BlackHat2014: Deanonymize Tor for $3000

newer
Re: You need to update your Flattr...

older
Interoperating the DarkNets [was:...

grarpamp

3 Jul 2014 3 Jul '14

6:05 p.m.

You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget Alexander Volynkin / Michael McCord [...] Looking for the IP address of a Tor user? Not a problem. Trying to uncover the location of a Hidden Service? Done. We know because we tested it, in the wild... In this talk, we demonstrate how the distributed nature, combined with newly discovered shortcomings in design and implementation of the Tor network, can be abused to break Tor anonymity. In our analysis, we've discovered that a persistent adversary with a handful of powerful servers and a couple gigabit links can de-anonymize hundreds of thousands Tor clients and thousands of hidden services within a couple of months. The total investment cost? Just under $3,000. During this talk, we will quickly cover the nature, feasibility, and limitations of possible attacks, and then dive into dozens of successful real-world de-anonymization case studies, ranging from attribution of botnet command and control servers, to drug-trading sites, to users of kiddie porn places. The presentation will conclude with lessons learned and our thoughts on the future of security of distributed anonymity networks.

Show replies by date

Nathan Andrew Fain

4 Jul 4 Jul

12:15 p.m.

"Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization" Alex Biryukov, Ivan Pustogarov, Ralf-Philipp Weinmann http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf the two seem very similar. in the case of the paper linked amazon services were utilized. or perhaps someone can explain where the two research groups differ? On 03/07/2014 20:05, grarpamp wrote:

...

You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget Alexander Volynkin / Michael McCord

[...] Looking for the IP address of a Tor user? Not a problem. Trying to uncover the location of a Hidden Service? Done. We know because we tested it, in the wild...

In this talk, we demonstrate how the distributed nature, combined with newly discovered shortcomings in design and implementation of the Tor network, can be abused to break Tor anonymity. In our analysis, we've discovered that a persistent adversary with a handful of powerful servers and a couple gigabit links can de-anonymize hundreds of thousands Tor clients and thousands of hidden services within a couple of months. The total investment cost? Just under $3,000. During this talk, we will quickly cover the nature, feasibility, and limitations of possible attacks, and then dive into dozens of successful real-world de-anonymization case studies, ranging from attribution of botnet command and control servers, to drug-trading sites, to users of kiddie porn places. The presentation will conclude with lessons learned and our thoughts on the future of security of distributed anonymity networks.

grarpamp

8:05 p.m.

On Fri, Jul 4, 2014 at 8:15 AM, Nathan Andrew Fain <nathan@squimp.com> wrote:

...

"Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization" Alex Biryukov, Ivan Pustogarov, Ralf-Philipp Weinmann http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf

the two seem very similar. in the case of the paper linked amazon services were utilized. or perhaps someone can explain where the two research groups differ?

Yes, clearly an extension, optimization, or new work along the lines of the above paper. Perhaps more interesting is this dilemma...

...

https://lists.torproject.org/pipermail/tor-talk/2014-July/033693.html "They wanted a NDA, so most Tor Project's core contributors don't know what's in the air."

So we have at least one core person who knows. Now assuming this presentation [1] is in fact 'Really Bad News' for, at minimum, Hidden Services... will the details of it be leaked in order to 'save' HS operators/users before CERTs/GOVs/LEAs/Vigilantes/Spies and the thought police have time to get at them (or what unexposed elements still remain of them)? This is premised upon CERT's typical cozy relationships with LEA's, naturally leading to sharing with them what are potentially ... 'tested ... in the wild ... dozens of successful real-world de-anonymization case studies, ranging from attribution of' ... really diskliked things. Particularly cases of human harm where it is only natural to seek intervention. Then there are the cases worthy of every possible protection outlined here... https://www.torproject.org/about/torusers.html.en Therein lies the dilemma. What do you do? [Note that even if the above relationships, or desire to intervene, do not exist... said spies and their actors are likely to monitor the full research details, and know who in the public knows as well. This could lead to shorter time constraints on all sides.] [1] Which I forgot to link in the OP, thanks Matthew. https://www.blackhat.com/us-14/briefings.html#you-dont-have-to-be-the-nsa-to...

grarpamp

9:04 p.m.

On 7/4/14, grarpamp <grarpamp@gmail.com> wrote:

...

https://www.blackhat.com/us-14/briefings.html#you-dont-have-to-be-the-nsa-to...

