
German foreign spy agency BND attacks the anonymity network Tor - y7
https://netzpolitik.org/2017/secret-documents-reveal-german-foreign-spy-agency-bnd-attacks-the-anonymity-network-tor-and-advises-not-to-use-it/
======
mirimir
> How exactly the spy agencies want to crack Tor remains vague.

> Precisely how the BND plans to „chop“ Tor is unfortunately redacted in the
> document we obtained. But as before, the spy agency refers to public
> research. To implement the attack, it is likely that the spies runs their
> own servers in the Tor network. M.S. points to passive snooping servers,
> which are presumably operated by the NSA, and emphasizes the „protection of
> the anonymity“ of the spy agencies.

And indeed, there are no specifics.

Tor Project acknowledges that Tor is vulnerable to global adversaries. With
enough intercepts, they can correlate traffic at various relays, and connected
users and servers. There's nothing magic about onion services. It's just that
there are seven relays between users and servers, rather than just the normal
three for Tor.

But hey, it provides better anonymity than any alternative. Other than meeting
in remote locations, anyway. And you can add VPNs to the mix. I always use Tor
through nested VPN chains. That adds misdirection. But perhaps most
importantly, it adds latency and jitter, which mitigate traffic correlation
attacks.

Edit: As a fun science project, you can play with traffic correlation between
you and your private onion service. You use unlisted private bridges as entry
guards, both locally and for the onion service. So it's only your traffic that
gets analyzed. And you don't need sophisticated software. Wireshark and a
spreadsheet are enough. So you have packet captures from your local machine,
and from the VPS running the onion service. Using Wireshark, you export
bitrate in millisecond bins. Then in the spreadsheet, you have two columns,
one with each bitrate series. Just create a third column for the product. Each
sheet will hold 1E6 lines, or 1000 seconds. Excel works best, because it uses
multiple cores. R would be better, because you could crunch segments in
parallel.

~~~
belorn
I have never seen any study that can do traffic correlation of encrypted
traffic for real world data. The combination of parallel connections (Firefox
has 6), multiple tabs, ajax calls and background polls, all makes the real
world very hard to separate the data to any sensible detection rate.

What I have seen is people being able to detect data when each high level
request can be cleanly separated.

~~~
cat199
this is a security agency - what makes you think you would have seen it?

multiple intercept locations + timing information + flow size captures +
crawling data from destination sites + a big honking graph database would
probably get someone with deep pockets fairly far as far as fingerprinting..

from here, select various targets and add more traditional methods and you've
got yourself a pretty good 'lets see whats going on with the key players' sort
of tool..

~~~
belorn
I have seen statements both Snowden and Schneier that say that security and in
particular encryption works but the attacker only need a single point of
failure and security agencies generally bypass rather than break security
measures.

But we are talking about a specific attack vector here: Correlation attacks.
flow size captures and destination site fingerprints are great if the traffic
can be isolated.

Imagine a actually fingerprint. A computer will transform the image into
specific dot values, and from there create a unique value. Now imagine you put
100 different fingerprints with the exact same outer finger shape on top of
each other. No method will be able to say with confidence if a specific
fingerprint is in it, regardless deep pockets and honking databases.

But there are a few catches. Reduce the number of simultaneous signals and the
problem goes down. If you can introduce additional traffic into the signal,
you can often isolate the traffic you are interested in. While we can never
know with certainty what the big agencies can do, the general advice I have
heard is to not send a single message through the tor network and always do it
as a part of multiple simultaneous messages (both for sender and receiver).

------
jfaucett
For those who can read German, here's the original with a lot more information
including cited documents and graphs and charts.
[https://netzpolitik.org/2017/geheime-dokumente-der-bnd-
hat-d...](https://netzpolitik.org/2017/geheime-dokumente-der-bnd-hat-das-
anonymisierungs-netzwerk-tor-angegriffen-und-warnt-vor-dessen-nutzung/)

------
KGIII
I thought it was well established that timing attacks could identify the user?
My understanding is that if you remain on the network, domains ending with
.onion, you're still able to remain anonymous.

