The adversary, Hezbollah, used access to the telephone company logs (they have those), and searched for atypical mobile phone usage patterns:
Word to the wise, for people contemplating picking a nation state as the adversary for their circumvention tool programming project: see the amount of sophistication and technology involved here? Many countries routinely direct substantially more resources at, and I mean this entirely literally, killing mosquitoes.
Key insight: "The problem with many security systems based purely on secrecy is that their usage is itself anomalous. It singles out and attracts attention to the users." In other words, the very use of secrecy is itself a weakness that can be exploited by attackers.
And this is why privacy advocates try to push for pervasive cryptography. If everyone's traffic is encrypted, then use of crypto doesn't bring suspicion on you.
This is why I'm somewhat dubious about Tor. While it can be a valuable tool, by it's nature it routes you between 3 other machines, which may be spread all over the world, thus substantially impacting performance. It can't really be used by the general population, as opposed to, say, encrypted email which if implemented well would have negligible impact.
It can't really be used by the general population for some web browsing, but it can easily be used for a variety of other applications.
Most mobile traffic, for example, could probably go over Tor. All background data syncronization could go over Tor. Email and IM could go over Tor.
Assuming you still use a general-purpose computer, and try to execute code on your own CPU rather than someone else's whenever possible, it's easy to have most of your applications (email, RSS, IM, data sync) go over Tor without your noticing.
The espionage game has always been about being clandestine, many new techniques attract attention (tor for example) because of their honeypot nature. The old adage of hiding in the crowd will always be more difficult to notice.
That's pretty good. Well except that this day and age spotting someone with a shortwave radio who is already a bit suspicious (maybe doesn't speak with the correct accent) is going to raise eyebrows perhaps. While maybe 10-30 years ago it wouldn't have.
> "I just like looking at pictures of cats on imgur" (while they actually contain handler's instructions
Not sure how pervasive it has become, but the couple of Russian spies that was caught in Germany last year or so were also using comments on Cristiano Ronaldo YouTube videos to communicate with their contacts.
> The middle-aged Anschlags, who pretended to be Austrians born in Argentina and Peru, used "dead letter drops" to communicate with their informers and then transmitted information to Moscow via satellite. Some messages were passed via coded comments on YouTube videos where Mrs Anschlag's online alias was Alpenkuh1 (Alpine cow 1
Not bad. Also could for plausible deniability of use of encryption. Or I guess to use our governments' newspeak "parallel construction".
"So Jon, you use tor a lot. What's going on?" --"Hmm, well I like women wearing high heels stepping on tomatoes alot.." ---"Ok, well that's 10 lashes for you" (Instead of decapitation for conspiring to overthrow the government).
The question I would have about this (and i wouldn't be at all qualified to answer) is, how difficult would it be to detect the presence of steganography in images, disregarding being able to decrypt it? In other words, couldn't a state actor just find out what the most common steganography techniques were, derive some kind of fingerprints from that, scan sites like imgur and profile users posting those images?
> if it's an oft-posted image, a simple diff would show off any hidden messages very quickly.
How would that scale though? Many 'oft-posted' images are modified by users for legitimate reasons. You would have to be able to figure out which changes were legitimate and which were hidden messages.
This is the exact way in which metadata, in the age of computer analysis, is just as important as the data itself. With a computer looking for patterns, it's possible to sift through billions of pieces of data to single out someone trying to hide in the noise.
One solution (if you really need to communicate using a mobile phone) is to drive (better with public transport or in taxi) with the phone (turned off, no battery) to some random location, with no CCTVs around, turn it on at predefined time, wait for contact, turn it off, remove the battery, go home. The phone must be clean (not used before with other SIM cards that can be linked to you) and the SIM card must be clean (not used with other phones that can be linked to you). And you should change the phone (or at least its IMEI, but better change the phone, changing the IMEIs is illegal in most countries) and the SIM card regularly.
Or better use the internet for communications, cryptography and steganography are working.
True. But then again, you don't need that much anyway. I doubt they scanned his entire email archive at least first. Just the fact of including his real email and that one post on SO seemed to have been enough to establish probable cause.
His social interactions could have only been directly traced to 2-3 posts outside of Tor at most. What really did him in are the pseudonyms and similarity of preferences picked up from those few instances. So really, any online/social presence is a liability if it's contaminated with something about you offline.
