Tor Project working to fix weakness that can unmask anonymous users

tor_nsaDevelopers of Tor software believe they’ve identified a weakness that was scheduled to be revealed at the Black Hat security conference next month that could be used to de-anonymize Tor users.

The Black Hat organizers recently announced that a talk entitled “You Don’t Have to be the NSA to Break Tor: Deanonymizing Users on a Budget” by researchers Alexander Volynkin and Michael McCord from Carnegie Mellon University’s Computer Emergency Response Team (CERT) was canceled at the request of the legal counsel of the university’s Software Engineering Institute because it had not been approved for public release.

“In our analysis, we’ve discovered that a persistent adversary with a handful of powerful servers and a couple gigabit links can de-anonymize hundreds of thousands Tor clients and thousands of hidden services within a couple of months,” the CERT researchers had written in the abstract of their presentation. “The total investment cost? Just under $3,000.”

In a message sent Monday to the Tor public mailing list, Tor project leader Roger Dingledine said that his organization did not ask Black Hat or CERT to cancel the talk. Tor’s developers had been shown some materials about the research in an informal manner, but they never received details about the actual content of the planned presentation, he said. The presentation was supposed to include “real-world de-anonymization case studies.”

Despite the lack of details, Dingledine believes that he has figured out the issue found by CERT and how to fix it. “We’ve been trying to find delicate ways to explain that we think we know what they did, but also it sure would have been smoother if they’d opted to tell us everything,” he said in a subsequent message on the mailing list.

Dingledine suggested that the issue affects Tor relays, the Tor network nodes that route user connections in a way that’s meant to hide the traffic’s origin and destination from potential network eavesdroppers.

“Based on our current plans, we’ll be putting out a fix that relays can apply that should close the particular bug they found,” he said. “The bug is a nice bug, but it isn’t the end of the world. And of course these things are never as simple as ‘close that one bug and you’re 100% safe’.”

Tor — originally called The Onion Router — started out as a project of the U.S. Naval Research Laboratory, but is now developed and maintained by a nonprofit organization called The Tor Project. The software allows users to access resources on the Internet without revealing their real IP (Internet Protocol) addresses, a feature appreciated by privacy-conscious users as well as criminals.

According to media reports last year based on documents leaked by former U.S. National Security Agency contractor Edward Snowden, both the NSA and the U.K.’s Government Communications Headquarters targeted Tor and had some success in de-anonymizing limited numbers of users.

SOURCE – ComputerWorld.com

Heartbleed? What the hell is that?

Heartbleed_svgHeartbleed is a software bug in the open-source cryptography library OpenSSL, which allows an attacker to read the memory of the host computer, allowing them to retrieve potentially privacy-sensitive data.  Based on examinations of audit logs by researchers, it has been reported that some attackers may have exploited the flaw for at least five months before discovery and announcement.  It also appears that the NSA knew about this flaw for at least 2 years and did nothing.  Nothing except further infringe on your privacy rights.  The author of the bug, Robin Seggelmann, stated that he “missed validating a variable containing a length” and denied any intention to submit a flawed implementation.  Friends, maybe this guy is an NSA contractor…  Check this out:

Interesting alternative to passwords…

Friends, how many passwords do you have?  If you’re like me, you have a $hitload.  I currently use KeePass to maintain all my account information & passwords but what if your password changes every minute and you never have to remember it?  Watch:

Tor is building an anonymous instant messenger…

tor_nsaTor, the team behind the world’s leading online anonymity service, is developing a new anonymous instant messenger client, according to documents produced at the Tor 2014 Winter Developers Meeting in Reykjavík, Iceland.  The Tor Instant Messaging Bundle (TIMB) is set to work with the open-source InstantBird messenger client in experimental builds released to the public by March 31, 2014. The developers aim to build in encrypted off-the-record chatting and then bundle the client with the general Tor Launcher in the following months.

Pidgin, an older and more popular open-source chat client, was originally considered to be the foundation of the TIMB but was thrown out in favor of InstantBird. However, Tor still plans to hire independent security contractors to audit the new software and test its mettle so that “people in countries where communication for the purpose of activism is met with intimidation, violence, and prosecution will be able to avoid the scrutiny of criminal cartels, corrupt officials, and authoritarian governments.”

