How the NSA might use Hotmail or Yahoo cookies to identify Tor users

"Quantum cookie" attacks are plausible but only in highly limited cases. 
by Dan Goodin

An image taken from documents former NSA contractor Edward Snowden provided to The Guardian newspaper.

The Guardian

One of the more intriguing revelations in the most recent leak of NSA documents is the prospect that the spy agency is using browser cookies from the Google-owned DoubleClick ad network, Yahoo, or Hotmail to decloak users of the Tor anonymity service.

One slide from a June 2012 presentation titled "Tor Stinks" carried the heading "Analytics: Cookie Leakage" followed by the words "DoubleclickID seen on Tor and nonTor IPs." The somewhat cryptic slide led to rampant speculation on Twitter and elsewhere that the NSA and its British counterpart, the Government Communications Headquarters (GCHQ), are able to bypass Tor protections by somehow manipulating the cookies Google uses to track people who have viewed DoubleClick ads. Principal volunteers with the Tor Project believe such a scenario is "plausible," but only in limited cases. Before explaining why, it helps to discuss how such an attack might work.

As documented elsewhere in the "Tor Stinks" presentation, the spy agencies sometimes use secret servers that are located on the Internet backbone to redirect some targets to another set of secret servers that impersonate the websites the targets intended to visit. Given their privileged location, the secret backbone nodes, dubbed "Quantum," are able to respond to the requests faster than the intended server, allowing them to win a "race condition." Government spies can't track cookies within the Tor network, because traffic is encrypted during its circuitous route through three different relays. But if the spies can watch the Internet backbone, they may be able to grab or manipulate cookies once the data exits Tor and heads toward its final destination.

A slide later in the deck refers to something called "QUANTUMCOOKIE," which purportedly "forces clients to divulge stored cookies." There are multiple ways to interpret such a vague bullet point. One of the more plausible is that the Quantum backbone servers can be used to serve cookies not just from DoubleClick or Google, but from Yahoo, Hotmail, or any other widely used Internet service.

Significant constraints

For dissidents of repressive governments, corporate or government whistleblowers, investigative journalists, and other Tor users, the prospect of being outted by a tracking cookie sounds scary. But based on the details included in the slides, it appears there are significant constraints on such attacks.

For one thing, as a separate slide instructed: "Use cookies to identify Tor users when they are not using Tor." Bullet points immediately below read:

• Current: preliminary analysis shows that some cookies "survive" Tor use. Depends on how target is using Tor (Torbutton/Tor Browser Bundle clears out cookies).
• Goal: test with cookies associated with CT targets
  —Idea: what if we seeded cookies to a target?
  — Investigate Evercookie persistence

"Torbutton" is a reference to a Firefox extension that Tor developers haven't used this way in almost 18 months. The feature allowed users to click a button to choose whether to funnel their traffic through the anonymous Tor network or over their regular Internet connection. By mid 2011, developers warned that the Torbutton could leak cookies or other data from regular Internet connections into Tor traffic, a behavior that could allow eavesdroppers to correlate users' public profiles or viewing history with Tor activities that were presumed private. The Torbutton's "toggle model" was formally purged from the Tor Browser Bundle in May 2012.

The effect of this change, as well as additional improvements that more carefully deleted all cookies when the Tor Browser Bundle is closed, is that the described attacks using cookies from DoubleClick or other services are in most cases not possible.

"The key point here is that it doesn't matter now if you can trick the browser into revealing its cookie anymore," Roger Dingledine, the lead Tor developer who often goes by the handle arma, wrote in an e-mail to Ars. "Back when we used the 'toggle' model, you might have a cookie on your browser that was created when you were in 'not using Tor' mode. That cookie is really dangerous if they can get a hold of it while you're using Tor, because it links you to your 'non-Tor' identity. Now that the toggle model is gone, and Tor Browser is really good about clearing cookies when you close it, then tricking Tor Browser into telling you about its (temporary, session-only, only gotten over Tor) cookies is much less dangerous."

