It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
NSA Hacking Tor - something to worry about?
page: 2share:
a reply to: opethPA
My world revolves around the inside of a breaking wave. I do not live in the 'real world' by any means. I hope to better understand the nodes one of these posters spoke of.
Computer language is interesting. So is Tor.
It is apparent the NSA and friends are attempting to gain control of the flow of information as the have already more or less done so with the good old world wide web.
Matrix or echelon....what is this dialogue you speak of?I love matrices.
My world revolves around the inside of a breaking wave. I do not live in the 'real world' by any means. I hope to better understand the nodes one of these posters spoke of.
Computer language is interesting. So is Tor.
It is apparent the NSA and friends are attempting to gain control of the flow of information as the have already more or less done so with the good old world wide web.
Matrix or echelon....what is this dialogue you speak of?I love matrices.
originally posted by: jrod
My world revolves around the inside of a breaking wave. I do not live in the 'real world' by any means. I hope to better understand the nodes one of these posters spoke of.
Yup, nothing wrong with that approach. As a matter of fact, it is a pretty awesome approach.
Automatically dismissing the talents of certain people because they don't work at a place that is script kiddie approved..that's weak.
edit on 5-7-2014 by opethPA because: (no reason given)
originally posted by: Sharted
I came across this document on Cryptome and wanted to get other people's opinions on it:
cryptome.org...
It sounds like they think anyone who uses Tor is an extremist or something, or at least that's what I thought. I rarely use Tor but it's nice to have on my computer because I tire of Google's constant "logged in" philosophy sometimes. Yes I know you can use incognito mode, but it's not quite the same.
It is true, and the NSA rookies are becoming more like subjects of mind control themselves, than the people they wish to mind control by many various means, and this likening to "extremists" for tor users is correct, they are definitely trained to think like this about anything in this world that has the potential to hide or shield information from someone or anyone. This is how the spy industry works. It depends on these things and it depends on making things this way even if they didn't start out to be like that.
The NSA needs to make their purpose clear to their financial backers, and they do it by making sure the logistics in the spy world exist in a certain way, so their "solutions" and methods will work upon those interests as expected and produce results that will again prove their solutions are viable and reproducible for their customers.
One of those methods is to make everything that they do not control, become something they CAN control.
One form of control authority could come from creating those "Tor extremists"
Now with this, they can sell the need for a solution against tor extremists by defining that group in a certain way that makes their customers see it the very same way. Then they now have a program to infiltrate and find ways to make TOR a tool to be used in their own favor, and not against them, or as a tool to hide from them.
They define anything they do not hold all the keys to, as something that IS hiding something from them, or wishes to, even when it is not, or may not be.
There isn't any money in doing things for something that is not being used to hide from them, so they just declare the entire package as hiding something, thus, creating the tor extremists that they need to add to their list of "managed" groups and individuals..
I know an insane amount of things that the NSA is affected by and how they manipulate things to keep the status quo the status quo that they want there to be. If I say anything more, I would have to shoot myself, so I'll just stop now.
a reply to: Kandinsky
That is why I like you K. Always questioning everything. Every system that purports to be secure has to worry about someone somewhere eavesdropping.
Meshnet is designed to connect the "leaves" of the internet. So there is no "upstream" connection. Meaning if I wanted to send a message to a friend who lives a town over. I would hop over my neighbors wifi, their wifi would connect to their neighbors wifi, and so on and so forth till we got to the destination. No ISP necessary.
This introduces privacy problems as you point out, but it makes it extremely difficult to monitor because the eavesdropper would have get directly between the points—which aren't static—to listen. This is really hard when you consider the data can take any number of weird hops (imagine how this works if you were driving) to get to its final destination.
Centralized technologies like SMS can still be used in such a system. All an attacker could deduce is, "Someone somewhere in this geographic region relayed a message to someone else." This is similar to how Tor work, but provides stronger protection because upstream communication isn't necessary unless the gap between two locations is too great.
