That Schneier article [1] is very technical and reveals quite a lot of interesting information. It was immediately flagged off HN front page by the flagging brigade [2]. It's highly recommended reading, though.
And its a picture of a guy with a bandit mask and an AK-47. I don't know about you guys, but all my Tor activities are performed in my Halloween costume!
I honestly can't believe something this tacky would end up in a presentation. Is this supposed to be propaganda?
It's a powerpoint, doubtless put together by a middle-manager who thought some clipart would spice things up. Internal presentations at pretty much every company I've worked for have been just as tacky.
and a beard... like terrorists can be stereotyped like that. This is more than just propaganda, this is the mentality of the type of people who put these presentations together. That fact that whoever wrote this presentation has profiled people like this. I would wager that 99% of online "terrorists" are sitting around in jeans and t-shirts, on safe soil, have probably never handled a gun, let alone an AK-47 (or whatever that is on his back), probably don't have a beard. The ones financing them probably spend their life wearing a suit and tie and are either driving a top of the line vehicle or are driven everywhere in a top of the line vehicle.
If you look at the world around us and review the history of terrorism, most of it's been funded behind the scenes by one of the major superpowers, and you can't overlook the fact that a large portion of this has been by backed by the US. It's funny how when the US wants a government toppled, the terrorists are "friendly" and funded and armed by the US government, but when they're counter to US interests, they're suddenly part of the axis of evil and must be destroyed...
Perhaps if they stopped funding this ignorant behaviour and stopped supplying munitions to these terrorist interests, the problem would eventually go away... spend more on education and tolerance towards all points of view, enlightenment, the world would become a more peaceful place.
When will "democratic" governments eventually realize that money and greed is not the best approach to the furthering the human experience on this planet.
Sorry, didn't mean to get off on a rant there, but that one picture triggered a bit of annoyance.
And banks don't actually keep money in big cloth bags with dollar signs on them. It's just clip art, and to say that it speaks to the mindset of a type of people you probably don't really know much about. I would hasten to say that your stereotypes are probably no more grounded in reality than those of the straw men your attacking.
>"If you look at the world around us and review the history of terrorism, most of it's been funded behind the scenes by one of the major superpowers, and you can't overlook the fact that a large portion of this has been by backed by the US."
While this assertion is not completely baseless, it's simply not correct, but is the kind of empty-headed moral equivalence that gets tossed around to unanimous approval among a certain class who consider a shibboleth of sophistication.
To wit, in the history of terrorism, we see the Irish Republican Army, The Tamil Tigers, the Red Brigade, the Weather Underground, FALN, Baader Meinhof group, the Symbionese Liberation Army, the current Chechen groups, the Hindu and Muslim groups prior to the formation of Pakistan, and frankly many more -- all without super power support. While some national actors have stepped up to support terror groups, superpower, or even great power support has been the exception rather than the rule.
During the cold war, the USSR, the US and China fought a number of proxy wars, and supported opposition groups in various national civil wars, mostly in Asia, Africa and Central America. Additionally, the CIA engaged in specific assassinations of political leaders largely in Latin America but not really what anyone would consider terrorism by the current definition. You're statement that a large portion of terrorism has been backed by the United States would require expansive definitions of 'large portion', 'terrorism' or 'backed' to be true.
It's clearly intended as a joke. It's a slideshow shown to people with technological backgrounds. Most people in computer-based work have seen poorly selected stock photos like these to depict hackers/terrorists/whatever.
In all fairness, most countries do. Watching South American leaders lately shows the exact same behavior. Find a foreign devil for everyone to rally against to hide domestic issues.
Soviets were not some bogeyman. They were real, their spies were real, and the international communist movement they sponsored was real.
Rosenbergs and others did spy for the Soviets. They did successfully transfer secrets related to the atomic bomb. And they were ideologically motivated.
Communist would have been a better word to use than Soviet. Soviet was relatively specific, but broad swaths of the world got labelled communist. While it's true that the Soviets were more than boogeymen, I think that the broader point stands that Americans (and everyone else really) tend to have some convenient, reductionist label to apply to "others" that is broadly taken as a synonym for "evildoer". "Terrorist" is the fashionable label today.
I may be reading you incorrectly, but I get the sense you consider what the US/West does somehow isn't ideologically motivated or that having any such motivations is inherently sinister? Of course they were, just like the US is ideologically motivated. Defending and furthering capitalist goals is no less ideologically motivated than defending and furthering communist goals.
> Replicants are like any other machine. They're either a benefit or a hazard. If they're a benefit, it's not my problem.
These people's job is to fight (their government's definition of) terrorists. It's not automatically in the job description to develop a nuanced view of terrorism, of various categories of hackers, etc. -- except to whatever degree it helps them to understand their enemy and thereby stop them.
