TOP SECRETIICOMINTII REL FVEY
Derived From: NSNCSSM 1-52
Dated: 20070108
Declassify On: 20370101
JUN 2012
CT SIGDEV
Stin k...
TOP SECRETIICOMINTII REl FVEY
• We will never be able to de-anonymize all Tor
users all the time.
• With manual analysis w...
TOP SECRETIICOMINTII REL FVEY
https://wiki.gchg/index.php ?title= REMA TION
• Joint NSA GCHQ counter-Tor workshop
• Week o...
,
TOP SECRETIICOMINTII REL FVEY
- Baseline our nodes (21)
- Tor node flooding
- Hidden services (4, 5, 6, 7)
- Timing patt...
TOP SECRETIICOMINTII REL FVEY
• Current: access to very few nodes. Success rate negligible
because all three Tor nodes in ...
•
TOP SECRETIICOMINTII REL FVEY
Analytics:
Goes Inta Goes Outta/Low Latency (S//SI)
Find possible alternative accounts for...
TOP SECRETIICOMINTII REL FVEY
Use cookies to identify Tor users when they are
not using Tor
• Current: preliminary analysi...
8
TOP SECRETIICOMINTII REL FVEY
• DoubleclicklD seen on Tor and non-Tor IPs
Analytics: Cookie Leakage (TS//SI)
TOP SECRETI...
9
TOP SECRETIICOMINTII REL FVEY
• Current: GCHQ has working QFD based on
hard selector (email, web forum, etc) but does
no...
o
TOP SECRETIICOMINTII REL FVEY
• Current: detection done once an hour by NTOC.
RONIN stores "last seen" and nodes age off...
TOP SECRETIfCOMINTII REl FVEY
How does Tor handle DNSrequests? Are DNS
requests going through Tor? Does this depend
on how...
12
TOP SECRETIICOMINTII REL FVEY
What do we know about Hidden Services?
• Current: No effort by NSA, some DSD and
GCHQ wor...
TOP SECRETIICOMINTII REL FVEY
• Current: GCHQ has research paper and
demonstrated capability in the lab.
• Goal: Can we ex...
Investigate the Amazon AWS cloud instances of
Tor servers. How are IPs allocated and
reassigned once bandwidth limit is re...
TOP SECRETIICOMINTII REL FVEY
Figure 4:A diagram of how the QUANTUM Survey/ Cookie rechnique works
Yahoo I
I"the: de..- GL...
•
TOP SECRETIfCOMINTII REl FVEY
Test current CNEtechniques (FA and SHORTSHEET)
against Torbutton and TBB users.
• Current:...
7
TOP SECRETIICOMINTII REL FVEY
• Current: Can stain user agent working on shaping.
• Given CNEaccessto a target computer ...
8
TOP SECRETIICOMINTII REL FVEY
Given CNEaccessto web server modify the server
to enable a "timing/counting" attack simila...
•
TOP SECRETIICOMINTII REL FVEY
Can we exploit nodes?
Probably not. Legal and technical challenges.
Exploitation: Nodes (T...
o
TOP SECRETIICOMINTII REL FVEY
Given CNEaccess to a network can we deny/
degrade/disrupt Tor users' ?
Given CNEaccess to ...
1
TOP SECRETIICOMINTII REL FVEY
How many nodes do we have cooperative or
direct accessto? Can we deploy similar code
to th...
TOP SECRETIICOMINTII REL FVEY
Could we set up a lot of really slow Tor nodes
(advertised as high bandwidth) to degrade the...
TOP SECRETIICOMINTII REL FVEY
• Critical mass of targets use Tor. Scaring them
away from Tor might be counterproductive.
•...
Upcoming SlideShare
Loading in …5
×

Tor stinks

1,661 views
1,604 views

Published on

Top-secret presentation says 'We will never be able to de-anonymize all Tor users all the time' but 'with manual analysis we can de-anonymize a very small fraction of Tor users'.
The Guardian.

Published in: Education, Technology, Business
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,661
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
69
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Tor stinks

