Zum Inhalt wechseln

Als Gast hast du nur eingeschränkten Zugriff!


Benutzerkonto erstellen

Du bist nicht angemeldet und hast somit nur einen sehr eingeschränkten Zugriff auf die Features unserer Community.
Um vollen Zugriff zu erlangen musst du dir einen Account erstellen. Der Vorgang sollte nicht länger als 1 Minute dauern.

  • Antworte auf Themen oder erstelle deine eigenen.
  • Schalte dir alle Downloads mit Highspeed & ohne Wartezeit frei.
  • Erhalte Zugriff auf alle Bereiche und entdecke interessante Inhalte.
  • Tausche dich mich anderen Usern in der Shoutbox oder via PN aus.



[Article] NSA vs. Tor Network

* * * * * 5  ( 1 Stimmen )

  • Bitte melde dich an um zu Antworten
Keine Antworten in diesem Thema



    Script Kiddie

  • Premium Member
  • Likes
  • 47 Beiträge
  • 308 Bedankt
  • 695218901
  • Android [root]
  • Windows, Linux

This article was taken from the hiddenwiki, no author is stated (obviously)


Some user still seem to be quite uncertain about that topic, so..


NSA vs Tor

The National Security Agency has had limited success in cracking Tor communications. Here's what we have learned about the anonymizing network.



NSA thinks Tor stinks

It's a measure of Tor's reliability that a secret NSA presentation -- labeled "top secret" -- sports the title "Tor Stinks." The presentation reads, "We will never be able to de-anonymize all Tor users all the time," and adds, "With manual analysis we can de-anonymize a very small fraction of Tor users." But that de-anonymization, to date, appears to have been random. Notably, the agency reports no success at unmasking the identity -- in response to a specific intelligence or law enforcement demand -- of a specific requested Tor user.

Meanwhile, another top-secret briefing document dubs Tor "the king of high-secure, low-latency Internet anonymity." In other words, earlier advice from Snowden himself -- about how strong encryption and Tor were reliable techniques for avoiding the NSA's digital dragnet -- appear to remain true.


NSA still actively targets Tor

Still, NSA documents published by The Guardian show that the agency does have a collection of practical techniques, dubbed EgotisticalGiraffe, for attempting to defeat Tor. The techniques used by the agency for outing some small fraction of users have included everything from "cookie leakage" to "dumb users (EPICFAIL)," with the latter no doubt referring to people who inadvertently reveal their identity despite using Tor.


Attacks haven't cracked Tor itself

But according to cryptographer and information security expert Bruce Schneier, who's been reviewing documents leaked by Snowden, the NSA hasn't succeeded in breaking Tor itself. "Tor is a well-designed and robust anonymity tool, and successfully attacking it is difficult," Schneier said Monday in a blog post. "The NSA attacks we found individually target Tor users by exploiting vulnerabilities in their Firefox browsers, and not the Tor application directly."

However, Schneier added, anyone who wants to make life more difficult for the NSA can also turn off vulnerable services like scripts and Flash when using Tor, making it difficult to target those services.

The NSA has enjoyed some past success by attacking bugs in the Firefox browser, which is used to create the prebuilt Tor Browser Bundle. "The good news is that they went for a browser exploit, meaning there's no indication they can break the Tor protocol or do traffic analysis on the Tor network," said Tor project core member Roger Dingledine (aka "arma") in a blog post. "Infecting the laptop, phone or desktop is still the easiest way to learn about the human behind the keyboard."

Another upside of the NSA's limited success is that even when it can unmask Tor users, it risks losing that capability by using it too frequently. "Tor still helps here: you can target individuals with browser exploits, but if you attack too many users somebody's going to notice," Dingledine said. "So even if the NSA aims to surveil everyone, everywhere, they have to be a lot more selective about which Tor users they spy on."


Fingerprints Track Tor Users

How has the NSA tracked some Tor users? This begins with NSA's ability to eavesdrop on the large portions of the Internet with the help of "partner" U.S. telecommunications companies, through programs with codenames such as Blarney, Fairview, Oakstar and Stormbrew.

"The NSA creates 'fingerprints' that detect HTTP requests from the Tor network to particular servers," Schneier explained. "These fingerprints are loaded into NSA database systems like XKeyscore, a bespoke collection and analysis tool that NSA boasts allows its analysts to see almost everything a target does on the Internet" -- including even encrypted VPN traffic.


