Silk Road forums

Discussion => Security => Topic started by: TravellingWithoutMoving on February 14, 2013, 12:00 am

Title: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: TravellingWithoutMoving on February 14, 2013, 12:00 am
h__p://anonymos.earthsociety.org/wordpress/2012/08/warning-tor-network-is-compromised/

"Warning TOR network is compromised

Up until now my OS has attempted to provide secure communication via the TOR network. However, recent discoveries have led me to the conclusion that the TOR network is highly compromised. I’m posting this as a warning to those who depend on the TOR network for security. It is not secure. I have suspected this for a long time now for various reasons but am now quite sure.

Cogent communications is an ISP, which I believe was formed by one or more agencies of the US government i.e. Navel Intelligence, CIA, DIA, or NSA. This company operates a vast number of TOR servers and in combination with other fronts, I believe they control enough servers to enable these agencies to track to origin any network request they desire.

The TOR software is good, I am making no claim that it is compromised. Rather, the network itself has been.

If I am correct, then those using the hidden TOR service called ‘the silk road’, should be aware that they are likely being tracked and databased. However, the silk road is no more a honeypot than the whole of TOR is a honeypot.

An important aspect of TOR is that the software is by default not a server/router. This means that most people are endpoints and the routing itself is done by big players. The I2P network software, on the other hand, acts as a server by default greatly increasing the network security.

In my opinion, if you seek security, you should abandon using TOR immediately."



discovered sorry if info already posted

Peace
TWM
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: Pharmdirect on February 14, 2013, 12:28 am
abandon TOR and use what?
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: Crooked on February 14, 2013, 12:31 am
So either abandon tor altogether or keep risking it like most of us are gonna do anyway...

That's nerve racking shit :(
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: thinkforyourself on February 14, 2013, 12:47 am
I'm interested in what other users with deeper knowledge might have to add.

/subscribed
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: Dopamin on February 14, 2013, 01:58 am
subed
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: CiscoYankerStuck on February 14, 2013, 02:06 am
Subscribed.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: scout on February 14, 2013, 02:15 am
Interesting.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: thereefers245 on February 14, 2013, 02:17 am
Woa what the fuck, can anyone confirm/deny?
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: my_fake_acct on February 14, 2013, 02:29 am
hrmmm
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: CrazyBart on February 14, 2013, 02:32 am
"tracked and databased"

Whatt does that mean
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: eworkjr on February 14, 2013, 03:00 am
creepy. idk though lots of shit has been happening on the deep web for years
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: astor on February 14, 2013, 03:11 am
You all have got to be kidding me.

It's FUD. Notice how there are no specifics?

This company operates a vast number of TOR servers and in combination with other fronts, I believe they control enough servers to enable these agencies to track to origin any network request they desire.

The relays are all public, so why doesn't he give us some more details about the ones hosted by Cogent? How many are there exactly and which ones are they?

The claims can be verified with these search tools: 

https://compass.torproject.org
https://atlas.torproject.org

Quote
Cogent communications is an ISP, which I believe was formed by one or more agencies of the US government i.e. Navel Intelligence, CIA, DIA, or NSA.

Right, which he "believes" but provides no evidence for. That's a nice laundry list of LE agencies to sound alarm bells among the tin foil hat crowd, though.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: thelorax on February 14, 2013, 03:25 am
are u kidding me dude..?

why are u posting this bs

ok so if ur right u have given no other option so in witch case u should of just shut the fuck up instead of making everyone freak out..

and then again WHO THE FUCK ARE U?

what can YOU prove .? any of that?

and if u think we are all gunna stop using tor cuz of your post ur high on crack..

im ignoring this unless someone comes with some evidence and some hard facts..

no bs story .. cuz i could make something like this up very easily
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: modziw on February 14, 2013, 03:34 am
Cogent is just another bandwidth company. They are not government. This post is a bunch of crap. STFU OP.

Modzi
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: scout on February 14, 2013, 04:31 am
more FUD / psyops.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: DocOck on February 14, 2013, 06:07 am
why would any of those agencies make waves now, just when they finally got everything running smooth again after that big blackout in November when they took SR over....  he he
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: hornblower on February 14, 2013, 06:43 am
Check the date on the post.  August 2012.  It's six months old.

Highly unlikely that, if the author's assertions were true, within six months this wouldn't have caused tremors big enough that no one here wouldn't have known.

But then again, when did Pine disappear?

Also, if the tor network was compromised, I'd hope that the FBI nabs every single pedo on it and rescue children.

There's nothing immoral about what we're doing, it's just illegal.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: raven92 on February 14, 2013, 09:08 pm
Check the date on the post.  August 2012.  It's six months old.

Highly unlikely that, if the author's assertions were true, within six months this wouldn't have caused tremors big enough that no one here wouldn't have known.

But then again, when did Pine disappear?

Also, if the tor network was compromised, I'd hope that the FBI nabs every single pedo on it and rescue children.

There's nothing immoral about what we're doing, it's just illegal.

Pine disappeared a few months ago, Dec 18th was the Last Seen on that account. Who knows though, s(he) could still be here.

Also regarding the OP, it is very likely there are Nodes owned by the DEA FBI and CIA. I don't believe they own the majority of them, and I believe the Tor maintainers try their best to keep the code free from any back-doors. Believing they have every Tor user stashed away in some Database seems unlikely, and not even useful. Judging by history though I'm guessing they are going to go after one or two high priority people, then offer them plea bargins to get them to continue what they do but slowly plant holes. This is incredibly hard to prevent, nearly impossible. Faith in the community and persistence will prevail, but sometimes that can be rough, as their job will be to shake and scare, which means someone unfortunately will fall victim to their tactics. GPG, VPNs, Tor, being smart about cashing in/out, and a good lawyer go a long ways.

Kmfkewm has posted quite a bit of useful info about the Tor project and its strengths/weaknesses. While I cannot vouch for him, and Tor while of interest to me is far from my area of expertise. I do have a decent amount of experience in security relating to computers and most of what he says seems to be inline and doesn't jump out as reverse Psyop. Maybe a bit paranoid, but most people here are.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: DuncanMacLeod on February 14, 2013, 11:29 pm
And, dude, research on the TOR project was actually funded by the US govt. The Internet itself is born in the US military. Does that mean that every damned thing is compromised ? Because it seems to me that those crackdown on TOR child porn rings are waiting their sweet time to happen... Or maybe you think the US gov (or any other) think that keeping their cover to bust less that 1% of drug dealers / users in the country / world, or Assange' servers is worth more than child traffickers and the destroyed lives of hundred of children ? US children included ?

That would make another good book a few years down the road.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: ch0sen on February 15, 2013, 12:11 am
tracked and databased?

can you say NSA and Utah?

Everything is tracked on the clearnet.  No doubt they gather as much as they can from TOR. 

proxy, anonVPN, TOR, take steps to protect yourself...
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: EastCoastCollective on February 15, 2013, 12:18 am
Check the date on the post.  August 2012.  It's six months old.

Highly unlikely that, if the author's assertions were true, within six months this wouldn't have caused tremors big enough that no one here wouldn't have known.

But then again, when did Pine disappear?

Also, if the tor network was compromised, I'd hope that the FBI nabs every single pedo on it and rescue children.

There's nothing immoral about what we're doing, it's just illegal.  I couldnt agree more. Unfortunatly Big Brother would rather go after $$$ trails instead of pedos preying on our kids

Pine disappeared a few months ago, Dec 18th was the Last Seen on that account. Who knows though, s(he) could still be here.

Also regarding the OP, it is very likely there are Nodes owned by the DEA FBI and CIA. I don't believe they own the majority of them, and I believe the Tor maintainers try their best to keep the code free from any back-doors. Believing they have every Tor user stashed away in some Database seems unlikely, and not even useful. Judging by history though I'm guessing they are going to go after one or two high priority people, then offer them plea bargins to get them to continue what they do but slowly plant holes. This is incredibly hard to prevent, nearly impossible. Faith in the community and persistence will prevail, but sometimes that can be rough, as their job will be to shake and scare, which means someone unfortunately will fall victim to their tactics. GPG, VPNs, Tor, being smart about cashing in/out, and a good lawyer go a long ways.

