Adonis Diaries

Posts Tagged ‘Tor

Can break Tor anonymity without even touching encryption?  MIT researchers

Before the arrest of Silk Road creator Ross Ulbricht made headlines a few years ago, most everyday web users had never heard of Tor.

Originally developed by US Naval Research Laboratory employees, Tor (an acronym for “The Onion Router”) is a popular piece of software designed to enable truly anonymous communications online.

Today, it’s estimated that approximately 2.5 million users use Tor on a daily basis.

DON’T MISS: Why does every Android phone company think it can be Apple?

Highlighting Tor’s robust privacy features, a leaked NSA presentation titled ‘Tor Stinks’, courtesy of Edward Snowden of course, reads in part:

We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users.

The presentation further added that the NSA, at that point in time, was unsuccessful in its efforts to identify an individual anonymous user in response to specific requests.

Suffice it to say, Tor is pretty secure as far as keeping exploits on the web as private as can be.

Nonetheless, researchers at MIT and the Qatar Computing Research Institute have come up with a clever way to track what users on Tor are up to.

ExtremeTech reports:

[Tor] offers anonymous access to online resources by passing user requests through multiple layers of encrypted connections. It all starts at the entry node, sometimes called the guard. That’s the only system that knows your real IP address, but the next node in the chain only knows the IP of the entry node, the next only knows the previous node’s address, and so on until you reach the destination.

The attack targets the previously mentioned entry nodes, as have several attacks in the past. Basically, the attacker sets up a computer on the Tor network as an entry node and waits for people to send requests through it. When a connection is established over Tor, a lot of data is sent back and forth.

MIT researchers used machine learning algorithms to monitor that data and count the packets. Using only this metric, the system can determine with 99% accuracy what kind of resource the user is accessing (i.e. the open web, a hidden service, and so on).

All of this without even having to break encryption.

The report further adds that researchers achieved an 88% success rate when attempting to compromise Tor’s hidden services, a feature which protects the specific identification of websites a user is accessing.

The researchers involved plan to discuss Tor’s software vulnerabilities next month at the Usenix Security Symposium. Notably, the researchers have also come up with some proper defenses to their published attacks and have been in contact with representatives of the Tor project about implementing them.

Andrew Bossone shared this link

Like u were sayin Muhammad Radwan

Before the arrest of Silk Road creator Ross Ulbricht made headlines a few years ago, most everyday web users had never heard of Tor. Originally developed by…
t.co|By Yoni Heisler

 

NSA targets people searching for anonymity options

TECHNOLOGY – JULY 3, 2014

As more information about the NSA’s spy program leaks, Internet users are exploring encryption options.

A new report suggests searching for privacy software online can make you a target for the NSA.

Source:

SOURCE:

The report published in Tagesschau (English translation) describes the “deep packet inspection” rules used by the NSA’s XKeyscore program to target Internet users for surveillance.

Among the activities that will trigger surveillance by the NSA is searching for information on Tor — anonymous browsing software used by journalists, activists, dissidents, as well as criminal elements.

Tor--The Onion Router--obscures users' identities by routing their Internet traffic through servers (or "nodes") around the world. The open-source project receives much of its funding from the U.S. Dept. of State and Dept. of Defense. Connecting to Tor is necessary to access the so-called Dark Web.SOURCE:

Tor–The Onion Router–obscures users’ identities by routing their Internet traffic through servers (or “nodes”) around the world.

The open-source project receives much of its funding from the U.S. Dept. of State and Dept. of Defense. Connecting to Tor is necessary to access the so-called Dark Web.

The German report found that the NSA had targeted a server in Germany that is used as a directory for Tor nodes. Users who connect to the server are logged and tracked by the agency.

The NSA also scans emails for those requesting access to a “bridge” — a node not listed on the public Tor directory.

In October 2013, the Guardian reported how the NSA and the UK’s GCHQ have made several attempts to penetrate Tor. It is believed that Tor has never been successfully compromised.

The report notes that the NSA and GCHQ, unable to successfully compromise Tor, have instead focused on compromising software commonly used to access Tor such as the popular Tor Browser Bundle.

Until recently the Bundle included a version of Firefox that was susceptible to attack. One such attack occurred last summe

“[The] NSA has unmatched technical capabilities to accomplish its lawful mission. As such, it should hardly be surprising that our intelligence agencies seek ways to counteract targets’ use of technologies to hide their communications…

Our intelligence community would not be doing its job if we did not try to counter that.” NSA SPOKESPERSON

The NSA did not confirm that it has targeted Tor, but told the Guardian that the agency has a rich history of attempting to collect and crack intelligence of foreign states and other adversaries.

A leaked intelligence presentation from June 2012 is titled “Tor Stinks,” and says that the intelligence agency will “never” be able to successfully penetrate Tor.

“The common thread among these stories is that the NSA is subverting the internet and turning it into a massive surveillance tool…

Given how inept the NSA was at protecting its own secrets, it’s extremely unlikely that Edward Snowden was the first sysadmin contractor to walk out the door with a boatload of them.” BRUCE SCHNEIER

Schneier is a well-known computer security expert who has helped the Guardian with its series of electronic surveillance articles.

Worldwide Internet freedom declined in 2013 as governments increased surveillance of what their citizens say and do online, according to Freedom House’s “Freedom on the Net 2013” report.

Though the U.S. dropped 5 points compared to 2012, it’s still considered one of the freest countries online.

 


adonis49

adonis49

adonis49

October 2020
M T W T F S S
 1234
567891011
12131415161718
19202122232425
262728293031  

Blog Stats

  • 1,427,014 hits

Enter your email address to subscribe to this blog and receive notifications of new posts by email.adonisbouh@gmail.com

Join 774 other followers

%d bloggers like this: