Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 212 213 [214] 215 216 ... 249
3196
Security / Re: FBI bust on Anon member reveals insider TOR info... FBI has TOR network expert
« on: March 08, 2012, 02:37 am »
This is actually a prime example of why hidden services are not actually anonymous from FBI. Using the 06 attack they can trace to entry guards in a matter of minutes to hours. Then they use a trap and trace on the entry guard to pick out the hidden service. If the entry guards are not in USA (any one out of the three) they will need to spend a tiny bit of time on MLAT paper work, or they could just wait a month or two considering entry guards change every month or two, and its only a matter of time until one is in USA (probably not much time at all considering how many Tor nodes are in USA).

My opinion is that hidden services stand a 0% chance of not being traceable by the feds.

3197
Security / Re: FBI bust on Anon member reveals insider TOR info... FBI has TOR network expert
« on: March 08, 2012, 02:29 am »
The real moral of the story is that Tor doesn't protect from traffic confirmation attacks. If the feds can see traffic at two points on the Tor network, they can determine that it is part of the same flow. They didn't just see that he was using Tor, they confirmed that he was their suspect (which they already had a pretty good idea of, but nothing hard). They did a timing attack to demonstrate that the person they were monitoring with the trap and trace was the person in the IRC. Because they could see him send data and they could also see it arrive at the end point (since he was talking to an informant).

The real fuck up on his part was apparently in leaking enough information that the feds could consider him a suspect. If the feds had controlled his entry guard (due to some dragnet signals intelligence operation that they probably have going) they would have been able to determine his identity, in this case they already thought they had their guy and they confirmed his identity. So apparently none of these guys were using FBI pwnt entry guards for the entire duration of their lulz. This is valuble intelligence as we can actually look at how long they were operating for and determine the number of entry guards they would have used, and show that apparently none of them were owned by FBI.

meh I am too tripping balls to give this the more concise reply it deserves :P.

3198
Silk Road discussion / Re: How Long for SR?
« on: March 07, 2012, 04:15 pm »
Quote from: souledout on March 07, 2012, 09:38 am
too many jurisdictions involved for any sort of concerted effort IMO

Have you never heard of Interpol?

3199
Security / Re: Anonymous (and safe) instant messenger
« on: March 07, 2012, 03:55 pm »
Get Pidgin instant message client and the pidgin otr plugin for encryption. It doesn't really matter much which instant message service you use as long as everything is encrypted and routed through Tor. It is possible for OTR to be MITMed pretty easily unless you use the provided tools to detect / avoid this. Most people don't but they really should.

3200
Security / Re: PGP key/password compromised
« on: March 07, 2012, 03:53 pm »
Quote from: midas on March 07, 2012, 02:54 pm
Doubt:

If my PGP password is compromised, is there a problem if the attacker doesn't have the private key (file)?

No but I would change the password, and make damn sure you know they only managed to get the password but not the private key. It seems not likely.

Quote
What if the attacker gets the private key (file) but not the password?

Then you are as secure as your password :). GPG Uses a hybrid encryption system. First a PRNG generates a session key. Then your message is asymmetrically encrypted with this session key using one of the symmetric encryption algorithms in the PGP suite. Then the session key is asymmetrically encrypted with the public key of the person you communicate with.

When they get the final ciphertext block, first they need to use their private asymmetric key to decrypt the session key. But their private asymmetric key is itself encrypted with a symmetric algorithm, so first they need to type in their password to decrypt it. After it is decrypted, it is used to decrypt the session key which is then used to decrypt your symmetrically encrypted message.

Without the password to decrypt the private asymmetric key, having the key file is meaningless (well, other than the fact that they can try to brute force it etc).

3201
Security / Re: [intel] - how the FBI pwnt (another) lulzsec dude who was using Tor
« on: March 07, 2012, 07:56 am »
the time a packet leaves location A and arrives at location B

3202
Security / Re: [intel] - how the FBI pwnt (another) lulzsec dude who was using Tor
« on: March 07, 2012, 06:57 am »
Quote from: sourman on March 07, 2012, 06:43 am
Timing correlation of traffic is certainly a problem, though you already have to be somewhat of a suspect for them to find you in the first place.

Not really. A timing attack can be used for confirmation, where they already suspect two parties of communicating, but it can also be used for identification, where they want to know who is communicating with a given party (or even want to know who is communicating with who). In this case they used it for confirmation. They could have had rouge entry nodes on the Tor network though, in which case they would be able to deanonymize everyone who used one to go to their IRC server. Timing attacks can be used to confirm a suspect or to locate a target.

Quote
I always wondered if padding your network traffic with random, unrelated tor activity would help, or do they somehow isolate one stream and correlate from there?

They only need to measure the timing characteristics of a single packet leaving you and a single packet arriving at the destination to determine that the two packets are identical.

Quote
If LE (or any government entity) has bad entry guards in place, I also presume they'll have a way to force you onto them. Either they'll have so many that you're bound to connect eventually, or they'll use other means, like DoS attacks, to heard you to their own nodes. I don't know if this is happening now, but I am almost 100% positive that it will in the near future unless the tor team can come up with a solution. Connecting to tor via roaming wifi remains the safest bet...

