> How exactly the spy agencies want to crack Tor remains vague.
> Precisely how the BND plans to „chop“ Tor is unfortunately redacted in the document we obtained. But as before, the spy agency refers to public research. To implement the attack, it is likely that the spies runs their own servers in the Tor network. M.S. points to passive snooping servers, which are presumably operated by the NSA, and emphasizes the „protection of the anonymity“ of the spy agencies.
And indeed, there are no specifics.
Tor Project acknowledges that Tor is vulnerable to global adversaries. With enough intercepts, they can correlate traffic at various relays, and connected users and servers. There's nothing magic about onion services. It's just that there are seven relays between users and servers, rather than just the normal three for Tor.
But hey, it provides better anonymity than any alternative. Other than meeting in remote locations, anyway. And you can add VPNs to the mix. I always use Tor through nested VPN chains. That adds misdirection. But perhaps most importantly, it adds latency and jitter, which mitigate traffic correlation attacks.
Edit: As a fun science project, you can play with traffic correlation between you and your private onion service. You use unlisted private bridges as entry guards, both locally and for the onion service. So it's only your traffic that gets analyzed. And you don't need sophisticated software. Wireshark and a spreadsheet are enough. So you have packet captures from your local machine, and from the VPS running the onion service. Using Wireshark, you export bitrate in millisecond bins. Then in the spreadsheet, you have two columns, one with each bitrate series. Just create a third column for the product. Each sheet will hold 1E6 lines, or 1000 seconds. Excel works best, because it uses multiple cores. R would be better, because you could crunch segments in parallel.
You can also set up fragile directional radio links pretty cheap with off the shelf devices from Ubiquiti. If set up carefully, they can be basically impossible to follow if they are not aligned when they are observed by the adversary; and at least a little difficult even when they are. You can also use a tamper detecting opaque enclosure to (visually) hide the orientation.
We are in the middle of a golden age for surveillance, and a golden age for the avoidance of surveillance.
A couple of these products function on unlicensed bands, which is what you'd need. The latency is very low and close to constant regardless of the length of the haul, which means that it could be difficult to tell that your packets even originated from a location other than your exit.
Not sure if anyone has documented doing this, seems like it would defeat the purpose for anyone with a practical need for it. Maybe I'll need to be the one to show it.
The hard part is probably tamper alarming the enclosure, the rest is just standard setup for the equipment and maybe some site security concerns. For example, considering what to do when the station goes down, since coming to fix it would be a good way to be discovered if your adversary is monitoring it.
> Not sure if anyone has documented doing this, seems like it would defeat the purpose for anyone with a practical need for it.
Indeed! I was hoping for a collection of methods, maybe some form of best practices regarding anti-tampering.
Thanks for the links to the APs, fun rabbithole to fall down in.
> Wireshark and a spreadsheet are enough. So you have packet captures from your local machine, and from the VPS running the onion service. Using Wireshark, you export bitrate in millisecond bins. Then in the spreadsheet, you have two columns, one with each bitrate series. Just create a third column for the product. Each sheet will hold 1E6 lines, or 1000 seconds. Excel works best, because it uses multiple cores. R would be better, because you could crunch segments in parallel.
Sure. That shows throughput. And you can compare captures visually. But to do correlation, you need something more quantitative. The old school way is sampling and multiplication. But fancier stuff is possible now. You can look at additional measures, not just amplitude. Packet type, for example. Or components of TCP conversations. But Tor-specific parameters are buried in encrypted payloads, so amplitude is decent enough.
I have never seen any study that can do traffic correlation of encrypted traffic for real world data. The combination of parallel connections (Firefox has 6), multiple tabs, ajax calls and background polls, all makes the real world very hard to separate the data to any sensible detection rate.
What I have seen is people being able to detect data when each high level request can be cleanly separated.
this is a security agency - what makes you think you would have seen it?
multiple intercept locations + timing information + flow size captures + crawling data from destination sites + a big honking graph database would probably get someone with deep pockets fairly far as far as fingerprinting..
from here, select various targets and add more traditional methods and you've got yourself a pretty good 'lets see whats going on with the key players' sort of tool..
I have seen statements both Snowden and Schneier that say that security and in particular encryption works but the attacker only need a single point of failure and security agencies generally bypass rather than break security measures.
But we are talking about a specific attack vector here: Correlation attacks. flow size captures and destination site fingerprints are great if the traffic can be isolated.
