Overlay Networks: Research Improvements and Attacks [was: planetlab butterfly relays]
On 1/23/19, nusenu <nusenu-lists@riseup.net> wrote:
thanks for adding tor relays. If you are using them for research purposes please ensure you follow the safety guidelines: https://research.torproject.org/safetyboard.html https://medium.com/@nusenu/some-tor-relays-you-might-want-to-avoid-5901597ad... https://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays | Up | Ext | JoinTime | Nickname | Version | IP | AS | CC | ORp | Dirp | OS | Contact | eFamMembers | FP | https://twitter.com/nusenu_ https://mastodon.social/@nusenu
As many know, many guidelines regarding the stronger distributed encrypted overlay and messaging networks out there are naturally voluntary, and research and attacks are often generally unenforceable and or undetectable when undertaken by qualified adversaries. Many parties [publicly] subscribe to such guidelines, many [silently] don't. That's the nature [and one of the risks] of such networks, indeed of any network. Such adversaries exist and are highly active and capable. Know your adversary. Strengthen your designs to match and best them. As to the nodes, they're all planet-lab.net hosts, planetlab has at least two known tor slices "okstate_tor" and "uml_ZhenLing", some public research outputs [or not] of which might be listed below... https://www.cs.uml.edu/~xinwenfu/paper/TorCellSize_ICC11_Fu.pdf https://www.cs.uml.edu/~xinwenfu/paper/TorWard14_Fu.pdf http://cse.seu.edu.cn/PersonalPage/zhenling/publications_files/infocom2014_T... http://cse.seu.edu.cn/PersonalPage/zhenling/publications_files/infocom2013_P... http://cse.seu.edu.cn/PersonalPage/zhenling/publications_files/infocom2012_E... https://news.okstate.edu/articles/communications/2015/tedx-returns-oklahoma-... https://www.youtube.com/watch?v=9QsjkJcUznA MEMEX Christopher White Jiangmin yu, Eric Chan-Tin: Realistic Cover Traffic to Mitigate Website Fingerprinting Attacks DOI: 10.1109/ICDCS.2018.00175 Conference: 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS) Identifying Webbrowsers in Encrypted Communications DOI: 10.1145/2665943.2665968 Revisiting Circuit Clogging Attacks on Tor DOI: 10.1109/ARES.2013.17 Conference: Availability, Reliability and Security (ARES), 2013 Eighth International Conference on https://chantin.cs.luc.edu/~chantin/ARES2013.pdf Application Of Data Analytics - Case Studies https://shareok.org/bitstream/handle/11244/54637/Yu_okstate_0664D_15098.pdf
https://www.chds.us/ https://www.hsdl.org/ Homeland Security Digital Library Index Search PDF https://www.hsdl.org/?search=&searchfield=&collection=public&submitted=Search&all=cypherpunks https://www.hsdl.org/?view&did=808271 FOLLOW THE SILK ROAD: HOW INTERNET AFFORDANCES INFLUENCE AND TRANSFORM CRIME AND LAW ENFORCEMENT Ryan D. Jerde Supervisory Special Agent, Homeland Security Investigations B.A., Minnesota State University Moorhead, 1992 Submitted in partial fulfillment of the requirements for the degree of MASTER OF ARTS IN SECURITY STUDIES (HOMELAND SECURITY AND DEFENSE) from the NAVAL POSTGRADUATE SCHOOL December 2017 Cohort NCR1603/1604 ABSTRACT A new category of crime has emerged in the border environment that is disrupting criminal typology. This new "hybrid" category intermixes physical and digital elements in ways not possible in the past. Internet technologies are facilitating this criminal evolution by affording perpetrators anonymity, efficiency, and distance. New criminal uses of the Internet have resulted in investigative challenges for law enforcement, especially concerning the illegal movement of people and goods. This thesis mapped the evolution of hybrid crime using cases from the Silk Road and Silk Road 2.0, viewed through the lenses of stigmergy and affordance theory. While the research identifies challenges for law enforcement, it also uncovers methods for countering hybrid crime. I found that while criminals are opportunistic in perceiving new affordances to commit crime, law enforcement can be equally capable of countering them by removing technological barriers. Law enforcement can break down these barriers by changing mindsets, implementing smart enforcement, and relying on expertise from public-private partnerships. https://www.hsdl.org/?view&did=811431 ENTERING THE MATRIX: THE CHALLENGE OF REGULATING RADICAL LEVELING TECHNOLOGIES Jennifer J. Snow Major, United States Air Force B.S., Salisbury University, 1996 B.S., University of Maryland Eastern Shore, 1996 B.A., Salisbury University, 2001 M.A., American Military University, 2008 Submitted in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE IN DEFENSE ANALYSIS from the NAVAL POSTGRADUATE SCHOOL December 2015 Defense Technical Information Center DTIC ABSTRACT Radical Leveling Technologies (RLT) constitute a new class of technologies that have exponential disruptive effects across a diverse set of societal processes resulting in radical change. This emerging class has profound leveling effects. Users can leverage RLT to produce national or international impacts without the need for significant technological expertise. These effects may occur via digital diffusion and without the need for extensive infrastructure. RLT are being driven by the power and expertise of online Open Source Communities. The ability of existing policy and enforcement methods to regulate this class of technology successfully, particularly within the counterproliferation space, suggests that a paradigm change is necessary. A spectrum of potential solutions is considered which advocates for collaborative efforts vice "hard policing" measures to engage online communities while also providing options to build additional security capacity within the government and law enforcement communities. Capacity can be gained via unconventional means including the use of cyber bounties, cyber privateering, hybrid fusion centers, and decentralized autonomous technology teams to improve support to existing special operations efforts, particularly within the counterproliferation mission set.