Kmfkewm has posted quite a bit of useful info about the Tor project and its strengths/weaknesses. While I cannot vouch for him, and Tor while of interest to me is far from my area of expertise. I do have a decent amount of experience in security relating to computers and most of what he says seems to be inline and doesn't jump out as reverse Psyop. Maybe a bit paranoid, but most people here are.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: kmfkewm on February 15, 2013, 12:43 am
What an idiot, he should post some proof, or better yet he should call it Tor instead of TOR. 99% of the time people who call it TOR don't know shit about it.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: Davey Jones on February 15, 2013, 12:48 am
mmm, I doubt it, ah, have you been doing alot of acid lately?  Tor is super safe, they'd have to shut down the internet to stop it.  Then again, maybe they're just watching you.  I can play too.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: kmfkewm on February 15, 2013, 01:17 am
Okay here is my take on this. First of all, I have no idea about that ISP or the percentage of Tor nodes that are hosted by them. It seems that they are a big ISP, so they probably do carry a lot of Tor traffic. As to the claim that the NSA or CIA owns them, well who knows. Nobody really thinks that Tor will keep them anonymous from the NSA anyway. They have Narusinsight super computers at many major IX's and they can passively monitor all Tor traffic that goes through the USA anyway. Even if they couldn't passively monitor huge portions of US internet traffic, they can hack into pretty much anything and they could by pass Tor to get to targets if they really wanted to. The CIA can by pass Tor to get to targets if they really want to. It is silly to think that the NSA would actively add nodes to the Tor network when they can already passively monitor traffic into and out of all Tor nodes in the USA. A single Narusinsight surveillance computer can completely monitor and record traffic from several thousand residential internet links in real time, and the NSA has at least half a dozen of these things at major internet hubs across the USA. Also, they don't monitor in real time but rather switch rapidly between connections (sampling), allowing them to gather enough traffic for correlation attacks against millions of internet connections. Monitoring the few thousand Tor nodes in USA is not going to be a problem for them. Passively monitoring enough Tor traffic to do massive damage against Tor is easy enough to do for IX level attackers without the need for them to add a single node to the network : http://freehaven.net/anonbib/cache/murdoch-pet2007.pdf (Sampled Traffic Analysis by Internet-Exchange-Level Adversaries)

This makes his claim that the NSA may own these nodes to be dubious at best. The NSA doesn't need to own Tor nodes to break Tor anonymity. The other intelligence agencies he named may not have as much signals intelligence as the NSA, and may need to add their own nodes if they don't want to just hack their way past Tor. We have not got a lot to worry about intelligence agencies. Intelligence agencies actually do have bigger things to worry about than us. Some of them, like the NSA, are legally restricted from spying on US citizens unless they are in contact with terrorists or foreign intelligence agents. This does not mean that they respect the law, but it does mean that they rarely if ever bring their illegal activity to light by busting drug dealers. If he had any proof that the FBI or DEA owned that big ISP, I would be a little bit more worried. But he doesn't have proof that Cogent is a front for any agency, from NSA to your local police. He calls Tor TOR, which is usually a dead give away that somebody actually doesn't know that much about Tor. In academic articles it is called Tor, researchers studying it call it Tor, the media calls it TOR and usually people who call it TOR have learned everything they know about it from the media.

He acts like I2P is superior to Tor. In reality, the NSA can monitor the US based I2P servers just as easily as they can monitor the US based Tor servers. I2P has a handful of its own issues as well. Down time correlations against hidden services can deanonymize them as soon as they have down time, and it is easy to get the list of all I2P routers and therefor users as well. It is a bit harder to do this attack than I once thought, as nodes are not immediately unlisted once they go down. However, an attacker can keep pinging every I2P node and wait for a hidden service to go down (or DDOS the hidden service) and see which node stops replying to pings when the hidden service goes down. I2P would be absolutely horrible for Silk Road entirely because of the fact that everybody is a router. Fifty thousand or so people use I2P currently, they are spread through out the world, and it is easy to get all of their IP addresses. Guess what happens now when some vendor in New York sends a drug package to the police? The police see all of the I2P routers in New York and they have already narrowed in on their target, if the target lives in a remote area the police can probably deanonymize him immediately after seeing where he ships from.

In short, this guy is admittedly speculating, he has not given any real proof, he suggests using a network that is much worse than Tor for our specific threat model and imo in general, he thinks that NSA would actively attack Tor when in reality they would almost certainly passively attack it and he doesn't appear to have researched Tor much because he calls it TOR. I am not very worried from what he said, and I would chalk this up to FUD or possibly even worse considering he seems to suggest that Silk Road starts using I2P despite the fact that I2P would be the absolute worst choice for Silk Road users.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: heisenberg1492 on February 15, 2013, 07:24 pm
I remember seeing a post on here a while back regarding an academic paper on Tor that theoretically proved that if a single group controlled 25%-30% of all of the Tor relays they could track traffic across the network. The best way to combat this is to get as many people as we can running relays. We don't necessarily need folks to run exit nodes, just lots of relays.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: deep987 on February 15, 2013, 09:22 pm
Tor's fine. Lets take a look at Tor's own page on the issue.

https://www.torproject.org/about/overview.html.en

Quote
Because each relay sees no more than one hop in the circuit, neither an eavesdropper nor a compromised relay can use traffic analysis to link the connection's source and destination.

In other words, all a compromised server knows is that some other node on Tor asked it to relay some encrypted data (if a relay) or visit whichever site (if an exit relay). It has no way of knowing if it was your computer or any other node.

Also, it's all encrypted (as illustrated as green arrows on tor's page) except potentially between the exit relay and final destination. This means that the actual data isn't accessible to any node, except potentially an exit relay communicating to a non-secure server. But this is fine, sense even if the exit relay knows what the data is, it can't identify you for the reasons described above.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: Hungry ghost on February 16, 2013, 08:03 am
Quote
Cogent communications is an ISP, which I believe was formed by one or more agencies of the US government i.e. Navel Intelligence, CIA, DIA, or NSA.
Navel intelligence. LOL.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: TravellingWithoutMoving on February 16, 2013, 03:11 pm
are u kidding me dude..?

why are u posting this bs

ok so if ur right u have given no other option so in witch case u should of just shut the fuck up instead of making everyone freak out..

and then again WHO THE FUCK ARE U?

what can YOU prove .? any of that?

and if u think we are all gunna stop using tor cuz of your post ur high on crack..

im ignoring this unless someone comes with some evidence and some hard facts..

no bs story .. cuz i could make something like this up very easily

i never said i agreed with nor that it was my post irl
just found it
info seems to be 2012
my interest was in the isp cogent, if any of the views could be supported?!

Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: TravellingWithoutMoving on February 16, 2013, 03:15 pm
Check the date on the post.  August 2012.  It's six months old.

Highly unlikely that, if the author's assertions were true, within six months this wouldn't have caused tremors big enough that no one here wouldn't have known.



realised after too
i dont know who the blogger is nor his other views
found the page by chance wasnt looking for it

I obviously support the Tor project and everything it stands for.

Peace
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: TravellingWithoutMoving on February 16, 2013, 03:18 pm
..after that big blackout in November when they took SR over....  he he

no evidence of that (yet)

Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: TravellingWithoutMoving on February 16, 2013, 03:22 pm
Check the date on the post.  August 2012.  It's six months old.

Highly unlikely that, if the author's assertions were true, within six months this wouldn't have caused tremors big enough that no one here wouldn't have known.

But then again, when did Pine disappear?

Also, if the tor network was compromised, I'd hope that the FBI nabs every single pedo on it and rescue children.

There's nothing immoral about what we're doing, it's just illegal.

Pine disappeared a few months ago, Dec 18th was the Last Seen on that account. Who knows though, s(he) could still be here.

Also regarding the OP, it is very likely there are Nodes owned by the DEA FBI and CIA. I don't believe they own the majority of them, and I believe the Tor maintainers try their best to keep the code free from any back-doors. Believing they have every Tor user stashed away in some Database seems unlikely, and not even useful...

however
it doesnt stop a development team whos sole purpose is to produce a version of Tor/theclient or hacked version.
anything can piggyback Tor long as its coded so

TWM
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: goblin on February 16, 2013, 03:24 pm
I'm interested in what other users with deeper knowledge might have to add.