People often do this even in jobs where the stakes are lower -- if you're running a struggling grocery store competing with a SuperWalMart, WalMart are the bad guys, even if the people who work at WalMart are perfectly nice people just trying to earn some money to raise a family.
Having said that, yes -- it's obviously particularly dangerous to go around branding anyone you have a problem with a terrorist.
I'm not sure. You can imagine that presentation in some run-of-the-mill crappy company meeting full of 9-5ers, but it's hard to imagine intelligent people with good educations presenting information to each other like that. I know there are all sorts of contractors, but would they really be discussing such weighty issues?
I thought it was more of a Zorro mask. It's very suspicious that the entire presentation seems to undermine the supposed severity of the issue with very silly names and pictures...
This should provide clear warning to anyone who might consider themselves a cypherpunk: Even if you don't think that you are at war with the US government, the US government (and likely most other governments) believes it is at war with you.
It's all part of the theatre and propaganda. Make the weak minded believe that everyone's the boogeyman. At least people on the internet can think critically and say "Er, this doesn't sound right"
When will everyone get off the bandwagon of referring to anyone that's willing to actually stand for their beliefs counter to U.S. interests a terrorist? It's gotten to the point where the word terrorist just makes me roll my eyes and say "whatever", I'm becoming desensitized to it, just like most of the UK did growing up in England during the height of IRA campaigns. After a while, it just became a tedious pain in the ass and everyone switched off.
General conclusion from all of the published leaks is that GCHQ punches (in technical capability and general quality of work) way above its weight class (funding and presumed staffing levels); they also seem much more willing than NSA to be completely unbound by any idea of domestic user privacy. Which is fitting for a country with the number of CCTV cameras they have.
Although, in effect I think you are right about GCHQ, that whole CCTV thing is pretty much a myth founded in a deeply flawed study focussed on a street in Central London. 90% of CCTV is privately owned, and if you step out of the metropolis CCTV is no more abundant than anywhere else. I suggest you stop using that argument with regard to the UK as it undermines your absolutely valid post.
They actually saw it as their job to make the experience of anyone using Tor difficult.
Isn't that kind of like the police deciding to make the roads full of potholes because that would make it more difficult for bank robbers to get away in a car.
Then again, considering the quality of the roads these days, maybe they are way ahead of me on that.
Police have to use the same roads. The presentation leads me to believe that they do not want to scare people away from Tor, so they can track at least some users, but probably/obviously have their own network/servers for anonymous connection that will not be impacted.
Otherwise yes, it seems stupid to make Tor unusable as a whole.
Depressingly, the document talks about plans to make Tor less reliable to dissuade people from using it:
> Could we set up a lot of really slow Tor nodes ... to degrade the quality of the network?
> Given CNE access to a web server make it painful for Tor users?
At least the document seems to confirm that GCHQ has a really, really hard time de-anonymising Tor users.
I'm pretty sure Tor does smart peer profiling/selection to optimize for throughput. Lots of people run Tor relays on their silly little home DSLs and Tor still works.
Which is why the slide also talks about reporting as if being a high throughput node. i.e. Report back that you're handling a lot of traffic quickly while handling traffic very badly. Does Tor have protection against a node doing that?
This could be countered by setting up a lot of fast nodes. Stealthier malicious nodes that selectively drop or tar-pit traffic though would be harder to fight...
Doesn't look like a very ethical/professional presentation. But then again, who said everyone's professional in all agencies. Its a conjecture to think our laws are systematically enforced by ethical folks.
If I had a few million dollars to run compromized Tor nodes, and the ability to subpoena (and gag order) any Tor node operator in USA, UK and a couple of other major countries to give me their keys, I would be able to easily de-anonymize a large portion of the network.
It is commonly assumed that the NSA/CIA run a substantial portion of the exit nodes. Morever, they are a global adversary (one Tor is not designed to defeat).
Does anyone know what the QUANTUM attack they refer to is? It doesn't seem like quantum computing on the face of it; It looks like it may be a system used to disrupt traffic on the internet, possibly man in the middle attacks.
Edit: I found a reference to something called a "Quantum Insert" in an article related to GCHQ. They state the following:
According to the slides in the GCHQ presentation, the attack was directed at several Belgacom employees and involved the planting of a highly developed attack technology referred to as a "Quantum Insert" ("QI"). It appears to be a method with which the person being targeted, without their knowledge, is redirected to websites that then plant malware on their computers that can then manipulate them
"To trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target's browser to visit a Foxacid server.
In the academic literature, these are called "man-on-the-middle" attacks, and have been known to the commercial and academic security communities. More specifically, they are examples of "man-on-the-side" attacks."
Read more here: www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity
Can we translate that to something sane? Is it "shorter BGP/more specific route announcement?" Or some kind of MITM by being directly in line? Assuming it is TCP traffic, just being "faster to respond" doesn't help all that much without some other logic.
