Silk Road forums

Discussion => Silk Road discussion => Topic started by: bouclelan on October 04, 2013, 03:41 pm

Title: Attacking Tor: how the NSA targets users' anonymity
Post by: bouclelan on October 04, 2013, 03:41 pm
http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity

Possible solution to setting up a unnoticed tor> Get the program on thumb drive from an internet cafe etc

Install on a hidden virtual machine.
Title: Re: Attacking Tor: how the NSA targets users' anonymity
Post by: Kiwikiikii on October 04, 2013, 04:43 pm
this is some serious shit. clearnet is no longer safe.
Title: Re: Attacking Tor: how the NSA targets users' anonymity
Post by: Evoc on October 04, 2013, 06:28 pm
What does any Tor expert make of all this??? I'd be keen to hear an opinion of someone with a lot of knowledge of the system and tactics to avoid this happening?
Title: Re: Attacking Tor: how the NSA targets users' anonymity
Post by: IForgotMyFuckingPassword on October 04, 2013, 06:53 pm
http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity

Possible solution to setting up a unnoticed tor> Get the program on thumb drive from an internet cafe etc

Install on a hidden virtual machine.
Most of it says that they can identify TOR traffic, not individual users, with some notable exceptions. And that's never been a big secret. Wouldn't surprise me if the NSA was running exit relays to spy on traffic.

To be honest, the part about the vulnerability of TBB is very old news/ (like 1-2 months old).

It's believed that that's how they found Freedom Hostings servers. It attacks older versions of Firefox (TBB uses FF 17 ESR). The malware they use phones home with the OS version and real IP of the user. There's information about it on the torproject site.

TOR never promised anyone complete anonymity. Torproject has always stated that there is still a risk of being unmasked if you're careless.
Title: Re: Attacking Tor: how the NSA targets users' anonymity
Post by: Evoc on October 04, 2013, 07:11 pm
http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity

Possible solution to setting up a unnoticed tor> Get the program on thumb drive from an internet cafe etc

Install on a hidden virtual machine.
Most of it says that they can identify TOR traffic, not individual users, with some notable exceptions. And that's never been a big secret. Wouldn't surprise me if the NSA was running exit relays to spy on traffic.

To be honest, the part about the vulnerability of TBB is very old news/ (like 1-2 months old).

It's believed that that's how they found Freedom Hostings servers. It attacks older versions of Firefox (TBB uses FF 17 ESR). The malware they use phones home with the OS version and real IP of the user. There's information about it on the torproject site.

TOR never promised anyone complete anonymity. Torproject has always stated that there is still a risk of being unmasked if you're careless.



When you say careless, how do you mean.

Like when one would do business without using encryption or that one may use some site which is registered to their real name while other dark sites are open??

Just any elaboration on your post would teach me a slight bit more in keeping anonymous on here.

Peace out,
Evoc
Title: Re: Attacking Tor: how the NSA targets users' anonymity
Post by: IForgotMyFuckingPassword on October 04, 2013, 07:25 pm
http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity

When you say careless, how do you mean.

Like when one would do business without using encryption or that one may use some site which is registered to their real name while other dark sites are open??

Just any elaboration on your post would teach me a slight bit more in keeping anonymous on here.

Peace out,
Evoc

I'm afraid I'm not going to teach you anything as most of this is well known and publicly available.

Careless as in one or more of the following: using the same username on SR or the forums that you do on other sites; revealing information about yourself, your profession, interests/hobbies, etc.;  installing additional extensions in TBB that cause security leaks; running flash content or java applets; reconfiguring TBB settings IF you don't know what you're doing. There are a bunch of other things listed on the torproject site.

And they do specifically warn that traffic passes through the exit node unencrypted, making it easy to intercept by spying on exit nodes.

They also can analyze your comments in forums against other things that you've publicly written using accounts known to be yours.
Title: Re: Attacking Tor: how the NSA targets users' anonymity
Post by: Lefisca on October 04, 2013, 07:35 pm
I think he means A. Running an outdated version of TBB or Firefox that the attack exploited, B. Browsing Tor with JavaScript enabled, or C. Something about exit nodes that I don't understand, like connecting to a clearsite from Tor and searching Google for something that can identify you.  I think, but I'm not completely sure, that someone said you can have Tor open, and another window with another browser, and whatever you're doing on the clearnet cannot be connected with your Tor activity.  Though I'd like to know for sure about that one!

Is anyone a lawyer, or know the law enough to interpret civil rights and constitutionality as it applies to our right for our internet activity to not be monitored by our own government?  Has this ever been challenged before?  It seems like a violation of privacy.  I'm not a drug person, I could take them or leave them, but I am a huge supporter of liberty and privacy.  That is why I use Tor and join these forums, because I like talking to like-minded people and keeping up with these developments.
Title: Re: Attacking Tor: how the NSA targets users' anonymity
Post by: IForgotMyFuckingPassword on October 04, 2013, 08:03 pm
I think he means A. Running an outdated version of TBB or Firefox that the attack exploited, B. Browsing Tor with JavaScript enabled, or C. Something about exit nodes that I don't understand,
That and the other stuff I mentioned. The exit nodes part doesn't necessarily identify you. What I mean is that they can spy on exit nodes, which in and of itself may or may not identify you. They tend to look for patterns though.