/subscribed
Hear, hear.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: TravellingWithoutMoving on February 16, 2013, 03:29 pm
What an idiot, he should post some proof, or better yet he should call it Tor instead of TOR. 99% of the time people who call it TOR don't know shit about it.

also thought the blog lack much detail.
obvious nsa/cia could setup cogent under various ghost companies and easily funded.

TWM
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: SelfSovereignty on February 16, 2013, 03:33 pm
Check the date on the post.  August 2012.  It's six months old.

Highly unlikely that, if the author's assertions were true, within six months this wouldn't have caused tremors big enough that no one here wouldn't have known.

But then again, when did Pine disappear?

Also, if the tor network was compromised, I'd hope that the FBI nabs every single pedo on it and rescue children.

There's nothing immoral about what we're doing, it's just illegal.

Pine disappeared a few months ago, Dec 18th was the Last Seen on that account. Who knows though, s(he) could still be here.

Also regarding the OP, it is very likely there are Nodes owned by the DEA FBI and CIA. I don't believe they own the majority of them, and I believe the Tor maintainers try their best to keep the code free from any back-doors. Believing they have every Tor user stashed away in some Database seems unlikely, and not even useful...

agree with most however
it doesnt stop a development team whos sole purpose is to produce a version of Tor/theclient or hacked version.
anything can piggyback Tor long as its coded so

TWM

You miss the point.  Tor is a network with multiple layers of encryption.  I connect to some guy (say next door), and say "I want to connect to xxxxxx.onion please," and he says "sure, hang on."  So he goes off and does the same thing, saying "connect to xxxx.onion por favor, gracias mi amigo!" and on and on.  When we finally hit xxxx.onion, I encrypt my connection to the next guy the same way I do when I'm accessing my bank's website.  Same basic methods.  But not only is that link encrypted, every hop along the way is also encrypted like the layers of an onion: so nobody can see what data is passing through.

So it wouldn't do them any good to run relay nodes, unless they're attempting to get a large enough view of the network to start seeing statistical correlations with a high degree of certainty.  But as astor pointed out, that's not really necessary for them to do anyway.

... fuck, that explanation is a little off... I'm drawing a blank on the specifics of the network right now.  Just not coming to me right now.  Well, that's the basic premise though; and I suppose nobody really cares about the implementation details except four of us (hi guys! I'm still glad you're here, BTW, LOL).

And of course Nightcrawler, but he's been MIA for a few weeks I think.  It's really a shame too... his information was always as solid and reliable as it gets.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: kmfkewm on February 16, 2013, 09:43 pm
Tor's fine. Lets take a look at Tor's own page on the issue.

https://www.torproject.org/about/overview.html.en

Quote
Because each relay sees no more than one hop in the circuit, neither an eavesdropper nor a compromised relay can use traffic analysis to link the connection's source and destination.

In other words, all a compromised server knows is that some other node on Tor asked it to relay some encrypted data (if a relay) or visit whichever site (if an exit relay). It has no way of knowing if it was your computer or any other node.

Also, it's all encrypted (as illustrated as green arrows on tor's page) except potentially between the exit relay and final destination. This means that the actual data isn't accessible to any node, except potentially an exit relay communicating to a non-secure server. But this is fine, sense even if the exit relay knows what the data is, it can't identify you for the reasons described above.

Unfortunately if multiple relays on your circuit are owned by the same attacker, they can start to do some serious damage, if they own your entry and exit relay they can deanonymize you.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: Jonny Bench on February 16, 2013, 10:54 pm
Jeeze, you guys need to relax. I'm sure there's a source on SR selling some xanny bars, go get yourselves a couple...dozen.
All he did was post something on the net, rumor or not it deserves some attentions.
You kids that are quick on the gun and immediately disregard possible information by first raising the red flag of proof and secondly by tearing up the poster are going to be the ones who get fucked in the end.
If 100 rumors are posted and 99 of them are found to be false but that 1 that is posted keeps your ass out of jail, you're going to be very happy that someone had the consideration to even post it knowing that they would be burned at the stake for doing it.

Basically what I'm saying is, if you don't have the evidence, knowledge or brains to intelligently disprove the alleged threat, shut the fuck up and let the more technically experience people on this forum handle it.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: SorryMario on February 17, 2013, 01:08 am
You need to forget the training we've all had to believe in the supremacy and general omniscience of "government intelligence" (oxymoron). It's a bunch of propagandized crap.

Tor is secure as long as there is at least ONE non-malicious relay in the connection chain. Even in the extraordinarily rare circumstance that an attacker managed to control both randomly chosen entry and exit nodes, he would only able to use timing attacks as a means to guess which initiators are connecting to which responders (ie, which users are connecting to which sites).

BUT, if you actually read up on "HIDDEN services" (which Silk Road is one) you'll discover they don't use exit nodes and thus aren't even susceptible those attacks and none of these concerns apply!  :D   8) The only way a connection to a hidden service could be compromised is if the hidden service was being run by the attacker himself (or if somebody is careless/sloppy  ::) and accesses the hidden service through a non-Tor connection  :P ).

Seriously, Tor is SAFE - as long as you browse the right way - use the Tor Browser Bundle, don't open downloaded PDF's or other files while connected, no virus/spyware on computer...and DON'T EVER SEND UNENCRYPTED personal information through it!!!!!  :-X :-X :-X
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: kmfkewm on February 17, 2013, 01:39 am
You need to forget the training we've all had to believe in the supremacy and general omniscience of "government intelligence" (oxymoron). It's a bunch of propagandized crap.

Tor is secure as long as there is at least ONE non-malicious relay in the connection chain. Even in the extraordinarily rare circumstance that an attacker managed to control both randomly chosen entry and exit nodes, he would only able to use timing attacks as a means to guess which initiators are connecting to which responders (ie, which users are connecting to which sites).

BUT, if you actually read up on "HIDDEN services" (which Silk Road is one) you'll discover they don't use exit nodes and thus aren't even susceptible those attacks and none of these concerns apply!  :D   8) The only way a connection to a hidden service could be compromised is if the hidden service was being run by the attacker himself (or if somebody is careless/sloppy  ::) and accesses the hidden service through a non-Tor connection  :P ).

Seriously, Tor is SAFE - as long as you browse the right way - use the Tor Browser Bundle, don't open downloaded PDF's or other files while connected, no virus/spyware on computer...and DON'T EVER SEND UNENCRYPTED personal information through it!!!!!  :-X :-X :-X

First off , NSA is widely recognized as being an elite agency of cryptographers, hackers, and traffic analysts. If you think they are not extremely skilled, I strongly believe you are only fooling yourself. Additionally, Roger Dingledine, the lead developer of Tor, got his start working for the NSA in the first place. Second of all, Tor is not able to provide you anonymity if your entry node and exit node are compromised, there is no guessing involved on the part of the attacker, they are able to use packet timing characteristics to statistically prove that both parts of the traffic flow are related. Third of all, despite being correct in saying that Hidden Services do not use exit nodes, strictly speaking, they are still just as susceptible to end point timing correlation attacks as circuits exiting to the clearnet are. In such a case the attacker would need to own the hidden services entry node and the connecting clients entry node, incidentally this is possible for an attacker with a single node in the case of hidden services, but not in the case of connections to the clearnet where the attacker would need to own or be able to passively monitor at least two nodes. The hidden service does not necessarily need to be owned by the attacker, it merely needs to be identified by the attacker and put under passive surveillance, or under active surveillance in the case that the attacker manages to own one or more of the hidden services entry guards.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: SelfSovereignty on February 17, 2013, 02:42 am
I'm with kmfkewm on this, quite frankly.  They have virtually unlimited resources and access to files on basically every citizen within the United States.  They can and do find the very best of the best, and make them offers they can't refuse.

Part of what makes SR so effective is that we're able to share all this information with each other.  Infact I'd go so far as to say it's the primary reason it works at all -- we teach each other how to succeed.  But they get to do it too.  Except they can use each other's names, and draw stuff on blackboards, and say things like "yo, director, we need a KXZ 20-i raygun because I made a bet with Bob that it's going to take more than 3 seconds for it to melt some dude in china after we turn it on.  Yeah, just put it on my desk when it gets here would you."

