Word to the wise, for people contemplating picking a nation state as the adversary for their circumvention tool programming project: see the amount of sophistication and technology involved here? Many countries routinely direct substantially more resources at, and I mean this entirely literally, killing mosquitoes.
Killing mosquitoes is not trivial.
This is why I'm somewhat dubious about Tor. While it can be a valuable tool, by it's nature it routes you between 3 other machines, which may be spread all over the world, thus substantially impacting performance. It can't really be used by the general population, as opposed to, say, encrypted email which if implemented well would have negligible impact.
Most mobile traffic, for example, could probably go over Tor. All background data syncronization could go over Tor. Email and IM could go over Tor.
Assuming you still use a general-purpose computer, and try to execute code on your own CPU rather than someone else's whenever possible, it's easy to have most of your applications (email, RSS, IM, data sync) go over Tor without your noticing.
The performance drop could hypothetically be unnoticeable to the user. Just as most TCP handshakes are.
This has to become a movement indeed towards pervasive cryptography. Tor's design isn't the real problem. The lack of Tor nodes/efficient broadband is the real problem.
"I just like looking at pictures of cats on imgur" (while they actually contain handler's instructions).
Now is a 40 year old Syrian man looking at pictures of cats on imgur?. That's anomalous. I guess one can't hide the need for a human factor, in other words tailoring it for a particular case.
It used to be that spies had short wave radios. You know they still have stations for example.
That's pretty good. Well except that this day and age spotting someone with a shortwave radio who is already a bit suspicious (maybe doesn't speak with the correct accent) is going to raise eyebrows perhaps. While maybe 10-30 years ago it wouldn't have.
So...now twitter is used for number stations:
Except that it is suspicious to access it and so on.
In other words it is a hard task not to be suspicious.
Not sure how pervasive it has become, but the couple of Russian spies that was caught in Germany last year or so were also using comments on Cristiano Ronaldo YouTube videos to communicate with their contacts.
From here (http://www.telegraph.co.uk/news/worldnews/europe/russia/1018...):
> The middle-aged Anschlags, who pretended to be Austrians born in Argentina and Peru, used "dead letter drops" to communicate with their informers and then transmitted information to Moscow via satellite. Some messages were passed via coded comments on YouTube videos where Mrs Anschlag's online alias was Alpenkuh1 (Alpine cow 1
Hide in porn, watching porn is not suspicious.
"So Jon, you use tor a lot. What's going on?" --"Hmm, well I like women wearing high heels stepping on tomatoes alot.." ---"Ok, well that's 10 lashes for you" (Instead of decapitation for conspiring to overthrow the government).
I would imagine if it's a completely original image, it would have to be done through frequency analysis of the various bits and bytes - not easy at scale.
On the other hand, if it's an oft-posted image, a simple diff would show off any hidden messages very quickly.
How would that scale though? Many 'oft-posted' images are modified by users for legitimate reasons. You would have to be able to figure out which changes were legitimate and which were hidden messages.
Or better use the internet for communications, cryptography and steganography are working.
As for how to use the phone to avoid attracting attention, the typical technique is to use payphones on one end and the regular phone on the other. There are details here: http://grugq.tumblr.com/post/61946725012/hizb-allah-resurrec...
The open codes that get used to avoid detection, at least historically (modern usage seems to be even more restricted) are examined here: http://grugq.tumblr.com/post/60890158036/al-qaedas-codes
And here is an analysis of a modern clandestine organisation that used mobile phones for communication: http://grugq.github.io/blog/2013/10/07/drug-delivery-service...
Your edit is a better option in that regard, but as long as online is blended in some way with offline, anonymity is impossible... which is why I don't even bother for the most part.
His social interactions could have only been directly traced to 2-3 posts outside of Tor at most. What really did him in are the pseudonyms and similarity of preferences picked up from those few instances. So really, any online/social presence is a liability if it's contaminated with something about you offline.
Once you were their prime suspect they could use more targeted, less scalable approaches like breaking into your house and installing a hardware keylogger; monitoring your wifi; searching your computers and threatening you if encryption gets in their way; breaking your internet connection and seeing if the target traffic stopped; and so on.
Needless to say, if you're torrenting some pop music this isn't much of a risk, but if you're spying on Hamas or leaking CIA documents it's a different matter.
You would then create a script on a local machine (say, a Raspberry Pi) that simulates traffic to the proxy while you're not active.
How would your magic traffic generator work? Randomly send a packet every minute? Not good enough, it'd be very easy to detect increased activity, which would be correlated to actual usage of the Tor network.
