
Attacking Tor: How the NSA targets users' online anonymity - brkcmd
http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity
======
shawn-furyan
One heartening aspect of the Snowden revelations as a whole is that they have
pretty much just confirmed that the things we thought were strong (public
crypto research, tor) are in fact strong and the things that we thought were
iffy are in fact iffy(Certificate Authorities, Unvetted Crypto, Cloud
Services, The Wires, Implementations). This bodes well for the prospect of
navigating out of this whole mess successfully since on the whole we seem to
have good instincts about what is trustworthy and what is untrustworthy. I
think that it actually has tended to clarify thinking about security so that
fewer and fewer engineers are able to delude themselves into trusting
something that they know deep down is really untrustworthy.

~~~
belorn
One iffy part I would like to add is government itself. It was generally
thought that government would not keep security vulnerabilities hidden,
prioritizing to protect citizens rather than having a minor advantage in
hacking.

Together with the earlier leaks regarding sabotaged security standard, US
government is the most damaging entity to computer security today. Anything
they do need to be viewed under the understanding that NSA primary priority is
to be able to hack other peoples computers. Be that a encryption algorithm, or
a kernel module, NSA priority is 100% clear.

That used to be a tin-foil hat idea just a few months ago, and we know better
now. If NSA comes carrying gifts, it warrant being very careful in accepting
them from a party with such hostile priorities.

~~~
mpyne
> That used to be a tin-foil hat idea just a few months ago, and we know
> better now. If NSA comes carrying gifts, it warrant being very careful in
> accepting them from a party with such hostile priorities.

Well, not really.

The "tinfoil" idea is that NSA is breaking into crypto so that they can
blackmail politicians, black-bag innocent citizens, etc.

But it was _never_ widely assumed that NSA wasn't trying to break every bit of
encryption they could. Besides the fact that such activities are _literally
their job_ , it's one of the few things they'd just as likely tell you
directly if you asked them.

"Q: Are you trying to break cipher/cryptosystem FOO?" "A: Yes, we're trying to
break all of them, to protect our SIGINT capability".

NSA has spent literally decades analyzing and breaking the military-grade
ciphers of other nations. So I don't know where people got the idea that just
because civilians obtained access to military-grade encryption, that NSA would
suddenly stop with cryptanalysis efforts. But it has nothing to do with
civilians per se; the military and national security opponents are using our
civilian crypto too!

Is that inconvenient for civilian cryptography? Sure. But let's not act like
people are having something chipped and taken away from them, that they've
always had.

Before RSA and DH there was essentially _no_ widely-known safe cryptosystems
that we could use. You used DES, or you could make up your own Vigenère
implementation perhaps (have fun with key exchange!).

And that's just discussing computer communications. Your phones were all
tappable, international telegrams easily read if it suited NSA, and good luck
if you used one of those new-fangled cell phones.

The claimed threat is that computers make NSA more capable of surveilling the
people at large, but the evidence shows that systems like Tor are putting up
an exceptional fight, and even cryptosystems like TLS with many known
weaknesses mostly work against global passive surveillance.

You would have to get on NSA's specific shitlist to have to really worry, but
being on that shitlist 20 years ago meant _anything_ you said _would_ be
picked up... and now, even that is not so certain.

~~~
moutarde
The NSA shouldn't just be an attacker it should also provide defence. If one
of their many contractors can leak details to the press for idealogical ends
it's pretty safe to assume that much worse secrets have already been leaked to
other nation states (China, Russia etc....) for financial gain.

I think it's entirely reasonable to assume that a lot of exploits the NSA has
discovered and not revealed (because it thinks they are "secret") have
actually been sold to other governments by it's own contractors. By not
revealing these exploits to citizens they are actually leaving them open to
attack by foreign governments. Large companies trying to defend against
industrial espionage are probably most at risk.