If all the target traffic came from your exit node and none from any other, you could become their prime suspect.
Once you were their prime suspect they could use more targeted, less scalable approaches like breaking into your house and installing a hardware keylogger; monitoring your wifi; searching your computers and threatening you if encryption gets in their way; breaking your internet connection and seeing if the target traffic stopped; and so on.
Needless to say, if you're torrenting some pop music this isn't much of a risk, but if you're spying on Hamas or leaking CIA documents it's a different matter.
Yes. One of the investigative tools is correlating presence of a nick online with Tor activity from a suspect. IIRC, they did this on an Anonymous they were tracking a few years ago: watched his physical Internet connection, and observed that the traffic matched his IRC nick's presences.
Traffic analysis is still possible under this scenario. It's only marginally harder.
How would your magic traffic generator work? Randomly send a packet every minute? Not good enough, it'd be very easy to detect increased activity, which would be correlated to actual usage of the Tor network.
The best you could do is create some kind of Tor gateway that buffers packets. This gateway would always send n packets / minute through Tor in some programmatic pattern isolated from any packet input. If n real packets aren't available, send fake packets in their place. This is further complicated by length analysis; you would need some way to limit the length of real outgoing packets (probably via MTU) and their data so length is indistinguishable from the fakes.
You should also avoid any sort of wireless connection to this gateway, as snoopers could detect this traffic from outside your residence and again break this scheme. And the whole scheme still falls apart if your adversary is willing / capable of entering your residence. Needless to say, many nation-state level adversaries are completely comfortable doing this.
> If n real packets aren't available, send fake packets in their place.
That's what I had in mind, but with a smarter gateway, that analyses your traffic and uses a Markov chain to time bogus packets when you're AFK, statistically similar to what you produce. Better still drown your real traffic in a larger stream of bogus packets.
Sending packets like clockwork is a good way to raise flags at the ISP level (beside using Tor).
The remote proxy should probably be a Tor service, like Silk road was.
Or you could just run a middleman node. Then dummy traffic prevents this sort of easy correlation attack. (Actually, I'm not sure Tor does generate any dummy traffic these days. I suppose you could generate your own.)
The methods supposedly used by the CIA here seem terrible for the reasons mentioned (especially always meeting at the same pizza place).
My knowledge of intelligence comes mostly from old movies but it still feels like I could have thought of something better.
My guess is the methods were really simple just to keep people from screwing it up, that the thing about complicated methods is that they fall apart from people forgetting all the complicated schemes and so they're worse than simple methods (sometimes). But that's just a guess, anyone know?
I think this is not exactly about anonymity and the title is a little bit misleading. The title should be "Hiding secret activities is hard", as anonymity also applies to cases where you have nothing to hide.
You seem overly concerned with adding your political feelings to the concept of anonymity. One definition of anonymity is "lacking individuality, unique character, or distinction," which is what spies attempt to do when they practice tradecraft. This article is about how difficult it was to do that.
While I do think the title lacks specificity to the topic, I don't think it's incorrect or misleading.
> It seems like these days I can't eat breakfast without reading about some new encryption app that will (supposedly) revolutionize our communications -- while making tyrannical regimes fall like cheap confetti.
The point that my post was driving at is that simply having a great usable and secure encrypted chat application is meaningless in the face of a nation state adversary. The resources that they have available, and the approach that they take to unmasking people is not dependant on being able to read the content of their messages.
Using "Super Crypto Chat 5000" to protect your message content doesn't buy you anything if you're the only person using it, and you have access to information that would place you in a pool of suspects.
As we're now seeing with the Snowden documents, this is exactly how the national security forces see encrypted messages. They pay more attention to them, and they look at who is sending them to whom.
Finally, while a more accurate title might be "Clandestine Operative Tradecraft is Complex and Error Prone in the Face of Nation State Level Adversaries" that isn't really pithy.
of course they want to read the messages and it helps them tremendously, that isn't necessary for them to be effective as a security force.
Just wanted to take the time to ask: If you want anglophones to read up on operational security, and perhaps adhere to such tenets as prescribed in your articles, why are all of your sites plaintext and not secure?
Another tidbit is that they mostly seem to be listed under a subdomain of your namesake, meaning that a person perusing your blogs would still reveal that they were reading your work, even over a secure connection, since the subdomain is communicated in plaintext to resolve the dns lookup.
