Tor-verkon käyttäjäselvitys

Maanpuolustus.netissä on ällistyttävän vähän seurantapalvelimia, ilmeisesti nopean jakamisen vuoksi vertaisverkossa - eli napit Twitter, Google Plus ja Facebook eivät oikein toimisi ilman jotain torrenttia. Jos ei halua jakaa Twitterissä, antaa kavereille g+ -suositusta tai jakaa Facebookissa sivua, ei toki tarvitse vertaisverkkoa.

Google Analytics lienee tiedonkerääjä, jonka palveluista voi maksaa vielä joku Googlen ulkopuolinen taho. Google Analyticsin kumppaniyritykseltä tilataan muiden muassa kaupallisiin tarkoituksiin tietoja ja se häärii aina taustalla. Eivätkä kaikki yritykset, joiden kautta voi maksusta tilata analyysitietoja surffailusta, ole suinkaan edes lännessä.
 
Security experts call it a “drive-by download”: a hacker infiltrates a high-traffic website and then subverts it to deliver malware to every single visitor. It’s one of the most powerful tools in the black hat arsenal, capable of delivering thousands of fresh victims into a hackers’ clutches within minutes.

Now the technique is being adopted by a different kind of a hacker—the kind with a badge. For the last two years, the FBI has been quietly experimenting with drive-by hacks as a solution to one of law enforcement’s knottiest Internet problems: how to identify and prosecute users of criminal websites hiding behind the powerful Tor anonymity system.
http://www.wired.com/2014/08/operation_torpedo/

This NIT was purpose-built to identify the computer, and do nothing else—it didn’t collect keystrokes or siphon files off to the bureau. And it evidently did its job well. In a two-week period, the FBI collected IP addresses, hardware MAC addresses (a unique hardware identifier for the computer’s network or Wi-Fi card) and Windows hostnames on at least 25 visitors to the sites. Subpoenas to ISPs produced home addresses and subscriber names, and in April 2013, five months after the NIT deployment, the bureau staged coordinated raids around the country.
 
The FBI wants greater authority to hack overseas computers, according to a law professor.

A Department of Justice proposal to amend Rule 41 of the Federal Rules of Criminal Procedure would make it easier for domestic law enforcement to hack into the computers of people attempting to protect their anonymity on the internet.

The change in search and seizure rules would mean the FBI could seize targets whose location is "concealed through technological means", as per the draft rule (key extract below). Concealed through technological means is legal speak for hosted somewhere on the darknet, using Tor or proxies or making use of VPN technology.

Authority to Issue a Warrant. At the request of a federal law enforcement officer or an attorney for the government: (6) a magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside that district if: (A) the district where the media or information is located has been concealed through technological means; or (B) in an investigation of a violation of U.S.C. § 1030(a)(5), the media are protected computers that have been damaged without authorization and are located in five or more districts.

The DoJ has said that the amendment is not meant to give courts the power to issue warrants that authorise searches in foreign countries.

However the "practical reality of the underlying technology means doing so is almost unavoidable", according to Ahmed Ghappour, a visiting professor at UC Hastings College of the Law.

Ghappour argues that the proposals would result in "broadest expansion of extraterritorial surveillance power since the FBI’s inception".

Asked whether the FBI enhanced extraterritorial power might encroach on the NSA's turf, Ghappour told El Reg that the issue goes further than that and might also affect the US State Department and CIA. "Uncoordinated unilateral 'cyber' ops by FBI may interfere with US foreign affairs (or covert ops)," he said. Security experts think Ghappour may well be onto something on this point.

"Malware from the FBI to, say, Syria could very well trigger congressional investigations," noted Matthew Green, an assistant research professor who lectures in computer science and cryptography at Johns Hopkins University, in an update to his Twitter account.