~~~
keithpeter
_If one of their many contractors can leak details to the press for
idealogical ends it 's pretty safe to assume that much worse secrets have
already been leaked to other nation states (China, Russia etc....) for
financial gain._

Especially as the agency in question appears to have no compartments or levels
of access. I've been wondering how a comparatively junior contract worker
could access so much information...

~~~
mpyne
They're very compartmented, as it turns out.

But Snowden was a sysadmin and successfully managed to digitally impersonate
persons actually _in_ the right compartments, among other things, in order to
get access to the data he wanted.

I suppose it's better to say that NSA is too reliant on contracted systems
administrators to handle what should be inherently governmental functions, and
that they don't properly compartment sysadmin functions. But then again, is it
even possible to completely protect a computer network against an insider
sysadmin threat?

------
danso
This accompanying article has useful context:
[http://www.theguardian.com/world/2013/oct/04/nsa-gchq-
attack...](http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-
network-encryption)

> _But the documents suggest that the fundamental security of the Tor service
> remains intact. One top-secret presentation, titled 'Tor Stinks', states:
> "We will never be able to de-anonymize all Tor users all the time." It
> continues: "With manual analysis we can de-anonymize a very small fraction
> of Tor users," and says the agency has had "no success de-anonymizing a user
> in response" to a specific request._

So only with "manual analysis" can intel agencies have any success, and that
appears to be with a small subset of users who have other vulnerabilities. But
when targeting a specific user, the NSA appears to have had no success in de-
anonymizing them.

~~~
lambada
This needs to be higher. I think this was the best scenario anyone who knows
Tor could hope for. The attacks against Tor, when used correctly, are well
understood. And, assuming this presentation is accurate,the capabilities of
adverserial semi-global attackers aren't much different from what we were
expecting.

I would love to see if they have similar slide-decks for I2P, which is often
compared with Tor for Hidden Service/eepsite usage.

------
elwin
The more we learn about the NSA's capabilities, the more it seems like the
Manhattan Project. They are developing the "cyberwarfare" equivalents of
weapons of mass destruction. This exploit delivery network goes so far beyond
any legitimate purpose it might serve that it belongs in the same moral
category as hydrogen bombs.

EDIT: The above is somewhat hyperbolic and unclear. The NSA's capabilities may
have legitimate uses. Similarly, there may be legitimate military uses for
nuclear weapons. But building nuclear weapons creates the risk of worldwide
nuclear destruction. Similarly, building this kind of highly efficient exploit
system creates the risk of destroying all Internet security. The potential
destruction far outweighs whatever good the weapons might accomplish. That is
why I said they belong in the same category.

~~~
twoodfin
I think that's a pretty serious exaggeration. Designing tools to let you spy
on Tor traffic has to be in a separate category from designing bombs that
could kill millions.

Besides, are there _no_ ends that could justify these means? I think the means
are altogether reasonable given the ends. Put aside whether you think the NSA
is genuinely pursuing its national security mission: If it were, wouldn't it
make perfect sense to figure out how to attack Tor?

~~~
elwin
Attacking Tor by passive analysis is one thing. Installing spyware, creating a
botnet, and making the infection process quick and easy is another. There
might be some justification for the former. The latter is too risky.

~~~
tptacek
It's not a "Manhattan Project" if it's within the capabilities of any decent-
sized organized crime syndicate. People here have short memories. In the
1990s, _teenaged hackers_ owned up the backbone.

~~~
elwin
I called them analogous because of their potential effects and their
development in secret by governments. I don't think a crime syndicate could do
it so effectively; when the NSA "owns up the backbone", even if the operator
discovers the intrusion, it stays owned.

~~~
wglb
The Manhattan project involved gobs of never-before-done of engineering, new
understanding of physics. Owning up the backbones is simply a matter of scale
and access.

I don't think there is really an analogy here.

------
tptacek
Metacommentary:

I've taken a jaundiced view of "liberation tech" efforts in the past and this
is as good an illustration as any of why. Among "amateur" libtech projects,
Tor is about as good as you get --- an active community, extremely widespread
use, technical people with their heads screwed on right and as much humility
as you can reasonably expect of people whose projects are (candidly) intended
to thwart world governments.

If Tor can't provide meaningful assurances (here, there's a subtext that Tor
actually made NSA's job _easier_ ), you'd need an awfully convincing reason
for how you're going to do better than they are before "liberating" the
Chinese internet, especially given that it your users who assume the real
risks.

~~~
tedks
>(here, there's a subtext that Tor actually made NSA's job easier)

I'm not sure how you reached that conclusion.

The slides mention that Tor is:

* Very difficult to identify on the network-level, since Tor-tls traffic is indistinguishable from Apache-tls traffic as of 2011

* Impossible to fully deanonymize

* Only exploitable via a handful of browser exploits.

Further, later in the "Tor is the King" slide deck, there's this rather
glowing endorsement of the TAILS livecd:

"Tails... adds severe misery to CNE equation."

