114 comments

[ 4.8 ms ] story [ 150 ms ] thread
(comment deleted)
Page 5: "Terrorist with Tor client installed"

And its a picture of a guy with a bandit mask and an AK-47. I don't know about you guys, but all my Tor activities are performed in my Halloween costume!

I honestly can't believe something this tacky would end up in a presentation. Is this supposed to be propaganda?

This presentation seems very odd.

Page 4: Dumb Users (EPICFAIL)

Isn't EPICFAIL an operation nickname? (Like "GREAT EXPECTATIONS" and the others)
Amazing.

Even better, on page 9: "Analytics: Dumb Users (EPICFAIL)"

It's a powerpoint, doubtless put together by a middle-manager who thought some clipart would spice things up. Internal presentations at pretty much every company I've worked for have been just as tacky.
(comment deleted)
What stuff? Realistically illustrating terrorists in Powerpoint? Nobody is paying for MS Office prowess, and frankly at this point laughing at the NSA strikes me as hubristic at best.
"Terrorist" -- as everyone knew it would become -- is now shorthand for anyone undesirable or anyone targeted for any reason.
Or for the Navy, since they invented Tor. This whole thing is wacko.
It's the new red scare, the new Soviet.

We American's require a boogeyman.

In all fairness, most countries do. Watching South American leaders lately shows the exact same behavior. Find a foreign devil for everyone to rally against to hide domestic issues.

Soviets were not some bogeyman. They were real, their spies were real, and the international communist movement they sponsored was real.

Rosenbergs and others did spy for the Soviets. They did successfully transfer secrets related to the atomic bomb. And they were ideologically motivated.

Something something McCarthyism.
Communist would have been a better word to use than Soviet. Soviet was relatively specific, but broad swaths of the world got labelled communist. While it's true that the Soviets were more than boogeymen, I think that the broader point stands that Americans (and everyone else really) tend to have some convenient, reductionist label to apply to "others" that is broadly taken as a synonym for "evildoer". "Terrorist" is the fashionable label today.
> And they were ideologically motivated.

I may be reading you incorrectly, but I get the sense you consider what the US/West does somehow isn't ideologically motivated or that having any such motivations is inherently sinister? Of course they were, just like the US is ideologically motivated. Defending and furthering capitalist goals is no less ideologically motivated than defending and furthering communist goals.

"If the Devil didn't exist, it would be necessary to invent him."
Recall this line from Blade Runner:

> Replicants are like any other machine. They're either a benefit or a hazard. If they're a benefit, it's not my problem.

These people's job is to fight (their government's definition of) terrorists. It's not automatically in the job description to develop a nuanced view of terrorism, of various categories of hackers, etc. -- except to whatever degree it helps them to understand their enemy and thereby stop them.

People often do this even in jobs where the stakes are lower -- if you're running a struggling grocery store competing with a SuperWalMart, WalMart are the bad guys, even if the people who work at WalMart are perfectly nice people just trying to earn some money to raise a family.

Having said that, yes -- it's obviously particularly dangerous to go around branding anyone you have a problem with a terrorist.

Especially... I can't imagine this is clip art. Someone must have sat down and drawn that to order.

That must be a really wierd job, doing tacky but still sophisticated illustrations for top secret internal presentations.

Oh, come on, they're humans too, and thus subject to deliberately unfunny jokes in (technical or not) slide presentations like the rest of us.

From a quick look this one seems more plausible than the absurd PRISM presentation.

>From a quick look this one seems more plausible than the absurd PRISM presentation.

Are you suggesting that the leaked PRISM presentations are not authentic?

I'm not sure. You can imagine that presentation in some run-of-the-mill crappy company meeting full of 9-5ers, but it's hard to imagine intelligent people with good educations presenting information to each other like that. I know there are all sorts of contractors, but would they really be discussing such weighty issues?
Are they human too? I always pictured the NSA being comprised of a bunch of Vogons.
I thought it was more of a Zorro mask. It's very suspicious that the entire presentation seems to undermine the supposed severity of the issue with very silly names and pictures...

Tor Stinks, ONIONBREATH, EPICFAIL

Yeah where is the value for my tax dollars? I want top shelf Powerpoint presentations.
and a beard... like terrorists can be stereotyped like that. This is more than just propaganda, this is the mentality of the type of people who put these presentations together. That fact that whoever wrote this presentation has profiled people like this. I would wager that 99% of online "terrorists" are sitting around in jeans and t-shirts, on safe soil, have probably never handled a gun, let alone an AK-47 (or whatever that is on his back), probably don't have a beard. The ones financing them probably spend their life wearing a suit and tie and are either driving a top of the line vehicle or are driven everywhere in a top of the line vehicle.