When writing about paranoia at the nation state scale, these details become important, because you're ostensibly educating english-speaking users on the black art of skull duggery.
A subdomain is a good way to ups fame, but it would be slightly better to engage in forbidden discussions of this sort, with a free blog platform that offers HTTPS service, and urls identified by solely the /uri?query=string, with respect to the domain, since the non-domain portion of the URL is wrapped in SSL's encryption.
;) ...otherwise, maybe some nation state now has a list of readers borrowing subversive literature from the public library, no? And so many of them showing ycombinator as their referrer! What a seedy little hotbed of intelligencia!
It's actually worse than that. It's not just that encryption isn't enough, it's that encryption can be worse than no encryption, since using encryption marks you out as someone who's different than the vast majority of users on the network. In a world where normal people are happy to sling everything around in the clear, a person using any encryption at all flags themselves as potentially suspicious. (Not suspicious enough by itself to give a Western law enforcement agency what it needs to make a case against you -- but more than enough to convince less scrupulous actors like intelligence agencies that you're a person deserving of a hard, hard look.)
Moreover, the more sophisticated the encryption you use, the more you set yourself apart from the crowd, further increasing your vulnerability.
This is why we want to make it standard for the world over. If everyone uses OTR chat clients, you using OTR chat clients doesn't stand out. If the corporate world uses VPN, then VPN traffic doesn't stand out. If %70 of the internet is always under SSL, then you using another SSL website or email server does not stand out. If %10 of the country uses TOR to look at porn or whatever else in your country because you restrict it with your countries' firewall, then TOR doesn't stand out.
The adversary, Hezbollah, used access to the telephone company logs (they have those), and searched for atypical mobile phone usage patterns.
Very important observation for advocates of two-factor authentication: cellular network and SMS services in some parts of the world are not trustworthy. It's much better to use single strong password versus weak password + numeric codes delivered by SMS which can be monitored/changed on the fly by an adversary.
What the CIA should have done is have phones which impersonate actual, "normal" phones when necessary and send messages which resemble normal messages. Not "PIZZA!" but whatever the local people send, e.g. "miss u". There could be a challenge-response that is not deterministic, e.g. "are we still on for tomorrow?" "looking forward to it" and then some normal sounding conversation (of course, tomorrow wouldn't be the day they would meet).
The key is to impersonate enough phones (tunneling over a trusted subset of the network) or use a network that won't identify the endpoints. The former is much easier.
Suppose to ensure anonymity, let's call a hypothetical anonymous, encrypted mixnet overlay service : Cone of Silence.
CoS has two types of N nodes: relays R and clients C (Csrc wants to send packets to Cdst).
Every nodes, N, talks to each other at constant rate B. Directional asymmetric rates are allowed. If there is nothing to send, a packet containing the output of a CSPRNG must be sent to meet B, which will be dropped by the other node. Every link in each direction maintains B.
C must use at least 1 node to talk to each other. Direct C-C traffic and network loops are expressly forbidden.
C must agree to encrypt the contents of their opaque application payload, P, amongst themselves.
R informs Csrc of the list keys (k0, k1, .. kn) to recursively encrypt P with, resulting in payload to send, M = E(kn,..E(k1,E(k0,P))).
Keys must never be reused except given the same Csrc to Cdest, but only for a maximum time and number of bytes.
M is decrypted by each node and forwarded on to the neighbor if it is a valid packet.
N must never know the complete path a beyond the neighbor node with which to send a packet and the specified path nodes.
N must be assumed to be hostile.
The reason for russian dolls encryption per link is to prevent correlation analysis.
- Hostile nodes (relays and clients), especially hostile relays that prefer to connect to each other. Perhaps clients (Csrc and Cdest) each specify a small # of nodes that a path must traverse. Periodically check with each specified node with a challenge to verify path integrity? (There must be a better way to ensure path integrity using crypto without backchannels to specified nodes.)
- (D|)DoS - limits for all operations. Exponential backoff.
I am the creator of Dmtri.com. It's a place where you can share thoughts anonymously whether you are signed up or not. Even when you sign up you have a choice to write anonymously to keep track of your writing.
Anonymity online is really important to me and I want to learn more about how to achieve that. As a rule of thumb, I use Tor when I browse. What other things can people do to hide their trace online?
If you are working on such a site, I hope several things.