...which is what you'd expect, given that TAILS is entirely ephemeral, and so
all of their callbacks and APT-style attacks are useless against it.

I had previously considered TAILS a rather "amateur" system myself, because of
the glut of livecds bundling Tor. But it turns out they're actually adding
severe(!) misery to the NSA's exploitation team! I'm downloading the TAILS cd
now so I can switch over to using it in a VM rather than running Tor Browser
Bundle on my own machine.

~~~
codygman
Will tails still only use ram and no disk within a vm? If not, you'll just
have a slightly better tor browser bundle (plus other features) right? I
always thought the "ram only" portion of tails was one of the biggest
anonymity wins.

~~~
tedks
If the VM doesn't have a disk, then yes...

------
anologwintermut
This is one way the NSA can attack Tor. if they just want to de-anonymize a
connection, not get access to the content, (.e.g to locate the Silk Road
Sever), in theory they can just analyze all their passively collected data
form major fiber backbones to identify and locate the user.

Tor, including hidden services, was never designed to protect against someone
who could observe all or almost all traffic in the Tor network. Given that
data, it's rather easy to correlate timing information. Indeed, Tor
fundamentally allows this since it aims to be a low latency network.

Given the NSA's extensive tapping of key fiber lines, we should assume they
can actually observe the necessary traffic.From the original paper announcing
Tor: "A global passive adversary is the most commonly assumed threat when
analyzing theoretical anonymity designs. But like all practical low-latency
systems, Tor does not protect against such a strong adversary." \--- Tor: The
Second Generation Onion Router [0] [0]
[https://svn.torproject.org/svn/projects/design-paper/tor-
des...](https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf)

------
GigabyteCoin
Is nobody slightly concerned that the date shown in the PDF file which sparked
this commentary (
[http://www.theguardian.com/world/interactive/2013/oct/04/tor...](http://www.theguardian.com/world/interactive/2013/oct/04/tor-
stinks-nsa-presentation-document) ) shows the PDF as being created in 2007?

It looks like they had some trouble picking out users 5 years ago... lord only
knows how easy it must be for them now.

~~~
atmosx
I think this depends vastly on the number of rogue tor nodes. However, picture
this: NSA isn't the only organization going after TOR right? Probably there
are others.So if you are China, Iran, Syria, Russia, etc. What do you do? You
set up your 'own' poisonous tor relays. What you end up doing is disrupting
and diminishing the potential of a single agency or a group of agencies of
controlling a big % of tor traffic.

So all in all, might be a good thing and way more difficult thatn it was 7
years earlier. Not to mention that at the time we were browsing through tor at
50 kb/s while now we browse at 400 kb/s.

------
kilroy123
Sounds like, if you're going to do something very sensitive on tor, you need
to:

\- always have an update to date version of tor bundle!

\- compile the bundle yourself from source

\- run it virtually, and always roll back to a clean snapshot (before
installing it tor) when done

\- if possible use from a network that is not your own (open wifi, public
wifi, etc.)

\- spoof your mac address

\- do not run JS, Java applets, etc.!

I know this seems extreme, but from what I read, it's the best you can do to
protect yourself.

~~~
chakalakasp
If you are doing something that would make the NSA interested in you (and I
would highly _highly_ discourage that), you'd need to focus more on
tradecraft. Get the laptop from a source that can't be traced to you, like a
thrift store in a city where you don't live or normally frequent. Disguise
yourself, pay in cash, and either make sure there are no security cameras or
wait a good year before you do whatever you are going to do (nobody keeps
camera data longer than that). When you do whatever you are doing, use a Live
CD like tails. Disguise yourself. Wear gloves. Go to a city you don't live in
or frequent regularly, and only use cash during the trip. Park a long distance
from your wifi source where there are no cameras and walk to where you will
access the wifi. Use a cantenna to hit an open wifi some distance away,
preferably a public connection like a busy coffee shop. Do whatever you are
going to do. Walk back to your car, drive to a nearby town, smash the laptop
and dispose of in a dumpster. Drive home.

~~~
harshreality
That isn't sufficient.

The NSA might be able to query their databases for anyone who recently visited
the city where the wifi involved is located, and you might match that if there
were license plate scanners on the way, even if you paid for gas in cash. If
that information isn't collected by the NSA today, it probably will be
tomorrow.

The NSA might be able to query their databases for anyone who "went off the
grid" for a day or two around the event they're interested in. That's not good
enough to id a suspect, but it narrows the pool. If you stopped making google
searches from your normal internet connection within a day of the event in the
other city, and you normally use your computer every day, or if your phone was
off within a day of the event, that's suspicious. Enough of those kinds of
data points and you become a suspect.

Even simpler, and a staple of crime fiction, stuff happens that you have no
control over that can place you in the vicinity at the time of the event. If
you have bad luck and get a ticket or get in a car accident in the city in
question, for instance...

Far from suggesting that you simply need to be more careful, my view is that
you can't take sufficient precautions to get risk down to a tolerable level if
whatever you're doing brings you to the attention of the NSA.