If you look at the world around us and review the history of terrorism, most of it's been funded behind the scenes by one of the major superpowers, and you can't overlook the fact that a large portion of this has been by backed by the US. It's funny how when the US wants a government toppled, the terrorists are "friendly" and funded and armed by the US government, but when they're counter to US interests, they're suddenly part of the axis of evil and must be destroyed...

Perhaps if they stopped funding this ignorant behaviour and stopped supplying munitions to these terrorist interests, the problem would eventually go away... spend more on education and tolerance towards all points of view, enlightenment, the world would become a more peaceful place.

When will "democratic" governments eventually realize that money and greed is not the best approach to the furthering the human experience on this planet.

Sorry, didn't mean to get off on a rant there, but that one picture triggered a bit of annoyance.

And banks don't actually keep money in big cloth bags with dollar signs on them. It's just clip art, and to say that it speaks to the mindset of a type of people you probably don't really know much about. I would hasten to say that your stereotypes are probably no more grounded in reality than those of the straw men your attacking.

>"If you look at the world around us and review the history of terrorism, most of it's been funded behind the scenes by one of the major superpowers, and you can't overlook the fact that a large portion of this has been by backed by the US."

While this assertion is not completely baseless, it's simply not correct, but is the kind of empty-headed moral equivalence that gets tossed around to unanimous approval among a certain class who consider a shibboleth of sophistication.

To wit, in the history of terrorism, we see the Irish Republican Army, The Tamil Tigers, the Red Brigade, the Weather Underground, FALN, Baader Meinhof group, the Symbionese Liberation Army, the current Chechen groups, the Hindu and Muslim groups prior to the formation of Pakistan, and frankly many more -- all without super power support. While some national actors have stepped up to support terror groups, superpower, or even great power support has been the exception rather than the rule.

During the cold war, the USSR, the US and China fought a number of proxy wars, and supported opposition groups in various national civil wars, mostly in Asia, Africa and Central America. Additionally, the CIA engaged in specific assassinations of political leaders largely in Latin America but not really what anyone would consider terrorism by the current definition. You're statement that a large portion of terrorism has been backed by the United States would require expansive definitions of 'large portion', 'terrorism' or 'backed' to be true.

No, it requires the United States' own definition of terrorism to be applied to the US.

Drone strikes in Pakistan alone have killed thousands of civilians.

Many of the opposition groups you mentioned were backed by the US knowing that they committed and intended to commit terrorism and other war crimes.

++ this. this ppt isn't an analysis of terrorist personas, it's about tor.

it's expected to use steriotypical shoe-ins for concepts outside the scope of the presentation.

You shouldn't be divulging information like this ... now all the terrorists will shave and we'll be toast!
It's clearly intended as a joke. It's a slideshow shown to people with technological backgrounds. Most people in computer-based work have seen poorly selected stock photos like these to depict hackers/terrorists/whatever.
(comment deleted)
Can we pleeeeease make this the new default icon for the OnionBrowser Bundle?

(edited to remove broken image link)

Depressingly, the document talks about plans to make Tor less reliable to dissuade people from using it:

> Could we set up a lot of really slow Tor nodes ... to degrade the quality of the network? > Given CNE access to a web server make it painful for Tor users?

At least the document seems to confirm that GCHQ has a really, really hard time de-anonymising Tor users.

This could be countered by setting up a lot of fast nodes. Stealthier malicious nodes that selectively drop or tar-pit traffic though would be harder to fight...
At the end they debate whether killing Tor would be bad, since if they could exploit it they'd have all the "bad guys" in one place.
If anything this just encourages me to keep my non-exit relay up as much as possible.
I'm pretty sure Tor does smart peer profiling/selection to optimize for throughput. Lots of people run Tor relays on their silly little home DSLs and Tor still works.
Which is why the slide also talks about reporting as if being a high throughput node. i.e. Report back that you're handling a lot of traffic quickly while handling traffic very badly. Does Tor have protection against a node doing that?
I'm pretty sure Tor profiles against this as well. There's a presentation somewhere on YouTube addressing just this problem.
But then the last slide has this:

> Critical mass of targets use Tor. Scaring them away from Tor might be counterproductive.