In total seriousness, they're good.  I mean they're the best; there's just no way around it.  Fortunately there aren't many of the best, and they probably have more pressing matters than a bunch of drug users swapping stories online.  Things like governments with their fingers on "blow up the world" switches -- you know, the kind of stuff that actually really should be illegal :)
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: goblin on February 17, 2013, 04:57 pm
You need to forget the training we've all had to believe in the supremacy and general omniscience of "government intelligence" (oxymoron). It's a bunch of propagandized crap.
It NEVER pays to underestimate your adversary. The safest bet is to assume they're smarter, more capable and better funded than you.

Blind faith and confidence in one's own capability leads inexorably to carelessness and stupid mistakes.

"Pride cometh before a fall"
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: TravellingWithoutMoving on February 17, 2013, 08:08 pm
Jeeze, you guys need to relax. I'm sure there's a source on SR selling some xanny bars, go get yourselves a couple...dozen.
All he did was post something on the net, rumor or not it deserves some attentions.

thats all it was, a post I found..

You kids that are quick on the gun and immediately disregard possible information by first raising the red flag of proof and secondly by tearing up the poster are going to be the ones who get fucked in the end.

Thanks very much, someone is awake.



for the rest the OP structure was:

url

" ....quoted article....."                                                                           <notice the quotes>


discovered sorry if info already posted                                                  <1 liner>


Peace
TWM
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: TravellingWithoutMoving on February 17, 2013, 08:23 pm
thanks to kmfkewm, astor, thinkforyourself, scout ++ for constructive & lengthy comments.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: goblin on February 17, 2013, 10:39 pm
TravellingWithoutMoving, you should tack on McKenna's name after the lengthy passage in your signature, to give the man proper credit. I recognize it, I'm almost sure, as part of his writings regarding the ravages of the domination and control cuilture that has reigned supreme since late neolithic times.

goblin
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: SorryMario on February 18, 2013, 08:04 am
You need to forget the training we've all had to believe in the supremacy and general omniscience of "government intelligence" (oxymoron). It's a bunch of propagandized crap.
It NEVER pays to underestimate your adversary. The safest bet is to assume they're smarter, more capable and better funded than you.

Obviously. But that doesn't mean we must imbue them with God-like powers.and consider them all-knowing and infinitely resourceful - and therefore able to defeat any possible defensive measures (if that were the case, everyone here would be a fool). That may be the programming we're constantly inundated with through movies, TV, and of course sensationalized "news" stories, but like all "official narratives" it is heavily fictionalized. Government is just a mafia with better PR and less efficiency, and like the mafia their main tactics are force and intimidation (and of course disinformation).

Blind faith and confidence in one's own capability leads inexorably to carelessness and stupid mistakes.

When I say "Tor is safe," I don't just naively believe it for no reason. And believe me I know it, like any tool, must be used correctly in order to work. I know you get a lot of newbies who come staggering into these forums and blurting out mindless things based on ignorance, but I'm not one of them. I actually read through the documentation to learn about Tor.

What's important is to consider the threat model and to understand the *actual* vulnerabilities of the security measures we use to guard our privacy/anonymity, not simply credit the adversary with the means to defeat it with secret methods that aren't even described. When it comes down to it, if they really want to know your secrets they will beat it out of you (but you've gotta already be a 'person of interest' for it to get to that point).

What I've leaned is Tor is safe as long as you use the Tor browser to access .onion sites (aka "hidden services") within the Tor network and keep your private information private. Every published paper I've read on global network monitoring and such has to do with activity at the edges - traffic into and out of the Tor network, which happens when people use Tor to access clearnet sites. Clearnet browsing IS a big risk to anonymity because your IP's traffic can be correlated with traffic leaving Tor network (often unencrypted).The connection goes something like this:

   User <###> (entry node) <###> (relays) <###> (exit node) <---> website

"<###>" means encrypted connection
"<--->" means unencrypted connection
"(relays)" means at least one relay, maybe a chain of relays

You can see there is considerable vulnerability from the fact that the final connection to the website is completely unencrypted, which means that exit node can see exactly what you're doing on the website. This is why Tor browser comes with "HTTPS Everywhere" installed by default - this way the exit node doesn't see unencrypted communications (assuming the site's ssl is configured securely), although it can still see the exact website you're visiting. But to monitor all traffic within Tor network would require the adversary own all the nodes/relays.

Hidden services are within the Tor network and follow the onion router protocol so there's no exit node and everything is 100% end-to-end encrypted). The protocol is designed to ensure anonymous communication between the hidden server and the user. The way it works is the hidden service (HS) publishes a list with a number of relays it designates as "Introduction Points" (IP) that it listens to for connection requests. When a User wants to connect to the HS, he must select a different relay as a "Rendevous"(R) and create a circuit to it, then build a circuit to one of the IP's to tell the HS the rendevous point relay, which the HS then builds a circuit to. Then the user can closes the IP circuit and communicate with the HS at the rendevous point. It looks like this:

(1) User selects some relay as a rendevous point (R) and creates circuit:

    User <###> (entry node) <###> (relays) <###> (R)

(2) User connects to information point (IP) to tell HS the rendevous relay:

    User <###> (entry node) <###> (relays) <###> (IP) <###> (relays) <###> HS

(3) User connects to the HS using the circuit to the rendevous:

    User <###> (entry node) <###> (relays) <###> (R) <###> (relays) <###> HS


This whole process in accomplished by the Vidalia client and requires no input from the user beyond entering the .onion address into the Tor browser. There's also a lot of rigorous PKI trust validation of relays, key-exchanges, asymmetric crypto, etc. happening at each step throughout the process (but I'm leaving that out because it's complicated enough to explain already). They can't 'crack' PGP (unless in individual cases when it's used incorrectly), so they cannot read the actual data being transmitted within the Tor network because it's all encrypted (and signed and verified).Communucations are completely anonymized once they leave your entry node.

tl:dr:
As long as the entry node is not comprimised, Tor is safe. If the entry node *is* comprimised, you are still safe unless:
 A. You're using Tor browser to connect to clearnet sites, or
 B. You connect to a hidden service who's entry node is also comprimised AND the adversary knows it is used by the hidden server
In order for B to be true, the hidden service itself has to already be de-anonymized and its IP address known. But that would be the hidden service that is comprimised, not Tor itself.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: SelfSovereignty on February 18, 2013, 10:25 am
I'm not even sure why I'm correcting you on this -- I know it's an aggravating habit, but... I don't know, I'm a stickler for accuracy, what can I say.  Vidalia isn't the client.  "tor" is the executable that does all the Tor stuff.  It also opens a local connection via one of several methods (depending on your operating system) for external programs to connect to it and issue commands and whatnot.  Vidalia is a graphical program that does exactly that -- provide some buttons that map to appropriate commands being sent to the "tor" program.  Technically they're independent of each other; tor works just fine if you configure it from a startup text file.  Vidalia is for the mouse-centric among us :)
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: astor on February 18, 2013, 03:05 pm
I'm with kmfkewm on this, quite frankly.  They have virtually unlimited resources

No, they don't. They have distinctly limited resources, in terms of money, manpower, intellectual capital, and internal and external political will.

An "infinitely" resourceful state adversary would have taken down SR by now. SR is still up because such an adversary doesn't exist.

The NSA is literally housed in a black box:

https://en.wikipedia.org/wiki/File:National_Security_Agency_headquarters,_Fort_Meade,_Maryland.jpg

Much of their operations are secret. It is the nature of human psychology that in the absence of evidence, wild speculations fly (you need only look at the explanations for weather phenomena in any pre-scientific society). That's basically what that blog post is about.

I submit that if we knew about their internal operations, they would be a lot more mundane than most people assume.

