Why the NSA Hates Tor, the Network That Protects Internet Anonymity

by Arik Hesseldahl

If you know anything about it, then it probably doesn’t come as much of a surprise that the National Security Agency really dislikes Tor, a.k.a. The Onion Router.

As I described yesterday, Tor is an open-source network that provides people connected to it a pretty strong, though not perfect, method for browsing the Internet anonymously. You have to be using it in order to access the so-called “Dark Web,” which is where Silk Road, the online bazaar of illicit drugs and other things, existed until its operator was arrested in San Francisco on Wednesday. The case has cast new attention on both the Dark Web and on Tor itself.

Given its roots as a project born at the U.S. Naval Academy, it’s a tad ironic that the NSA dislikes it so much, but it’s pretty clear from a slide deck on the subject leaked by former NSA contractor Edward Snowden and published by The Guardian today that its opinion is clear. The title of the deck is “TOR Stinks.”

The presentation shows that the agency struggled to defeat the anonymity that Tor provides. As of the time of the presentation, which is dated June of 2012, it hadn’t had much luck. “We will never be able to de-anonymize all TOR users all of the time,” the presentation says. Using what it calls “manual analysis,” it had had some success in “de-anonymizing” a small fraction of people using Tor.

The deck shows that the NSA sought some inspiration from the Government Communications Headquarters, the United Kingdom’s signals intelligence agency. Under a program called Remation II, the two sought to combine their resources to figure out some new methods for attacking Tor. The idea appears to be to operate a network of Tor-enabled relay servers and get access to others. It’s unclear how far the attack might have progressed by now.

The GCHQ also sought to peel back the onion — sorry, couldn’t resist — on the identity of Dark Web sites like Silk Road. These are the sites that operate in the hidden space on the Web, and which have weird, difficult-to-remember Web addresses that end in .onion. The goal of the efforts was to “harvest and enumerate .onion URLs,” the presentation says.

Another line of inquiry involved seeking information on .onion sites that happen to be running on Amazon Web Services, the commerce giant’s cloud computing service. The presentation says that the GCHQ set up its own Tor servers on AWS as part of the Remation II program.

One other idea: Poison the Tor network itself. In the penultimate slide, the presentation asks if it would make sense to set up a network of Tor nodes, advertise them as running at high speeds, while in fact they would run slowly. The point, the slide reads, would be “to degrade the overall stability of the network.” In the end the presentation seems to argue against that approach. “A critical mass of targets use TOR. Scaring them away from using it might be counterproductive.”

As with any technology providing anonymity, Tor can be used for good things and for bad things. Political activists in countries with repressive regimes use it to communicate securely when the likelihood of government surveillance is high, and in fact it was for this purpose that Tor was created. (It’s a pretty sure bet that Syrian rebels are using it, for example.) The development work is partially funded by the U.S. Department of Defense, which is the NSA’s parent agency, which is sort of awkward.

Anyway, the existence of the presentation is probably good news if you’re someone who has a non-criminal reason for protecting your anonymity on the Web. It means that even the powerful NSA has trouble coping with Tor, which means you can probably still use it with a reasonable amount of confidence, provided you’re doing it right. That doesn’t mean they won’t figure out a way to compromise it. But it will probably take some time.

By: Unknown On 11:58 AM

Continue Reading

US indicts suspected Anonymous members for leading 2010 “Operation Payback”

"We will not be merciful. We will not be newfags." 

by Cyrus Farivar

Back in 2010, “Operation Payback” involved a series of distributed denial of service (DDoS) attacks against anti-piracy websites as a way to protest what some members of Anonymous viewed as an overly greedy intellectual property industry. The attack was later revived in early 2011.

On Thursday, 13 men were indicted (PDF) in federal court in Virginia on one count of Conspiracy to Intentionally Cause Damage to a Protected Computer. They are accused of using the well-knownLow-Orbit Ion Cannon application to conduct DDoS attacks on the Recording Industry Association of America, the Motion Picture Association of America, the United States Copyright Office of the Library of Congress, Visa, MasterCard, and Bank of America.

According to the indictment, the victims suffered “significant damage,” noting specifically that MasterCard suffered at least $5,000 in losses during a one-year period. (For the record, MasterCard profited $415 million in 2010.)

The indictment also quotes from the original “flier” with instructions as when and how to attack:

Install the LOIC linked above into any directory you choose, load it up, and set the target IP to [IPaddress] port80 Method will be TCP, threads set to 10+, with a message of 'Payback is a bitch'... Everything else must be left blank. Once you have the target locked, DO NOT FIRE. REPEAT: DO NOT FIRE! This will be a calm, coordinated display of blood. We will not be merciful. We will not be newfags. The first wave will be firing in: ONE DAY: 09/17/2010 9PM EASTERN When it comes time to fire, ignore all warning messages. They mean nothing. Keep firing.

The men, who range in age from 20s to their 40s, come from Ohio, Maryland, Texas, New Jersey, Washington, Connecticut, New Hampshire, Arizona, Kansas, South Carolina, Montana, and Massachusetts.

Another court filing (PDF) states that the government has requested an arrest warrant for all 13 men.

“I have no idea what's going to happen at this point.”

One of the defendants, Dennis Owen Collins, had previously been indicted (PDF) in 2011 on charges in the Northern District of California relating to a DDoS attack on PayPal. Collins hung up on Ars twice when he was reached by phone in Ohio.

Collins' attorney, Peter Alan Leeming, told Ars that he and his client were "days away" from reaching a settlement with government prosecutors, which now appears to be "scuttled."

"I think it's most unfortunate that this has happened again for virtually for same conduct," Leeming said. "I'm distressed because the timing of this indictment has undermined the settlement that many people have been working on."

While Leeming declined to detail the terms of Collins' settlement, he described it as being "favorable for all parties."

"[It] involved a certain amount of restitution and terms that the government and defendants could live with," he added. "We had been through lengthy discussions and believed we had worked out a disposition on the case. I've never had [one district file fresh charges shortly before a settlement] happen before, and I've been doing this for more than 27 years. It seems a bit vindictive and punitive but Virginia is entitled to do what they see as appropriate, I guess. I have no idea what's going to happen at this point."

Courtesy: arstechnica

By: Unknown On 9:49 PM

Continue Reading