Imagine a actually fingerprint. A computer will transform the image into specific dot values, and from there create a unique value. Now imagine you put 100 different fingerprints with the exact same outer finger shape on top of each other. No method will be able to say with confidence if a specific fingerprint is in it, regardless deep pockets and honking databases.
But there are a few catches. Reduce the number of simultaneous signals and the problem goes down. If you can introduce additional traffic into the signal, you can often isolate the traffic you are interested in. While we can never know with certainty what the big agencies can do, the general advice I have heard is to not send a single message through the tor network and always do it as a part of multiple simultaneous messages (both for sender and receiver).
> With enough intercepts, they can correlate traffic at various relays, and connected users and servers.
Exactly. If enough ISPs cooperate and share traffic data, then you can correlate traffic. Especially if it is a low traffic. The more traffic, then more difficult it becomes but even then it is still doable.
> And you can add VPNs to the mix.
As long as the VPNs themselves are legal ( china has started to ban them ) and they aren't compromised or they aren't government created VPNs to secretly track you or the VPNs themselves are honest. Nothing prevent the VPNs from collecting your traffic data and selling it to governments.
ISPs don't need to cooperate. The NSA just hacks into them. We know that from Snowden documents.
You can't trust anyone. But with nested chaining -- whether it's Tor relays or VPN servers -- you can distribute trust. And the more stuff you nest, the more adversaries need to compromise.
How do I chain VPNs together where I'm not giving my Tor requests to any of the computers between mine and the Tor network? I use a server at the moment to tunnel but French law requires them to store my history for a year after I've left their service.
Basically, you're doing multiple NATing, through VPNs. You can use physical routers or VMs, such as pfSense. You have a router that routes a VPN to a LAN. On that LAN, there's another router, that routes another VPN to another LAN. And so on, as deep as you like. So in the end, your ISP gets packets {with encrypted packets [with encrypted packets (with encrypted packets as payloads) as payloads] as payloads} etc.
I thought it was well established that timing attacks could identify the user? My understanding is that if you remain on the network, domains ending with .onion, you're still able to remain anonymous.
The gist of the longer translated article is BND believes the majority of Tor relays are run by spy agencies, aka a global adversary that can watch most of the traffic. So you connect to the NSA run bridge that routes you to the GCHQ/NSA/CSIS/ASIO run farm of internal relays.
> So you connect to the NSA run bridge that routes you to the GCHQ/NSA/CSIS/ASIO run farm of internal relays.
This isn't possible. Your tor daemon fetches the consensus from a directory server and picks the relays and exits itself.
The directory server can't tamper with that consensus because its signed by the directory authorities, a small set of servers that are necessary because of this attack.
You are right in principle but if the vast majority of the nodes are run by adversaries then to all intents and purposes it might as well be true because that directory of relays and exits contains such a large percentage of adversaries your chances of hitting one of the 'good guys' are nil.
Part of their reasoning for this warning is BND claims vast majority of relays are in 5 Eyes Alliance countries, and BND claims they told the 5 Eyes Alliance a few years ago they should just run relays themselves until the odds are favored a Tor user ends up using spy agency relays.
I've always assumed that once Tor was sufficiently popular that the majority of nodes would end up being attackers. NSA gets whatever money it wants, there must be entire server farms running Tor nodes for them.
What has always surprised me is that someone hasn't tried to install Tor nodes into compromised IoT devices, etc. If a virus is installing millions of nodes in the wild, that might be enough to keep the network majority non-attacker. As it stands, NSA or China, or whoever just ends up buying the whole network.
> What has always surprised me is that someone hasn't tried to install Tor nodes into compromised IoT devices, etc.
If you had the skill to compromise the devices with a tor node.
Won't you use that node in your own private "tor" network, instead of sharing it with the wild?
You just need to take Raspberry Pi Zero’s, install TOR nodes on them, and drop them anywhere with free WiFi and a working charger – so you can hide them in streetlights near starbucks, etc.
That would be enough to get thousands of nodes. (And probably a bit less illegal, although still not legal)
If I understand correctly, and I may not, that still only matters if you're leaving the network. If you use Tor to browse the regular web, a country-level adversary can unmask you. If you remain on the network, and don't do silly things like use scripting, you should be okay. Should be...