~~~
hackermailman
The gist of the longer translated article is BND believes the majority of Tor
relays are run by spy agencies, aka a global adversary that can watch most of
the traffic. So you connect to the NSA run bridge that routes you to the
GCHQ/NSA/CSIS/ASIO run farm of internal relays.

~~~
kpcyrd
> So you connect to the NSA run bridge that routes you to the
> GCHQ/NSA/CSIS/ASIO run farm of internal relays.

This isn't possible. Your tor daemon fetches the consensus from a directory
server and picks the relays and exits itself.

The directory server can't tamper with that consensus because its signed by
the directory authorities, a small set of servers that are necessary because
of this attack.

~~~
jacquesm
You are right in principle but if the vast majority of the nodes are run by
adversaries then to all intents and purposes it might as well be true because
that directory of relays and exits contains such a large percentage of
adversaries your chances of hitting one of the 'good guys' are nil.

~~~
hackermailman
Part of their reasoning for this warning is BND claims vast majority of relays
are in 5 Eyes Alliance countries, and BND claims they told the 5 Eyes Alliance
a few years ago they should just run relays themselves until the odds are
favored a Tor user ends up using spy agency relays.

~~~
yborg
I've always assumed that once Tor was sufficiently popular that the majority
of nodes would end up being attackers. NSA gets whatever money it wants, there
must be entire server farms running Tor nodes for them.

What has always surprised me is that someone hasn't tried to install Tor nodes
into compromised IoT devices, etc. If a virus is installing millions of nodes
in the wild, that might be enough to keep the network majority non-attacker.
As it stands, NSA or China, or whoever just ends up buying the whole network.

~~~
oneweekwonder
> What has always surprised me is that someone hasn't tried to install Tor
> nodes into compromised IoT devices, etc.

If you had the skill to compromise the devices with a tor node. Won't you use
that node in your own private "tor" network, instead of sharing it with the
wild?

------
jpelecanos
Based on the article, it seems that the German government combined foreign and
signals intelligence into one agency, the BND. In the US, however, Truman
separated them into the CIA [0] and the NSA [1], respectively. Thus, is there
a specific reason for BND's dual role?

[0] [https://www.cia.gov/library/center-for-the-study-of-
intellig...](https://www.cia.gov/library/center-for-the-study-of-
intelligence/kent-csi/vol20no1/html/v20i1a02p_0001.htm)

[1] [https://www.nsa.gov/news-features/declassified-
documents/tru...](https://www.nsa.gov/news-features/declassified-
documents/truman/)

~~~
guitarbill
The BND (Bundesnachrichtendienst) is civilian federal foreign intelligence,
the BfV (Bundesamt für Verfassungsschutz) is civilian federal domestic
intelligence. It was probably not a great idea for e.g. diplomacy if Germany
had loads of foreign intelligence agencies after WW2.

In the US, you have way more agencies. The five most famous are Central
Intelligence Agency (CIA), National Security Agency (NSA), Defense
Intelligence Agency (DIA), National Geospatial-Intelligence Agency (NGA), and
National Reconnaissance Office (NRO) [0]. Germany does have other military
intelligence agencies, such as Kommando Strategische Aufklärung or
Militärischer Abschirmdienst (domestic military intelligence). They are
subdivisions of the German military (Bundeswehr). Some of the US agencies are
child agencies of the DoD. So arguably it's similar?

And because Europe is countries but the US is states, it isn't really
comparable in size, so splitting these roles into different agencies makes
less sense. There are benefits of having only one agency/organisation, e.g.
re-assigning personnel and easier cooperation (inner-agency vs inter-agency).

[0]
[https://en.wikipedia.org/wiki/United_States_Intelligence_Com...](https://en.wikipedia.org/wiki/United_States_Intelligence_Community#Organization)

~~~
type0
Are german federal states allowed to have their own intelligence agencies?

~~~
mhd
They each have their own Verfassungsschutz. Anything beyond that would require
new laws. And even Bavaria doesn't quite dare to step into Stasi territory.

------
tannhaeuser
Official translation at [https://netzpolitik.org/2017/secret-documents-reveal-
german-...](https://netzpolitik.org/2017/secret-documents-reveal-german-
foreign-spy-agency-bnd-attacks-the-anonymity-network-tor-and-advises-not-to-
use-it/)

------
tryingagainbro
So BND and NSA (+ five eyes) can do this. It's probably super-safe to use in
smaller countries, unless you talk about stuff that DEA /CIA /Counter Terror
might be interested in.