The best you could do is create some kind of Tor gateway that buffers packets. This gateway would always send n packets / minute through Tor in some programmatic pattern isolated from any packet input. If n real packets aren't available, send fake packets in their place. This is further complicated by length analysis; you would need some way to limit the length of real outgoing packets (probably via MTU) and their data so length is indistinguishable from the fakes.
You should also avoid any sort of wireless connection to this gateway, as snoopers could detect this traffic from outside your residence and again break this scheme. And the whole scheme still falls apart if your adversary is willing / capable of entering your residence. Needless to say, many nation-state level adversaries are completely comfortable doing this.
That's what I had in mind, but with a smarter gateway, that analyses your traffic and uses a Markov chain to time bogus packets when you're AFK, statistically similar to what you produce. Better still drown your real traffic in a larger stream of bogus packets.
Sending packets like clockwork is a good way to raise flags at the ISP level (beside using Tor).
The remote proxy should probably be a Tor service, like Silk road was.
My knowledge of intelligence comes mostly from old movies but it still feels like I could have thought of something better.
My guess is the methods were really simple just to keep people from screwing it up, that the thing about complicated methods is that they fall apart from people forgetting all the complicated schemes and so they're worse than simple methods (sometimes). But that's just a guess, anyone know?
While I do think the title lacks specificity to the topic, I don't think it's incorrect or misleading.
What makes you think those are "political" "feelings"?
> While I do think the title lacks specificity to the topic, I don't think it's incorrect or misleading.
I just changed my mind and I think the same thing as you do.
> It seems like these days I can't eat breakfast without reading about some new encryption app that will (supposedly) revolutionize our communications -- while making tyrannical regimes fall like cheap confetti.
The point that my post was driving at is that simply having a great usable and secure encrypted chat application is meaningless in the face of a nation state adversary. The resources that they have available, and the approach that they take to unmasking people is not dependant on being able to read the content of their messages.
Using "Super Crypto Chat 5000" to protect your message content doesn't buy you anything if you're the only person using it, and you have access to information that would place you in a pool of suspects.
As we're now seeing with the Snowden documents, this is exactly how the national security forces see encrypted messages. They pay more attention to them, and they look at who is sending them to whom.
Finally, while a more accurate title might be "Clandestine Operative Tradecraft is Complex and Error Prone in the Face of Nation State Level Adversaries" that isn't really pithy.
of course they want to read the messages and it helps them tremendously, that isn't necessary for them to be effective as a security force.
Another tidbit is that they mostly seem to be listed under a subdomain of your namesake, meaning that a person perusing your blogs would still reveal that they were reading your work, even over a secure connection, since the subdomain is communicated in plaintext to resolve the dns lookup.
When writing about paranoia at the nation state scale, these details become important, because you're ostensibly educating english-speaking users on the black art of skull duggery.
A subdomain is a good way to ups fame, but it would be slightly better to engage in forbidden discussions of this sort, with a free blog platform that offers HTTPS service, and urls identified by solely the /uri?query=string, with respect to the domain, since the non-domain portion of the URL is wrapped in SSL's encryption.
;) ...otherwise, maybe some nation state now has a list of readers borrowing subversive literature from the public library, no? And so many of them showing ycombinator as their referrer! What a seedy little hotbed of intelligencia!
- an interesting lesson in [...] real world counterintelligence
- they were looking for [...] the exact usage pattern [...] for a mobile that is used exclusively for a handler to contact an agent
- privacy of communication content [...] is not sufficient to protect against even minimal monitoring
Moreover, the more sophisticated the encryption you use, the more you set yourself apart from the crowd, further increasing your vulnerability.
But you have to have real anonymity! If I didn't link to the above, would you know who wrote it? Would you know what the message was?
Very important observation for advocates of two-factor authentication: cellular network and SMS services in some parts of the world are not trustworthy. It's much better to use single strong password versus weak password + numeric codes delivered by SMS which can be monitored/changed on the fly by an adversary.
The key is to impersonate enough phones (tunneling over a trusted subset of the network) or use a network that won't identify the endpoints. The former is much easier.
Would you know who wrote it if I didn't link to it?
Also, pastes are not done via ssl connections, so anybody between you and pastie knows what's in that paste, and what IP created it.
Depending on how you send that link, that messaging provider knows (for example sending it via Skype, Microsoft knows).
And thence does anybody with the legal capability of subponeaing data from any of those services.
If the sender can edit a previous paste, they can agree on a URL, but I didn't see how to do that.
CoS has two types of N nodes: relays R and clients C (Csrc wants to send packets to Cdst).