So, for example, imagine data originates in Redmond, WA and is destined for Poland. First, it might bang around to Seattle through local wifis, hop to Portland, then get on the Intermedia OC3 circuit, hop down to Salt Lake City, bang around through a couple of local wifis using Meshnet to Denver, get back on Qwest Lit Fiber line to get to Albany, from there a radio transmitter sends the data to the Boston hub, and then uses one of UUNet's lines to hop around the Paris wifi network through the rest of Europe using only edge nodes to finally reach Poland. In that case even if someone was listening. They would have absolutely no idea where the data originated.
To track someone down would require traveling around with a radio antenna to snoop on the local wifis. Kind of like how Mitnick got caught. Or correlating enough entries and exits across the backbone to get a general sense of the direction of the packet (but this could be faked to generate false positives).
The only problem is if the sender mistakenly broadcasts information in the clear about himself. It would make it easy for the eavesdropper to figure out who they are dealing with, but at least their location would be obscured. One solution to prevent identifiable data leakage is to bake in programmatic obfuscation. We did something like this at Microsoft to make it hard for people to reverse engineer the software running on the 360.
Good privacy requires strong point-to-point encryption. RSA was great for key management purposes, but now we have to be more careful. I foresee people using IPSEC on Meshnet. This adds overhead, but it would make it extremely difficult for anyone to snoop. Hybrid cryptosystems, like PGP, are still reliable. So that is probably the way it'll end up heading.
That is why I like you K. Always questioning everything. Every system that purports to be secure has to worry about someone somewhere eavesdropping.
Meshnet is designed to connect the "leaves" of the internet. So there is no "upstream" connection. Meaning if I wanted to send a message to a friend who lives a town over. I would hop over my neighbors wifi, their wifi would connect to their neighbors wifi, and so on and so forth till we got to the destination. No ISP necessary.
This introduces privacy problems as you point out, but it makes it extremely difficult to monitor because the eavesdropper would have get directly between the points—which aren't static—to listen. This is really hard when you consider the data can take any number of weird hops (imagine how this works if you were driving) to get to its final destination.
Centralized technologies like SMS can still be used in such a system. All an attacker could deduce is, "Someone somewhere in this geographic region relayed a message to someone else." This is similar to how Tor work, but provides stronger protection because upstream communication isn't necessary unless the gap between two locations is too great.
So, for example, imagine data originates in Redmond, WA and is destined for Poland. First, it might bang around to Seattle through local wifis, hop to Portland, then get on the Intermedia OC3 circuit, hop down to Salt Lake City, bang around through a couple of local wifis using Meshnet to Denver, get back on Qwest Lit Fiber line to get to Albany, from there a radio transmitter sends the data to the Boston hub, and then uses one of UUNet's lines to hop around the Paris wifi network through the rest of Europe using only edge nodes to finally reach Poland. In that case even if someone was listening. They would have absolutely no idea where the data originated.
To track someone down would require traveling around with a radio antenna to snoop on the local wifis. Kind of like how Mitnick got caught. Or correlating enough entries and exits across the backbone to get a general sense of the direction of the packet (but this could be faked to generate false positives).
The only problem is if the sender mistakenly broadcasts information in the clear about himself. It would make it easy for the eavesdropper to figure out who they are dealing with, but at least their location would be obscured. One solution to prevent identifiable data leakage is to bake in programmatic obfuscation. We did something like this at Microsoft to make it hard for people to reverse engineer the software running on the 360.
the question crosses my mind about how those two parties come to agree to share an encrypted line of communication?
Good privacy requires strong point-to-point encryption. RSA was great for key management purposes, but now we have to be more careful. I foresee people using IPSEC on Meshnet. This adds overhead, but it would make it extremely difficult for anyone to snoop. Hybrid cryptosystems, like PGP, are still reliable. So that is probably the way it'll end up heading.
edit on 2014-7-5 by Xtraeme because: (no reason given)
a reply to: opethPA
Whose talents exactly was I dismissing?
I know several very talented computer programming types. The kind that can make a C++ Hanoi tower program in less than 5 minutes.
My point is, computer code, language continues to evolve. Some algorithms are apparently worth good money to the NSA. The just bought a bunch of bit coins as a result of the silk road sting auction for above market price. That tells me something about the value of an algorithm.
Whose talents exactly was I dismissing?