I2P is a tool that likely presents the nearest analog to Tor's hidden services (.i2p) to the user. Usable in much the same way. Always good to be familiar with and have other options out there. And see that they receive community research and review efforts too. http://geti2p.net/en/comparison/tor

Paweł Zegartowski

10:02 p.m.

In general what grarpamp said is true, however we should remember that I2P (aka Invisible Internet Protocol) is designed to be "a real undernet" and thus it is focused mostly on hidden services and invisible hosting. It results in fact that there is much less outproxies than in TOR network. Using I2P to acces a "standard" Internet but in anonymous way is much less efficient than via TOR only because of that design issue, moreover I2P is just less popular than TOR and has less participating nodes, what additionally decreases it's efficiency. Zegar On 4 July 2014 23:04, grarpamp <grarpamp@gmail.com> wrote:

...

On 7/4/14, grarpamp <grarpamp@gmail.com> wrote:

...
https://www.blackhat.com/us-14/briefings.html#you-dont-have-to-be-the-nsa-to...

I2P is a tool that likely presents the nearest analog to Tor's hidden services (.i2p) to the user. Usable in much the same way. Always good to be familiar with and have other options out there. And see that they receive community research and review efforts too.

http://geti2p.net/en/comparison/tor

grarpamp

11 p.m.

On Fri, Jul 4, 2014 at 6:02 PM, Paweł Zegartowski <pzegar@gmail.com> wrote:

...

I2P (aka Invisible Internet Protocol) is designed to be "a real undernet" Using I2P to acces a "standard" Internet but in anonymous way is much less

Right, in the likely context of the subject exploit, I referred only to the similar .onion/.i2p hidden constructs that available for users. Binding to and using them is a bit different of course but it all works. And the .i2p's are generally as 'efficient' (speedy) in use regarding initial connect, latency and bandwidth, if not better. (A lot of filesharing is on i2p.) Bootstrapping into the net does take a while though. And of course as with any other darknet you should run a 'non-exit' relay to help out. i2p does have 'exits' you can compare to tor as well. Anyone can run an exit. But users have first find one on a wiki list or somesuch, and then manually configure their i2p to use it. Consider it like a bolt on proxy. Last I checked one comes preconfigured but as such expect it to be far overloaded. No reason there can't be many, there just aren't.

...

http://geti2p.net/en/comparison/tor

Juan

5 Jul 5 Jul

4:54 a.m.

"BlackHat2014: Deanonymize Tor for $3000" Oh, come on. That is 'FUD"! A conspiracy theory!! Those guys didn't create tor, so they shouldn't be hacking it!!! FUCK THEM. Tor is a project of the US government, the most righteous and clever organization on the planet, and the invincible defenders of free speech. Their anonymity network is simply unassailable. $3000? Please. Look, their own site says "Protect your privacy. Defend yourself against network surveillance and traffic analysis."[1] See? Using tor you can defend yourself against TRAFFIC ANALYSIS! There you have it. How on earth can tor be vulnerable to trivial traffic analysis when their site says just the opposite? HA! I bet you are so crazy as to think that the tor guys are stupid liars! You freedom hating commies! and so on and so forth... [1] https://www.torproject.org/ (yes! Now I feel like a real phd who wrote an email with a [] numbered footnote)

Cathal Garvey

8:18 a.m.

Funny, nobody else responded that way. On 05/07/14 05:54, Juan wrote:

...

"BlackHat2014: Deanonymize Tor for $3000"

Oh, come on. That is 'FUD"! A conspiracy theory!! Those guys didn't create tor, so they shouldn't be hacking it!!! FUCK THEM.

Tor is a project of the US government, the most righteous and clever organization on the planet, and the invincible defenders of free speech.

Their anonymity network is simply unassailable. $3000? Please.

Look, their own site says

"Protect your privacy. Defend yourself against network surveillance and traffic analysis."[1]

See? Using tor you can defend yourself against TRAFFIC ANALYSIS! There you have it. How on earth can tor be vulnerable to trivial traffic analysis when their site says just the opposite?

HA! I bet you are so crazy as to think that the tor guys are stupid liars! You freedom hating commies!

and so on and so forth...

[1] https://www.torproject.org/

(yes! Now I feel like a real phd who wrote an email with a [] numbered footnote)

-- T: @onetruecathal, @IndieBBDNA P: +353876363185 W: http://indiebiotech.com

rysiek

8:50 a.m.

Dnia sobota, 5 lipca 2014 01:54:26 Juan pisze:

...

"BlackHat2014: Deanonymize Tor for $3000"

Oh, come on. That is 'FUD"! A conspiracy theory!! Those guys didn't create tor, so they shouldn't be hacking it!!! FUCK THEM.