I think, but I'm not completely sure, that someone said you can have Tor open, and another window with another browser, and whatever you're doing on the clearnet cannot be connected with your Tor activity.  Though I'd like to know for sure about that one!
That's my understanding too, although I was told never to connect to the same server at the same time with both TBB and your non-TOR browser.

Is anyone a lawyer, or know the law enough to interpret civil rights and constitutionality as it applies to our right for our internet activity to not be monitored by our own government?  Has this ever been challenged before?  It seems like a violation of privacy. 

I'm not a lawyer, but if you've been following the whole PRISM, NSA, FISA court scandal, then the answer is yes, they can spy on your browsing. With a site like SR, you're talking about international communications. FISA gives the government the authority to spy on communications between  US citizens and foreign nationals. Even if you're only dealing with people domestically, TOR is routing you through other countries.

I don't know if that's always been the case or not, but since beginning of the Patriot Act and the war on terror, it's all done in the name of terroism prevention.

Even if you had some sort of constitutional protection, all they have to do is appear before the FISA court and get a warrant to spy on you.
Title: Re: Attacking Tor: how the NSA targets users' anonymity
Post by: robotrippin on October 04, 2013, 08:06 pm
Here's another article discussing the thread topic for anyone interested. Obviously clearnet.

http://rt.com/usa/nsa-target-tor-network-739/


If nothing else this just reinforces how vital it is to be up to date on all personal security measures and even then you can never be too careful. Stay safe people. Long Live SR and fuck the feds!
Title: Re: Attacking Tor: how the NSA targets users' anonymity
Post by: Evoc on October 04, 2013, 08:14 pm
http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity

When you say careless, how do you mean.

Like when one would do business without using encryption or that one may use some site which is registered to their real name while other dark sites are open??

Just any elaboration on your post would teach me a slight bit more in keeping anonymous on here.

Peace out,
Evoc

I'm afraid I'm not going to teach you anything as most of this is well known and publicly available.

Careless as in one or more of the following: using the same username on SR or the forums that you do on other sites; revealing information about yourself, your profession, interests/hobbies, etc.;  installing additional extensions in TBB that cause security leaks; running flash content or java applets; reconfiguring TBB settings IF you don't know what you're doing. There are a bunch of other things listed on the torproject site.

And they do specifically warn that traffic passes through the exit node unencrypted, making it easy to intercept by spying on exit nodes.

They also can analyze your comments in forums against other things that you've publicly written using accounts known to be yours.


Well ya basically contradicted your first sentence by writing the next but anyhow.

That is all I was wondering really about small details like that and little things that are no nos so I thank you for that.

Can I ask you this though, if a firefox message is popping up asking you to update to their most recent update, should you do it? I presume yes right?

Also, should I make sure that all my tor browsing is shut off while I do it.

And last question, I should never use any site on tor which isn't a .onion, is this correct??

Forgive my ignorance in not knowing this but your answer is greatly appreciated, thank you.

Peace out,
Evoc
Title: Re: Attacking Tor: how the NSA targets users' anonymity
Post by: isthereanyneed on October 04, 2013, 08:21 pm
Quick total noobish question but when running tor do you have to have javasripts disabled and it should show an S with a red circle around and line through it in the top left corner, like a no smoking sign, is that how it should be, if not I am fucked?

Title: Re: Attacking Tor: how the NSA targets users' anonymity
Post by: IForgotMyFuckingPassword on October 05, 2013, 03:35 am
http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity


Well ya basically contradicted your first sentence by writing the next but anyhow.

That is all I was wondering really about small details like that and little things that are no nos so I thank you for that.

Can I ask you this though, if a firefox message is popping up asking you to update to their most recent update, should you do it? I presume yes right?

Also, should I make sure that all my tor browsing is shut off while I do it.

And last question, I should never use any site on tor which isn't a .onion, is this correct??

Forgive my ignorance in not knowing this but your answer is greatly appreciated, thank you.

Peace out,
Evoc
Yes you should update Firefox when the updates come out, especially if it's an out-of-band (not regularly scheduled) update. You can verify that it's a legitimate update and see what the changes are on Mozilla's web site.

And if you're talking about TorBrowser, then you definitely should update. If you're browser is opening to the page check.torproject.org and it says there is a security patch available, then you should immediately download and install it. Just make sure you take the normal precautions about opening files downloaded through tor. You should also verify the signature if you know how. It's pretty easy in Windows and Linux. I've never tried in OS X, but I think it's the same commands as Linux.
Title: Re: Attacking Tor: how the NSA targets users' anonymity
Post by: IForgotMyFuckingPassword on October 05, 2013, 03:40 am
Quick total noobish question but when running tor do you have to have javasripts disabled and it should show an S with a red circle around and line through it in the top left corner, like a no smoking sign, is that how it should be, if not I am fucked?
Ummm yes and no. You're talking about the NoScipt icon. Sometimes the red lines don't show up on certain pages when there are no scripts being blocked, but generally yes.