If they control all the nodes from your computer to the secret service you are connecting to, they can trivially deanonymize you. Staying in the network doesn't protect you.
Also the case if they are missing a few nodes in the middle, as long as they control the entrance, exit, and never miss two in a row.
I may be wrong (and invite correction if so), but I believe .onion addresses do not guarantee anonymity.
Servers on the tor network aren't some magical machines. They sit in the same datacenter as any other server, and all their traffic reaches them via the internet. Controlling the nodes connected to them should give you a pretty good idea of at least the magnitude of traffic they're seeing. And even without running any nodes, attacking blocks of IPs suspected
to include the service while measuring any potential impact on its latency allows you find their public IP (given enough resources and/or time).
Then, there's the attack of try
I haven't seen much discussion in defending against timing attacks, is it really that difficult? If we introduced long delays and artificial data sizes shouldn't it be possible? A constant stream not withstanding. Of course it makes things clumsier, but that's always the price.
I'm not sure how effective that would be. They see you go in and they see you go out. If they can use the process of elimination, if nothing else, you can be unmasked. Those types of things would probably only make it more difficult, but not impossible.
If you're going to do illegal things, or want anonymity, remain on the network - domains ending with .onion. The regular web is inherently not anonymous.
Based on the article, it seems that the German government combined foreign and signals intelligence into one agency, the BND. In the US, however, Truman separated them into the CIA [0] and the NSA [1], respectively. Thus, is there a specific reason for BND's dual role?
The BND (Bundesnachrichtendienst) is civilian federal foreign intelligence, the BfV (Bundesamt für Verfassungsschutz) is civilian federal domestic intelligence. It was probably not a great idea for e.g. diplomacy if Germany had loads of foreign intelligence agencies after WW2.
In the US, you have way more agencies. The five most famous are Central Intelligence Agency (CIA), National Security Agency (NSA), Defense Intelligence Agency (DIA), National Geospatial-Intelligence Agency (NGA), and National Reconnaissance Office (NRO) [0]. Germany does have other military intelligence agencies, such as Kommando Strategische Aufklärung or Militärischer Abschirmdienst (domestic military intelligence). They are subdivisions of the German military (Bundeswehr). Some of the US agencies are child agencies of the DoD. So arguably it's similar?
And because Europe is countries but the US is states, it isn't really comparable in size, so splitting these roles into different agencies makes less sense. There are benefits of having only one agency/organisation, e.g. re-assigning personnel and easier cooperation (inner-agency vs inter-agency).
They each have their own Verfassungsschutz. Anything beyond that would require new laws. And even Bavaria doesn't quite dare to step into Stasi territory.
So BND and NSA (+ five eyes) can do this. It's probably super-safe to use in smaller countries, unless you talk about stuff that DEA /CIA /Counter Terror might be interested in.
I'm not entirely sure, either. But I think the guy made a joke when testifying in parliament about the spy service being behind so far technologically that they had just recently bought a copy of "Internet for Dummies" to catch up.
In this article, it's supposed to set up the surprise that they were not, after all, completely stupid.
The translation is a bit off, I think. I can't really figure out what to make of all these apparently self-aggrandising statements, and I can assure you that no German bureaucrat would use the term "Yanks".
> I can assure you that no German bureaucrat would use the term "Yanks".
Well then let me assure everybody your assurance is mistaken. Two examples:
> Wir haben den Amis ja was versprochen und Mitte März ist AL [Harald Fechner] dort.
and
> Das, was wir jetzt haben, wäre ein guter Stand, um mit den Experten der Amis zu reden.
When reading "Yanks", I automatically assumed it's a translation of "Ami". How would you translate it better? "Yankee" has negative and benign connotations, as does "Ami", and in this context they're clearly benign. While looking into the word I came across this:
> New York Press Sports Editor Jim Price coined the unofficial nickname Yankees (or "Yanks") for the club as early as 1904, because it was easier to fit in headlines and because "Yankee" was and is a commonly-used synonym for "American".
Where's the biggie?
bonus rant:
German bureaucrats use all sorts of words in all sorts of contexts. If you mean for public communications, you're right of course, but at the workplace and in internal emails all sorts of things are possible. It's not like repression and conformity generates civility, they just generates masks, a pretense of civility. That's why the stereotypical bureaucrat, nationality irrelevant, will sign off the murder of millions as long as the paperwork is in order, but apologize profusely if they spill their drink on your clothes, and that outwardly gentleman-like behavior is compensation supposed to ward off the inevitable collapse of a house of cards built on a sinkhole, not an actual expression of the inner reality.