NSA Sifts Internet To Spot Tor Use

The NSA then applies big data techniques -- using tools with codenames such as Tumult, Turbulence and Turmoil -- to identify Tor communications among the massive amount of Internet activity that it intercepts.

But detecting Tor use isn't the same as identifying any given Tor user. "The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the Internet, makes it easy to differentiate Tor users from other Web users," said Schneier. On the other hand, Schneier pointed out, the anonymity provided by Tor makes it impossible for the NSA to know who the user is, or whether or not the user is in the U.S. and thus most likely someone that the agency, by law, should not be surveilling.


NSA Redirects Tor Users To An Attack Server

If the NSA identifies a target that it wants to track, it then relies on a fleet of high-latency -- or "quantum" servers -- that try to redirect a targeted system to one of a series of NSA servers, codenamed FoxAcid, which launch man-in-the-middle attacks that attempt to infect the system.

"Once the computer is successfully attacked, it secretly calls back to a FoxAcid server, which then performs additional attacks on the target computer to ensure that it remains compromised long-term and continues to provide eavesdropping information back to the NSA," said Schneier.

Each FoxAcid server is a Windows 2003 computer configured with custom software and a series of Perl scripts, he said. The malware introduced by the servers can reportedly survive reboots.


FoxAcid Burns Only Designated Systems

FoxAcid servers are publicly reachable by any Internet user -- and disguised with innocuous names -- but serve exploits only against PCs that arrive via an HTTP link that includes a "FoxAcid" tag. These tags are reportedly sometimes also served up via phishing attacks.

A Guardian story detailed a sample URL for a FoxAcid server -- although this was later redacted -- that demonstrates how the servers may disguise their true identity. "Note that the server sometimes serves up an EFF link," tweeted Jacob "ioerror" Appelbaum, who's a core member of the Tor project, referring to the website of the Electronic Frontier Foundation.


Quantum Cookie Attacks

Another technique the agency might employ to track users has been via what leaked NSA documents describe as a Quantum Cookie, reported Ars Technica. Notably, one slide from the Tor Stinks presentation was titled "Analytics: Cookie Leakage," with references reading, "DoubleclickID seen on Tor and nonTor IPs." That suggests that an advertising cookie planted on a PC might allow the NSA to authenticate and track even a Tor-using PC.

But based on a technical review of what's included in the slide, the cookie attack focused on "Torbutton," a Firefox extension that Tor stopped supporting in May 2011 after ongoing reports that it leaked data.


NSA Spies For Foreign Intelligence, Counterintelligence Purposes

The U.S. government hasn't sat on the sidelines while these secret intelligence agency operating procedures have been publicized. In a statement released Friday, director of national intelligence James R. Clapper argued that recent press accounts about the NSA's surveillance techniques "fail to make clear that the intelligence community's interest in online anonymity services and other online communication and networking tools is based on the undeniable fact that these are the tools our adversaries use to communicate and coordinate attacks against the United States and our allies."

In addition, he said, the agency must -- and does -- comply with laws that restrict its spying to "valid foreign intelligence and counterintelligence purposes."

But as Schneier noted, since the agency can't distinguish Tor users who are American residents from foreigners -- or even terrorists -- users of anonymizing services such as Tor will likely remain at risk of being tracked by the agency.

  • Cube, lNobodyl, Take1T und 3 anderen gefällt das

Please like the thread if you've found this useful!


Pidgin otr:g0rillaz_c0dz.exploit.im

Eingefügtes Bild

  Thema Forum Themenstarter Statistik Letzter Beitrag

Besucher die dieses Thema lesen:

Mitglieder: , Gäste: , unsichtbare Mitglieder:

This topic has been visited by 52 user(s)

    b.giuseppe74, blue_eyed_devil, bumg2, Bypass, c3fC, Caruso, casamonica, ChEeTaH182, creamfresh, Crowx88, Cube, cX., Denver, desmond, exetex, FabioATS, fcrasher, fineproxy, Framerater, franch, g0rillaz, Giganet, H2Olli, Hydra, Jack_Frost, Jackdaniels, Kaban, keyb0ardz, kiwitone, L!x, lNobodyl, lolorollo, n1nja, netSecMushroom, nikita, Osed28, pdr0, Pentoman, raider, Sandoz, schw3ngel, Silasge, stoneserv, Swiper, Take1T, therealjayvi, Toolbase, x64ktg, xCranked, Xenos88, zepsus, Zorrez
Die besten Hacking Tools zum downloaden : Released, Leaked, Cracked. Größte deutschsprachige Hacker Sammlung.