If you want to be extra cautious, open up the Firefox/TorBrowser preferences and click on the content tab. Uncheck the box that says "enable JavaScript." Then you don't have to worry about NoScript.
Title: Re: Attacking Tor: how the NSA targets users' anonymity
Post by: StExo on October 05, 2013, 04:19 am
The overwhelming majority of general surface attacks that organisations like the NSA can initiate on a wide spectrum of people, for example the SilkRoad userbase and/or vendors is through undocumented browser exploits and 0-day exploits and like the FH one, people who were hit with it had no idea because no anit-virus will pick it up and there are no warning signs. Therefore, even disabling javascript is not protecting you to the best degree.

If you want to look into a better degree of protection, lookup a virtual machine deployment called Whonix - that is what people like me and astor use because it means even if the NSA done a full browser exploit and actually managed to get root access to the virtual machine it runs in, they still would not be able to identify your IP, hostname, mac address, hardware etc and so is pretty much right now the best protection you can use which doesn't require too much knowledge. Be wary it is persistent however and therefore you should keep the VM on an encrypted drive just like you would for all the usual programs. Whonix is significantly more secure than TAILS assuming you use it right and don't disable its security features so I'd recommend switching.

However, principles remain the same. If the NSA want to find you or want to access you're computer, you aren't going to be able to stop them sorry, they are simply too big, too powerful and have all the best people working for them, so the best you can do really is make yourself a smaller target by changing names regularly etc because it is infeasible for the NSA to go around creating individual exploits due to the cost involved and the amount of staff time it consumes.
Title: Re: Attacking Tor: how the NSA targets users' anonymity
Post by: IForgotMyFuckingPassword on October 05, 2013, 05:04 am
The overwhelming majority of general surface attacks that organisations like the NSA can initiate on a wide spectrum of people, for example the SilkRoad userbase and/or vendors is through undocumented browser exploits and 0-day exploits and like the FH one, people who were hit with it had no idea because no anit-virus will pick it up and there are no warning signs. Therefore, even disabling javascript is not protecting you to the best degree.
This is an excellent point +1 since my dumb ass forgot to mention it.

StExo is 100% right about them using 0-days to exploit browser vulnerabilities. And yes, these  aren't detected by AV software. I didn't think of it from that perspective because I don't run AV software on Linux. With the FH malware, I have no idea if those users had javascript enaled or not. It was a 0-day exploit in older versions of FF. Make sure your browser has the latest security patches installed! The FH malware affected unpatched versions of FF. IF you're using TBB, keep in mind that it uses FF 17 ESR. The current version of FF is 24, and I want to say that that particular 0-day was patched in FF 21. TBB has been patched since that happened. It's just a matter of time before the next one though.

If you want to look into a better degree of protection, lookup a virtual machine deployment called Whonix - that is what people like me and astor use because it means even if the NSA done a full browser exploit and actually managed to get root access to the virtual machine it runs in, they still would not be able to identify your IP, hostname, mac address, hardware etc and so is pretty much right now the best protection you can use which doesn't require too much knowledge. Be wary it is persistent however and therefore you should keep the VM on an encrypted drive just like you would for all the usual programs. Whonix is significantly more secure than TAILS assuming you use it right and don't disable its security features so I'd recommend switching.

I'd like to add that if you're running Windows, you're much more a risk. I run Linux, but I'm so small time as far as buyers go that I'm off the governments radar (or I'm on a part of it they've chosen to ignore).[/quote]

As for Whonix, I can't get my vm to install the workstation version. It doesn't recognize the file extension (and I did check the signature/checksum). But if you can get it working, it's a hell of a lot easier than running TAILS of a thumb. I hate running OSs on thumbs it's a PITA. VMs are better.

Give it a shot. I'm still working on that one. Even if you can't get it up and running, Try another Linux distro. You have to adjust some of the securrity features out of the box, but most Linux distros are easy to use and more secure than Windows.

However, principles remain the same. If the NSA want to find you or want to access you're computer, you aren't going to be able to stop them sorry, they are simply too big, too powerful and have all the best people working for them, so the best you can do really is make yourself a smaller target by changing names regularly etc because it is infeasible for the NSA to go around creating individual exploits due to the cost involved and the amount of staff time it consumes.
What's the old saying about the only kind of unhackable PC? It's something like the kind locked in a room by itself not connected to anything (can't remember the actual line, but it's something like that)

If you're a small time, personal use buyer who doesn't ordinarily have large sums of cash, who doesn't make suspicious bank transactions or cash out large sums of btc, then you don't need to worry as much. If your a vendor or a large reseller, it's a different stories.

You should follow StExo's advice; he's more of a security expert than me. But if you lack the technical know how to get that done and want to try another version of Linux, I can answer questions about all but the most advanced versions of Linux (don't ask me about Arch or Gentoo) and am willing to help anyone who can't figure it out. If you need help with something like that, PM me.