1) That the user name you're using here is randomly generated
2) You used domain registration authorities that consider secrecy imperative. Even with that, you used single-use credit cards or the like, and didn't use your real name.
3) You always browse everything in whatever your browser's privacy mode is. It doesn't solve everything, but its another layer.
4) Do not have java or flash installed, it can expose you more and leak data.
5) Finally, really do not go to sites like this and ask questions like this without having a burner account set up. If you have to ask these questions, log in from a location you will never visit again. Use a tool like the trashmail extension to use one-of accounts (https://addons.mozilla.org/En-us/firefox/addon/trashmailnet/)
I see the only lesson here: NEVER use cell phones for activities that you want to keep secret. They are known to be easily trackable and heavily backdored. Linux netbook (single-use&destroy for extra credits) with TOR + encrypted mail or IM on public WiFi networks would be much more secure and not so impractical on such high stakes.
My guess would be deniability. If the Bad Guys come search your house and you have a mobile phone sitting in a drawer, that in itself isn't incriminating, because lots of people have mobile phones sitting in drawers. Very few people have satphones sitting in drawers, though, so possessing one would be anomalous -- which raises suspicions in the same way that having a mobile phone that never moves and only infrequently turns on does.
Firstly, I'm pretty sure they leave phone logs anyways, just not with the local teleco. Secondly, you're going to look suspicous with a satillite phone when everyone else has a mobile, and I doubt you can buy prepaid satillite phones with cash and non documentation like you can with mobile phones.
Anonymity can be maintained even if the pattern of communication is not "normal". What you need for anonymity is for the parts of the system(s) you interact with to not identify you. This certainly should apply to the nodes you interact with directly, so they should be under your control (e.g. the user-agent software, the computer you use, the facility the computer is located in, etc.) Further out, the system components have to not have a centralized ID of the endpoints. Cellphone networks DO have a centralized hub, namely the cellphone company. The key to anonymity is to make sure that none of the parts of the system can identify you, either because they don't require a centralized ID, or because the ID provider / facility / computer you used to access the system is unwilling or unable to identify you.
The way that governments and other organizations combat anonymity is by requiring various systems to identify other parts of the system (e.g. cellphones) with unique identifiers before letting them use that system. There are only two ways to defeat this:
1) Create a fake user-agent, to impersonate existing identifier(s), or
2) Circumvent the requirement to identify oneself.
The first one will put individuals you impersonate at risk, but it is likely they'll be let go and not subjected to "rubberhose cryptanalysis". The second one will eventually attract the attention of the governments. If they can set things up in such a way that systems (e.g. Lavabit) that refuse to identify individuals are somehow punished, their license to operate revoked, etc. then this should prove a deterrent to anonymity.
In the real world there are plenty of systems in the world who do not care about who is sending the data through the wires (net neutrality is related). Some of them are tunneled over other systems. Tor is an example, Freenet is another. They use primarily legitimate, identified accounts (e.g. someone in their home using an ISP) to transmit this tunneled information, sometimes over a protocol that is indistinguishable from TLS. As long as things like SSL and TLS are allowed, this will be possible.
As long as such a system is distributed enough that it doesn't have a central way to shut it down, it will be infeasible for governments to intimidate enough operators of the system into shutting it down. These are the ways to have true anonymity. PerfectDark and Freenet are used in countries with oppressive governments.
Note that you can have a consistent identity and still be anonymous! This can be great for reputations, e.g. of app developers, app stores, antivirus companies and reviewers of software. I have written a lot more on the subject here:
What the article describes is that steganography is hard. Acting in the real world while avoiding suspicion of a government with access to many systems (telephone systems, etc.) is hard. Which is probably a good thing. Terrorism is a problem of technology. 300 years ago it was nearly impossible for a few guys to kill thousands -- they'd be apprehended and stopped first. Today, there is more and more technology that empowers individuals to kill may people. This goes back to the machine-gun debate, but basically as capabilities grow (3d printers printing guns, for instance) so does the surveillance. Sadly the surveillance isn't going away, because the technology for both is only increasing.
Actually the problem goes beyond this. The adversary (Hezbollah in this case) correlated anomalous data (the weird mobile phone behavior) with information about people inside their organisation who had access to sensitive information. They could say "this apartment complex has a static mobile phone" and also "this same apartment complex is where the regional director of operations lives". This correlation is what allowed them to then place surveillance on the suspect and eventually they were able to unravel the whole spy ring (due to other tradecraft errors).