Also, all the resources in the world can't beat logic. While it's possible to compromise the Tor network, it is extremely difficult to do so in a way that won't get you noticed. You can spin up 10,000 exit nodes, but you can't do it without getting noticed. Take a look at the Trotsky section of this page:

https://trac.torproject.org/projects/tor/wiki/doc/badRelays

"Between 17-23:00 (UTC) 226 exiting relays, all with largely identical nicknames ("trotsky*") and exit policies were added to the tor network. No family or contact information was set, and the IPs came from several countries (mostly eastern European) making it look like a potential botnet. They disappeared roughly a week later.

On 10/2/10 between 21-20:00 (UTC) another 383 exit relays were added, this time more gradually. Others have periodically appeared outside these windows. These relays appear to be on residential connections, most having very poor connectivity (rransom reports that some are dialup)."

There is zero evidence that Cogent is a front for American law enforcement or intelligence agencies, and there aren't even that many relays on Cogent autonomous systems. Frankly, I'd be more concerned about Torservers.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: XXXotica on February 18, 2013, 11:25 pm
You need to forget the training we've all had to believe in the supremacy and general omniscience of "government intelligence" (oxymoron). It's a bunch of propagandized crap.
It NEVER pays to underestimate your adversary. The safest bet is to assume they're smarter, more capable and better funded than you.

Blind faith and confidence in one's own capability leads inexorably to carelessness and stupid mistakes.

"Pride cometh before a fall"

+1
I agree, never underestimate better safe than sorry for sure.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: kmfkewm on February 18, 2013, 11:32 pm
I'm with kmfkewm on this, quite frankly.  They have virtually unlimited resources

Quote
No, they don't. They have distinctly limited resources, in terms of money, manpower, intellectual capital, and internal and external political will.

They are limited, but they do have a shit ton of money. They also have some of the brightest computer and mathematics people in the world. They are limited by internal and to a lesser extent external policy to some extent, but it is pretty obvious that they mostly answer to themselves. On paper they are restricted, in practice they do whatever they want and good luck getting anyone to stop them. Just look at their illegal wiretapping to see that they, like many intelligence agencies, are not bound by the law. Although I believe the CIA is the only intelligence agency in USA that is officially allowed to violate the law.

Quote
An "infinitely" resourceful state adversary would have taken down SR by now. SR is still up because such an adversary doesn't exist.

The NSA is literally housed in a black box:

https://en.wikipedia.org/wiki/File:National_Security_Agency_headquarters,_Fort_Meade,_Maryland.jpg

Yes the NSA has a headquarters, they are not some omniscient omnipresent spiritual being. They also have dozens of Narusinsight super computers hooked up to split fiber optic cables at major internet exchange points in the USA, and they sample a metric fuck ton of internet traffic for analysis. They also have powerful traditional super computers, and although nobody knows for sure it is likely that they are working towards quantum computers capable of breaking most currently used asymmetric crypto systems. I know smart mathematicians and physicists who are worried about this, it is no longer in the realm of tinfoil hats to be concerned about quantum computing attacks on cryptography. They also have teams of elite hackers who have most likely penetrated into foreign computer systems not even connected to the internet in order to destroy nuclear centrifuges. The US government spends millions of dollars a year buying up zero days from private actors, and the NSA makes their own as well.

Quote
Much of their operations are secret. It is the nature of human psychology that in the absence of evidence, wild speculations fly (you need only look at the explanations for weather phenomena in any pre-scientific society). That's basically what that blog post is about.

Yes that blog post is FUD, I never disagreed with that. But it is not FUD to think that the NSA can already pwn Tor. The leaked AT&T documents and testimony from Mark Klien I believe his name is, gives us evidence that the NSA has installed Narusinsight super computers at major IXs. There are publicly available specs for Narusinsight super computers showing they are capable of sampling traffic from millions of residential internet connections. We have seen the hacking against the Iranian centrifuges which demonstrates that intelligence agencies have extremely skilled hackers, world class hackers. The research and development into quantum computing is in the public sector, and it is likely a safe assumption that the NSA has secret research going on that is a decade ahead of anything we have seen so far.

Quote
I submit that if we knew about their internal operations, they would be a lot more mundane than most people assume.

We can extrapolate from what we know, to come to the conclusion that the NSA is a world class agency of hackers, cryptanalysts and traffic analysts, with a multi billion dollar a year budget and direct access to many of the most heavily used links on the global internet. 

Quote
Also, all the resources in the world can't beat logic. While it's possible to compromise the Tor network, it is extremely difficult to do so in a way that won't get you noticed. You can spin up 10,000 exit nodes, but you can't do it without getting noticed. Take a look at the Trotsky section of this page:

From an active perspective, actually adding nodes to the Tor network, you are mostly correct. But that is not how the NSA would attack Tor, as I said before. They already have the infrastructure in place to passively monitor a huge percentage of good Tor nodes, if they so wish. There are two types of attacker, the Tor folk tend to call them active and passive in regards to their positioning, however I personally prefer the alternatively used wording of internal and external as active and passive are imo different. An internal/active attacker adds nodes to the network to observe traffic on the network, an external/passive attacker monitors nodes that are already on the network by spying on their traffic at their ISP, or IX's. It is extraordinarily difficult bordering on impossible to detect a passive attacker, and the only reason we have more than speculation in regards to the NSA's passive internet surveillance is because of the leaked documents from AT&T showing that they installed fiber optic splitters and Narusinsight supercomputers at multiple IX's.

Quote
"Between 17-23:00 (UTC) 226 exiting relays, all with largely identical nicknames ("trotsky*") and exit policies were added to the tor network. No family or contact information was set, and the IPs came from several countries (mostly eastern European) making it look like a potential botnet. They disappeared roughly a week later.

On 10/2/10 between 21-20:00 (UTC) another 383 exit relays were added, this time more gradually. Others have periodically appeared outside these windows. These relays appear to be on residential connections, most having very poor connectivity (rransom reports that some are dialup)."

Adding a lot of nodes to the Tor network all at once will get them all blacklisted. adding them with the same name but without setting them as part of a family will get them all blacklisted or possibly set into the same family by the operators of the directory authority servers. If someone at an IX passively monitors the five hundred Tor nodes that send traffic through that IX, nobody is able to tell unless something leaks out about the operation. 

This is actually why it is so unbelievable that the NSA or other US intelligence agencies would run a front ISP and actively add nodes to the Tor network. They simply don't need to do this, they can passively monitor nodes from the traffic analysis super computers they already have installed at major exchange points.

Quote
There is zero evidence that Cogent is a front for American law enforcement or intelligence agencies, and there aren't even that many relays on Cogent autonomous systems. Frankly, I'd be more concerned about Torservers.

Indeed.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: kmfkewm on February 18, 2013, 11:45 pm
Quote
An "infinitely" resourceful state adversary would have taken down SR by now. SR is still up because such an adversary doesn't exist.

SR is still up because the very powerful adversaries that do exist don't give a shit about it. If the NSA really wanted to pwn SR I am quite confident that they could do so. First of all , tracing hidden services is not even that impressive. There are attacks for tracing them up to their entry guards in a matter of minutes. At that point they are as anonymous as someone using THREE one hop proxies, which isn't even as safe as using a single one hop proxy. If any of the entry guards are in the USA, it would only be a matter of time to passively put one of the entry guards under surveillance, with the CALEA compliant infrastructure or in the case of the NSA with their Narusinsight super computers that are plugged into split fiber optic cables moving most internet traffic in the USA through them. After locating the hidden service they could passively monitor it and wait for targets to use entry guards that they passively monitor, that would get people using USA based entry guards pretty rapidly, as having any US entry guards would mean you are deanonymized in short order.

Or they could just break out their zero day arsenal and craft an attack that can exploit Apache on Ubuntu to root the SR server, then from there exploit a vulnerability in Firefox and root DPR, possibly another exploit for breaking out of Virtualbox isolation to get to his host OS, and then steal his IP address and send it back to themselves. if he uses random WiFi locations they they have to get around that as well. I am not saying it is trivial to do, but the NSA stockpiles zero days and it is quite likely they already have a combination that could be used to cut through all of DPR's security measures, or the security measures of anyone else here. You could keep your encryption keys and bitcoins safe from them with air gaps, but not your IP address. They wouldn't even need to spend a million or two dollars to be able to do this against DPR, because they have already spent many millions of dollars to be able to do this against whatever target comes to interest them (Iranian nuclear centrifuges being a likely example of such a target).