The FBI reportedly used malware to identify users sharing child abuse images on the dark net as part of its bust of Freedom Hosting last year. In addition, LulzSec kingpin-turned-FBI snitch Hector Xavier “Sabu” Monsegur reportedly led cyber-attacks against foreign governments while under FBI control, so there's evidence that the FBI is already involved in overseas cyber-ops of one form or another. Viewed from this perspective, the proposed DoJ changes would involve regulating actions and operations that are already taking place.

Professor Ghappour - who also serves as director of the Liberty, Security and Technology Clinic – has put together a detailed blog post at ‪justsecurity.org‬ breaking down the DoJ's proposal here. ®
http://www.theregister.co.uk/2014/09/19/fbi_overseas_hacking_powers/
 
Erinomainen artikkeli miten TOR syntyi tähän maailmaan jenkkilän sotateollisuuden ja tiedustelun seurauksena. Kannatan koko pätkän lukemista alla olevan sijaan.

TOR is the most widely used system for the provision of anonymity for internet users. I'll look at how TOR came about: its beginnings in the US Navy; growth and use by both pro-democracy freedom fighters and the less savoury elements of the internet; and how the NSA may have managed to peel the onion router for the FBI to help it collar its suspects.

TOR started as an onion-routing project under the stewardship of the US Navy back in the 1990s. Its purpose was - and still is - to provide secure communications over insecure networks. It was originally designed for US spies abroad trying to get data back to spook HQ.

As encryption and communication methods evolved, TOR was no longer required by the government. The Navy let go of the technology in late 2002 and its support was taken over by famed US military bonkers-boffinry bureau DARPA (the Defense Advanced Research Projects Agency). The agency continues to provide funding for onion routing systems to this day, with a budget of over $13m last year (PDF, page 98). It provided funding for the Tor project itself until 2006.

TOR still receives funding from the State Department along with various other sponsors including the National Science Foundation and the Swedish International Development Cooperation Agency.

Initially, non-military use of TOR was limited to geeks and people who had a Big Brother complex. Eventually it was adopted by more average but technically literate users.

Elements of the underworld also began to see its usefulness. Silk Road appeared: an underground website that was the Walmart of the drugs world, complete with a seller rating system and a way to use the anonymous cryptocurrency Bitcoin – which is, as yet, untaxed and not regulated by any government – for payment.

TOR was also attractive to freedom advocates around the world, such as those living in repressive regimes where discussion of certain matters was banned and punishable by a stint in a prison camp.

Today TOR provides a way for citizens to securely communicate across the globe using internet services such as chat and web browsing. Anyone can download it, and installation is simple. A word to the wise, though: read the disclaimers and the notes. Privacy is not at zero cost.*
http://www.theregister.co.uk/2014/10/29/history_of_tor/
 
Erinomainen artikkeli miten TOR syntyi tähän maailmaan jenkkilän sotateollisuuden ja tiedustelun seurauksena. Kannatan koko pätkän lukemista alla olevan sijaan.

http://www.theregister.co.uk/2014/10/29/history_of_tor/



TOR still receives funding from the State Department along with various other sponsors including the National Science Foundation and the Swedish International Development Cooperation Agency.

Mitenkähän tästä saisi linkin siihen, että Wikileaks-vuotaja Julian Assange on piileksinyt neljä vuotta konsulaatin vankina, ksoka Ruotsi on tekaissut häntä vastaan syytteen? :)
 
Anonymiteetti ja turvallisuus ovat vaikeasti yhdistettävissä.

All people, but especially those in countries hostile to “Internet freedom,” as well as those using Tor anywhere, should be wary of downloading binaries hosted in the clear—and all users should have a way of checking hashes and signatures out of band prior to executing the binary.

http://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/

Ja tietenkin mitä tahansa muutakin voi muuttua matkan varrella. Vaikkapa tulla hyötykuormaan tai vasteeseen aktiivisia elementtejä lähteen paljastamiseksi. Tms.
 