I know several very talented computer programming types. The kind that can make a C++ Hanoi tower program in less than 5 minutes.
My point is, computer code, language continues to evolve. Some algorithms are apparently worth good money to the NSA. The just bought a bunch of bit coins as a result of the silk road sting auction for above market price. That tells me something about the value of an algorithm.
originally posted by: jrod
a reply to: opethPA
Whose talents exactly was I dismissing?
I know several very talented computer programming types. The kind that can make a C++ Hanoi tower program in less than 5 minutes.
My point is, computer code, language continues to evolve. Some algorithms are apparently worth good money to the NSA. The just bought a bunch of bit coins as a result of the silk road sting auction for above market price. That tells me something about the value of an algorithm.
From your post
"The NSA wishes they could hack Tor. They can not.
They simply lack the talent. No computer programing wizards are willing to work for the NSA under the conditions and wages they offer.
They have minor league talent and are only fooling themselves to believe they can out hack the world's best.
I could also go over with you all the money I made boxing, exploiting COCOTs, flash dialing and a billion other phreaks when I was younger before I started making really good money doing it legally. That proves as much your knowing programmers.
The thing I find frustrating is your belief that because someone works for an alphabet agency they lack talent. Believe me, I know of and I know people that work for various agencies that could blow me away on a PBX and could blow away your programmers.
For the record:
I do not believe that because someone works for the alphabet they lack talent. Not true at all, they have a huge pool to pick from, most could only dream about working for a special agency and having a super duper security clearance. It is the kind of job college graduates and military veterans dream about.
They are simply missing out on great talent because of certain 'firewalls' in place about who they will hire.
I do not believe that because someone works for the alphabet they lack talent. Not true at all, they have a huge pool to pick from, most could only dream about working for a special agency and having a super duper security clearance. It is the kind of job college graduates and military veterans dream about.
They are simply missing out on great talent because of certain 'firewalls' in place about who they will hire.
a reply to: opethPA
Just because it took very little effort to dig up. There are threads on ATS that touch on this news article. I could go on, but I don't have the time to turn this into a debate.
www.koaa.com...
Just because it took very little effort to dig up. There are threads on ATS that touch on this news article. I could go on, but I don't have the time to turn this into a debate.
www.koaa.com...
originally posted by: jrod
a reply to: opethPA
Just because it took very little effort to dig up. There are threads on ATS that touch on this news article. I could go on, but I don't have the time to turn this into a debate.
www.koaa.com...
Since when is smoking an illegal drug a requirement to be a h/p/v/c ? How about since never.
You believe what you want, I'll deal with first hand experience and we can both be right.
a reply to: MarlinGrace
Thanks for the nice comment.
Trapdoor, not backdoor. The RSA trapdoor I am referring to is an integral property of assymetric encryption. The trapdoor is used to decrypt a message from a large number of participants using a single private key without having to manage lots of public keys from the various senders.
This is different from the recent news that RSA (the company, not the algorithm) compromised their random number generator at the behest of the NSA.
Long passwords are only useful to prevent brute forcing. Attacks against the underlying algorithm itself are far worse than a brute force attack, because they undermine the entire system. Sort of like how checkers is a solved game, but chess isn't yet. The second video I linked (RSA-type encryption) provides a good example if you are interested in how the system works under the cover.
MAC addresses are only broadcast on the local area network (LAN).
To test this you can grab a program like Wireshark and setup two networks. If you have a data plan on your cell, one easy way to do this is to tether your phone to a laptop. Configure two machines on your local network. Then on your main PC connect to your normal ISP. After you get the external IP addresses (whatismyip.com... is a good way to get your external facing address if you are behind a router). Send an ICMP packet from one network to the other (ping aaa.bbb.ccc.ddd). You should notice lots of address resolution (ARP) chatter trying to connect the internal MAC addresses to an IPV4/6 address on your local network. Notice that ARP chatter isn't encapsulated and sent across the internet to the other network hooked up to your cell. MAC resolution is purely local, unless you configure a WAN.