IV. NAVIGATING THE COMPLEX CULTURE DRIVING RADICAL LEVELING TECHNOLOGIES In the life sciences, researchers and security officials hadn't much history of working together. After 9/11, tensions threatened to grow between them. Neither group understood how the other operated and each thought the other was basically clueless. Gerald Epstein, Director AAAS Center for Science, Technology and Security Policy In 2012, a company called Defense Distributed became the first producer of a 3D- printed firearm, called the Liberator. Intended by the group to be a political statement concerning the protection of constitutional freedoms online and to send a message to global governments about the regulation of digital technologies, the project was quickly misinterpreted as a significant threat to security. The State Department officially requested that Defense Distributed remove the designs from their website, indicating that the files may be subject to the International Traffic in Arms Regulations (ITAR), a policy responsible for regulating weapons and certain kinds of technical data. The group complied, but not before over a hundred thousand downloads of the design had been recorded.94 Today, it is easy to find and download the original files from numerous online locations. A second statement by the State Department issued in June 2015 took a stronger stance on the issue of 3D gun design, declaring the intent to restrict specific types of designs and to require developers to obtain approval before "online publication of any technical data that . . . would allow for the creation of weapons . . ."95 This is one example of many in which a cultural misunderstanding complicated a situation that could have been resolved in a much simpler fashion. Understanding that Defense Distributed is an outgrowth of an online cultural group known as the cypherpunks, who are dedicated to the protection of individual user rights online, especially freedom of speech and expression, may have influenced the State Department to take a different approach. The case studies in this chapter will underscore three primary themes of attempts to utilize traditional methods of regulation against this problem set: 1) a lack of understanding of cultural norms and moral issues will negate applied legal measures, 2) a failure to understand and incorporate the cultures of the regulatees will lead to failed policy, and 3) the negative effects of applying quick policy fixes to RLT and online OSCs can cause nations to be less secure and grant a foothold for rogue actors. While the State Department's intentions were to enhance public safety, the effect achieved was the opposite. Within days of the June announcement, online groups that had been openly discussing 3D printing firearms suddenly instituted private chat rooms, deleted comments on how to meet existing gun laws or ways to circumvent the law, and began looking to encryption programs or Dark Web servers sponsored by foreign entities to escape US jurisdiction. Any visibility that open-source analysts had on this particular technological evolution, how quickly the technology was diffusing, and which groups might be willing to collaborate with the government to conduct self-policing or threat warning disappeared overnight. This phenomenon is not new, yet it continues to pose a stumbling block to regulators. As in the battle by MGM to stop illegal music sharing, the danger of making a moral issue into a market issue means that legal measures, especially measures that are likely to have little to no impact, generally result in anonymizing behaviors, high rates of diffusion via digital means, and isolation of user groups, restricting participation in constructive, collaborative solution forums. The technology evolves in exactly the manner the regulator had hoped to avoid.96 One reporter did a good job of summing up the ill-conceived regulation strategy: Even those who do not feel that everyone should have the ability to print their own guns have to see the lopsided logic at blocking access to the 3D printable gun instructions when directions on how to craft fertilizer bombs and make poisons [are] still readily available.97 Technological change can be daunting. But it is important to recognize when that change is occurring and then take the time to formulate an appropriate response. Failure to do so can make a simple political statement into a much bigger problem.98 The Liberator demonstrates the impact the lack of understanding of the "foreign" culture of OSCs and the influence (or lack thereof) that cookie-cutter policies and outdated regulations can have. While cultural training is stressed for military and diplomats operating in foreign nations, it is seldom discussed in terms of cyber and technology policy. This shortsightedness has a cost: alienated and radicalized OSCs, an online community that fails to report apparent threats to national security or public safety, stifled innovation that damages the US economy and military, and the creation of dangerous blind spots that can function as cyber safe havens for nefarious actors. The most important factor in the development of policy is understanding the culture and environment in which that policy needs to operate. This chapter will be devoted to identifying successful and failed attempts to engage with OSCs, to provide an understanding of some of the critical nuances explicit to policy and regulation in the digital dimension. Without this grounding, RLT policy development will at best have limited success or at worst be a total failure that results in enhanced operational security for threat actors.99 This chapter will provide an introduction to the online open-source culture. While groups may have their own unique personalities, all online groups embrace a shared cyber culture and (with the exception of a radical minority) obey its mandates. The case- study segment will follow, with five examples of negative interactions between government or corporate actors and OSCs (to include individual actors), highlighting what went wrong, why, and the end results (costs) of the interaction. A look at existing policy and identified shortfalls using 3D printing as an example will be included. Then, five positive case-study interactions will be examined with a focus on why these interactions were successful and what government and corporate entities did differently to make them a success. Finally, the chapter will conclude with a discussion of elements that can help to craft smart policy for the digital environment while avoiding known pitfalls that can lead to the "compliance without effect" problem experienced by policymakers grappling with RLT today.100
NAVIGATING THE COMPLEX CULTURE DRIVING RADICAL LEVELING TECHNOLOGIES Here's the video... https://www.youtube.com/watch?v=syOnqB077iQ
participants (1)
-
grarpamp