On Thursday international law enforcement agencies including the FBI, the Department of Homeland Security and Europol took down the Silk Road 2 and arrested its alleged operator 26-year-old Blake Benthall in San Francisco. Benthall, who is accused of running the new Silk Road under the handle “Defcon,” has been charged with narcotics trafficking, as well as conspiracy charges related to money laundering, computer hacking, and trafficking in fraudulent identification documents. The criminal complaint against him alleges that the Silk Road 2 sold hundreds of kilograms of drugs of every description to hundreds of thousands of buyers around the world, with bitcoin-based sales of more than $8 million per month at the time of its seizure.

“Let’s be clear – this Silk Road, in whatever form, is the road to prison,” Manhattan U.S. attorney Preet Bharara wrote in a statement to the press. “Those looking to follow in the footsteps of alleged cybercriminals should understand that we will return as many times as necessary to shut down noxious online criminal bazaars. We don’t get tired.”

Benthall appeared in a San Francisco court Thursday morning, where he had a bail hearing scheduled for tomorrow.

The criminal complaint against Benthall outlines how the Silk Road 2’s staff was infiltrated by at least one undercover law enforcement agent even before the site went online in November of last year. In May of this year, the FBI somehow pinpointed the foreign server that ran the Silk Road 2 despite its use of the anonymity software Tor to protect its location, and obtained records from the server’s hosting provider identifying Benthall.
http://www.wired.com/2014/11/feds-seize-silk-road-2/


Toivottavasti tuon lainauksen perässä oleva vahvennus ei tule täytenä yllätyksenä kenellekkään.
 
1415668371738555.png


Source: Twitter

The tweet of NCA’s, using “#Onymous,” which by definition means the opposite of anonymous, felt aligned with the agency’s, FBI’s, GCHQ’s, and NSA’s outstanding mission to render Tor useless for criminals.

But is the notion of wrecking all-things-anonymous a smart one? Al-Bassam thinks not.

His hidden service is a mere example of what a truly anonymous crime tipping service might look like, but it’s still not as secure as it could be. He’s brought the FBI’s tip submission page to the deep web, but adds no additional security beyond just visiting the FBI’s tips page over a Tor connection. But if the bureau were to setup its own hidden service, as Facebook recently did, then Al-Bassam said, it could enable “end-to-end encrypted anonymous communication between the bureau and tipsters.”

Though the FBI ostensibly values tipsters’ interest in remaining anonymous, it doesn’t encourage them. A link on its “ Scams & Safety” page takes users who click on “Submit an Anonymous Tip Online” to a generic submission form that then asks for mostly identifying information.

“Hidden services for submitting tips would increase the security and therefore comfort for those wishing to submit tips anonymously,” said Al-Bassam, adding that such a service could bring about a “rise in tips, and more effective policing for society.”

“I feel that if governments and law enforcement understood what the benefits of Tor and anonymity could be to them,” Al-Bassam said. “[O]rganizations such as the FBI would think twice about exploiting and attacking the Tor network as they'd be stakeholders in it.”
http://motherboard.vice.com/read/anonymous-fbi-tip-line-tor
 
TORin kyvystä anonymisoida liikenettä voidaan tehdä jonkinsuuntaisia johtopäätöksiä sen mukaan, miten erilaiset laittomat TOR-verkon palvelut menestyvät.

Alkuperäinen Silkroad menestyi kohtuullisesti vuosia, kunnes virkavalta huomasi, että ylläpitäjä oli mennyt mainostamaan palveluansa avoimessa verkossa, josta saatiin selville IP-osoite ja sitä kautta oikea nimi. Tyhmä liike kaiken kaikkiaan.

Silkroadin manttelinperijät kuten Agora ovat jo isompia kuin Silkroad, ja toimivat puhtaasti liiketaloudellisin perustein, ilman taustalla ollutta liberaali-ideologiaa. Lisäksi saatavilla on joitain Silkroadista puuttuvia tuoteryhmiä, kuten aseita.

http://agorahoo3yigtggf.onion -- Siitä vaan tutkimaan. Vaatii Tor Browser Bundlen asentamisen.

