The attack that broke the Dark Web—and how Tor plans to fix it

Discussion in 'privacy technology' started by ronjor, Dec 1, 2015.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,741
    Location:
    Texas
    http://fusion.net/story/238742/tor-carnegie-mellon-attack/
     
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    A decent read but I am waiting to get my hands on the technical details of EXACTLY how it was done. Some of the recent TOR counter measures and code/practice improvements are solid. There have been huge technical improvements on the hidden services directories and cryptography of the same. I spend quite a few hours a day on TOR so this hits home! I am hoping the several VPN's in front of TOR on my end provided the insulation I needed. Crossing fingers!
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    It's exaggerating to say that they "saw the attack coming". They saw a bunch of new and unannounced relays. But not so many to pose a risk for known attacks. This was a new attack. I do think that they ought to monitor the network more carefully for non-standard circuit behavior.
     
  4. Fox Mulder

    Fox Mulder Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    203
    All things considered, Tor is pretty impressive despite the recent attacks. I think this is the first legitimate attack based on the Tor structure. In the past, criminals were arrested through old fashioned investigation (such as intercepting drug packages and tracing them back to the source), social engineering (some law enforcement officers got in on the ground floor of Silk Road 2), or standard server exploits against hidden services. And even then, I don't think this recent breach produced a slew of arrests, so it may not be as effective as claimed.
     
  5. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    I love TOR. Still, extending the partition of trust and compartmentalization lets me sleep better at night.
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
    The US law enforcement conducted an unprecedented hacking campaign leveraging on the network investigative technique (NIT) to de-anonymize Tor users.
    http://securityaffairs.co/wordpress/43442/cyber-crime/fbi-used-nit-against-pedo.html

     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Seriously?

    Back in the day, the Metaspolit Decloaking Engine (now called NIT) was a standard tool for checking VPN and Tor setups. Anyone deanonymized with NIT was being careless.
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
    FBI mum on how exactly it hacked TOR
    https://threatpost.com/fbi-mum-on-how-exactly-it-hacked-tor
     
  9. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592

    Funny how they screamed at Apple for not complying with a court order, but then its totally fine for them to defy a court order. Don't you just love the double standard!!
     
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
    Motion filed asking FBI to disclose tor browser zero day
    https://threatpost.com/motion-filed-asking-fbi-to-disclose-tor-browser-zero-day
     
  12. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    491
    Location:
    Earth .... occasionally
    From that article ( my bolding ) -
    This attitude alone is disturbing !
     
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    That's an excellent article, with the best synopsis that I've seen. The Tor Project clearly dropped the ball :(

    But there's another lesson. Those of us who hit Tor through VPNs would not have been readily pwned by this. Especially those of us who hit Tor through nested VPN chains. This attack could pwn many sites and users because it was automated. Once someone needs to get logs from VPN providers, in other jurisdictions, it gets a lot harder. For sure, they'd do it in targeted investigations. But for trawling, probably not.
     
  14. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    As Mathewson says at the end "have a backup plan".

    And as @mirimir says, nested VPN can be part of that, although I am concerned about automated attacks on VPN vulnerabilities (either in the VPN servers or the popular VPN providers). It doesn't have to rely on legal warranted requests to other jurisdictions, the major players appear to assume that bulk "equipment interference" and unwarranted extra-judicial hacking/certificate stealing is just fine and dandy - even when the other country has MLAT.

    But this is all part of the damaging and ridiculous stance that LE are conducting - mass surveillance AND unwarranted targeting. Which gives the bulk innocent citizenry every incentive to adopt more advanced protections.
     
  15. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    491
    Location:
    Earth .... occasionally
    As a matter of personal policy , I stopped using Tor some time ago ( even with chained VPNs )
    from any location that I could possibly be associated with .... and my interest is purely academic !

    Over cautious ? .... probably yes !

    @mirimir
    this is part of the reason I asked you for some pointers on Antenna technology in another thread.
    And I've just realized that I forgot to thank you ..... How rude of me ! :isay:

    PS
    To any TLAs that may be searching for me .... I'll save you the trouble .... I'm in McDonalds :)
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    For sure, that so for all of us :)
    Thanks :)
     
  17. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    I remember the "long range" antenna thread too. The most nagging issue for a user of "long range" reception is not being able to monitor the physical presence of the wifi provider ---- with your eyes. It would be nice to observe someone/something entering the establishment trying to find "you". Quickly dis-engaging the connection would be all you need at that point. That same configuration pointed at a residence at the end of a street would make this much easier. A quiet street and a house with no traffic would make someone coming to it stand out loud and clear. Not that I would do such a thing, just sayin!!
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    @Palancar - Yes, that is the problem with radio. I wonder if one could get tricky, and use separate dishes for sending and receiving. For receiving, just target the AP. That's passive, and can't be detected. For sending, target some off-axis elevated reflective object. The AP only sees scattered signal, so finding you would be harder. I suppose that they could install a directional antenna at the AP, but that would just give them your general heading.
     
  19. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    491
    Location:
    Earth .... occasionally
    The antenna topic was here ..... I had a quick dig around to find it ...
    It might be good for a new thread ( hardware section ? ) .... " Remote wi-fi access " ... anybody?

    Me neither .... " We're just speculating on a hypothesis here ". ..... ( a movie reference there )

    But given that hypothetical scenario , I personally would not want the "cyber me " to be within a sight-line of the " meat me ".
     
    Last edited: May 14, 2016
  20. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Yeah, that would freak me too ;) Unless it was a few km away.
     
  21. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    491
    Location:
    Earth .... occasionally
    Well then , our " thought experiment " would leave us with a choice between drones , or some very expensive optical equipment :)

    " Heavens to Murgatroyd " .... what's next for us ?

    Our range of feasible options appears to be constantly shrinking .....

    The Church of The New Flesh - Brian O'Blivion .... ?
     
  22. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Monitoring an AP doesn't seem workable. You'd need 24/7 monitoring. Who would do that?
    I'm OK with VPNs and Tor. VPN use is pretty common, where I am. Maybe it's not so common to chain VPNs, or to use Tor through VPNs. But that would take some effort to identify.
    Woah. New flesh. It's been a few years since I watched "Videodrome". Strange movie! But prescient, definitely.
     
  23. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    I am totally OK with vpn's and tor in combo too. I am a privacy freak not a sought criminal that I know of! In our "hypothetical" if that was me I would never perform any action while at home. The secret to "long range" would be mobility and using many multiple AP's all from a mile or so away. Where I live that is very easy to do. Hundreds of open AP's show up on distance able scanners/antennas (if you have them). If I were to approach illegally accessed AP's it would be thousands available with my skill set. NO thanks, and I mean it.

    Hopefully our nation will never set me in a place where I have to pick between connecting to an AP I shouldn't, OR completely surrendering my online privacy. I may "crack" in that instance and I don't want to be faced with that choice! [crossed fingers]
     
  24. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    491
    Location:
    Earth .... occasionally
    See that's what bothers me .... right there !

    People with intelligence can easily make and respect that distinction .

    But "out there " in the moronic inferno , there appears to be a blunt-instrument approach to these issues .
    Not least among the so-called "intelligence" agencies .....

    .... and now , in the popular imagination , VPN/Tor user equals "bad person ".
     
  25. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    The problem is that, even if you currently trust the govt. sufficiently that your judgement says you're OK now, the huge problem with collect-it-all-and-store-it-all is that years downstream, come a different government, they can come knocking on your door based on that stored information.

    The innocent have a great deal to fear.
     
Loading...