[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Click for more| Home]

Unkown attackers deanonymize Tor users

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.

Thread replies: 100
Thread images: 7

>>Unfortunately, it's still unclear what "affected" includes. We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up). The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service. In theory the attack could also be used to link users to their destinations on normal Tor circuits too, but we found no evidence that the attackers operated any exit relays, making this attack less likely. And finally, we don't know how much data the attackers kept, and due to the way the attack was deployed (more details below), their protocol header modifications might have aided other attackers in deanonymizing users too.

https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
>>
>>43296242
Isn't this the type of attack people have been warning us is possible for quite some time now?
>>
IT'S OVER GUYS
>>
I truly don't understand why people would do this. TOR is a great tool to remain anonymous but there are always cunts to ruin it for the rest.
>>
>>43296275
No, realistically Tor has been vulnerable for a long time now, but for a lot of people it is still the best solution available. Some privacy is better than no privacy.
>>
>>43296242
>unknown
Hmmm, I really wonder who that could be...
You know I don't even want to make some shitty ebin comment here, you'd have to be fucking clueless to not understand who would be behind that. The Rubbermints

>>43296307
I truly do understand why people would do this
>be gubbermintz
>want to screw anonymity to gain more power
>do so
>?????
>profit
>>
>>43296275
not really.

this kind of attack isn't *really* in tor's threat model and they've known about it for ages. this one just happens to exploit unintentional design flaws within tor to do it, which they're fixing.

but if someone is controlling all the nodes passive surveillance can still determine your point of entry. this is why other methods are useful in addition to tor.

nothing is flawless for anonymity, though.
>>
I still think TOR is safe, this could be classic gov shit to make people not use this software...
>>
there was going to be a be a big presentation about this at defcon but "lawyers" had it cancelled last minute
>>
>>43296242
This is why you also use a vpn
>>
>>43297610
and also preferably a few ssl hops after tor, outside of fvey territory
>>
>>43296402
>passive surveillance can still determine your point of entry. this is why

Newfag hear
Is it a good thing to be an exit node when using TOR - am I right in saying the more cool exit nodes the less the controled noded can capture - is it somthing that is not worth it if you are just a homw user? or will it still be some help - also does it "mark" you more if your an exit node?
>>
>>43297856
More newfag:

How safe is TOR in reality - assuming you setup firefox with all the good addins to help keep you signiture to a minimum?
>>
>>43297856
Controlling exit nodes isn't the only way traffic can be passively captured. If you control the backbone, you have access to all of it.

Basically, Tor doesn't protect you against the NSA and other sigint agencies doing this kind of surveillance... especially if they're adding fingerprinting to the headers.
>>
>>43296307
Only terrorists care about privacy, goy.. err, guy. Are you a terrorist?
>>
File: 1406245748684.png (2MB, 1064x983px) Image search: [iqdb] [SauceNao] [Google]
1406245748684.png
2MB, 1064x983px
>>43296242
>Unknown attackers


heh
>>
>>43296307
The government
Turbo whiteknight retards who think Tor = Criminals

Also I am kinda glad this happened. It's a good thing if they blow their load early and cause people to fix current vulnerabilities and find others. Otherwise some really bad shit could happen to a lot of people.
>>
>>43298152
we need a total redesign of tcp/ip with security in mind.

proposals exist. it just needs to be implemented. meshnets will probably help with this.
>>
>>43298047
>the NSA and other sigint agencies doing this kind of surveillance... especially
So is it true to say their is absolutly no know way to stop the NSA level of snooping - TAILS, TOR, VPN, ect ect - nothing in the known universe? Or is there, but it would be extreamly complex to implement...? You just feel so helpless against NSA - my thoughts are mine for me to share with only the people I care to... kinda basic human rights privacy - have nothing to hide in a "leagal" way just don't like not having control.
>>
>>43298205
The US would never let that happen.
>>
>>43298220
this is the first bit of hard evidence that anyone has been actively doing passive timing attacks... but it's always been theoretically possible and it was never in the scope of tor's threat model to begin with.

multiple hops outside the territory where the surveillance takes place can help, along with other things. but ultimately, the issue is that the way we do routing wasn't designed for privacy.
>>
>>43296307
Governments and jewvernments are trying their hardest to "crack" Tor, pumpings loads of cash to get some nerds to do it for them.