Tor is a project of the US government, the most righteous and clever organization on the planet, and the invincible defenders of free speech.

Their anonymity network is simply unassailable. $3000? Please.

Look, their own site says

"Protect your privacy. Defend yourself against network surveillance and traffic analysis."[1]

See? Using tor you can defend yourself against TRAFFIC ANALYSIS! There you have it. How on earth can tor be vulnerable to trivial traffic analysis when their site says just the opposite?

HA! I bet you are so crazy as to think that the tor guys are stupid liars! You freedom hating commies!

and so on and so forth...

See, the thing is: the fact that somebody submitted such a talk doesn't mean it holds any water yet. I will gladly have a look at the documents and the talk to see, what the problem is. Once we know that, we'll see if the Tor guys can fix it, or not. There have been several "deanonimize Tor" talks over the years. Some where pure bull, some held some water and caused changes to Tor. That's the normal lifecycle of any complicated project. But ah, why am I feeding the trolls? :)

...

(yes! Now I feel like a real phd who wrote an email with a [] numbered footnote)

Good for you. :) -- Pozdr rysiek

Odinn Cyberguerrilla

7 Jul 7 Jul

6:49 a.m.

This sort of conversation has been going on for at least a year. I don't feel as though it's fresh or new. Mid-June of 2014 I responded to this same sort of thing when it was mentioned with respect to possible effects on Darkwallet on another list that I'm on. This is more or less the substance of my response, I've copied it here:

...

http://www.coindesk.com/eavesdropping-attack-can-unmask-60-bitcoin-clients/

Is this something DW can protect against? _______________________________________________ unSYSTEM mailing list: http://unsystem.net https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/unsystem

Technically, what the attack really will do is unmask certain IPs and ISPs, bitcoin isn't anonymous, hence, darkwallet, bytecoin, zerocash, etc. The question becomes is darkwallet and / or anyone using stealth a-la http://sx.dyne.org/stealth.html identifiable (or at least is either their client identifiable even if other information may not be) through said attacks as described at: http://arxiv.org/pdf/1405.7418v2.pdf In this article, partially what is described is the following: "the attack requires establishing 1008 connections and sending a few MBytes in data. This can be repeated for all Bitcoin servers, thus prohibiting all Tor connections for 24 hours at the cost of a million connections and less than 1 GByte of trac." The reference to "servers" is presumably indicating servers which are running Tor and through which something of the Bitcoin network is also transiting through or about. It seems as though if someone wanted to they could target personal computers or servers, although the likelihood of finding much useful information is unlikely, unless someone already knows something about who they are going after and is interested in additional, related information. This was covered in a previous study, here: http://fc14.ifca.ai/papers/fc14_submission_11.pdf See originally posted content which appeared _before_ fincrypto14 at: http://miki.it/pdf/thesis.pdf and http://www.dis.uniroma1.it/~baldoni/ssd2013/lezioneseminari_diluna.pdf and http://indigo.uic.edu/bitstream/handle/10027/10144/Spagnuolo_Michele.pdf?seq... "The goal of the Clusterizer is to nd groups of addresses that belong to the same user. It incrementally reads the blockchain DB and generates-updates clusters of addresses using two heuristics, detailed in 3.2. The first heuristic exploits transactions with multiple inputs, while the second leverages the concept of \change" in transactions" (from the BitIodine paper) And so on and so forth. Standard clustering and correlation methods infer usernames associated with addresses. Etc. (My suggestion upon thinking about this further was to suggest that Darkwallet development collaborate closely with Tor developers and the Zerocash developers on this issue to find logical solutions. It seemed to be an issue but not one that is insurmountable. Further, it seemed to me that what would be key to the attack referenced in the coindesk article is the following:) "Whenever a peer receives a malformed message, it increases the penalty score of the IP address from which the message came (if a client uses Tor, than the message will obviously come from on of the Tor exit nodes). When this score exceeds 100, the sender's IP is banned for 24 hours." Knowing this and other things about the attack, solutions can be crafted to make such attacks more difficult, not just adding "random delays after transactions" as the paper's authors suggested, assuming DW collaboration with Tor developers and perhaps use of zero knowledge proofs. See also the following: https://bitcointalk.org/index.php?topic=309073.msg7303979#msg7303979 (has something about libsnark and zero knowledge proofs) https://docs.google.com/file/d/0B7r4osQgWVqKTHdxTlowUVpsVmJRcjF3Y3dtcTVscFhE... (TorPath to TorCoin) https://github.com/bitcoin/bitcoin/issues/4079 (my issue in bitcoin/bitcoin)

...