One possible exception that Tor users should be aware of is the risk that comes when they log in to Hotmail, Gmail, or another service, even when running the most recent version of the Tor Browser Bundle. Until users log out and either close the browser or enable the "new identity" function, an attack mounted by a Quantum node might be able to redirect them to an imposter site that's able to retrieve a cookie set by the currently logged-in service.

To recap, here's how a cookie-based attack might work against someone using the old Tor software, based on a scenario offered by Dingledine:

Let's say there's a website, http://guardian.co.uk/, and the adversary wants to learn the identities of users who visit it over Tor and ask for a certain document.

Let's also suppose that the adversary can install their "Quantum" box on the Internet quite close to the Guardian webserver.

And we have Alice, our anonymous Tor user who uses Firefox and Torbutton in the old "Tor enabled" mode.

She clicks on the URL for her document, and her request is tunneled through the Tor network. Her Tor exit relay makes a Web request on her behalf to the Guardian website, but Quantum sees the Web request and answers it before the real Guardian website can answer.

Quantum's answer consists of an http redirect that makes Alice's browser think the website has asked her to load Hotmail and Yahoo. So she does, over Tor.

But in the old toggle model, what if she still had some old cookies lying around, back from when she had Tor disabled and was browsing normally? If she's a Yahoo user or a Hotmail user, then when her browser connects to those sites it will happily send her login cookie. The adversary then goes to whichever one(s) worked and asks them for subscriber information about the user they originally gave that login cookie to. Bad news for Alice.

Still a lot work to do

The bottom line is this: there's nothing in the slides that suggests the cookie attacks are a threat to Tor users who run up-to-date software and follow best-practice advice repeatedly offered by Tor volunteers. Of course, it's possible the NSA and GCHQ have techniques. Chief among them is the use of Quantum servers to redirect Tor users to sites that exploit security vulnerabilities to surreptitiously install malware on their computers. Such attacks have long been recognized as a risk, but they come at a cost to spy agencies since success requires the availability of a vulnerability in a current version of the software that can be exploited with no indication to the end user. That requirement makes it harder for agents to carry out the attacks against large numbers of targets.

"Looking over the rest of the slides, they seem to be asking some of the right questions, but they don't seem to have any more answers than we do in the academic research community—and in many cases the papers at http://freehaven.net/anonbib/ provide significantly better answers than these slides do," Dingledine wrote. "Or said more clearly, we still have a lot of work to do to make Tor both safe and usable, but we don't have any new work based on these slides."

By: Unknown On 11:35 AM

Continue Reading

US Intelligence Chief Defends Attempts to Break TOR Anonymity Network

by Arik Hesseldahl

The National Security Agency may have attempted to penetrate and compromise a widely used network designed to protect the anonymity of its users, but it was only because terrorists and criminals use it too.

That’s the explanation from Director of National Intelligence James Clapper about the recently disclosed attacks by the NSA and its companion agency in the UK against The Onion Router or TOR, a network that uses a constantly changing list of specially configured servers to relay and anonymize the Internet traffic of its users.

In a statement posted to the DNI’s blog, Clapper acknowledged NSA’s “iterest in tools used to facilitate anonymous online communication.” However media coverage of the work fails to point out “that the Intelligence Community’s interest in online anonymity services and other online communication and networking tools is based on the undeniable fact that these are the tools our adversaries use to communicate and coordinate attacks against the United States and our allies.”

And that’s the traffic that the NSA is hoping to capture and analyze. Clapper argues in the post that intelligence agencies are interested only in “…communication related to valid foreign intelligence and counterintelligence purposes.”

New attention has come to TOR and its users in part because of the arrest Wednesday by the FBI of the alleged operated of Silk Road, an online marketplace for the sale and distribution of illicit drugs that existed in the so-called Dark Web, reachable only by a TOR-enabled browser.

In a slide presentation leaked by Edward Snowden, the NSA discussed its struggles to defeat the anonymity that Tor provides. As of the time of the presentation, which is dated June of 2012, it hadn’t had much luck. “We will never be able to de-anonymize all Tor users all of the time,” the presentation says. Using what it calls “manual analysis,” it had had some success in “de-anonymizing” a small fraction of people using Tor. The deck also shows that the NSA sought to collaborate with the Government Communications Headquarters, the United Kingdom’s signals intelligence agency on its efforts.