I guess not everyone care about privacy, but they should. Is a good thing Tor is a very robust network, still, I believe we should put some more effort into supporting the Meshnet.
>>
>>43298352
All hail to the CypherPunk gods... I pray they have the power. They are the only hope for a free net and even further a free society as the net is very instramental for society. If only I could code like Gandalf... Is there any place a donation would make a diffrence? Are there people working on new versions of TCP/IP and a way of getting it iplemented that would give some hope? Can ALL data not be encrypted PGP style - to trusted/particapating sites?
>>
>>43296242
>https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
Lets face it, who actually trusts TOR anymore?
I havent used it for over a year, but even when I did I never fully trusted it. How you guys can trust a technology that was developed by military intelligence services and is funded still by the military, I just dont know. You have got to be completely insane. Who the fuck do you think the NSA are ? They are military intelligence you numbskulls. The article in that link is to make you think TOR project is working with you. It isnt, it is working against you. You have to be fucking insane to trust TOR
>>
>>43298352
If 90% of populatiion used TOR would this flood too much data to allow this kind of snooping... the more useres the safer? or still no defence at all?
>>
>>43298473
have you ever heard of level 3 communications?
they operate the transcontinental links. All traffic runs over their servers and their servers are plugged into echelon
>>
>>43298465
>how du u trust it if it wuz made by duh military
Because it's open source you fucking retard. You're free to examine the code yourself if you like.
>>
It was the CMU fags
>>43298465
>How you guys can trust a technology that was developed by military intelligence services and is funded still by the military
>NRL==NSA
why do you flaunt your ignorance
plenty of advances came out of NRL
guess you better not use any form of electronic key distribution. NRL INVENTED IT! BOTNET! XDDDDDDDD

also it's not even funded by the NRL anymore.
>>
>>43296307
>I don't understand why someone would exploit a defect so it can be fixed/changed
This is how things work, you put something out there and wait for people to tear it down
>>
>>43298504
>plugged into echelon
Echelon has nothing to do with splitting fiber links, but good job being a fucking retard. Echelon is more capturing every radio signal they can.
>>
>>43298511
>>43298507
The shills waved their flags and showed their true colors. Dave leaned back in his chair and lit another cigar, and tasted the cool smoke and contemplated how he would shoot their flags full of holes
>>
>>43298524
They didn't practice responsible disclosure, assuming that this is the same attack as the CMU presentation. They were vague as fuck in their communication, if the tor project is to be taken at their word.
>>43298555
You're mentally ill.
>>
>>43298538
you show a complete misunderstanding of echelon. It captures all communications whether by satellite, cable, or any other form of transmission. You clearly know nothing about it
>>
>>43297888

Don't use Firefox with Tor, use Tor-browser. It has additional protections that you won't be able to achieve via addons.

It's also "Tor", not "TOR".
>>
>>43296242
>https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack

You're all going to prison.
>>
>>43298590
>Cable
It's a 1970s era program that has nothing to do with modern fiber taps, you stupid fucking moron. It's for satellite trunks and radio dishes to pick up any communications they can.

Stop throwing around this garbage like I KNEW THEY WERE SPLITTING FIBER WITH TEH ECHELON IN 1995 LEL PLEBS.
>>
>>43298511
So what who invented it, if it is useful to any other branch of the Military they use it, and since the NSA is a signals intelligence agency, which means any transmission method, they use it
>>
is da joos
>>
>>43298660
Oh puleeze now youre just trying to have a pissing up the wall competition and believe me your dick aint big enough
>>
>>43298504
Ah ok - never heard of level 3 coms - so, they see all - no hope may as well go back to using google and sign up with facebook then? ahhh shit.. that sucks balls - maybe some kind of peer to peer wifi network accross the land making our own net with our own protocals and privacy - would that have a chance of being "free" if designed right - not sure how it would interface with the web yet but just as (if it took off and everyone installed it) a skype/messanger type thing with file sharing - all totaly secure?
>>
http://www.pcworld.com/article/2458420/russian-government-offers-money-for-identifying-tor-users.html
This is what you get when you sanction russians
>>
>>43296242
the government did this, remember they canceled that talk on hacking tor? and pulled all the speakers?