Dnia sobota, 5 lipca 2014 01:54:26 Juan pisze:

...
"BlackHat2014: Deanonymize Tor for $3000"

Oh, come on. That is 'FUD"! A conspiracy theory!! Those guys didn't create tor, so they shouldn't be hacking it!!! FUCK THEM.

Tor is a project of the US government, the most righteous and clever organization on the planet, and the invincible defenders of free speech.

Their anonymity network is simply unassailable. $3000? Please.

Look, their own site says

"Protect your privacy. Defend yourself against network surveillance and traffic analysis."[1]

See? Using tor you can defend yourself against TRAFFIC ANALYSIS! There you have it. How on earth can tor be vulnerable to trivial traffic analysis when their site says just the opposite?

HA! I bet you are so crazy as to think that the tor guys are stupid liars! You freedom hating commies!

and so on and so forth...

See, the thing is: the fact that somebody submitted such a talk doesn't mean it holds any water yet. I will gladly have a look at the documents and the talk to see, what the problem is. Once we know that, we'll see if the Tor guys can fix it, or not.

There have been several "deanonimize Tor" talks over the years. Some where pure bull, some held some water and caused changes to Tor. That's the normal lifecycle of any complicated project.

But ah, why am I feeding the trolls? :)

...
(yes! Now I feel like a real phd who wrote an email with a [] numbered footnote)

Good for you. :)

-- Pozdr rysiek

Cathal Garvey

5 Jul 5 Jul

8:20 a.m.

New subject: Spam more i2p outproxies? (Was: Re: BlackHat2014: Deanonymize Tor for $3000)

...

I checked one comes preconfigured but as such expect it to be far overloaded. No reason there can't be many, there just aren't.

Quite right, there's no reason why there can't be more, except for the liability of actually hosting those exits. OTOH, there are now plenty of hosts who accept bitcoin for hosting in countries that probably don't give a damn about outproxies, so why not crowdfund a set of dedicated high-bandwidth outproxies? On 05/07/14 00:00, grarpamp wrote:

...

On Fri, Jul 4, 2014 at 6:02 PM, Paweł Zegartowski <pzegar@gmail.com> wrote:

...
I2P (aka Invisible Internet Protocol) is designed to be "a real undernet" Using I2P to acces a "standard" Internet but in anonymous way is much less

Right, in the likely context of the subject exploit, I referred only to the similar .onion/.i2p hidden constructs that available for users. Binding to and using them is a bit different of course but it all works. And the .i2p's are generally as 'efficient' (speedy) in use regarding initial connect, latency and bandwidth, if not better. (A lot of filesharing is on i2p.) Bootstrapping into the net does take a while though. And of course as with any other darknet you should run a 'non-exit' relay to help out.

i2p does have 'exits' you can compare to tor as well. Anyone can run an exit. But users have first find one on a wiki list or somesuch, and then manually configure their i2p to use it. Consider it like a bolt on proxy. Last I checked one comes preconfigured but as such expect it to be far overloaded. No reason there can't be many, there just aren't.

...
http://geti2p.net/en/comparison/tor

-- T: @onetruecathal, @IndieBBDNA P: +353876363185 W: http://indiebiotech.com

grarpamp

6:29 p.m.

New subject: Spam more i2p outproxies? (Was: Re: BlackHat2014: Deanonymize Tor for $3000)

On Sat, Jul 5, 2014 at 4:20 AM, Cathal Garvey <cathalgarvey@cathalgarvey.me> wrote:

...

Quite right, there's no reason why there can't be more, except for the liability of actually hosting those exits. OTOH, there are now plenty of hosts who accept bitcoin for hosting in countries that probably don't give a damn about outproxies, so why not crowdfund a set of dedicated high-bandwidth outproxies?

Legally, in most western / sane countries, there are provider/carrier/isp exceptions exits fall into such that running exits (tor/i2p/vpn/proxies) is not a problem... Tor has about 1000 of them. And if you follow torproject.org, torservers.net, noisebridge.net, accessnow.org, you'll find lots of donation and funding efforts. eff.org runs PR challenges. This all applies to I2P and other projects, they could join together in these efforts, and develop some more of their own as well.

3781

Age (days ago)

3785

Last active (days ago)

List overview

Download

11 comments

7 participants

participants (7)

Cathal Garvey
grarpamp
Juan
Nathan Andrew Fain
Odinn Cyberguerrilla
Paweł Zegartowski
rysiek