The data that is being stored by GCHQ and the NSA is more or less ubiquitous. They don't just store metadata. When it comes to internet traffic they store pretty much everything. I wrote a thread exploring the NSAs capabilities back in 2009, long before Snowden, that goes into this in more detail. Though you are absolutely right about the intelligence communities ability to act on that data. They can't really figure out what to do with all that information until something triggers a closer inspection. That is why this news that the NSA is using Tor traffic as a trigger to locate targets is so officious. Wanting to maintain some semblance of privacy isn't a tacit admission of anything other than wanting to preserve our right to be left alone.
As a security guy I always thought I was slightly paranoid. So it came as rather a shock to realize I wasn't paranoid enough. An extensive list of documents that show how bad things have gotten can be found online here under: "Fortean Subjects" → "Conspiracy Related" → "Governmental Spying & Censorship".
Great post though.
Thanks for the nice comment.
originally posted by: Xtraeme
a reply to: Kandinsky
Even then though we'll probably have to setup websites to use something like Diffie-Hellman rather than one size fits all trapdoor RSA-type encryption.
originally posted by: MarlinGrace
Everyone can thank the Global warming expert Mr. Gore for the RSA backdoor.
Trapdoor, not backdoor. The RSA trapdoor I am referring to is an integral property of assymetric encryption. The trapdoor is used to decrypt a message from a large number of participants using a single private key without having to manage lots of public keys from the various senders.
This is different from the recent news that RSA (the company, not the algorithm) compromised their random number generator at the behest of the NSA.
Long passwords are only useful to prevent brute forcing. Attacks against the underlying algorithm itself are far worse than a brute force attack, because they undermine the entire system. Sort of like how checkers is a solved game, but chess isn't yet. The second video I linked (RSA-type encryption) provides a good example if you are interested in how the system works under the cover.
The "meta data" the two IP addresses, MAC addresses are all recorded and everything in the middle if they feel is worth the trouble will be looked at seriously.
MAC addresses are only broadcast on the local area network (LAN).
To test this you can grab a program like Wireshark and setup two networks. If you have a data plan on your cell, one easy way to do this is to tether your phone to a laptop. Configure two machines on your local network. Then on your main PC connect to your normal ISP. After you get the external IP addresses (whatismyip.com... is a good way to get your external facing address if you are behind a router). Send an ICMP packet from one network to the other (ping aaa.bbb.ccc.ddd). You should notice lots of address resolution (ARP) chatter trying to connect the internal MAC addresses to an IPV4/6 address on your local network. Notice that ARP chatter isn't encapsulated and sent across the internet to the other network hooked up to your cell. MAC resolution is purely local, unless you configure a WAN.
The data that is being stored by GCHQ and the NSA is more or less ubiquitous. They don't just store metadata. When it comes to internet traffic they store pretty much everything. I wrote a thread exploring the NSAs capabilities back in 2009, long before Snowden, that goes into this in more detail. Though you are absolutely right about the intelligence communities ability to act on that data. They can't really figure out what to do with all that information until something triggers a closer inspection. That is why this news that the NSA is using Tor traffic as a trigger to locate targets is so officious. Wanting to maintain some semblance of privacy isn't a tacit admission of anything other than wanting to preserve our right to be left alone.
As a security guy I always thought I was slightly paranoid. So it came as rather a shock to realize I wasn't paranoid enough. An extensive list of documents that show how bad things have gotten can be found online here under: "Fortean Subjects" → "Conspiracy Related" → "Governmental Spying & Censorship".
edit on 2014-7-6 by Xtraeme because: (no reason given)
a reply to: jrod
I'm sorry....did you seriously just say there is no way the NSA could hack Tor assuming the NSA doesn't have massive talent involved then tell a poster that you don't know what a node is and assume
Are you just guessing or looking to shock people
Contrary to your belief, alphabet agencies have incredible talent working for them. Just because a handful of 'hackers' take a 'stand' and refuse to work for an agency (which is absolutely their right) does not mean there aren't a thousand other incredible scripters who are just as good or better that are involved with something like the NSA
The NSA has clout...I don't like them terribly much for their actions...but they have clout. Federal compensation, benefits, the technology and just the ability to say I work for the NSA/FBI whatever is more than enough draw to bring in huge talent.