this is them trying to take down pedo rings and drug trade
(like anything they do will ever stop it)
>>
>>43298635
>Tor-browser. It has add
yeh cool I do - but I do add other bits like blender, refcontrol, diconect - is that cool? or am i not doing good?
>>
>>43298767
tfw the drugs are never gonna stop rolling.CIA will always use the drug businesses to affect foreign relations and FBI keep bumping into CIA undercovers...
>>
>>43298767
No it's not the government.
It's Anonymous on their new anti pedo campain.
>>
>>43298860
>"Anonymous"
you mean kids with FBI handlers?
>>
>>43298767
>pedo rings and drug trade
I'm sure they actually do stop those things when they can be bothered to, but the real goal is to make sure that it's impossible to use the Internet anonymously. The NSA's goal is the continuity of the NSA and the power structure of the US government.

If you really think some terrorists in caves over in some shit hole Stan country are an existential threat warranting such surveillance, you're a gullible useful idiot. This surveillance state is being built by and for the oligarchy to protect the fundamental aspects of American Capitalism. People like MLK and Julian Assange are the real enemies.

If someone starts getting too popular with a message like Universe Healthcare, free higher education, dismantling the military industrial complex, these people need to be discredit. The NSA needs their entire online history in their archive so they can playback a person's whole life, find something illegal or embarrassing, and discredit that person before they can become too disruptive.

Why do you think they permanently track anyone who has anything to do with the Occupy movement? For a while that movement looked like it was going to explode and become a real threat to entrenched powers. It got their attention.

If you ever went to one of those rallies, or just walked by one, you've got the NSA's hand up your ass for the rest of your life.
>>
>>43298884
Yep that's them...
>>
>>43298438
>Install and configure CJDNS
>Go on the IRC to try and get some Hyperboria credentials
>Wait 2h, no one responds

Great system.
>>
>>43298964
How safe it's meshnet supposed to be anyways? compared to Tor I mean.
>>
>>43298888
This man speaks the truth... Totaly this is about keeping control of the population.

Activists go back to using leaflets (printed on stolen/abandoned/non tracable printers. Note: all printers print a serieal number code within the print dot patterning - but I'm preaching to the converted i guess).
>>
>people still think TOR is safe to use
>completely ignoring the fact every ''loop around'' IP is the FBI
>>
>>43296242
GEE Anon looked up this hidden service. We don't know if he accessed it or downloaded anything. Let's arrest him for looking it up the service. It's gotta be worth a death sentence.
>>
>>43299044
this
>>
>>43299044
>>43299102
FBI investigates online fraud. Ice investigates pedos. Homeland security investigates domestic terrorists and drugs with the DEA.
>>
I wonder who is behind all these new relays?
>>
>>43299220
Caring citizens
>>
>>43299220
Me for one. Exit node here.
>>
>>43298888
I don't think I've ever met someone IRL as paranoid as you, which probably has something to do with the fact someone like you would never leave their tinfoil lined basement.
>>
>>43299282
The FBI is probably lining up outside his door right now.
>>
>>43299282
Everything I said is backed up by evidence, from Snowden and others.

Ever heard of COINTELPRO? The FBI really did try and take down MLK. They tried to get him to kill himself. It's unknown whether they actually assassinated him or not--so I'll stop short of making that claim. They could have just encouraged Ray to do it. Hell, they could have organized his escape just for that. But the truth will probably never be known. The facts that we do have are more than enough to know the FBI/NSA/CIA are horrible and treasonous organizations.