How do we know this wasn't just a trick to make people think tor is safe and keep using it?
Pretty sure it is. If you need serious anonymity, like if your life depends on it, get a botnet and use the trojaned PCs as proxies. Use public WiFi, and use cheap laptops that you replace regularly and/or VMs, and don't forget to fake your MAC address. Create multiple fake personas to confuse attackers. Have stuff you write rephrased by someone else, so they can't do a corpus analysis on your writings. Do as much offline as possible. If you have to transfer information, avoid the internet. Use dedicated lines, dialup, dead drops, etc. etc.

I'm so glad I have nothing to hide.

Of course, if they actually have a really easy time de-anonymizing users, they might "leak" a document like this to encourage people to keep using it.

Conspiracy theories are fun!

This is probably part of the Snowden files, so it was unlikely to be an intentional leak.
It already says they want people to keep using Tor. Read the last slide:

> Critical mass of targets use Tor. Scaring them away from Tor might be counterproductive.

In other words, they'd rather only have to break one anonymization service instead of five.

If I had a few million dollars to run compromized Tor nodes, and the ability to subpoena (and gag order) any Tor node operator in USA, UK and a couple of other major countries to give me their keys, I would be able to easily de-anonymize a large portion of the network.
How many times can you employ that tactic until the savvy targets move onto more secure networks?
It is commonly assumed that the NSA/CIA run a substantial portion of the exit nodes. Morever, they are a global adversary (one Tor is not designed to defeat).
Doesn't look like a very ethical/professional presentation. But then again, who said everyone's professional in all agencies. Its a conjecture to think our laws are systematically enforced by ethical folks.
They actually saw it as their job to make the experience of anyone using Tor difficult.

Isn't that kind of like the police deciding to make the roads full of potholes because that would make it more difficult for bank robbers to get away in a car.

Then again, considering the quality of the roads these days, maybe they are way ahead of me on that.

Police have to use the same roads. The presentation leads me to believe that they do not want to scare people away from Tor, so they can track at least some users, but probably/obviously have their own network/servers for anonymous connection that will not be impacted.

Otherwise yes, it seems stupid to make Tor unusable as a whole.

They are doing this all the time. They are buying exploits and keep them locked up, they actively backdoor software and hardware.

Basic statistics tells us it is pure insanity to compromise our security for the noise that is "international terror".

A lot of these articles use abstruse acronyms. Is there perhaps a place where they're all compiled with their explanations?

For instance, what is (U)? Or (S), (SI), and (REL)?

Yes, such as "EPICFAIL".
(comment deleted)
That Schneier article [1] is very technical and reveals quite a lot of interesting information. It was immediately flagged off HN front page by the flagging brigade [2]. It's highly recommended reading, though.

[1]http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa...

[2]https://news.ycombinator.com/item?id=6495771

No it wasn't. It at the top of the front page now.
It actually was earlier removed from frontpage, only to reappear after some 10 minutes or so.
Must be a conspiracy.
Looks like the NSA invoked the HN.RemoveArticle method.
I wouldn't be so quick to dismiss weird behavior with submissions. Would you?

https://news.ycombinator.com/item?id=5008829

https://news.ycombinator.com/item?id=5008267

Yes, I would. You probably know less than you think you do about what the people running HN are doing/trying to do.
Seems you knew about the the YC company-related submissions being boosted. What makes you think nothing strange is happening to any other submissions?
>YC company-related submissions being boosted //

I missed the disclosure on this one, is it in the FAQ or somewhere else?

That Schneier article is a must read with lots of technical details.

Anyone know how to start identifying the FoxAcid servers and calling them out?

Most fascinating part - using DoubleClick ad cookies to trace Tor users.
This should provide clear warning to anyone who might consider themselves a cypherpunk: Even if you don't think that you are at war with the US government, the US government (and likely most other governments) believes it is at war with you.

It sounds dramatic because it is.

It's all part of the theatre and propaganda. Make the weak minded believe that everyone's the boogeyman. At least people on the internet can think critically and say "Er, this doesn't sound right"
Thats a ringing endorsement for Tor. Its really works! They struggle to get info out of it.
Does anyone know what the QUANTUM attack they refer to is? It doesn't seem like quantum computing on the face of it; It looks like it may be a system used to disrupt traffic on the internet, possibly man in the middle attacks.

