• 10/08/2013
    11:00 AM
  • Rating: 
    0 votes
    Vote up!
    Vote down!

NSA Battles Tor: 9 Facts

National Security Agency has had limited success in cracking Tor communications. Here's what we have learned about the anonymizing network.

6. NSA Redirects Tor Users To An Attack Server.

If the NSA identifies a target that it wants to track, it then relies on a fleet of high-latency -- or "quantum" servers -- that try to redirect a targeted system to one of a series of NSA servers, codenamed FoxAcid, which launch man-in-the-middle attacks that attempt to infect the system.

"Once the computer is successfully attacked, it secretly calls back to a FoxAcid server, which then performs additional attacks on the target computer to ensure that it remains compromised long-term and continues to provide eavesdropping information back to the NSA," said Schneier.

Each FoxAcid server is a Windows 2003 computer configured with custom software and a series of Perl scripts, he said. The malware introduced by the servers can reportedly survive reboots.

7. FoxAcid Burns Only Designated Systems.

FoxAcid servers are publicly reachable by any Internet user -- and disguised with innocuous names -- but serve exploits only against PCs that arrive via an HTTP link that includes a "FoxAcid" tag. These tags are reportedly sometimes also served up via phishing attacks.

A Guardian story detailed a sample URL for a FoxAcid server -- although this was later redacted -- that demonstrates how the servers may disguise their true identity. "Note that the server sometimes serves up an EFF link," tweeted Jacob "ioerror" Appelbaum, who's a core member of the Tor project, referring to the website of the Electronic Frontier Foundation.

8. Quantum Cookie Attacks

Another technique the agency might employ to track users has been via what leaked NSA documents describe as a Quantum Cookie, reported Ars Technica. Notably, one slide from the Tor Stinks presentation was titled "Analytics: Cookie Leakage," with references reading, "DoubleclickID seen on Tor and nonTor IPs." That suggests that an advertising cookie planted on a PC might allow the NSA to authenticate and track even a Tor-using PC.

But based on a technical review of what's included in the slide, the cookie attack focused on "Torbutton," a Firefox extension that Tor stopped supporting in May 2011 after ongoing reports that it leaked data.

9. NSA Spies For Foreign Intelligence, Counterintelligence Purposes.

The U.S. government hasn't sat on the sidelines while these secret intelligence agency operating procedures have been publicized. In a statement released Friday, director of national intelligence James R. Clapper argued that recent press accounts about the NSA's surveillance techniques "fail to make clear that the intelligence community's interest in online anonymity services and other online communication and networking tools is based on the undeniable fact that these are the tools our adversaries use to communicate and coordinate attacks against the United States and our allies."

In addition, he said, the agency must -- and does -- comply with laws that restrict its spying to "valid foreign intelligence and counterintelligence purposes."

But as Schneier noted, since the agency can't distinguish Tor users who are American residents from foreigners -- or even terrorists -- users of anonymizing services such as Tor will likely remain at risk of being tracked by the agency.


re: NSA Battles Tor: 9 Facts

Each time I read an article like this, it remains me of the movie V for Vendetta. Worth to quote from it is: "...And where once you had the freedom to object, to think and speak as you saw fit, you now have censors and systems of surveillance coercing your
conformity and soliciting your submission. How did this happen? Who's to blame? Well, certainly there are those more responsible than others, and they will be held accountable, but again truth be told, if you're looking for the guilty, you need only look into a mirror."
Paraphrasing a great patriot, I'd say: If we restrict liberty to attain security we will lose them both.
If anyone is interested there's a tor browser called PirateBrowser. I won't post links to it, but the name will give you a hint where to get it.

re: NSA Battles Tor: 9 Facts

"Tor is a well-designed and robust anonymity tool, and successfully attacking it is difficult," Schneier said Monday in a blog post.
"The NSA attacks we found individually target Tor users by exploiting
vulnerabilities in their Firefox browsers, and not the Tor application
directly." FF vulnerabilities: still a favored tool.

re: NSA Battles Tor: 9 Facts

It would be nice to have a good number of run of the mill users start using Tor. It makes the haystack bigger and surely will annoy the NSA, hopefully to a point where they give up.
I know it is not the NSA's task, but as long as I wake up every night because some truck rumbles through the pot holes on the street that has better looking cousins in third world countries the government should spend the money on infrastructure that serves a purpose than on nerds hunting down virtual targets.
Nice to see that DHS had something build that its subsidiary cannot crack.