~~~
onedev
What if you ran scripts on your phone and computer so that it would appear as
if you were browsing the internet and using your computer during your regular
usage times?

Also using public transportation (and paying for it in cash) will help
mitigate the first issue your brought up.

~~~
roywiggins
Personally I had the idea a while back for a sort of time-release dead drop.
Stuff a Raspberry Pi into a fake power strip, put your seekrit information
onto the SD card, and go plug it in somewhere in a city you 'happen' to be
passing through, near to a public wifi spot.

Then a year later it wakes up and uploads the data publicly via Tor and self-
wipes. Even if it's traced back to the Pi, they'll have to trace the Pi back
to you (you bought it untraceably, right?).

~~~
r0muald
How can you buy a Pi untraceably? Last time I checked you could buy them from
e-stores using credit cards..

~~~
onedev
Pay a stranger like $300 to buy you at $25 Raspberry Pi?

------
conductor
> Once the computer is successfully attacked, it secretly calls back to a
> FoxAcid server, which then performs additional attacks on the target
> computer to ensure that it remains compromised long-term

It would be nice if somebody could honeypot them to find out the vulns and
malware types they are using.

~~~
antocv
How so I get on the list of most interesting persons so I can setup my
honeypots? do I have to be jacob appelbaum or assange?

what freaked me out is that they deliver sensible exploits for techie people.
go damnit.

------
mcphilip
edit: removing meta discussion about flagging. the story should get the
attention. apologies for the distraction.

~~~
tptacek
I don't think this is being flagged. I flag soap opera NSA stuff for instance,
but wouldn't flag this.

~~~
mcphilip
It was at mid second page with 10 up votes after 35 minutes when I made this
post originally.

------
spindritf
So how does Tails[1] stack up? It seems to thwart most of those attacks.

It block non-anonymized traffic and makes permanent changes difficult. OTOH,
privilege escalation bugs happen frequently on Linux.

[https://tails.boum.org/](https://tails.boum.org/)

~~~
steveklabnik
According to the article,

> "Tails... adds severe misery to CNE equation."

------
chrisduesing
Wait, so simply by using Tor the government will install malware on your
computer. How is that legal?

~~~
boon
My interpretation of the article was that they identify prior to attacking.

I suppose they could use a "spray and pray" attack on anyone using Tor, but
that would be easily detected.

------
aroch
At least according the the slides, Tor appears to be safe for the most part.
Which is good.

------
neves
I've been playing with vagrant and ansible to create a new server in a snap.
Here is a good weekend project:

Instead of having just an Tor/browser bundle, build a vagrant machine
specification that installs the Tor bundle. This virtual machine would be
destroyed and recreated from time to time. Now put the machine specification
in GitHub and let anyone use it.

~~~
error54
That's a great idea! Please let us know how that goes.

------
jstalin
So how does one determine which sites are being intercepted through Tor and
served malformed code? Start doing CURLs from within Tor and outside of it and
comparing hashes?

------
malandrew
If someone makes disposable Raspberry Pi Tor exit and non-exit nodes sealed in
hard plastic resin, we could all buy them and drop them off in random places
throughout the world on open networks. If enough people the world over does
this, we would make it a lot harder for a global passive attacker to succeed.

Tor's biggest vulnerability is the risk associated with operating exit nodes
means that the number of exit nodes remains relatively low at ~1000 worldwide.
If hundreds of thousands of exit nodes started popping up all over the globe.
It would be very hard to counter.

I'm also curious if enough governments unhappy with what is happening could go
as far as hosting many tor nodes outside the control of the NSA. Is the Global
Passive Adversary threat still valid if there are many of them that are non-
cooperative with one another (i.e. China can't monitor US and Russian tor
nodes, Russia can't monitor US and Chinese nodes, and the US can't monitor
Chinese and Russian nodes)? My intuition tells me that the global passive
adversary would have to be able to monitor most of the nodes, but if others
came on the scene doing the same, they would dilute the percentage of nodes
that any single global passive adversary could monitor.

------
ksrm
Can one use something like Lynx with Tor? I doubt there are very many exploits
for it.

------
coldcode
Sure these folks are smart and have all sorts of powerful weapons; what are
the odds that someone out there could successfully repurpose some of these
weapons? What is the likelihood that vulnerabilities exist in the NSA's
systems? We can never know since it's all secret. If someone does take over
these systems we wouldn't know that either.