Every nodes, N, talks to each other at constant rate B. Directional asymmetric rates are allowed. If there is nothing to send, a packet containing the output of a CSPRNG must be sent to meet B, which will be dropped by the other node. Every link in each direction maintains B.
C must use at least 1 node to talk to each other. Direct C-C traffic and network loops are expressly forbidden.
C must agree to encrypt the contents of their opaque application payload, P, amongst themselves.
R informs Csrc of the list keys (k0, k1, .. kn) to recursively encrypt P with, resulting in payload to send, M = E(kn,..E(k1,E(k0,P))).
Keys must never be reused except given the same Csrc to Cdest, but only for a maximum time and number of bytes.
M is decrypted by each node and forwarded on to the neighbor if it is a valid packet.
N must never know the complete path a beyond the neighbor node with which to send a packet and the specified path nodes.
N must be assumed to be hostile.
The reason for russian dolls encryption per link is to prevent correlation analysis.
Lots of unanswered Q's:
- Node discovery / reachability
- Node impersonation (remember tcp connection hijacking?)
- Hostile nodes (relays and clients), especially hostile relays that prefer to connect to each other. Perhaps clients (Csrc and Cdest) each specify a small # of nodes that a path must traverse. Periodically check with each specified node with a challenge to verify path integrity? (There must be a better way to ensure path integrity using crypto without backchannels to specified nodes.)
- (D|)DoS - limits for all operations. Exponential backoff.
- Crypto specifics, key scheduling, rotation, minimum&maximum rekey rate.
- Packet particulars (packet size tradeoff: overhead vs. latency), transport/s (TCP sounds easiest), reconnection.
- Multipath? Just say no (at least initially).
- How is this better than tor? (Statistical analysis may prove if a host belongs to CoS, but not to whom. Tor may not be sufficiently mixed under "capture everything".)
- Node identifier? 384-bits is plenty.
Anonymity online is really important to me and I want to learn more about how to achieve that. As a rule of thumb, I use Tor when I browse. What other things can people do to hide their trace online?
It's not just a technology choice, it's lifestyle changes and it's a huge commitment.
Anonymity can be maintained even if the pattern of communication is not "normal". What you need for anonymity is for the parts of the system(s) you interact with to not identify you. This certainly should apply to the nodes you interact with directly, so they should be under your control (e.g. the user-agent software, the computer you use, the facility the computer is located in, etc.) Further out, the system components have to not have a centralized ID of the endpoints. Cellphone networks DO have a centralized hub, namely the cellphone company. The key to anonymity is to make sure that none of the parts of the system can identify you, either because they don't require a centralized ID, or because the ID provider / facility / computer you used to access the system is unwilling or unable to identify you.
The way that governments and other organizations combat anonymity is by requiring various systems to identify other parts of the system (e.g. cellphones) with unique identifiers before letting them use that system. There are only two ways to defeat this:
1) Create a fake user-agent, to impersonate existing identifier(s), or
2) Circumvent the requirement to identify oneself.
The first one will put individuals you impersonate at risk, but it is likely they'll be let go and not subjected to "rubberhose cryptanalysis". The second one will eventually attract the attention of the governments. If they can set things up in such a way that systems (e.g. Lavabit) that refuse to identify individuals are somehow punished, their license to operate revoked, etc. then this should prove a deterrent to anonymity.
In the real world there are plenty of systems in the world who do not care about who is sending the data through the wires (net neutrality is related). Some of them are tunneled over other systems. Tor is an example, Freenet is another. They use primarily legitimate, identified accounts (e.g. someone in their home using an ISP) to transmit this tunneled information, sometimes over a protocol that is indistinguishable from TLS. As long as things like SSL and TLS are allowed, this will be possible.
As long as such a system is distributed enough that it doesn't have a central way to shut it down, it will be infeasible for governments to intimidate enough operators of the system into shutting it down. These are the ways to have true anonymity. PerfectDark and Freenet are used in countries with oppressive governments.
Note that you can have a consistent identity and still be anonymous! This can be great for reputations, e.g. of app developers, app stores, antivirus companies and reviewers of software. I have written a lot more on the subject here:
What the article describes is that steganography is hard. Acting in the real world while avoiding suspicion of a government with access to many systems (telephone systems, etc.) is hard. Which is probably a good thing. Terrorism is a problem of technology. 300 years ago it was nearly impossible for a few guys to kill thousands -- they'd be apprehended and stopped first. Today, there is more and more technology that empowers individuals to kill may people. This goes back to the machine-gun debate, but basically as capabilities grow (3d printers printing guns, for instance) so does the surveillance. Sadly the surveillance isn't going away, because the technology for both is only increasing.