It was all legal and appropriate, Clapper argues because “Within our lawful mission to collect foreign intelligence to protect the United States, we use every intelligence tool available to understand the intent of our foreign adversaries so that we can disrupt their plans and prevent them from bringing harm to innocent Americans. …Our adversaries have the ability to hide their messages and discussions among those of innocent people around the world. They use the very same social networking sites, encryption tools and other security features that protect our daily online activities.”

The ironic part is that TOR was invented at the US Naval Academy as a project meant to help activists overseas evade surveillance by officials of repressive regimes. A good amount of its funding has come from the NSA’s parent agency, the US Department of Defense.

 

By: Unknown On 10:36 AM

Continue Reading

Why the NSA Hates Tor, the Network That Protects Internet Anonymity

by Arik Hesseldahl

If you know anything about it, then it probably doesn’t come as much of a surprise that the National Security Agency really dislikes Tor, a.k.a. The Onion Router.

As I described yesterday, Tor is an open-source network that provides people connected to it a pretty strong, though not perfect, method for browsing the Internet anonymously. You have to be using it in order to access the so-called “Dark Web,” which is where Silk Road, the online bazaar of illicit drugs and other things, existed until its operator was arrested in San Francisco on Wednesday. The case has cast new attention on both the Dark Web and on Tor itself.

Given its roots as a project born at the U.S. Naval Academy, it’s a tad ironic that the NSA dislikes it so much, but it’s pretty clear from a slide deck on the subject leaked by former NSA contractor Edward Snowden and published by The Guardian today that its opinion is clear. The title of the deck is “TOR Stinks.”

The presentation shows that the agency struggled to defeat the anonymity that Tor provides. As of the time of the presentation, which is dated June of 2012, it hadn’t had much luck. “We will never be able to de-anonymize all TOR users all of the time,” the presentation says. Using what it calls “manual analysis,” it had had some success in “de-anonymizing” a small fraction of people using Tor.

The deck shows that the NSA sought some inspiration from the Government Communications Headquarters, the United Kingdom’s signals intelligence agency. Under a program called Remation II, the two sought to combine their resources to figure out some new methods for attacking Tor. The idea appears to be to operate a network of Tor-enabled relay servers and get access to others. It’s unclear how far the attack might have progressed by now.

The GCHQ also sought to peel back the onion — sorry, couldn’t resist — on the identity of Dark Web sites like Silk Road. These are the sites that operate in the hidden space on the Web, and which have weird, difficult-to-remember Web addresses that end in .onion. The goal of the efforts was to “harvest and enumerate .onion URLs,” the presentation says.

Another line of inquiry involved seeking information on .onion sites that happen to be running on Amazon Web Services, the commerce giant’s cloud computing service. The presentation says that the GCHQ set up its own Tor servers on AWS as part of the Remation II program.

One other idea: Poison the Tor network itself. In the penultimate slide, the presentation asks if it would make sense to set up a network of Tor nodes, advertise them as running at high speeds, while in fact they would run slowly. The point, the slide reads, would be “to degrade the overall stability of the network.” In the end the presentation seems to argue against that approach. “A critical mass of targets use TOR. Scaring them away from using it might be counterproductive.”

As with any technology providing anonymity, Tor can be used for good things and for bad things. Political activists in countries with repressive regimes use it to communicate securely when the likelihood of government surveillance is high, and in fact it was for this purpose that Tor was created. (It’s a pretty sure bet that Syrian rebels are using it, for example.) The development work is partially funded by the U.S. Department of Defense, which is the NSA’s parent agency, which is sort of awkward.

Anyway, the existence of the presentation is probably good news if you’re someone who has a non-criminal reason for protecting your anonymity on the Web. It means that even the powerful NSA has trouble coping with Tor, which means you can probably still use it with a reasonable amount of confidence, provided you’re doing it right. That doesn’t mean they won’t figure out a way to compromise it. But it will probably take some time.

By: Unknown On 11:58 AM

Continue Reading