bit surprised
Reply to Indi Guy (Original post)
Fri Oct 4, 2013, 03:16 PM
Oct 2013

if Tor is actually a creation of the NSA/CIA to serve as a "honeypot" to attract users who want to hide, making them think they're untraceable. Much simpler than having to sift through exabytes of data per hour!

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  Cannot edit, recommend, or reply in locked discussions
 

nebenaube

(3,496 posts)
5. It's a product of the Dept of State, EFF and the Navy n/t
Reply to cosmicone (Reply #3)
Fri Oct 4, 2013, 03:23 PM
Oct 2013
TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  Cannot edit, recommend, or reply in locked discussions

Indi Guy

(3,992 posts)
6. Gotta link? n/t
Reply to nebenaube (Reply #5)
Fri Oct 4, 2013, 03:33 PM
Oct 2013
TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  Cannot edit, recommend, or reply in locked discussions
 

nebenaube

(3,496 posts)
7. wikipedia...
Reply to Indi Guy (Reply #6)
Fri Oct 4, 2013, 03:49 PM
Oct 2013
TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  Cannot edit, recommend, or reply in locked discussions

Indi Guy

(3,992 posts)
16. Tor appears to be what it portends to be...
Reply to cosmicone (Reply #3)
Sat Oct 5, 2013, 08:42 AM
Oct 2013

...for what that may be worth.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  Cannot edit, recommend, or reply in locked discussions

Jesus Malverde

(10,274 posts)
4. More interesting from the article is FoxAcid and Quantum servers
Reply to Indi Guy (Original post)
Fri Oct 4, 2013, 03:19 PM
Oct 2013
To trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target's browser to visit a Foxacid server.

In the academic literature, these are called "man-on-the-middle" attacks, and have been known to the commercial and academic security communities. More specifically, they are examples of "man-on-the-side" attacks.

They are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the internet backbone, and exploit a "race condition" between the NSA server and the legitimate website. This top-secret NSA diagram, made public last month, shows a Quantum server impersonating Google in this type of attack.

The NSA uses these fast Quantum servers to execute a packet injection attack, which surreptitiously redirects the target to the FoxAcid server. An article in the German magazine Spiegel, based on additional top secret Snowden documents, mentions an NSA developed attack technology with the name of QuantumInsert that performs redirection attacks. Another top-secret Tor presentation provided by Snowden mentions QuantumCookie to force cookies onto target browsers, and another Quantum program to "degrade/deny/disrupt Tor access"
.

According to various top-secret documents provided by Snowden, FoxAcid is the NSA codename for what the NSA calls an "exploit orchestrator," an internet-enabled system capable of attacking target computers in a variety of different ways. It is a Windows 2003 computer configured with custom software and a series of Perl scripts. These servers are run by the NSA's tailored access operations, or TAO, group. TAO is another subgroup of the systems intelligence directorate.

The servers are on the public internet. They have normal-looking domain names, and can be visited by any browser from anywhere; ownership of those domains cannot be traced back to the NSA.

However, if a browser tries to visit a FoxAcid server with a special URL, called a FoxAcid tag, the server attempts to infect that browser, and then the computer, in an effort to take control of it. The NSA can trick browsers into using that URL using a variety of methods, including the race-condition attack mentioned above and frame injection attacks.

FoxAcid tags are designed to look innocuous, so that anyone who sees them would not be suspicious.


To trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target's browser to visit a Foxacid server.

In the academic literature, these are called "man-on-the-middle" attacks, and have been known to the commercial and academic security communities. More specifically, they are examples of "man-on-the-side" attacks.
TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  Cannot edit, recommend, or reply in locked discussions

azurnoir

(45,850 posts)
11. Thanks that could explain something
Reply to Jesus Malverde (Reply #4)
Fri Oct 4, 2013, 05:21 PM
Oct 2013

times in the past when I actively ran as a Tor relay after getting past my servers blocks and figuring out a port arraignment that would allow it, Google would flag me a bot and deny service

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  Cannot edit, recommend, or reply in locked discussions

Indi Guy

(3,992 posts)
12. And just imagine if the government gets its way regarding net neutrality, given that...
Reply to Jesus Malverde (Reply #4)
Fri Oct 4, 2013, 05:36 PM
Oct 2013

..."They ('man-on-the-middle' attacks) are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the internet backbone..."

Man! This rabbit hole goes deep.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  Cannot edit, recommend, or reply in locked discussions

Response to Indi Guy (Original post)

Name removed Message auto-removed

 

rhett o rick

(55,981 posts)
9. "The majority of NSA employees work in SID" SID?? I knew it, I knew it.
Reply to Indi Guy (Original post)
Fri Oct 4, 2013, 04:27 PM
Oct 2013
TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  Cannot edit, recommend, or reply in locked discussions
 

Cooley Hurd

(26,877 posts)
13. .
Reply to rhett o rick (Reply #9)
Fri Oct 4, 2013, 05:59 PM
Oct 2013
TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  Cannot edit, recommend, or reply in locked discussions

Indi Guy

(3,992 posts)
10. This will help explain, 'Everything you need to know about the NSA and Tor in one FAQ'...
Reply to Indi Guy (Original post)
Fri Oct 4, 2013, 05:14 PM
Oct 2013
http://www.washingtonpost.com/blogs/the-switch/wp/2013/10/04/everything-you-need-to-know-about-the-nsa-and-tor-in-one-faq/

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  Cannot edit, recommend, or reply in locked discussions

Jesus Malverde

(10,274 posts)
15. bump..nt
Reply to Indi Guy (Original post)
Fri Oct 4, 2013, 11:45 PM
Oct 2013
TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  Cannot edit, recommend, or reply in locked discussions

Turborama

(22,109 posts)
17. Hi, Indi Guy.
Reply to Indi Guy (Original post)
Sat Oct 5, 2013, 10:54 AM
Oct 2013

I'm locking this as it's LBN hosts' consensus this article violates the SOP because it is an analysis piece.

It would fit very well in GD and/or Good Reads, though.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  Cannot edit, recommend, or reply in locked discussions
Latest Discussions»Latest Breaking News»Attacking 'Tor': How the ...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.