At the end of the day you are going to be hard pressed to keep yourself secure against an elite organization with billions of dollars at their disposal, and essentially a free pass to break whatever laws they want. But also at the end of the day, this is not our threat model. We are not a hostile foreign government, we are not Osama Bin Laden and we are not trying to steal sensitive US intelligence. We are drug dealers, not even as powerful as the Mexican or Columbian cartels, and our enemies are the FBI, DEA, USPI and ICE, not the CIA or NSA. 
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: astor on February 19, 2013, 12:35 am
Quote
An "infinitely" resourceful state adversary would have taken down SR by now. SR is still up because such an adversary doesn't exist.

SR is still up because the very powerful adversaries that do exist don't give a shit about it.

That's part of the internal political will that I mentioned. An agency with finite resources must prioritize, and SR is not a big enough target.

An agency with infinite or "unlimited" resources could attack anyone of any size.

My point stands, such an agency doesn't exist. :)


BTW, two US senators explicitly asked for US LEA to investigate SR. That's strong external political will that should have increased its priority, but it's still up.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: astor on February 19, 2013, 12:53 am
They also have dozens of Narusinsight super computers hooked up to split fiber optic cables at major internet exchange points in the USA, and they sample a metric fuck ton of internet traffic for analysis. They also have powerful traditional super computers, and although nobody knows for sure it is likely that they are working towards quantum computers capable of breaking most currently used asymmetric crypto systems. I know smart mathematicians and physicists who are worried about this, it is no longer in the realm of tinfoil hats to be concerned about quantum computing attacks on cryptography.

80% of internet traffic is video and a good chunk of that is porn. If they are randomly sampling at IXs, they are wasting their time.

Even if they were storing terabytes of data, there's no way that humans could cull it manually. They most likely search for key words related to terrorist groups and such.

So, if you can invent a steganographic technique that hides your Tor circuits (or email, or whatever) in porn videos, you're good to go. :)
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: kmfkewm on February 19, 2013, 01:22 am
Quote
What I've leaned is Tor is safe as long as you use the Tor browser to access .onion sites (aka "hidden services") within the Tor network and keep your private information private. Every published paper I've read on global network monitoring and such has to do with activity at the edges - traffic into and out of the Tor network, which happens when people use Tor to access clearnet sites. Clearnet browsing IS a big risk to anonymity because your IP's traffic can be correlated with traffic leaving Tor network (often unencrypted).The connection goes something like this:

Yes the direct deanonymizing attacks against Tor require edge surveillance. No, this is not only possible in the case of connections to clearnet sites.


Quote
   User <###> (entry node) <###> (relays) <###> (exit node) <---> website

"<###>" means encrypted connection
"<--->" means unencrypted connection
"(relays)" means at least one relay, maybe a chain of relays

Correct

Quote
You can see there is considerable vulnerability from the fact that the final connection to the website is completely unencrypted, which means that exit node can see exactly what you're doing on the website. This is why Tor browser comes with "HTTPS Everywhere" installed by default - this way the exit node doesn't see unencrypted communications (assuming the site's ssl is configured securely), although it can still see the exact website you're visiting. But to monitor all traffic within Tor network would require the adversary own all the nodes/relays.

Wrong on a few counts. First of all, although you seem to understand the difference between communications security and traffic analysis, you are still somewhat confusing the issues by continuing to talk about encryption. Traffic analysis works regardless of if the communications are encrypted or not, so as far as anonymity goes it is a good bet to just pretend that all the traffic is encrypted in any case. Of course if the traffic isn't encrypted at the entry, deanonymizing would be much easier, but an attacker can still do edge attacks, aka traffic confirmation, aka end point timing correlation, even if the packets are encrypted. Almost all attacks against anonymity solutions are concerned about packet metadata, such as time of arrival, not the actual payload data of individual packets. Additionally, you are correct to say that a purely active/internal attacker must own all Tor nodes in order to see all Tor traffic. However, it is possible to see all Tor traffic without owning a single node, by monitoring the traffic into and out of nodes at ISP or IX levels. Less sophisticated attackers, hopefully the FBI and DEA falling into this category, would attack Tor by adding nodes to the network. Powerful attackers such as the NSA would monitor Tor node traffic from ISP's / IX's, passively, without having to add any nodes to the network at all.

Quote
Hidden services are within the Tor network and follow the onion router protocol so there's no exit node and everything is 100% end-to-end encrypted). The protocol is designed to ensure anonymous communication between the hidden server and the user. The way it works is the hidden service (HS) publishes a list with a number of relays it designates as "Introduction Points" (IP) that it listens to for connection requests. When a User wants to connect to the HS, he must select a different relay as a "Rendevous"(R) and create a circuit to it, then build a circuit to one of the IP's to tell the HS the rendevous point relay, which the HS then builds a circuit to. Then the user can closes the IP circuit and communicate with the HS at the rendevous point. It looks like this:

Yes everything is 100% encrypted up to the hidden service, but this doesn't mean much in terms of anonymity. Well, to be fair it means a lot, because if the traffic is not encrypted en route then the attacker could just spy on it at your entry node to deanonymize you. But as I said before, when contemplating attacks on anonymity systems, more often than not it is safe to work from the assumption that all of the traffic is encrypted, because most anonymity attacks are concerned with packet metadata which is available regardless of if the traffic payload data is encrypted or plaintext. The difference is between communications privacy and communications anonymity; although anonymity massively benefits from encryption, a large majority of anonymity attacks remain viable even if the traffic is layer encrypted end to end. Hidden service connections being encrypted end to end provides you with communications privacy, an attacker at an exit node can no longer eavesdrop on your communications. Hidden service connections being encrypted end to end has virtually no impact on your anonymity, the packet arrival timing metadata is still available and this is what is required to do the most feared deanonymizing attack against Tor (traffic confirmation, end point timing attack).

Quote
(1) User selects some relay as a rendevous point (R) and creates circuit:

    User <###> (entry node) <###> (relays) <###> (R)

(2) User connects to information point (IP) to tell HS the rendevous relay:

    User <###> (entry node) <###> (relays) <###> (IP) <###> (relays) <###> HS

(3) User connects to the HS using the circuit to the rendevous:

    User <###> (entry node) <###> (relays) <###> (R) <###> (relays) <###> HS

Yes you are correct about this. In the case of a connection to a clearnet site, active/internal timing attacks look like this:

user <###> Adversary Owned Entry <###> Good Middle <###> Adversary Owned Exit <---> Destination Server

The adversary can link the stream through the entry to the stream through the exit with statistics, using the packet arrival metadata, which exists regardless of if the packet is plaintext or ciphertext.

In the case of a hidden service, the completed circuit and internal timing attack looks like this:

User <###> Adversary Owned Entry <###> Good Middle <###> Good Rendezvous <###> HS Good Final <###> HS Good middle <###> Adversary Owned Entry <###> Hidden Service server

The attack is carried out in the same way, but now instead of having to own the clients entry and exit nodes, the attacker needs to own the client and hidden services entry node. Of course they will only see a connection to an IP address, and they cannot by this alone determine that the IP address is the hidden service. However, as they own one of the hidden services entry nodes, they can do this:

Adversary <###> (Adversaries circuit to hidden service) <###> (Hidden Service Relays to adversaries circuit) <###> Adversary Owned Entry Node <###> Hidden Service

as the adversary is connecting to the hidden service with its .onion address, their timing attack can identify the hidden service once the packets from them as a client pass through their entry guard. Now they have identified the hidden services IP address, and know when they do their timing attack against regular users in the future, that the regular users are connecting to the hidden service instead of just some IP address that is not identified as being linked to any particular hidden service.

