[1]http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa...
Anyone know how to start identifying the FoxAcid servers and calling them out?
For instance, what is (U)? Or (S), (SI), and (REL)?
There's a bunch more too:
http://en.wikipedia.org/wiki/Classified_information
http://en.wikipedia.org/wiki/Sensitive_Compartmented_Informa...
And its a picture of a guy with a bandit mask and an AK-47. I don't know about you guys, but all my Tor activities are performed in my Halloween costume!
I honestly can't believe something this tacky would end up in a presentation. Is this supposed to be propaganda?
If you look at the world around us and review the history of terrorism, most of it's been funded behind the scenes by one of the major superpowers, and you can't overlook the fact that a large portion of this has been by backed by the US. It's funny how when the US wants a government toppled, the terrorists are "friendly" and funded and armed by the US government, but when they're counter to US interests, they're suddenly part of the axis of evil and must be destroyed...
Perhaps if they stopped funding this ignorant behaviour and stopped supplying munitions to these terrorist interests, the problem would eventually go away... spend more on education and tolerance towards all points of view, enlightenment, the world would become a more peaceful place.
When will "democratic" governments eventually realize that money and greed is not the best approach to the furthering the human experience on this planet.
Sorry, didn't mean to get off on a rant there, but that one picture triggered a bit of annoyance.
>"If you look at the world around us and review the history of terrorism, most of it's been funded behind the scenes by one of the major superpowers, and you can't overlook the fact that a large portion of this has been by backed by the US."
While this assertion is not completely baseless, it's simply not correct, but is the kind of empty-headed moral equivalence that gets tossed around to unanimous approval among a certain class who consider a shibboleth of sophistication.
To wit, in the history of terrorism, we see the Irish Republican Army, The Tamil Tigers, the Red Brigade, the Weather Underground, FALN, Baader Meinhof group, the Symbionese Liberation Army, the current Chechen groups, the Hindu and Muslim groups prior to the formation of Pakistan, and frankly many more -- all without super power support. While some national actors have stepped up to support terror groups, superpower, or even great power support has been the exception rather than the rule.
During the cold war, the USSR, the US and China fought a number of proxy wars, and supported opposition groups in various national civil wars, mostly in Asia, Africa and Central America. Additionally, the CIA engaged in specific assassinations of political leaders largely in Latin America but not really what anyone would consider terrorism by the current definition. You're statement that a large portion of terrorism has been backed by the United States would require expansive definitions of 'large portion', 'terrorism' or 'backed' to be true.
We American's require a boogeyman.
In all fairness, most countries do. Watching South American leaders lately shows the exact same behavior. Find a foreign devil for everyone to rally against to hide domestic issues.
> Replicants are like any other machine. They're either a benefit or a hazard. If they're a benefit, it's not my problem.
These people's job is to fight (their government's definition of) terrorists. It's not automatically in the job description to develop a nuanced view of terrorism, of various categories of hackers, etc. -- except to whatever degree it helps them to understand their enemy and thereby stop them.
People often do this even in jobs where the stakes are lower -- if you're running a struggling grocery store competing with a SuperWalMart, WalMart are the bad guys, even if the people who work at WalMart are perfectly nice people just trying to earn some money to raise a family.
Having said that, yes -- it's obviously particularly dangerous to go around branding anyone you have a problem with a terrorist.
I don't always hack, but when I do, I wear a balaclava
http://www.buzzfeed.com/copyranter/all-computer-hackers-wear...
From a quick look this one seems more plausible than the absurd PRISM presentation.
Are you suggesting that the leaked PRISM presentations are not authentic?
http://americablog.com/2013/09/nsa-outrage-star-trek-bridge....
Page 4: Dumb Users (EPICFAIL)
That must be a really wierd job, doing tacky but still sophisticated illustrations for top secret internal presentations.
You pick a 'beard' and drag it onto the person, etc.
This similar looking one is all over the internet:
http://www.iconshock.com/img_jpg/SUPERVISTA/networking/jpg/2...
Tor Stinks, ONIONBREATH, EPICFAIL
(edited to remove broken image link)
Even better, on page 9: "Analytics: Dumb Users (EPICFAIL)"
It sounds dramatic because it is.
Isn't that kind of like the police deciding to make the roads full of potholes because that would make it more difficult for bank robbers to get away in a car.
Then again, considering the quality of the roads these days, maybe they are way ahead of me on that.
Basic statistics tells us it is pure insanity to compromise our security for the noise that is "international terror".
Otherwise yes, it seems stupid to make Tor unusable as a whole.