TBB: https://www.torproject.org/projects/torbrowser.html.en#downloads
 
For more than a decade, a powerful app called Metasploit has been the most important tool in the hacking world: An open-source Swiss Army knife of hacks that puts the latest exploits in the hands of anyone who’s interested, from random criminals to the thousands of security professionals who rely on the app to scour client networks for holes.

Now Metasploit has a new and surprising fan: the FBI. WIRED has learned that FBI agents relied on Flash code from an abandoned Metasploit side project called the “Decloaking Engine” to stage its first known effort to successfully identify a multitude of suspects hiding behind the Tor anonymity network.
http://www.wired.com/2014/12/fbi-metasploit-tor/
 

So, in summary, a lot of people got new consoles from Santa and were unable to use them properly after some frenzied unwrapping. If Kim Dotcom did help fix the issue then there'll be some happy punters, but will he continue to pay off DDoSers, and will that encourage more attacks? ®

Bootnote
As The Register hit publish, the squad claims to have added 3,000 relays to the Tor network, which is used by journalists, whistleblowers, security researchers, crims and plenty of other netizens to mask their identities on the internet. Maintaining one's anonymity across Tor may be tricky if a single group controls a large proportion of relays.

"To clarify, we are no longer attacking PlayStation Network nor Xbox Live. We are testing our new Tor zero-day," the gang added.

Updated to add
It appears, as of 2330 UTC (1530 PT) on Friday, XBox Live has gone back down, and Sony PlayStation Network is still titsup. So much for a ceasefire. Merry Christmas, everyone.
http://www.theregister.co.uk/2014/1...opped_xbox_and_playstation_christmas_hacking/
 
Three separate Russian authorities have spoken out in favor of banning online anonymizing tools since February 5th, with particular emphasis on Tor, which — despite its popularity with whistle-blowers such as Edward Snowden and with online activists — Russia's Safe Internet League describes as an 'Anonymous network used primarily to commit crimes'. The three authorities involved are the Committee on Information Policy, Information Technologies and Communications, powerful Russian media watchdog Roskomnadzor and the Safe Internet League, comprising the country's top three network providers, including state telecoms provider Rostelecom. Roskomnadzor's press secretary Vadim Roskomnadzora Ampelonsky describes the obstacles to identifying and blocking Tor and VPN traffic as "difficult, but solvable."
http://thestack.com/russia-ban-tor-vpn-roskomnadzor-110215
 
Tässä on nyt muutama kuukausi kulunut, mutta minä ainakaan en ole nähnyt uutisissa mainintoja siitä, että Venäjä olisi jotain hallaa pystynyt tekemään Tor verkolle?

Tietenkin tässä pitää taas mennä siihen motiivipuoleen. Uskoisin, että Venäjän intresseissä on saada selville, kuka venäläinen jakaa mielipiteitään Tor -verkon kautta niille saiteille, joita venäläiset lukevat venäjäksi. Tuohon kyllä löytyy muitakin lääkkeitä, kuin Tor -verkon jallittaminen.

Mielenkiintoista muuten, että Venäjällä käsittääkseni ei ole tehty rajoitteita käyttää sellaista SoMe:a, jolla yksi ihminen jakaa tietoa useiden kanssa. Esimerkeksi Facebook, Instagram ja Twitter. Vai onko sellaisia rajoitteita, tietääkö kukaan?

Kiinassahan noiden käyttö on kokonaan blokattu pois, sen takia, että puolueen mielipiteitä ei pääse kritisoimaan.

Johannes
 
To stay ahead in the security race, Tor is building the next-generation Dark Net in part with funding from the Defense Advanced Research Projects Agency, the U.S. military agency charged with inventing the cutting edge of new technology.


The funding, which began in 2014, comes as part of DARPA’s Memex project, a “groundbreaking” search engine designed to best commercial titans like Google at searching the Deep Web and other oft-ignored terrain for the U.S. intelligence, law enforcement, and military. To build Memex, DARPA is partnered with universities like Carnegie Mellon, NASA, private research firms, and several Tor Project developers.