Edit: I found a reference to something called a "Quantum Insert" in an article related to GCHQ. They state the following:

According to the slides in the GCHQ presentation, the attack was directed at several Belgacom employees and involved the planting of a highly developed attack technology referred to as a "Quantum Insert" ("QI"). It appears to be a method with which the person being targeted, without their knowledge, is redirected to websites that then plant malware on their computers that can then manipulate them

http://www.spiegel.de/international/europe/british-spy-agenc...

This might be what they are referring to, or a system that was built for targeting specific individuals.

This is enabled by a very obvious flaw in the CA infrastructure that SSL/TLS is based upon. All it takes is someone with leverage over the top level certificate authority and the DNS servers you use and there's nothing you can do to detect that's what's going on. That's a huge and very obvious flaw in the system that anyone questioning what they can trust on the internet should have spotted a mile away.
"To trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target's browser to visit a Foxacid server.

In the academic literature, these are called "man-on-the-middle" attacks, and have been known to the commercial and academic security communities. More specifically, they are examples of "man-on-the-side" attacks."

Read more here: www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity

Can we translate that to something sane? Is it "shorter BGP/more specific route announcement?" Or some kind of MITM by being directly in line? Assuming it is TCP traffic, just being "faster to respond" doesn't help all that much without some other logic.

If I were MITMing with full cooperation of only a subset of a network carrier, I'd probably go for some route announcement tricks; easier to interface with the rest of the organization, and due to lack of filtering internally, not much config change required. Would fail safely (== non-detectably), also, and could potentially be explained away as "oh, shit, some stupid ISP leaked routes".

(I guess you could give bad dns responses, too, and then go from there, but that sounds more detectable at the end user device, which is very undesirable.)

(comment deleted)
Some nice recommendations tho for usage.

ORBOT / Tor Router Project / Hide-my-ip-address / Tor Project and the bootable OS Tails.

Some of the more advanced Obfuscation for the tor project

Skype Morph - Hides Tor traffic in Skype packets mmm fun and worth a look

Someone better be working on tor Obfuscation with flash packets, no one is going to block those things.

/tinhat

Why are these latest NSA stories getting flagged so much?

I don't like that PG has relaxed the flagging so much. You can probably flag even tens of stories a day now without having your flagging removed.

I wonder, if you flag too much, do you get a 'querulant' flag yourself that makes the site ignore your flags? :-D

I would totaly implement something like that if I were PG. Seems to fit the mindset of HN, as it also uses hellbans.

Nope, the flag link disappears when you flag "badly".
After reading many of these articles about the NSA I keep wondering if they have an office specifically tasked with thinking up code names for these projects. I personally would find it difficult to keep them all straight—this article, for example, contained a new one to me: ONIONBREATH.

Just an odd image in my mind of a group of top-security clearance, extremely well trained, able-minded people who think up silly code names like these.

TOR - The Onion Router.

Would be a hell of a co-incidence if it wasn't a reference.

Many government agencies do this - check out the names for DEA stings, or even FDA operations.
The slides were from over a year ago, I'm sure a lot has changed since then. Also the timing of this is very suspect, obviously it's been in the news and the Guardian either want to run with this new line brought on by the Silk Road "bust", or they just want to "soothe" (take as you will) our worries with the network.

Would also love to know more about NEWTONS CRADLE, anyone heard of anything more specific?

When will everyone get off the bandwagon of referring to anyone that's willing to actually stand for their beliefs counter to U.S. interests a terrorist? It's gotten to the point where the word terrorist just makes me roll my eyes and say "whatever", I'm becoming desensitized to it, just like most of the UK did growing up in England during the height of IRA campaigns. After a while, it just became a tedious pain in the ass and everyone switched off.
Don't we all know, that Tor is low latency solution and therefore directly voulnerable to statistical correllation attacks?
(comment deleted)
Of course it stinks. It's "only" weakness is a "global, passive adversary" + It was built by the US Government.
I also quite like the point "Analytics: Cookie Leakage", like anyone that uses Tor doesn't use it in incognito mode with cookies disabled... or flushes their cookies before they use anything else...

... that either says they're stupid, or they're only after stupid terrorists... as if they're the ones they should really be concerned about.

I think Tor recommends surfing from a dedicated virtual machine, IIRC, which is probably the safest way to surf, though something like Flash or Java can still probably report the actual host IP.
Freedom lover with Tor client installed.