They almost certainly have *some* entry guards. They can try to force you onto them with DDOS but it will take a hell of a lot of bandwidth since they need to simultaneously DDOS every node that you select as an entry other than theirs, until you select theirs. If they DDOS the first four guards you select and then your first guard comes back online, you switch back to it. Could take a lot of DDOSing. This is called a congestion attack :)

Yeah WiFi can be helpful.

I doubt Tor people ever find a solution to timing attacks against low latency traffic without using constant rate cover traffic, which is not feasible for Tor to do.

3203
Security / Re: [intel] - how the FBI pwnt (another) lulzsec dude who was using Tor
« on: March 07, 2012, 06:31 am »
To be fair the FBI did do a timing correlation attack to confirm his identity (linking the traffic they saw leave him to the traffic they saw arriving in the IRC room). But they already were pretty damn sure it was him before they managed to target him with that attack. What I take away from this is that the FBI knows how to do timing attacks, and that they didn't own any of the entry guards any of these hackers used for the entire length of their investigation (or else they would have done timing attack to locate them instead of to confirm them after they already were pretty sure they located them via other means). Of course this assumes the media stories can be trusted, if the FBI did timing attack to locate any of them they would never let it slip, instead they would say what they are saying right now: other things happened, like Sabu forgetting to use Tor once.

3204
Security / Re: More than 9999 bit encryption
« on: March 07, 2012, 06:26 am »
does truecrypt even use asymmetric algorithms lol

3205
Security / Re: Possibility of imprisonment with Tor Hidden Server
« on: March 07, 2012, 05:44 am »
Quote from: ikalihi812 on March 07, 2012, 05:24 am
See my issue with having a remote server is that I won't be able to encrypt it's full disk and keep the contents encrypted as well inside a container

You could encrypt the entire drive if you get a server with a remote KVM switch :). And you can use container encryption without even needing that. But you might need a dedicated server. A lot of VPS software doesn't give you the ability to create encrypted containers

3206
Security / Re: Possibility of imprisonment with Tor Hidden Server
« on: March 07, 2012, 05:20 am »
It probably is fairly safe to assume that all traffic to and from SR server is passively monitored.

3207
Security / Re: Possibility of imprisonment with Tor Hidden Server
« on: March 07, 2012, 05:10 am »
Quote from: ikalihi812 on March 07, 2012, 05:02 am
Two things I thought of. Pruning or cleaning regularly. Or an IRC based chatroom or something similar where things don't get archived.


No matter what you do hosting a hidden service from home is retarded because chances of the FBI and other feds not being able to quickly trace them are pretty much zero percent. I would like to continue to cling to the fantasy that FBI is an entirely incompetent organization, but the step by step instructions for how to trace hidden services are contained in whitepapers on the public internet so its really a stretch to think that they can't at least pay someone to do it for them.

3208
Security / [intel] - how the FBI pwnt (another) lulzsec dude who was using Tor
« on: March 07, 2012, 05:03 am »
http://arstechnica.com/tech-policy/news/2012/03/stakeout-how-the-fbi-tracked-and-busted-a-chicago-anon.ars

3209
Security / Re: Possibility of imprisonment with Tor Hidden Server
« on: March 07, 2012, 04:51 am »
Quote from: ikalihi812 on March 07, 2012, 04:44 am
Quote from: kmfkewm on March 07, 2012, 04:36 am
They can prove what is on the server via traffic analysis without having to actually get info off it when they seize it. Hosting illegal hidden services from home is bad for your health.

What do you mean by traffic analysis? All I'm going to have on my server is a message board...?

Feds will load every page on the message board and archive it, then trace it to its entry guards, passively monitor them, send your hidden service some packet streams with a pattern they add in the modulation, then observe the stream arrive at your physical server, thus proving that your physical server has all the material they previously loaded on it, regardless of if it is encrypted when they seize it or not.

3210
Security / Re: Possibility of imprisonment with Tor Hidden Server
« on: March 07, 2012, 04:39 am »
Quote from: zifnab on March 07, 2012, 04:34 am
Holy shit, these guys are awesome..

Quote
stephen:
where would you like me to post this conversation?
Live Support:
Please make, this is very good ads for us

Heihachi is awesome up to the point they steal your money and tell you to go fuck yourself. I know plenty of people who have used their services for botnet CNC and also for hosting illegal forums, but I also know of a few cases where they quite frankly tell people to go fuck themselves after they send money. They are selective scammers. Plus they just resell for 2X4, but pretty sure 2X4 only sell dedicated servers and only speak Russian.

There are several hosts that are bulletproof to various extents. Some will host drug forums no problems and ignore absue complaints. It takes hardcore bulletproof to host botnet CNC though even the "bulletproof" providers who don't care about drug forums will shut down CNC pretty damn fast. Not going to share the others though go dig them up yourself ;P. But there is little need for bulletproof host since Tor pretty much accomplish the same thing. Of course if your hidden service is traced to a non bullet proof provider it may be taken down. But so far this has never happened due to a direct attack on Tor. But I would *not* want to host a hidden service with a server that has any ties to me that are not obfuscated by Tor and long path of E-currency/exchangers or bitcoin mixes etc.

Pages: 1 ... 212 213 [214] 215 216 ... 249