Also, an attacker can trace up to a hidden services good entry guards in the following way:


Adversary <###> (Adversaries circuit to hidden service) <###> (Hidden Service Relays to adversaries circuit) <###> Entry Node <###> Hidden Service

every time the adversary creates a connection to the hidden service, the nodes consisting of (Hidden Service Relays to adversaries circuit) change, selected from the current pool of available Tor nodes, as determined by the Tor circuit construction protocol. The hidden services entry node is selected from one of three nodes it has selected as guards, which currently rotate about once every month to two months. The attack is simply brute force: build a circuit to the hidden service, send a packet down it, close the circuit, rinse and repeat. The adversary can select to use a rendezvous point that they own, allowing them to identify the final node from the hidden service. Eventually, after forcing the hidden service to open enough new circuits, the adversary will have one of their Tor relays on the circuit to the hidden service. Now they do timing attacks on their nodes looking to see if one of the packets they send to the hidden service travels to it through one of their nodes.  If they have the final node, they will be able to identify the middle node. If they own the middle node, they will be able to identify the entry guard, and they will know it is the middle node as they can identify the final node from their rendezvous point, and if they send a packet to a node that is not a public Tor relay they will know it is the hidden service and that they are its entry guard (which will be easy to confirm as they will see a LOT of the packets they send to the hidden service). This attack allows for quick tracing of hidden services up to their entry guards.

Additionally, it is incorrect to say that you are required to own Tor relays to do these attacks. In reality you are only required to be able to observe traffic going into and out of Tor relays. Attackers who can not gain access to ISPs / IXs will have to resort to either running relays or hacking into operating relays. Powerful attackers such as the NSA can certainly spy on good Tor nodes (especially in the USA) to observe the traffic entering and exiting from them, and thus they do not have much motivation to add their own nodes to the network, especially as active surveillance is much easier to identify than passive surveillance.

Quote
This whole process in accomplished by the Vidalia client and requires no input from the user beyond entering the .onion address into the Tor browser. There's also a lot of rigorous PKI trust validation of relays, key-exchanges, asymmetric crypto, etc. happening at each step throughout the process (but I'm leaving that out because it's complicated enough to explain already). They can't 'crack' PGP (unless in individual cases when it's used incorrectly), so they cannot read the actual data being transmitted within the Tor network because it's all encrypted (and signed and verified).Communucations are completely anonymized once they leave your entry node.

Someone already corrected you on this, and indeed Tor is what manages everything, Vidalia is merely a graphical user interface that allows you to control some of what Tor does. You can access hidden services without using Vidalia at all. Also, the cryptography is all but entirely irrelevant to the counter traffic analysis properties of Tor; although unencrypted traffic being sent from entry to exit would be almost completely incompatible with anonymity, the direct attacks on anonymity protocols that are studied today pretty much all work with the assumption that the traffic is end to end encrypted.

Quote
tl:dr:
As long as the entry node is not comprimised, Tor is safe. If the entry node *is* comprimised, you are still safe unless:
 A. You're using Tor browser to connect to clearnet sites, or
 B. You connect to a hidden service who's entry node is also comprimised AND the adversary knows it is used by the hidden server
In order for B to be true, the hidden service itself has to already be de-anonymized and its IP address known. But that would be the hidden service that is comprimised, not Tor itself.

A is mostly true, although I would clarify that

1. The entry guard can be actively compromised, meaning that an attacker owns it
2. The entry guard can be passively compromised, meaning that it uses an ISP or IX that spies on it
3. The entry guard and its' ISP/IX can both be good, but you can still be deanonymized if YOU are being monitored by your ISP or IX

B is true, and I guess you actually have understood that risk from the get go :). However, if you own a hidden services entry guard, it is trivial to determine that you do. Also I guess I should point out that you are less likely to use an entry guard owned by the same attacker who owns the hidden services entry guard than you are to use a malicious exit node owned by the same person who uses your entry node, because you use a new exit node roughly once every ten minutes where as the hidden services entry guard used is selected from three guards that change only once every month to two months. So you are afforded some extra protection in this case. However it is not that hard for an attacker to identify the entry guards used by a hidden service, and it is likely somewhat of a safe bet that a half decent attacker could put a hidden service under passive surveillance. Actual evidence points to the FBI not being such a skilled attacker, but this is likely due to incompetence on their part rather than the inherent security of Tor.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: kmfkewm on February 19, 2013, 01:35 am
Quote
That's part of the internal political will that I mentioned. An agency with finite resources must prioritize, and SR is not a big enough target.

I don't even think SR is on the list of potential targets for intelligence agencies. Intelligence Agencies != Police Agencies.

Quote
An agency with infinite or "unlimited" resources could attack anyone of any size.

My point stands, such an agency doesn't exist. :)

Sure such an agency does not exist. I agree. However it only takes a global passive adversary to pwn all of Tor, and although such an agency may not exist some are certainly close. And a global passive adversary in the context of Tor, rather than the entire internet, is really all that is required.

Quote
BTW, two US senators explicitly asked for US LEA to investigate SR. That's strong external political will that should have increased its priority, but it's still up.

Yes I am sure SR is quite a high priority for all kinds of international federal police agencies, DEA and USPI and ICE are certainly highly interested in SR, Interpol is probably coordinating an international operation against it as we speak, and the Australian federal police have a huge hard on for it, amongst various other international police agencies. None of these agencies are on the level of NSA or CIA. They play a different game with a different list of targets and a different list of targeted activities. They have little cooperation or collaboration with each other, and when they do it is usually with the FBI counter terrorism people, who are also not likely to be the FBI agents trying to attack SR, as SR is not a terrorist organization.

Quote
80% of internet traffic is video and a good chunk of that is porn. If they are randomly sampling at IXs, they are wasting their time.

They are almost certainly sampling at IX's, although I am not sure it is entirely random or if it is a complete waste of time. They only need one packet per stream to carry out traffic analysis against low latency flows, so that is probably what they are aiming for. If they get a lot of single packets from porn feeds, it will add up to a lot, but it isn't like they are recording the entire download of the porn movie or torrent. Also they almost certainly use various forms of filtering.

Quote
Even if they were storing terabytes of data, there's no way that humans could cull it manually. They most likely search for key words related to terrorist groups and such.

Or they identify terrorist sites and passively observe them, and then look for people sending packets through proxy services that wind up being identified at the terrorist websites. Although I am sure they also do some analysis of plaintext data looking for terrorist keywords. Most of what they are interested in is going to be encrypted, so they could start by spending more of their resources on encrypted traffic flows. They could also filter off encrypted traffic flows to known as non-interesting sites, like online stores using HTTPS.

Quote
So, if you can invent a steganographic technique that hides your Tor circuits (or email, or whatever) in porn videos, you're good to go. :)

Most forms of steganography can be detected automatically though ;).
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: wasta on February 19, 2013, 02:37 am
Amazing how stupid most of the people here are.

Tor is only ment to keep your place a secret.

Tor traffic is mass monitored and stored by definition.

Nobody said ever that tor is safe!

If you don't want others are reading along ""over your shoulder"" you should use a encryption-tool like gpg.

So with TOR they do not know where you are, and with gpg nobody knows what you are saying.

Only if those two are combined you are save, as 99% of all the people already know.

You can explain this a thousand times to those 1% that doesn't seem to get tor and gpg in their heads, but it's no use.

That 1% will never learn.

And how stupid do you have to be to give the advice to leave TOR?

TOR & GPG is fullproof !!  What is so difficult to understand about that?

Never ever leave one of those two!

@T.S. yes leave TOR ! And  Silkroad too! And do never return with your crappy advice.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: astor on February 19, 2013, 03:45 am
BTW, if you watch some of William Binney's talks, most notably the one he gave recently at 29C3, he talks about how the NSA gives *billions* of dollars in political kick backs to their favored contractors, and spend billions of dollars where they could have spent a few million (such as on his data analysis system). The NSA doesn't make the most efficient use of the resources that they have.

They are a government agency after all, as inefficient as all the rest.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: b999 on February 19, 2013, 11:31 am
Any government that would invest the resources required to take down something like TOR or SR is nothing less than a parasite or a cancer.  With so many other pressing priorities in the world today, to blow money on that crap is a crime in itself.

I'm just curious how much this insane 'war on drugs' and all this BS surveillance costs society every year.  Costs that are coerced out of innocent tax payers, for dubious gain.

It can't be small, surely.