~~~
elwin
Historically, different nations' intelligence agencies have often infiltrated
each other. I'm sure someone will eventually gain access to the NSA's weapons,
but I think they would be more likely to steal details to add to their own
systems than "repurpose" the NSA's.

------
wil421
I am loving every minute of this NSA-Gate or Snow-Gate. Nothing like holding
GOVT accountable for decisions they make behind closed doors, decisions that
had an impact on the whole world not just US citizens.

Its also great all the technical details that are being released about how
they Intel Agencies collect data. Its all fascinating.

------
welder
The NSA is like Tor's pentesters, except Tor doesn't get to see the results.

~~~
dragonwriter
Given that the US government is Tor's main funder, the first part may be more
accurate than the second part.

------
espeed
Foxacid sounds like an NSA version of BeEF
([http://beefproject.com/](http://beefproject.com/)), which hooks browsers
that would then be monitored from the Lockheed-Martin-style SOC
([https://www.youtube.com/watch?v=x1tCJfy_iZ4](https://www.youtube.com/watch?v=x1tCJfy_iZ4)
:-).

However, for those with more limited resources, Ryan Barnett is working on an
open-source monitoring system for BeEF
([https://vimeo.com/54087884](https://vimeo.com/54087884)).

------
pitchups
It appears that the NSA has been able to target only Tor users that are using
the Tor - Firefox bundle. So if you are using Chrome or some other browser -
configured to use Tor, you would be safe from these exploits. Wouldn't most
sophisticated hackers - or other high value targets most likely to be of
interest to the NSA - be already doing that, rather than using the Firefox+Tor
bundle?

~~~
andrewaylett
Unless you put a lot of effort into the integration, I'd advise against doing
that -- the Firefox included in the bundle is specifically set up to avoid
leaking information, while a standard Firefox or standard Chrome will phone
home or do something else (like make a DNS request over the public network)
that will quickly compromise any security you thought you had.

------
reirob
In the slide titled "Exploitation: Shaping" the status says "Can stain user
agents working on shaping."

How do they achieve to make tor use NSA/GCHQ nodes? If they achieved to do
this 5 years ago (the PDF is from 2007) would it then be reasonable to assume
that since then they have managed to modify the TOR source code in a way that
nobody remarked to do exactly this?

------
galapago
This kind of news should encorage people to create and use better tools for
find and fix vulnerabilities in software.

------
pygy_
_> FoxAcid tags are designed to look innocuous, so that anyone who sees them
would not be suspicious. An example of one such tag [LINK REMOVED] is given in
another top-secret training presentation provided by Snowden._

Anyone knows what these tags look like?

------
rdl
Should really make a packaged vm in vm failsecure tbb equivalent. Nothing is
really works from a usability standpoint while giving reasonable protections
against this kind of endpoint attack.

------
gcb1
what about the nonsense on the quantum system? i think the reporter left some
key info out.

why does speed is a factor to mitm attacks? the slide shows a proper mintm
diagram... or is this quatum thing exploiting a package arriving before the
honest response? and why they would need to do that if they are in a position
to do a proper mitm attack and not expose themselves for someone who monitors
man-on-the-side attacks?

------
frank_boyd
I remember somebody from Mozilla thinking out loud "we should integrate Tor in
Firefox". Glad that didn't get done.

~~~
g8oz
I'm more glad that they didn't do it the other way around - considering how
confident the NSA is about being able to keep finding new vulnerabilities in
Firefox.

------
hawkharris
Apparently, John Grisham works for the NSA, naming its programs.

------
doug1001
don't forget that Tor publishes their exit nodes--they make them freely
available to anyone. So a simple membership test on a client IP against that
list of exit node IPs identifies that client IP as either having come through
Tor via the onion router or else they are an exit node themselves.

