Privacy is something that many people think they want and have on the internet. Of course, most of us actually know that Privacy is not something that really exists in the broader internet. Unless you control all points in the traffic stream, someone can read your communication. Even proxy services like TOR are no guarantee of privacy or anonymity. Proxy services are vulnerable to a multitude of packet and flow monitoring that allow for some fairly easy unmasking techniques.
Gasp! There has been another published attack on the TOR Project. This time the attack and compromise technique comes from the gang at Princeton. The Princeton team claims that their new methods are around 95% successful and only require traffic in one direction. The information that they have presented is interesting and certainly could be used to grab information from users of the anonymous service, but it is not really new and not surprising to hear about.
Just when you thought it was safe to get back on the internet privately. Although we have maintained that TOR has never been the end-all of anonymity we are surprised to finally see public conformation of techniques that have been around for years. In a report that discusses the use of flow records for detecting users on proxy networks we find that the tools to track you through TOR and many other networks have been right there all along.
When you hear people talking about anonymity on the internet it most people will think privacy. When companies hear anonymity on the internet they think piracy, crime, hacking and lost revenue. This is probably the biggest disconnect in the internet age, companies want to monetize your personal information. This is big money and (as we have said more than once) is a commodity that they have been trying to legalize for more than a decade.
The words anonymity, privacy and security go hand in hand… in hand. Although the term anonymity is often seen as a bad thing by law enforcement and policy makers the truth is that it is a critical part of the security chain and is something that needs to be addressed in the way communications happen over the internet. Simply put, how can an attacker get to you if they do not know where you are coming from? Anonymity is a form of security that is in common use by the “red” team so why not put this to use in protecting the green?
Over the weekend a story broke that alleged that the NSA (National Security Agency) and GCHQ (Government Communications Headquarters) might actually be helping the Tor network to find and fix bugs in their systems. The news that this might be going on appeared to come as a shock to most people and new agencies reporting on rumor. Of course if you look at the Tor project’s history and the way it is still used today you will find that it is actually in the best interest of the governments in question to keep TOR alive and healthy.
In the late-90s the world was shocked when a single collection of code was able to destroy a number of computers through malicious instructions. Named Chernobyl (or CIH and Spacefilter) this virus was able to overwrite data and even the BIOS on systems. It infected around 60 million computers and cuase upwards of $1 billion in damages around the world. Although there were other viruses before this nasty bug hit the scene, CIH was the start of the anti-malware commercial machine. It was not until after CIH that we really saw companies spring from the ground offering protection from future events like CIH.
Following on the heels of the removal of a talk about unmasking users of the TOR network we are now hearing that someone has been attacking the anonymity service for the last 5-6 months in an attempt to ind out who is using the service. The TOR Project has just warned its users about an attack that is trying to expose users.
On Friday we wrote about a talk that was canceled at Black Hat 2014. This talk was to discuss a flaw in the Tor anonymizing network that would allow almost anyone to identify users on the network. This morning we find out that the Russian government is actually offering a reward (around $111,000) to anyone that can come up with a reliable method to do this very thing.
The news is all abuzz with the compromise of the Tor (Originally The Onion Router) Network. This network has been used by a wide variety of people who are looking for a degree of anonymity. It relies on the use of different entry and exit point to prevent someone from identifying your exact IP Address or MAC address. In-between these point there are different hops that further confuse the trail. In basic terms your system is masked by the exit point which is selected randomly by the system. Now in addition the anonymity services for individual users there are also servers that host websites and even anonymous email services. Some have called this the “dark net” or “deep web” although that is not actually the case (the dark net is something else entirely). Many of these sites are legitimate sites that need to protect their readers from less than understanding authorities, but there are a larger number that are not above board at all including many sites that host child pornography.