Makes me angry just thinking about the waste when they could have done something actually useful like hire more teachers or doctors or something.  People that actually add value to society rather than these parasitic little worms.  National security should be directed at terrorists and crime gangs, not innocent recreational users.  Total BS.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: Töörländer on February 19, 2013, 02:08 pm
I think some guys look way too much 24 and similar bullshit
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: chil on February 19, 2013, 03:42 pm
The only people that should care about Tor being unsafe are Vendors and bulk buyers. Small time consumers won't be prosecuted, ever.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: b999 on February 20, 2013, 10:46 am
what's a bulk buy, ounce or two of weed or something more serious like a hundred pills?

How many routing nodes are in TOR now anyway?  Is it even feasible to take over a significant number of routing nodes?
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: chil on February 20, 2013, 11:22 am
what's a bulk buy, ounce or two of weed or something more serious like a hundred pills?

A quantity large enough for your government to think you are going to resell it.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: b999 on February 20, 2013, 12:33 pm
No interest in selling, may keep a few ounces around though.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: jj47 on February 20, 2013, 01:40 pm
tell it to the judge lol
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: kmfkewm on February 20, 2013, 02:32 pm
The only people that should care about Tor being unsafe are Vendors and bulk buyers. Small time consumers won't be prosecuted, ever.
[/quote

Yeah it isn't like the vast majority of people locked up on drug charges are small time consumers. Oh wait actually they are !!
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: TravellingWithoutMoving on February 23, 2013, 08:18 pm
TravellingWithoutMoving, you should tack on McKenna's name after the lengthy passage in your signature, to give the man proper credit. I recognize it, I'm almost sure, as part of his writings regarding the ravages of the domination and control cuilture that has reigned supreme since late neolithic times.

goblin

i ran out of space

TWM
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: p3nd8s on February 24, 2013, 02:03 am
If just 5% of SR users go out and get an anonymous server and run an exit node on it, we'll have 5000 random non-compromised exit nodes, diluting any effort LE/Intel has made. Someone should make a guide on how to set this up and distribute it here freely, will get tons of +karma guaranteed.

Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: wasta on February 24, 2013, 01:22 pm
They also have dozens of Narusinsight super computers hooked up to split fiber optic cables at major internet exchange points in the USA, and they sample a metric fuck ton of internet traffic for analysis. They also have powerful traditional super computers, and although nobody knows for sure it is likely that they are working towards quantum computers capable of breaking most currently used asymmetric crypto systems. I know smart mathematicians and physicists who are worried about this, it is no longer in the realm of tinfoil hats to be concerned about quantum computing attacks on cryptography.

80% of internet traffic is video and a good chunk of that is porn. If they are randomly sampling at IXs, they are wasting their time.

Even if they were storing terabytes of data, there's no way that humans could cull it manually. They most likely search for key words related to terrorist groups and such.

So, if you can invent a steganographic technique that hides your Tor circuits (or email, or whatever) in porn videos, you're good to go. :)

In the Netherlands we have a "" so called"" secret sevice specialist. He told on national radio that everything is stored on hdd-nr 1 and screened. Al conversations that have a lot of words that are used in private ""sex"" conversations are dumped. Only those conversations that lack those "sex'""words and have a certain number of words like bomb, kill, etc are screened by humans. His name is Roger Vleugels. When you use substitute words for a hit and mix them with words used in a private sex conversation, your conversation should never make it to the second harddrive, let alone be listen to by a human of the secret service.

Roger Vleugels ... thank you for this """free"" info ! Now we know what to do.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: Töörländer on February 24, 2013, 01:33 pm
He told on national radio that everything is stored on hdd-nr 1 and screened. Al conversations that have a lot of words that are used in private ""sex"" conversations are dumped. Only those conversations that lack those "sex'""words and have a certain number of words like bomb, kill, etc are screened by humans. His name is Roger Vleugels. When you use substitute words for a hit and mix them with words used in a private sex conversation, your conversation should never make it to the second harddrive, let alone be listen to by a human of the secret service.

what a bullshit
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: pajag88 on February 24, 2013, 06:56 pm
They also have dozens of Narusinsight super computers hooked up to split fiber optic cables at major internet exchange points in the USA, and they sample a metric fuck ton of internet traffic for analysis. They also have powerful traditional super computers, and although nobody knows for sure it is likely that they are working towards quantum computers capable of breaking most currently used asymmetric crypto systems. I know smart mathematicians and physicists who are worried about this, it is no longer in the realm of tinfoil hats to be concerned about quantum computing attacks on cryptography.

80% of internet traffic is video and a good chunk of that is porn. If they are randomly sampling at IXs, they are wasting their time.

Even if they were storing terabytes of data, there's no way that humans could cull it manually. They most likely search for key words related to terrorist groups and such.

So, if you can invent a steganographic technique that hides your Tor circuits (or email, or whatever) in porn videos, you're good to go. :)

In the Netherlands we have a "" so called"" secret sevice specialist. He told on national radio that everything is stored on hdd-nr 1 and screened. Al conversations that have a lot of words that are used in private ""sex"" conversations are dumped. Only those conversations that lack those "sex'""words and have a certain number of words like bomb, kill, etc are screened by humans. His name is Roger Vleugels. When you use substitute words for a hit and mix them with words used in a private sex conversation, your conversation should never make it to the second harddrive, let alone be listen to by a human of the secret service.

Roger Vleugels ... thank you for this """free"" info ! Now we know what to do.

wouldn't quantum computing computing also give us the advantage of being able to encrypt better tho ?
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: kmfkewm on February 25, 2013, 08:20 am
They also have dozens of Narusinsight super computers hooked up to split fiber optic cables at major internet exchange points in the USA, and they sample a metric fuck ton of internet traffic for analysis. They also have powerful traditional super computers, and although nobody knows for sure it is likely that they are working towards quantum computers capable of breaking most currently used asymmetric crypto systems. I know smart mathematicians and physicists who are worried about this, it is no longer in the realm of tinfoil hats to be concerned about quantum computing attacks on cryptography.

80% of internet traffic is video and a good chunk of that is porn. If they are randomly sampling at IXs, they are wasting their time.

Even if they were storing terabytes of data, there's no way that humans could cull it manually. They most likely search for key words related to terrorist groups and such.

So, if you can invent a steganographic technique that hides your Tor circuits (or email, or whatever) in porn videos, you're good to go. :)

In the Netherlands we have a "" so called"" secret sevice specialist. He told on national radio that everything is stored on hdd-nr 1 and screened. Al conversations that have a lot of words that are used in private ""sex"" conversations are dumped. Only those conversations that lack those "sex'""words and have a certain number of words like bomb, kill, etc are screened by humans. His name is Roger Vleugels. When you use substitute words for a hit and mix them with words used in a private sex conversation, your conversation should never make it to the second harddrive, let alone be listen to by a human of the secret service.

Roger Vleugels ... thank you for this """free"" info ! Now we know what to do.

wouldn't quantum computing computing also give us the advantage of being able to encrypt better tho ?

There are very strong, for lack of a better word, quantum encryption systems. Usually based on entanglement , two particles become entangled and a change in one causes the same change in the other even across significant distance. This can be used to communicate between two points without the possibility of interception, avoiding the need to encrypt the communications in a traditional way in the first place. Also one system based on I believe unobservability (or is it uncertainty?) that allows the communicating parties to instantly detect if their communications are being intercepted between point a and point b, and act accordingly (like generate a new traditional key and try to send it again). At least this is my non-physics-major understanding of the quantum based encryption techniques. They all require expensive specialized tools and connections, like laser beams or straight point to point fiber optic cables. Not something civilians will be using any time soon imo.

In short, traditional encryption scrambles data so that if it is intercepted on the line the attacker can not see the plaintext, quantum encryption techniques transfer data in such a way that it cannot be intercepted in the first place, or can not be intercepted without the interception being immediately detected.
Title: Re: Tor network compromised - cogent isp (dea, cia, nsa)
Post by: SelfSovereignty on February 25, 2013, 01:36 pm
Good lord... I disappear from this thread for a week or two, and look at what I miss!  A wealth of info, kmfkewm.  I have no doubt that face-to-face a lot of people tend to be bored by your attention to detail (I've certainly learned most people don't care, at least), but I assure you, there are those of us who see the value it holds.  Of course you can't take anything at face value without at least a little healthy skepticism, but regardless -- your effort and info are appreciated :)