Here is why you are probably wrong about your techniques for avoiding detection. Essentially, we don't know what the capabilities of the adversary are, and therefore we can't develop effective countermeasures. We can postulate, and guess, but we can't know if our countermeasures are successful until they fail catastrophically. http://grugq.github.io/blog/2013/06/14/you-cant-get-there-fr...
The article does not talk about steganography. It talks about how in the real world real adversaries use real data to find real people who made real mistakes and really kill them. The problem was that the CIA case officer was lazy (or incompetent) and reused the same meeting places; the agents inside Hezbollah were contacted in a way that attracted attention, although it likely seemed very low profile at the time it was adopted; and, Hezbollah was able to use this signal "something weird is happening at this location" to narrow the list of suspects that they had to surveil for counterespionage.
That could have been a coded message using a one-time pad. The encryption doesn't have to be super complex. If I didn't link to it, how would you know who posted it?
You'd have to track down pastie.org, or its ISP and see who posted this message around the time it was posted. Then you'd have to track down the IP that originated the message, and then talk to my ISP about who owns that IP. Even assuming everyone cooperated with you, I could have went to a library and sent it from there. If they took some form of ID I could have faked the ID. Then you'd have to obtain video footage from the library of who used the computer.
But you'd get stuck at the first stage - it's unlikely pastie.org keeps track of who's posting. It's a case of #2.
Tor is much less resilient than Freenet because it's A) susceptible to traffic pattern analysis, and B) because each resource has a single point of failure - its host.
The thing about anonymity that it is not about someone taking a single anonymous action. It is hiding the identity of a whole person, a person with many habits and many attributes.
All the information a person produces tells a certain amount about their habit and attributes. The more information one produces under a single handle or for a single purpose, the more information you "leak" about the person who is acting and the more a determined adversary can use to find less protected, less anonymous outputs that have the same signature.
So it is hard to be anonymous anywhere. Maybe you have shown how a determined person can take anonymous actions online. But the problem is people skimp somewhere. You can say X got caught because they didn't take Y precaution. But what may be going on is that with X's resources, he/she can only some lesser level of precautions elsewhere. Given that she/he wouldn't/couldn't do the rest of the protections, he/she figured there wasn't a good reason to do Y - X could been right in that X's life remained a bit happier tell inevitable day he/she was caught.
td;dr; It's not the door but building you gotta secure and buildings are expensive.
You're missing the "nation state level adversary" component. I personally, do not know your mobile phone number or the last cell tower that it associated with. But I am not your adversary. A nation state level adversary ipso facto has access to that information.
I took a look at the links you provided. There's some interesting stuff in there. I note, however, that the downfall of guys like Ulbricht involved things like:
1) Single point of failure. This is also related to increased susceptibility to network analysis. Even if the CIA "can't deanonymize everyone all the time" they can deanonymize a given host of a given network, by analyzing traffic patterns, placing proxies in the way or backdooring the nodes in the network, etc.
2) Recording. As you say, he got serious about his security "too late". In an age where tons of stuff you do online can be recorded and found when needed, you have to protect your anonymity from day 1.
What I am claiming is that it's possible to BEGIN an alternate identity by leveraging techniques #1 and #2. #1 is what you can do with freenet or perfectdark - basically, distributed DHTs which DO NOT record the originator of a file. While it's true that a given freenode network can be compromised by backdooring enough nodes, that is much harder to do than with Tor. And #2 is what you can do with services like pastie and others who simply DO NOT have the capability in place to record who posted a message. As governments go after people, they will attempt to intimidate #2 type services.
Either way there can be databases listing the confidence that a given system does NOT record a particular identifier such as an IP address. The ones that score high can be used directly. The ones that score low must unfortunately be used via commandeered accounts and the steganography would proceed that way.
If there were truly no networks that the agents could trust, the agents could have aggressively employed steganography - they should have basically commandeered some email addresses in the country (http://xkcd.com/792/) and then tunneled messages through a number of different channels, including the text, the timing of the messages, the order of the messages, etc.
There's tons of ways to do this without falling prey to being doxed. However, once even the smallest bit is revealed (e.g. your literary writing style is identified) the whole thing can unravel IN THEORY.