DARPA is funding multiple projects focused on improving Tor’s hidden services across “1-3 years,” Tor’s director of communications Kate Krauss told the Daily Dot via email. Tor declined to give more specifics on the grant, like its monetary value and terms, and DARPA didn’t respond to a request for comment.
http://www.dailydot.com/politics/next-generation-tor-darpa/
 
Anonymity’s toughest adversaries are hackers with the full-force and backing of Beijing, London, and Washington, D.C.

With the threat of powerful intelligence agencies, like the NSA, looming large, researchers have built a new Tor client called Astoria designed specifically to make eavesdropping harder for the world's richest, most aggressive, and most capable spies.

Tor, the world’s most popular anonymity network, works like this: A user fires up the client and connects to the network through what's called an entry node. To reach a website anonymously, the user’s Internet traffic is then passed encrypted through a so-called middle relay and then an exit relay (and back again). That user-relay connection is called a circuit. The website on the receiving end doesn’t know who is visiting, only that a faceless Tor user has connected.

An eavesdropper shouldn’t be able to know who the Tor user is either, thanks to the encrypted traffic being routed through 6,000 nodes in the network.

But something called "timing attacks" change the situation. When an adversary takes control of both the entry and exit relays, research shows they can potentially deanonymize Tor users within minutes.

A full 58 percent of Tor circuits are vulnerable to network-level attackers, such as the NSA or Britain’s Government Communications Headquarters (GCHQ), when they access popular websites, according to new research from American and Israeli academics. Chinese users are the most vulnerable of all to these kinds of attacks, with researchers finding 85.7 percent of all Tor circuits from the country to be vulnerable.

Even though Tor is designed to provide complete anonymity to its users, the NSA’s position means they can potentially see and measure both traffic entering the Tor network and the traffic that comes out. When an intelligence agency can see both, simple statistics help an autonomous system at their control match the data up in a timing attack and discover the identity of the sender.

Anonymity over.

This kind of threat has been known to Tor developers for over a decade. They’ve been trying to make eavesdropping difficult for spy agencies for just as long.

To counter the threat, American-Israeli researchers built Astoria, a new Tor client focused on defeating autonomous systems that can break Tor’s anonymity.

Astoria reduces the number of vulnerable circuits from 58 percent to 5.8 percent, the researchers say. The new solution is the first designed to beat even the most recently proposed asymmetric correlation attacks on Tor.

Designed to beat such attacks, Astoria differs most significantly from Tor's default client in how it selects the circuits that connect a user to the network and then to the outside Internet. The tool, at its foundation, is an algorithm designed to more accurately predict attacks and then securely select relays that mitigate timing attack opportunities for top-tier adversaries.

Astoria adroitly considers how circuits should, according to the researchers, be made “when there are no safe possibilities,” how to safely balance the growing bandwidth load across the Tor network, and how to keep Tor’s performance “reasonable” and relatively fast even when Astoria is in its most secure configuration.

All this while under the unblinking gaze of the world’s best intel services.

Defeating timing attacks against Tor completely isn’t possible because of how Tor is built, but making the attacks more costly and less likely to succeed is a pastime that Tor developers have dedicated a decade to. Astoria follows in those footsteps.

By choosing relays based on lowering the threat of eavesdropping by autonomous systems and then choosing randomly if no safe passage is possible, Astoria aims to minimize the information gained by an adversary watching an entire circuit.

“In addition to providing high-levels of security against such attacks, Astoria also has performance that is within a reasonable distance from the current Tor client,” the researchers wrote. “Unlike other AS-aware Tor clients, Astoria also considers how circuits should be built in the worst case—i.e., when there are no safe relays that are available. Further, Astoria is a good network citizen and works to ensure that the all circuits created by it are load-balanced across the volunteer driven Tor network.”