------
yllaucaj
Could someone explain the bit about "The Internet for Dummies" at the
beginning? Why is that quote there?

~~~
matt4077
I'm not entirely sure, either. But I think the guy made a joke when testifying
in parliament about the spy service being behind so far technologically that
they had just recently bought a copy of "Internet for Dummies" to catch up.

In this article, it's supposed to set up the surprise that they were not,
after all, completely stupid.

The translation is a bit off, I think. I can't really figure out what to make
of all these apparently self-aggrandising statements, and I can assure you
that no German bureaucrat would use the term "Yanks".

~~~
musage
> I can assure you that no German bureaucrat would use the term "Yanks".

Well then let me assure everybody your assurance is mistaken. Two examples:

> Wir haben den Amis ja was versprochen und Mitte März ist AL [Harald Fechner]
> dort.

and

> Das, was wir jetzt haben, wäre ein guter Stand, um mit den Experten der Amis
> zu reden.

When reading "Yanks", I automatically assumed it's a translation of "Ami". How
would you translate it better? "Yankee" has negative and benign connotations,
as does "Ami", and in this context they're clearly benign. While looking into
the word I came across this:

[https://en.wikipedia.org/wiki/New_York_Yankees](https://en.wikipedia.org/wiki/New_York_Yankees)

> New York Press Sports Editor Jim Price coined the unofficial nickname
> Yankees (or "Yanks") for the club as early as 1904, because it was easier to
> fit in headlines and because "Yankee" was and is a commonly-used synonym for
> "American".

Where's the biggie?

bonus rant:

German bureaucrats use all sorts of words in all sorts of contexts. If you
mean for public communications, you're right of course, but at the workplace
and in internal emails all sorts of things are possible. It's not like
repression and conformity generates civility, they just generates masks, a
pretense of civility. That's why the stereotypical bureaucrat, nationality
irrelevant, will sign off the murder of millions as long as the paperwork is
in order, but apologize profusely if they spill their drink on your clothes,
and that outwardly gentleman-like behavior is compensation supposed to ward
off the inevitable collapse of a house of cards built on a sinkhole, not an
actual expression of the inner reality.

Ask any high ranking prostitute who has the weirdest kinks or the most
destructive fantasies. Maybe it won't be German bureaucrats, but it will be
people who behave the total opposite in real life, and are considered super
proper or even admirable. It usually won't be the guy who spits on the ground
all the time and calls everybody names. Okay, maybe because he can't afford a
prostitute, but at any rate, the idea that a German bureaucrat is _less_
likely to be abusive than the average person just doesn't sit at all with me.

------
CommentCard
Couldn't you circumvent this by using a VPN to access TOR? It would obfuscate
the entry point.

~~~
kakarot
Wouldn't your traffic then be compromised at the VPN level, opening you to
snooping from your provider? Or do I not understand something about how TOR
encrypts its requests?

~~~
sillysaurus3
This is correct. It's important to remember that everyone is just very, very
bad at opsec. The ones who aren't usually don't comment.

It's very hard and you spend most nights worrying the police will kick your
door in. Not too worthwhile.

Those who are serious should learn from the Whonix wiki. It's hard to find a
more stellar source of unbiased and comprehensive information. They have pros
and cons of both VPN to Tor and Tor to VPN, but that's like 2% of the overall
concerns you have to worry about.

~~~
CommentCard
How is adding additional layers of security bad when there is a specific
attack against one of the layers of security (timing attack via controlled TOR
nodes) that a VPN-to-Tor would disrupt? If this method is dependent on knowing
the latency going in and out of the network, adding VPNs that have varying
latencies would seem to defeat this on the surface.

I'm posing the question, as I don't see an answer in the article. Nobody gets
better at opsec if flawed methodologies aren't picked apart in detail. I'm
surprised I was downvoted, but I don't comment here frequently and maybe
didn't pose the question in enough detail. This is usually how I was accessing
Tor based on the assumption that most of the exit nodes are compromised.

~~~
sillysaurus3
Again: Go read. I gave you a reliable reference. I'd recommend spending all
weekend reading the wiki and thinking carefully about the issues. Even if you
don't use the information directly, it will give you some wonderful insights
into the belly of the underworld.