If I were MITMing with full cooperation of only a subset of a network carrier, I'd probably go for some route announcement tricks; easier to interface with the rest of the organization, and due to lack of filtering internally, not much config change required. Would fail safely (== non-detectably), also, and could potentially be explained away as "oh, shit, some stupid ISP leaked routes".
(I guess you could give bad dns responses, too, and then go from there, but that sounds more detectable at the end user device, which is very undesirable.)
This is enabled by a very obvious flaw in the CA infrastructure that SSL/TLS is based upon. All it takes is someone with leverage over the top level certificate authority and the DNS servers you use and there's nothing you can do to detect that's what's going on. That's a huge and very obvious flaw in the system that anyone questioning what they can trust on the internet should have spotted a mile away.
Pretty sure it is. If you need serious anonymity, like if your life depends on it, get a botnet and use the trojaned PCs as proxies. Use public WiFi, and use cheap laptops that you replace regularly and/or VMs, and don't forget to fake your MAC address. Create multiple fake personas to confuse attackers. Have stuff you write rephrased by someone else, so they can't do a corpus analysis on your writings. Do as much offline as possible. If you have to transfer information, avoid the internet. Use dedicated lines, dialup, dead drops, etc. etc.
"The good news is they [NSA] went for a browser exploit..."
- Roger Dingledine, President of Tor project
It seems there are assumptions among parties that employ "browser exploits" against unsuspecting users that the persons targeted will be using "modern", complex, Javascript-enabled, graphical browsers, and that they'll use these browsers to retrieve content from the network and to view that content on machines with writeable permanent storage that can connect to the network. Am I misreading all these tales of browser exploitation?
Can these parties accomodate reboots from read-only media, text-only browsers, write-protected storage and offline viewing of content?
Maybe the problem isn't so much with Tor as with with the popular browsers and their gratuitous complexity.
The slides were from over a year ago, I'm sure a lot has changed since then. Also the timing of this is very suspect, obviously it's been in the news and the Guardian either want to run with this new line brought on by the Silk Road "bust", or they just want to "soothe" (take as you will) our worries with the network.
Would also love to know more about NEWTONS CRADLE, anyone heard of anything more specific?
I think your original conclusion, 2007 is correct.
What exactly does sourced vs dated even mean?
The document states "still investigating" for multiple issues. It doesn't take the NSA 6 years to investigate these things.
The questions are very basic, such as, browser/JS exploits, leftover cookies, and owning the majority of nodes. That is hardly top secret, all of these were things that were public concerns long ago.
The other alternative is they just don't care. They can still slurp down a good portion of the incoming and outgoing email traffic. If one of wikileak's origin stories are to be believed most Tor users have no idea how Tor works or what they are actually doing, including government operators (with the appropriate code name EPICFAIL on page 9.)
Going completely off topic, I had an idea earlier. Bitcoin right now is using something around 16,000 petaflops of processing. This shows that when proper incentives exist massive computational and network resources can be utilized in a distributed manner.
What if a protocol existed which forced user participation or required them to exchange a store of value to use it? For example, if a user acted as a node (relay not exit) they mined a currency (probably inflationary.) If a user did not act as a node, they had to pay a currency which would then be distributed to exit node operators. The currency could be bought and sold through exchanges rather than to a central commercial entity.
The end goal, besides having a lot more network bandwidth, would be to have so many relay and exit nodes running it would be economically impossible for a single entity to compromise a significant number of them.
After reading many of these articles about the NSA I keep wondering if they have an office specifically tasked with thinking up code names for these projects. I personally would find it difficult to keep them all straight—this article, for example, contained a new one to me: ONIONBREATH.
Just an odd image in my mind of a group of top-security clearance, extremely well trained, able-minded people who think up silly code names like these.
I also quite like the point "Analytics: Cookie Leakage", like anyone that uses Tor doesn't use it in incognito mode with cookies disabled... or flushes their cookies before they use anything else...
... that either says they're stupid, or they're only after stupid terrorists... as if they're the ones they should really be concerned about.
I think Tor recommends surfing from a dedicated virtual machine, IIRC, which is probably the safest way to surf, though something like Flash or Java can still probably report the actual host IP.
Somehow I find this presentation reassuring. It mainly suggests to me, that the NSA/GHCQ has to do 'honest' traffic analysis, implying that they did not break any of the crypto primitives used in Tor.
So, according to these documents, NSA and GCHQ do have few "owned" exit nodes, but not so many, hence, they want to own more. Interestingly enough, GCHQ set up Tor exit nodes on the AWS cloud.
Given that it says that the NSA and the GCHQ is trying to setup tor nodes.. is it possible for us to identify these nodes? Some sort of trust network perhaps?