Over the long term, TIMB will likely become the messenger of choice for Tor users. Software such as TorChat and BitMessage already have significant userbases and smart advocates, but with the full weight of the Tor Launcher and team behind it, there’s little reason to imagine TIMB won’t succeed.  The creation of the TIMB is yet another step in what has been a years-long improvement in Tor software. A decade ago, the anonymity program was available only to tech-savvy users who knew enough to dive into their operating system’s command line.  Now, the Tor user interface has progressed to the point that almost anyone can anonymously surf the Web with just a few clicks. If TIMB follows in those footsteps, it will be another powerful anonymity tool at the fingertips of of both the tech literate and humanity at large.

The Tor Project, a $2 million per year nonprofit consisting of 30 developers spread out over 12 countries, is pushing forward on TIMB as part of an overall initiative to make Tor even easier to use for the average person. Also in the pipeline are more localized support staff as well as “point-click-publish Hidden Services,” to make it extremely easy for anyone to create a Deep Web site.  When it comes to the sort of security that Tor provides, ease of use is of paramount importance. Many users can’t or won’t take the time to learn about encryption programs like Pretty Good Privacy (PGP), leaving themselves open to surveillance.

SOURCE – The Daily Dot

Squeaky Dolphin?

squeakydolphin-640x456Documents obtained by former NSA contractor Edward Snowden show that NSA analysts monitored content on The Pirate Bay and used the agency’s surveillance systems to track where it came from. The documents also show that the NSA’s British partners at the GCHQ used XKeyscore data as part of a surveillance program on sites that included WikiLeaks. That was part of a broader psychological profiling and targeting program to collect intelligence, influence individuals online, and disrupt groups like Anonymous that were considered threats.  The new documents show that the GCHQ conducted “broad real-time monitoring of social media activities, processing data on activities like watching YouTube videos and Facebook Likes to profile, categorize, and target individuals for psychological operations.” The NSA documents in the latest disclosure refer to monitoring for content that could be considered “malicious foreign activity.” But it’s clear that the NSA also used its XKeyscore surveillance to dig through traffic to the torrent-sharing site, and it could very well have profiled foreign users of sites like WikiLeaks and monitored their access to that and other websites.

However, the documents—one an internal NSA “frequently asked questions” Wiki page and the other a set of GCHQ slides on psychological operations—do not provide a picture of how much information about people accessing WikiLeaks was shared between the GCHQ and the NSA. And while the documents point to NSA monitoring of Pirate Bay, there’s no suggestion of how the information gathered was used or if it was used at all.  A third, unpublished document shows that the Obama administration apparently encouraged foreign governments in 2010 (including the UK) to pursue charges against WikiLeaks for the publication of diplomatic “wires” provided by Chelsea Manning, formerly known as Bradley Manning.

The GCHQ slide deck, published in 2012, highlights two tools used to conduct social networking, Web monitoring, and profiling. The first, called “Squeaky Dolphin,” pulls online activities within Web traffic caught by the agency’s monitoring systems. The monitoring systems are called “Airwolf” in the slides, which may be a UK codeword for the GCHQ’s equivalent of XKeyscore. That data includes webmail, blogs visited, YouTube views, Facebook “likes” clicked on websites themselves, and other data culled from individual users’ captured activity.

It runs those activities, captured in real-time, through IBM’s InfoSphere Streams processing software to create analytical feeds. Those feeds are then piped into a Splunk database and surfaced through a “dashboard” view that allows analysts to find trends in sentiment. As an example, the slides showed activity related to cricket matches in London and the surge in Facebook likes for Conservative member of Parliament Liam Fox. It can also be used to spot trends in traffic that might indicate upcoming events such as protests or other civil unrest.

While Squeaky Dolphin tends to look at things with a wider view, “AnticrisisGirl” is a bit more targeted. It can be used to passively monitor specific websites—including traffic to WikiLeaks, as the slides demonstrate. The tool can be tuned to a specific set of Internet user signatures or keywords, and it provides analytics of their behavior in real time, capturing search terms or direct Web addresses used to get to the sites in question.

SOURCE – arstechnica.com

  • Ads