Mr.Edward Snowden recently released a new document regarding NSA(National Security Agency), that document name is "Tor Stinks".The document is regarding how NSA using browser cookies to identify Tor Users.
The NSA hasn't cracked the anonymizing service Tor, but they can track which people who use the service are free from surveillance.The anonymizing service itself appears to have foxed US and UK government snoops, but instead they are using a zero-day flaw in the Firefox browser bundled with Tor to track users.
Robert Hansen is a browser specialist at the security firm White Hat Security, said that Tor access node tracking is not new.
"A couple of years ago a hacking group published exactly 100 embassy passwords from Tor exit nodes. One hundred is too round of a number," he said. "Just logically there must be more. If you get enough exit nodes and entrance nodes, they can be correlated together."
Director of National Intelligence James Clapper criticized reporters and denied that his office was doing anything illegal, citing the threat of "adversaries."
The NSA has been able to use ad networks like Google's, and The Onion Router's own entry and exit nodes on the Internet, to follow some Tor users, according Edward Snowden document.
The presentation says that both the NSA and GCHQ run Tor nodes themselves , but these are only a very small number in comparison to the whole system. This makes tracking users using traditional signals-intelligence methods impossible.
There's also a case of diminishing returns as Tor becomes more popular. With each user acting as a transport node, the sheer scale of the system means it becomes steadily more difficult for the intelligence community to run enough nodes to be useful for tracking.
The agencies have also tried to use "quantum" cookies to track targets who are using Tor. Some cookies appear to persist after Tor sessions, the presentation notes, and the agencies are investigating if this can be developed into a working tracking system.
The lead of Tor developer Roger Dingledine saying " wrote in an e-mail to Ars. "Back when we used the 'toggle' model, you might have a cookie on your browser that was created when you were in 'not using Tor' mode. That cookie is really dangerous if they can get a hold of it while you're using Tor, because it links you to your 'non-Tor' identity. Now that the toggle model is gone, and Tor Browser is really good about clearing cookies when you close it, then tricking Tor Browser into telling you about its (temporary, session-only, only gotten over Tor) cookies is much less dangerous."
This same technique is using the Chinese government to block its citizens from reading censored internet content, and has been hypothesized as a probable NSA attack technique, but neither effort was successful enough to compromise the network as a whole.
This Is the "Tor Stinks" Presentation
The slides suggests that the cookie attacks threaten Tor users who run up-to-date software and follow best-practice advice repeatedly offered by Tor volunteers. Of course, it's possible the NSA and GCHQ have techniques. Chief among them is the use of Quantum servers to redirect Tor users to sites that exploit security vulnerabilities to surreptitiously install malware on their computers. Such attacks have long been recognized as a risk, but they come at a cost to spy agencies since success requires the availability of a vulnerability in a current version of the software that can be exploited with no indication to the end user. That requirement makes it harder for agents to carry out the attacks against large numbers of targets.
The NSA hasn't cracked the anonymizing service Tor, but they can track which people who use the service are free from surveillance.The anonymizing service itself appears to have foxed US and UK government snoops, but instead they are using a zero-day flaw in the Firefox browser bundled with Tor to track users.Robert Hansen is a browser specialist at the security firm White Hat Security, said that Tor access node tracking is not new.
"A couple of years ago a hacking group published exactly 100 embassy passwords from Tor exit nodes. One hundred is too round of a number," he said. "Just logically there must be more. If you get enough exit nodes and entrance nodes, they can be correlated together."
Director of National Intelligence James Clapper criticized reporters and denied that his office was doing anything illegal, citing the threat of "adversaries."
The NSA has been able to use ad networks like Google's, and The Onion Router's own entry and exit nodes on the Internet, to follow some Tor users, according Edward Snowden document.
The presentation says that both the NSA and GCHQ run Tor nodes themselves , but these are only a very small number in comparison to the whole system. This makes tracking users using traditional signals-intelligence methods impossible.
There's also a case of diminishing returns as Tor becomes more popular. With each user acting as a transport node, the sheer scale of the system means it becomes steadily more difficult for the intelligence community to run enough nodes to be useful for tracking.
The agencies have also tried to use "quantum" cookies to track targets who are using Tor. Some cookies appear to persist after Tor sessions, the presentation notes, and the agencies are investigating if this can be developed into a working tracking system.
The lead of Tor developer Roger Dingledine saying " wrote in an e-mail to Ars. "Back when we used the 'toggle' model, you might have a cookie on your browser that was created when you were in 'not using Tor' mode. That cookie is really dangerous if they can get a hold of it while you're using Tor, because it links you to your 'non-Tor' identity. Now that the toggle model is gone, and Tor Browser is really good about clearing cookies when you close it, then tricking Tor Browser into telling you about its (temporary, session-only, only gotten over Tor) cookies is much less dangerous."
This same technique is using the Chinese government to block its citizens from reading censored internet content, and has been hypothesized as a probable NSA attack technique, but neither effort was successful enough to compromise the network as a whole.
This Is the "Tor Stinks" Presentation
The slides suggests that the cookie attacks threaten Tor users who run up-to-date software and follow best-practice advice repeatedly offered by Tor volunteers. Of course, it's possible the NSA and GCHQ have techniques. Chief among them is the use of Quantum servers to redirect Tor users to sites that exploit security vulnerabilities to surreptitiously install malware on their computers. Such attacks have long been recognized as a risk, but they come at a cost to spy agencies since success requires the availability of a vulnerability in a current version of the software that can be exploited with no indication to the end user. That requirement makes it harder for agents to carry out the attacks against large numbers of targets.
No comments:
Post a Comment