I'm not a truther who believes 9-11 was an inside job. It wasn't. It was a result of incompetence and some very ingenious exploits of security holes.
>>
>>43299339
>>43299282
OH SHIT
He probably just commited suicide.
>>
>>43299266
I'm sure that a lot of good people have done likewise, but the explosion of new nodes is the NSA trying to take over the network. If they control the majority of nodes and can watch them all in real time, they can deanonymize a lot of users if they put enough effort in.

Tor is structurally incapable of defending against a Network Adversary. When Tor was created, the idea that some entity could surveil the entire Internet in real time was absurd--but the NSA built out the capability to do exactly that.
>>
>>43299392
Teach me more, anon
>>
>>43299282
Before Snowden:
>You're paranoid. The government isn't spying on us.
After Snowden:
>Whatever, I don't have anything to hide.

You're pathetic.
>>
>still no disclosure
I bet the group deanonymized precisely fuck all.
>>
>>43299438
Did you even read the comment?

Actually, the NSA doesn't need to (and from the evidence we've seen, actually doesn't) run relays of their own.

But that shouldn't make you happy, since one of the huge risks is about how many parts of the network they can observe, not how many relays they operate. They don't need to run their own relays, if they can just wait until nice honest folks set up a relay in a network location that they're already tapping.

Now, the interesting thing about the traffic confirmation attack here is that you actually do need to operate the entry guard, not just observe its traffic (because you need to see inside the link encryption). So in fact the NSA would have to run a bunch of relays in order to do this exact attack.

But the more general form of traffic confirmation attack can be done (if you're in the right places in the network) by correlating traffic volume and timing -- and that can be done passively just by watching network traffic.

The two blog posts to read for more details are:
https://blog.torproject.org/blog/one-cell-enough
https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters
>>
>>43298782

That's doing bad. Addons can be used to fingerprint (and hence de-anonymize) you.
>>
>>43299282
>e IRL as paranoid as you, which probably has something to do with the fact some

Fool... there is plenty of evidence, and this dates back a long time - what do you think gov. is about? A free and democratic society? yeh that had to be fort for and taken - it was the least they could give to keep the mob down. And even then all they needed was the illusion of choise - you chose the colour but they still bringing you a toilet...
>>
>>43299282
>I don't think I've ever met someone IRL as naive as you, which probably has something to do with the fact someone like you would never read a history book.

John
Edgar
Hoover

Sounds like a name who know ? The man who controled the United States politicians
>>
>>43299449
First video at top of page... and watch the rest too - all good stuff!

http://new.livestream.com/internetsociety/hopex1/videos/57007569
>>
>>43299637
Looks good
>>
File: selfie.jpg (217KB, 1024x768px) Image search: [iqdb] [SauceNao] [Google]
selfie.jpg
217KB, 1024x768px
>>43299282
>>
>>43299690
Yhe best part of that picture is his DILDO is showing.
>>
>>43299636
I think the US Congress is scared shitless of the NSA/CIA.

Remember a guy named Anthony Weiner? Great politician, had a promising career and was a real champion of personal liberty and Social Democracy.

He also had a habit of sending dick pics to women online. They leaked out, he resigned. And you've never heard from him again.
>>
>>43299266
enjoy getting IP banned from every site ever
>>
>>43299778
there would be a critical mass of exit nodes that would make bans pretty worthless.
>>
>>43299778
I been an exit node since 2000 and what do you know I'm on 4chan still.
>>
>>43299690
average 20's neet on /g/
>>
>>43299758
Ever heard of a guy named Eliot Spitzer?

New York Prosecutor

One week before the banks collapse because bankers fucked shit up and lied to each other, he is forced to resign because he fucked a prostitute (while all rich bankers do that)

Everything is rigged
>>
>>43299844
Yeah, him too. I'm watching out for Elizabeth Warren. She's going to get burned if she tries to run for POTUS, mark my words. Something will leak out.