To be anonymous online is extremely difficult. It requires a huge change in lifestyle. Here is one example of a CIA operative explaining how difficult it would be: http://blogsofwar.com/2013/08/06/tor-and-the-illusion-of-ano...
Here is some technology that I put together to make it easier to avoid mistakes: http://grugq.github.io/blog/2013/10/05/thru-a-portal-darkly/
Here is why you are probably wrong about your techniques for avoiding detection. Essentially, we don't know what the capabilities of the adversary are, and therefore we can't develop effective countermeasures. We can postulate, and guess, but we can't know if our countermeasures are successful until they fail catastrophically. http://grugq.github.io/blog/2013/06/14/you-cant-get-there-fr...
Here is how one can begin to unlink and operate anonymously, however it is not a viable long term proposition and few people can maintain the discipline to do this for extended periods of time. http://grugq.github.io/blog/2013/06/13/ignorance-is-strength...
The article does not talk about steganography. It talks about how in the real world real adversaries use real data to find real people who made real mistakes and really kill them. The problem was that the CIA case officer was lazy (or incompetent) and reused the same meeting places; the agents inside Hezbollah were contacted in a way that attracted attention, although it likely seemed very low profile at the time it was adopted; and, Hezbollah was able to use this signal "something weird is happening at this location" to narrow the list of suspects that they had to surveil for counterespionage.
That could have been a coded message using a one-time pad. The encryption doesn't have to be super complex. If I didn't link to it, how would you know who posted it?
You'd have to track down pastie.org, or its ISP and see who posted this message around the time it was posted. Then you'd have to track down the IP that originated the message, and then talk to my ISP about who owns that IP. Even assuming everyone cooperated with you, I could have went to a library and sent it from there. If they took some form of ID I could have faked the ID. Then you'd have to obtain video footage from the library of who used the computer.
But you'd get stuck at the first stage - it's unlikely pastie.org keeps track of who's posting. It's a case of #2.
Tor is much less resilient than Freenet because it's A) susceptible to traffic pattern analysis, and B) because each resource has a single point of failure - its host.
All the information a person produces tells a certain amount about their habit and attributes. The more information one produces under a single handle or for a single purpose, the more information you "leak" about the person who is acting and the more a determined adversary can use to find less protected, less anonymous outputs that have the same signature.
So it is hard to be anonymous anywhere. Maybe you have shown how a determined person can take anonymous actions online. But the problem is people skimp somewhere. You can say X got caught because they didn't take Y precaution. But what may be going on is that with X's resources, he/she can only some lesser level of precautions elsewhere. Given that she/he wouldn't/couldn't do the rest of the protections, he/she figured there wasn't a good reason to do Y - X could been right in that X's life remained a bit happier tell inevitable day he/she was caught.
td;dr; It's not the door but building you gotta secure and buildings are expensive.
I suggest that you read the links I have posted and the articles I've written, both on http://grugq.tumblr.com and http://grugq.github.io ... there is a lot of information there about how to operate clandestinely.
1) Single point of failure. This is also related to increased susceptibility to network analysis. Even if the CIA "can't deanonymize everyone all the time" they can deanonymize a given host of a given network, by analyzing traffic patterns, placing proxies in the way or backdooring the nodes in the network, etc.
2) Recording. As you say, he got serious about his security "too late". In an age where tons of stuff you do online can be recorded and found when needed, you have to protect your anonymity from day 1.
What I am claiming is that it's possible to BEGIN an alternate identity by leveraging techniques #1 and #2. #1 is what you can do with freenet or perfectdark - basically, distributed DHTs which DO NOT record the originator of a file. While it's true that a given freenode network can be compromised by backdooring enough nodes, that is much harder to do than with Tor. And #2 is what you can do with services like pastie and others who simply DO NOT have the capability in place to record who posted a message. As governments go after people, they will attempt to intimidate #2 type services.
Either way there can be databases listing the confidence that a given system does NOT record a particular identifier such as an IP address. The ones that score high can be used directly. The ones that score low must unfortunately be used via commandeered accounts and the steganography would proceed that way.
If there were truly no networks that the agents could trust, the agents could have aggressively employed steganography - they should have basically commandeered some email addresses in the country (http://xkcd.com/792/) and then tunneled messages through a number of different channels, including the text, the timing of the messages, the order of the messages, etc.
There's tons of ways to do this without falling prey to being doxed. However, once even the smallest bit is revealed (e.g. your literary writing style is identified) the whole thing can unravel IN THEORY.