In an upgrade aimed at making Tor even more usable for the average person, the newest Tor Browser allows a sliding scale of security that balances speed and usability with strong security preferences.

Similarly, Astoria provides multiple security options. However, it's both most effective and most usable when at its highest security level, the researchers say, so "Astoria is a usable substitute for the vanilla Tor client only in scenarios where security is a high priority."
http://www.dailydot.com/politics/tor-astoria-timing-attack-client/

Niin se homma etenee. Hyvä vaan että tutkijat ovat luoneet uuden, itsenäisen, tiedusteluelimistä vapaan anonyymiverkkotyökalun.
 
Security researchers speaking at the Hack in the Box conference in Amsterdam this week have demonstrated that users of hidden services on Tor are putting themselves at risk of being identified – if an attacker is willing to put in the time and resources.

The discovery is significant, because browsing hidden services had been thought to be more secure than the more typical practice of using the Tor network to browse the open web anonymously.

Not so, say Filippo Valsorda, a member of CloudFlare's security team, and George Tankersley, an independent researcher. In their presentation, the pair showed that it's surprisingly easy to subvert anonymous access to a hidden server – and thus possibly identify a user of that server – if you're sneaky about it.

That's bad, because hidden services are operated not just by dodgy sites like the Silk Road but also by legitimate sites like Facebook. Tor often hits the headlines for enabling things like online drug souks and other criminal operations, when it can be and is used by journalists, whistleblowers, security researchers, and anyone who values their privacy, to exchange information and surf the web anonymously.

"If you run a hidden service that does not need location hiding, you are unnecessarily exposing your users to this risk," the researchers said. "It would probably be better to let them use Tor on your TLS-enabled clearnet site."

When using Tor to browse the open web anonymously, you log into an entry point server and then your traffic is rerouted and fed out of an exit server, disguising your IP address. The weakness in this approach is that it would technically be possible to run enough rogue entry and exit nodes to link where users hop onto the Tor network to where they hop off. It would require massive resources and for Tor operators not to notice, but it's possible.

Hidden services eliminate this possibility, because all traffic stays within the Tor network itself. There's no exit node to link to an entry node, which is why using hidden services is thought to be more secure.

Hidden services require the use of HSDir (hidden service directory) nodes to operate, two sets of three apiece. These nodes manage connections to the hidden service, and it only takes four days of continuous operation for an HSDir node to be considered "trusted."

The two suggest an attacker could identify users' connections by running rogue HSDir nodes themselves, something that had been though hard but is actually relatively easy and computationally cheap to do. To demonstrate, they set up such nodes and then successfully convinced Facebook's hidden service to accept most of them as its HSDir providers.

"You can substitute a malicious HSDir (which we demonstrated are much easier to become) instead of an exit node in that process," Tankersley told The Reg.

"Since HSDirs can serve that purpose, but are more weakly protected than exit nodes, it is easier to attack hidden service users in this way than people who are just connecting to normal websites through Tor."

"Since this is quite counterintuitive, we thought people should know about it. But you still need control of something on the "entry" side of the connection before you can identify anyone."

There are ways for site operators to protect against this, however. Hidden service providers are advised to be very wary of young HSDir nodes – or even better, to run their own HSDir nodes, which has the benefit of also providing a warning if other HSDir nodes try to attach themselves to the service.

The researchers have released software tools to help spot dodgy HSDir nodes and they say that a proposed change to the Tor software for hidden services could stop this kind of correlation attack. A spokesperson for the Tor Project could not be reached for comment.

In the meantime, caveat empTor. ®

Updated to add
Kate Krauss, Tor's director of communications, told us after the publication of this article: "We exist to safeguard users. If we ever do have an attack that threatens our users, we will publish a blog post about it on our web site and then tweet it @TorProject to make sure that lots of people see it."
http://www.theregister.co.uk/2015/05/30/researchers_claim_tracking_hidden_tor_services_is_easy/
 
Back
Top