-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/03/2016 01:07 AM, grarpamp wrote:
On 6/2/16, Georgi Guninski <guninski@guninski.com> wrote:
On Thu, Jun 02, 2016 at 12:13:10AM -0400, grarpamp wrote:
deanonymise Tor users by examining the timing of connections going in and out of the Tor network. ...
isn't this well known, especially if they inject delays in suspects (or say districts)?
...
All bets are off if the carrier is partner with, or under threat of, adversary... regarding global telecoms (remember Qwest), this paragraph seems the most likely of all the above.
Continental, regional, district... more or less the same thing.
On the last hop mile RJ-45 of a suspect end user... childs play, and they're fucked at that point anyways.
Anonymized routing protocols are designed to defeat passive observation and limited traffic manipulation by hostile actors. But what if an effectively unlimited number of compromised routers, subject to realtime observation and internal manipulation, were available to hostile actors? Game over, I think. About 15 years ago I used online traceroute utilities and whois lookups to determine (roughly) where all the high performing Mixmaster remailers were physically located. Over half of them, including most with "exotic sounding" TLDs, were apparently in the state of Texas. Then I used my data to construct "hard to compromise" chains, routing Mixmaster messages through national jurisdictions not likely to have comprehensive data sharing between their security services, and started sending test messages. None of these test messages ever made it back to me. So I concluded that, despite its major technical superiority to other anonymized networking protocols, the Mixmaster network was most likely compromised by passive observation (one owner for a majority of reliable remailers) and active intervention (traffic between uncontrolled remailers interrupted in transit). Owning enough of the routers in an anonymizing network to negate its security is largely a question of money: How much budget to you have, how certain do you want to be that nobody is really anonymous? If I had to neutralize an anonymous routing network, my approach would be to set up a cloud server running thousands of instances of the router software in question, customized to facilitate monitoring by a hypervisor. Each of these routers would be connected via VPN to a unique remote host, which would function as a transparent proxy. The proxy hosts could be machines owned by "friendly" actors, rooted consumer grade routers, purpose built appliances, conventional Windows botnets or some combination of these. I have not seen this method of attack described and named; I call it a "hydra" attack, because one body, many heads. I think this mode of attack deserves competent attention (i.e., not by me) because realtime observation and manipulation of any desired quantity of routers would provide solutions to any distributed anonymous routing protocol. The only defence I can think of is to assure that message traffic passes back and forth between mutually hostile national jurisdictions before delivery. This would be a bit of a hairball to implement, lots of slippery variables and potential counter-actions by hostiles would have to be taken into account. But this approach could increase the cost and reduce the reliability of Hydra attacks against anonymizing protocols. Long story short: If you want to be /really/ anonymous in the presence of hostile State sponsored actors, do not rely on a software-only approach: Use physical security measures to conceal your identity from the physical router that connects you to the Internet, because most or all of the anonymizing routers your traffic passes through may be owned and controlled by the very people you are hiding from. :o/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJXUdBBAAoJEECU6c5XzmuqlFoH/2COw22qWVeQr2B+s9w3LEwt XG+ixbo9a7fT0tmvy6S5bmmq39Cq38sw1eQnV6RSd1hzirKWqCwqwWpVS65biYpn CoCpm2AriwLHiyNgZZq1H36McybKYMph2Gd9DDmKPgUWn4p61V/jKDfXDCSqZmIs kkmTSaEBoRI0xpwauVqCYbs2kRk1srZvbRoXxSyFYtgeXGg/4HBqZ9S8pZkgS9gs M7izZs4xUkzgj7qQ40swtjzwSUJaCeRGxtoB3xemGdD/ngQId68GI7nVCIlk4w+R m3HjxtmhrOTaSsF6yuxVhODNS2FRvAXv+KPwuTr5PCYXPBcrb+XEkITOdUAf8e0= =tKZB -----END PGP SIGNATURE-----