And yes, the NSA COULD hack Tor and probably has many times. Those exits are not always safe
I went on Tor one time to look at the deep web (though admittedly I probably just saw like a fraction of the surface of the deep web) and I left. I stayed away from anything terribly illegal. I pretty much just looked at this front page and vanished...why? Because while I don't engage in illegal activities, I don't need someone snooping me.
I'm sorry....did you seriously just say there is no way the NSA could hack Tor assuming the NSA doesn't have massive talent involved then tell a poster that you don't know what a node is and assume
Are you just guessing or looking to shock people
Contrary to your belief, alphabet agencies have incredible talent working for them. Just because a handful of 'hackers' take a 'stand' and refuse to work for an agency (which is absolutely their right) does not mean there aren't a thousand other incredible scripters who are just as good or better that are involved with something like the NSA
The NSA has clout...I don't like them terribly much for their actions...but they have clout. Federal compensation, benefits, the technology and just the ability to say I work for the NSA/FBI whatever is more than enough draw to bring in huge talent.
And yes, the NSA COULD hack Tor and probably has many times. Those exits are not always safe
I went on Tor one time to look at the deep web (though admittedly I probably just saw like a fraction of the surface of the deep web) and I left. I stayed away from anything terribly illegal. I pretty much just looked at this front page and vanished...why? Because while I don't engage in illegal activities, I don't need someone snooping me.
originally posted by: KyoZero
a reply to: jrod
Those exits are not always safe
A recent blog post from the Google / CIA group Recorded Future provides minimal information about their Tor exit node data dump they access.
Stripping Tor Anonymity: Database Dumps, Illegal Services, Malicious Actors, Oh My!
we’re able tie the use of Tor exit nodes to the use of illegal services and specific malicious actors, as well as to identify conflict between competing hackers and services...
this analysis effectively strips away the anonymity and security of Tor through novel and open exploration of a wealth of data...
Tor Network Status
new topics
-
A question about abortion and the states
US Political Madness: 1 hours ago -
What shenanigans are at play with the house races?
2024 Elections: 2 hours ago -
Young People and Social Media
Social Issues and Civil Unrest: 4 hours ago -
DC Votes
US Political Madness: 10 hours ago
top topics
-
DOJ moving to wind down Trump criminal cases before he takes office
Mainstream News: 12 hours ago, 12 flags -
Kamala Address the Nation -- Nov 6 2024 4pm EST
2024 Elections: 16 hours ago, 11 flags -
Now Trumps No War policy
2024 Elections: 17 hours ago, 7 flags -
Young People and Social Media
Social Issues and Civil Unrest: 4 hours ago, 7 flags -
Mother Sentenced to over 2 years for Shouting at police During Disorder
Social Issues and Civil Unrest: 16 hours ago, 5 flags -
What shenanigans are at play with the house races?
2024 Elections: 2 hours ago, 5 flags -
DC Votes
US Political Madness: 10 hours ago, 4 flags -
About that ''Iron Dome''
Other Current Events: 16 hours ago, 3 flags -
A question about abortion and the states
US Political Madness: 1 hours ago, 3 flags
active topics
-
What shenanigans are at play with the house races?
2024 Elections • 12 • : billxam1 -
A question about abortion and the states
US Political Madness • 5 • : network dude -
On Nov. 5th 2024 - AMERICANS Prevented the Complete Destruction of America from Within.
2024 Elections • 83 • : awhispersecho -
About that ''Iron Dome''
Other Current Events • 22 • : CosmicFocus -
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 3160 • : MetalThunder -
TODAY IS A HUGE ELECTION DAY FOR AMERICA - November 5th 2024 - Reports from Around The Nation.
2024 Elections • 737 • : UKTruth -
Government wants to Ban Gas Stoves
Social Issues and Civil Unrest • 103 • : Lazy88 -
Read Jack Smith’s unsealed redacted motion on Trump presidential immunity
Mainstream News • 224 • : UKTruth -
Though about history, this post is relevant to where DEI may be taking us. Short read.
Social Issues and Civil Unrest • 8 • : Solvedit -
Kamala Address the Nation -- Nov 6 2024 4pm EST
2024 Elections • 68 • : 38181