Ask any high ranking prostitute who has the weirdest kinks or the most destructive fantasies. Maybe it won't be German bureaucrats, but it will be people who behave the total opposite in real life, and are considered super proper or even admirable. It usually won't be the guy who spits on the ground all the time and calls everybody names. Okay, maybe because he can't afford a prostitute, but at any rate, the idea that a German bureaucrat is less likely to be abusive than the average person just doesn't sit at all with me.
Wouldn't your traffic then be compromised at the VPN level, opening you to snooping from your provider? Or do I not understand something about how TOR encrypts its requests?
This is correct. It's important to remember that everyone is just very, very bad at opsec. The ones who aren't usually don't comment.
It's very hard and you spend most nights worrying the police will kick your door in. Not too worthwhile.
Those who are serious should learn from the Whonix wiki. It's hard to find a more stellar source of unbiased and comprehensive information. They have pros and cons of both VPN to Tor and Tor to VPN, but that's like 2% of the overall concerns you have to worry about.
I experimented with the Whonix setup while I was running a Qubes workstation and I was extremely impressed with the architecture. I also read through their wiki and was quite impressed at thorough explanations of the TOR network and opsec in general. I've also read through the actual TOR docs but most of it didn't stick. I see it as more of a reference.
The only reason I ever left Qubes was because Xen still has not implemented a workaround for GPU passthrough with consumer NVIDIA cards like KVM does. I need this for gaming. I now run a KVM system with separate VMs for each domain similarly to Qubes, but the moment GPU passthrough functionality is addressed by Xen I'm moving back.
The KVM experience is quite subpar, for example it is lacking a secure copy-paste between domains and forces me to type out my passwords from my password manager VM when I need them.
How is adding additional layers of security bad when there is a specific attack against one of the layers of security (timing attack via controlled TOR nodes) that a VPN-to-Tor would disrupt? If this method is dependent on knowing the latency going in and out of the network, adding VPNs that have varying latencies would seem to defeat this on the surface.
I'm posing the question, as I don't see an answer in the article. Nobody gets better at opsec if flawed methodologies aren't picked apart in detail. I'm surprised I was downvoted, but I don't comment here frequently and maybe didn't pose the question in enough detail. This is usually how I was accessing Tor based on the assumption that most of the exit nodes are compromised.
Again: Go read. I gave you a reliable reference. I'd recommend spending all weekend reading the wiki and thinking carefully about the issues. Even if you don't use the information directly, it will give you some wonderful insights into the belly of the underworld.
I'm basing this on the assumption that your VPN is in a non-Eyes nation. I'm not sure why I was downvoted for posing this question, it seems like this is a valid way to obfuscate a potential timing attack if you have VPN servers with varying latencies.
> Precisely how the BND plans to „chop“ Tor is unfortunately redacted in the document we obtained. But as before, the spy agency refers to public research. To implement the attack, it is likely that the spies runs their own servers in the Tor network. M.S. points to passive snooping servers, which are presumably operated by the NSA, and emphasizes the „protection of the anonymity“ of the spy agencies.
And indeed, there are no specifics.
Tor Project acknowledges that Tor is vulnerable to global adversaries. With enough intercepts, they can correlate traffic at various relays, and connected users and servers. There's nothing magic about onion services. It's just that there are seven relays between users and servers, rather than just the normal three for Tor.
But hey, it provides better anonymity than any alternative. Other than meeting in remote locations, anyway. And you can add VPNs to the mix. I always use Tor through nested VPN chains. That adds misdirection. But perhaps most importantly, it adds latency and jitter, which mitigate traffic correlation attacks.
Edit: As a fun science project, you can play with traffic correlation between you and your private onion service. You use unlisted private bridges as entry guards, both locally and for the onion service. So it's only your traffic that gets analyzed. And you don't need sophisticated software. Wireshark and a spreadsheet are enough. So you have packet captures from your local machine, and from the VPS running the onion service. Using Wireshark, you export bitrate in millisecond bins. Then in the spreadsheet, you have two columns, one with each bitrate series. Just create a third column for the product. Each sheet will hold 1E6 lines, or 1000 seconds. Excel works best, because it uses multiple cores. R would be better, because you could crunch segments in parallel.