> Could we set up a lot of really slow Tor nodes ... to degrade the quality of the network? > Given CNE access to a web server make it painful for Tor users?
At least the document seems to confirm that GCHQ has a really, really hard time de-anonymising Tor users.
> Critical mass of targets use Tor. Scaring them away from Tor might be counterproductive.
I don't like that PG has relaxed the flagging so much. You can probably flag even tens of stories a day now without having your flagging removed.
I would totaly implement something like that if I were PG. Seems to fit the mindset of HN, as it also uses hellbans.
Conspiracy theories are fun!
> Critical mass of targets use Tor. Scaring them away from Tor might be counterproductive.
In other words, they'd rather only have to break one anonymization service instead of five.
Edit: I found a reference to something called a "Quantum Insert" in an article related to GCHQ. They state the following:
According to the slides in the GCHQ presentation, the attack was directed at several Belgacom employees and involved the planting of a highly developed attack technology referred to as a "Quantum Insert" ("QI"). It appears to be a method with which the person being targeted, without their knowledge, is redirected to websites that then plant malware on their computers that can then manipulate them
http://www.spiegel.de/international/europe/british-spy-agenc...
This might be what they are referring to, or a system that was built for targeting specific individuals.
In the academic literature, these are called "man-on-the-middle" attacks, and have been known to the commercial and academic security communities. More specifically, they are examples of "man-on-the-side" attacks."
Read more here: www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity
If I were MITMing with full cooperation of only a subset of a network carrier, I'd probably go for some route announcement tricks; easier to interface with the rest of the organization, and due to lack of filtering internally, not much config change required. Would fail safely (== non-detectably), also, and could potentially be explained away as "oh, shit, some stupid ISP leaked routes".
(I guess you could give bad dns responses, too, and then go from there, but that sounds more detectable at the end user device, which is very undesirable.)
I'm so glad I have nothing to hide.
"The good news is they [NSA] went for a browser exploit..." - Roger Dingledine, President of Tor project
It seems there are assumptions among parties that employ "browser exploits" against unsuspecting users that the persons targeted will be using "modern", complex, Javascript-enabled, graphical browsers, and that they'll use these browsers to retrieve content from the network and to view that content on machines with writeable permanent storage that can connect to the network. Am I misreading all these tales of browser exploitation?
Can these parties accomodate reboots from read-only media, text-only browsers, write-protected storage and offline viewing of content?
Maybe the problem isn't so much with Tor as with with the popular browsers and their gratuitous complexity.
Would also love to know more about NEWTONS CRADLE, anyone heard of anything more specific?
ORBOT / Tor Router Project / Hide-my-ip-address / Tor Project and the bootable OS Tails.
Some of the more advanced Obfuscation for the tor project
Skype Morph - Hides Tor traffic in Skype packets mmm fun and worth a look
Someone better be working on tor Obfuscation with flash packets, no one is going to block those things.
/tinhat
Edit: Nevermind, it says it's sourced from a 2007 file but dated 2012.
What exactly does sourced vs dated even mean?
The document states "still investigating" for multiple issues. It doesn't take the NSA 6 years to investigate these things.
The questions are very basic, such as, browser/JS exploits, leftover cookies, and owning the majority of nodes. That is hardly top secret, all of these were things that were public concerns long ago.
The other alternative is they just don't care. They can still slurp down a good portion of the incoming and outgoing email traffic. If one of wikileak's origin stories are to be believed most Tor users have no idea how Tor works or what they are actually doing, including government operators (with the appropriate code name EPICFAIL on page 9.)
Going completely off topic, I had an idea earlier. Bitcoin right now is using something around 16,000 petaflops of processing. This shows that when proper incentives exist massive computational and network resources can be utilized in a distributed manner.
What if a protocol existed which forced user participation or required them to exchange a store of value to use it? For example, if a user acted as a node (relay not exit) they mined a currency (probably inflationary.) If a user did not act as a node, they had to pay a currency which would then be distributed to exit node operators. The currency could be bought and sold through exchanges rather than to a central commercial entity.
The end goal, besides having a lot more network bandwidth, would be to have so many relay and exit nodes running it would be economically impossible for a single entity to compromise a significant number of them.
Of course, easier said than done.
Just an odd image in my mind of a group of top-security clearance, extremely well trained, able-minded people who think up silly code names like these.
... that either says they're stupid, or they're only after stupid terrorists... as if they're the ones they should really be concerned about.
* Better education on how users can browser carefuly (no javascript, no plugins, updated browsers) * More nodes.
Was interested in the user profiling to establish from raw network traffic which users are likely using Tor - so for example from this message.
Not sure what QFP is though?
Declassify on: 20370101