She's just too legitimately anti-establishment. They won't be able to flip her, so they'll have to take her down.
>>
>>43299844
You mean i can't become a Prosecutor?
Oh well I guess first I'd have to become a liar er ah I mean lawyer.
>>
http://www.covert.io/research-papers/security/Detecting%20Traffic%20Snooping%20in%20Tor%20Using%20Decoys.pdf
http://www.covert.io/research-papers/security/Tor%20vs%20NSA.pdf
http://www.covert.io/research-papers/security/The%20Sniper%20Attack%20-%20Anonymously%20Deanonymizing%20and%20Disabling%20the%20Tor%20Network.pdf
>>
>Together these relays summed to about 6.4% of the Guard capacity in the network.

Anyone else notice that part?

Six-decimal-four percent of the entire Tor network was part of this attack. Who else but a government could run something like that for six months?
>>
>>43299841
>e 2000 and what do y
Although I would not say any true /g/ is not in education - SOME of you are waaay smarter than many "in education" types - there is an impressive amount of self education hear... fuck university was not so hot compaired to 4chin in many ways. If some of you will use the skills in the right way when the right time comes you are in training, As for employment 50/50 there is are pros about....
>>
>>43299931
So all ou PEDO's are going to go live with Bubba.
>>
>>43299949
Other people are calculating that it could be within the $3,000 price tag of the exploit from the cancelled Tor talk at Blackhat conference. So I don't know where to go on this one.
>>
File: dildo.png (58KB, 225x246px) Image search: [iqdb] [SauceNao] [Google]
dildo.png
58KB, 225x246px
>>43299750

You this one?
>>
>>43300068
Hey you found Waldo or is that Dildo?
I dunno I'm confused.
>>
>>43300149
It's Wildo
>>
>>43300189
Thanks
>>
Nothing to hide, nothing to fear, right?
>>
>>43296307
Just be grateful we know about it.
>>
>>43299690
imagine the stench
>>
>>43299903
Her and Rand Paul.
>>
Don't worry. I have JavaScript disabled.
>>
File: Black Hat.jpg (791KB, 1698x1131px) Image search: [iqdb] [SauceNao] [Google]
Black Hat.jpg
791KB, 1698x1131px
>>43296242
And that is on the heels of:
http://www.reuters.com/article/2014/07/21/us-cybercrime-conference-talk-idUSKBN0FQ1QB20140721

PS: This is how it is being reported now:
http://www.reuters.com/article/2014/07/30/privacy-software-attack-idUSL2N0Q51V020140730
>>
>>43303205
>http://www.reuters.com/article/2014/07/21/us-cybercrime-conference-talk-idUSKBN0FQ1QB20140721

yeah, they might have been worried that the research itself was actually illegal
>>
The la-li-lu-le-lo run this nation.
>>
So honest question guys, if I'm just a regular chinese cartoon, porn watching university student who torrented movies & music, why should I bother to Tor up? Tor is clearly an inferior laggy browser compared to many others.

The most embarassing internet footprint I have is my porn habit, and I can't stream pron anyway with Tor which kinda defeats the point of Tor-ing up during my most vulnerable moment. I agree with all that muh freedom and liberty argument against government surveillance, but the way to win this war is not by advocating a clearly inferior product for the general normalfag public and there's no way the US government gonna pull back on the surveillance program because it has been very beneficial for them to maintain their power. There's only two kind of countries in the world, countries who spy on their citizens and countries who wished that they can spy on theirs.

If you're a journalist, activist, kiddy fiddler, or drug trafficker I understand the point of using Tor, GPG etc but would you seriously bother to encrypt, teach your parents how to encrypt/decrypt messages, have signed public key from them, etc just so they can check on you? No, noone would to that because it's too inconvenient. I'm quite satisfied in avoiding just Google's targeted ad botnet, if NSA want to audit my entire internet footprint I dont think I have anything to hide
Thread posts: 100
Thread images: 7


[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]
Please support this website by donating Bitcoins to 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
If a post contains copyrighted or illegal content, please click on that post's [Report] button and fill out a post removal request
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site. This means that 4Archive shows an archive of their content. If you need information for a Poster - contact them.