  1. 1. TOP SECRETIICOMINTII REL FVEY Derived From: NSNCSSM 1-52 Dated: 20070108 Declassify On: 20370101 JUN 2012 CT SIGDEV Stin ks IU) TOP SECRETIICOMINTII REL FVEY
  2. 2. TOP SECRETIICOMINTII REl FVEY • We will never be able to de-anonymize all Tor users all the time. • With manual analysis we can de-anonymize a very small fraction of Tor users, however, no success de-anonymizing a user in response to a TOPI request/on demand. Tor Stinks...(U) TOP SECRETIICOMINTII REL FVEY
  3. 3. TOP SECRETIICOMINTII REL FVEY https://wiki.gchg/index.php ?title= REMA TION • Joint NSA GCHQ counter-Tor workshop • Week one at MHS focus on analytics • Week two at GCHQ focus on exploitation REM ATION II (U) TOP SECRETIICOMINTII REL FVEY
  4. 4. , TOP SECRETIICOMINTII REL FVEY - Baseline our nodes (21) - Tor node flooding - Hidden services (4, 5, 6, 7) - Timing pattern (3) - Torservers.net/Amazon AWS • Analytics to de-anonymize users· Exploitation - Circuit reconstruction (21) - QUANTUM attacks (1, 20, 22) - Goes inta goes outta/low latency (2) - Existing options (8 + 11) - Cookie leakage - Shaping (9 + 16) - Dumb users (EPICFAIL) - Web server enabling (10) - Node Lifespan (17) - Nodes (14) - DNS - Degrade user experience (13 + 18) • Technical Ana lysis/Research • Nodes La und ry List (U) TOP SECRETIICOMINTII REL FVEY
  5. 5. TOP SECRETIICOMINTII REL FVEY • Current: access to very few nodes. Success rate negligible because all three Tor nodes in the circuit have to be in the set of nodes we have access to. - Difficult to combine meaningfully with passive SIGINT. • Goal: expand number of nodes we have access to - GCHQ runs Tor nodes under NEWTONS CRADLE(how many?) - Other partners? - Partial reconstruction (first hops or last hops)? Internet site ------...r (5//51) <!2Torrelay node ~ ®Torentry node "4 Terrorist with Torclient installed ~ Analytics: Circuit Reconstruction TOP SECRETIICOMINTII REL FVEY
  6. 6. • TOP SECRETIICOMINTII REL FVEY Analytics: Goes Inta Goes Outta/Low Latency (S//SI) Find possible alternative accounts for a target: look for connections to Tor, from the target's suspected country, near time of target's activity. • Current: GCHQ has working version (QUICKANT). R has alpha tested NSA' s version. NSA' s version produced no obvious candidate selectors. • Goal: Figure out if QUICKANT works, compare methodologies. Gathering data for additional tests of NSA' s version (consistent, random and heavy user) TOP SECRETIICOMINTII REL FVEY
  7. 7. TOP SECRETIICOMINTII REL FVEY Use cookies to identify Tor users when they are not using Tor • Current: preliminary analysis shows that some cookies "survive" Tor use. Depends on how target is using Tor (Torbutton/Tor Browser Bundle clears out cookies). • Goal: test with cookies associated with CTtargets - Idea: what if we seeded cookies to a target? - Investigate Evercookie persistence Analytics: Cookie Leakage (TS//SI) TOP SECRETIICOMINTII REL FVEY
  8. 8. 8 TOP SECRETIICOMINTII REL FVEY • DoubleclicklD seen on Tor and non-Tor IPs Analytics: Cookie Leakage (TS//SI) TOP SECRETIICOMINTII REL FVEY
  9. 9. 9 TOP SECRETIICOMINTII REL FVEY • Current: GCHQ has working QFD based on hard selector (email, web forum, etc) but does not include cookies. • Goal: NSA investigating own version (GREAT EXPECTATIONS)that would include cookies. GCHQ QFD that looks for Tor users when they are not using Tor. Analytics: Dumb Users (EPICFAIL)(5//51) TOP SECRETIICOMINTII REL FVEY
  10. 10. o TOP SECRETIICOMINTII REL FVEY • Current: detection done once an hour by NTOC. RONIN stores "last seen" and nodes age off slowly with no accurate lifespan. • Goal: Working with RONIN to add more details on node lifespan. How do I know WHEN a particular IP was a Tor node as opposed to IF it was a Tor node? Analytics: Node Lifespan (5//51) TOP SECRETIICOMINTII REL FVEY
  11. 11. TOP SECRETIfCOMINTII REl FVEY How does Tor handle DNSrequests? Are DNS requests going through Tor? Does this depend on how the target is using Tor? • Current: Still investigating. Analytics: DNS (TS//SI) TOP SECRETIICOMINTII REL FVEY
  12. 12. 12 TOP SECRETIICOMINTII REL FVEY What do we know about Hidden Services? • Current: No effort by NSA, some DSD and GCHQ work on ONIONBREATH. • Goa I: - Harvest and enumerate .onion URLs - Identify similar HSbased on referrer fields - Distinguish HSfrom normal Tor clients Technical Analysis: Hidden Services (TSI lSI) TOP SECRETIICOMINTII REL FVEY
  13. 13. TOP SECRETIICOMINTII REL FVEY • Current: GCHQ has research paper and demonstrated capability in the lab. • Goal: Can we expand to other owned nodes? Send packets back to the client that are detectable by passive accesses to find client IPsfor Tor users. Technical Analysis: Timing Pattern (TSI lSI) TOP SECRETIICOMINTII REL FVEY
  14. 14. Investigate the Amazon AWS cloud instances of Tor servers. How are IPs allocated and reassigned once bandwidth limit is reached? Impact on RONIN' s ability to detect nodes? • 'Current: GCHQ set up Tor nodes on th,e AWS cloud durin REMATION II. Technical Analysis: torservers.net ITS!! 51) TOP SECRETIICOMINTII R,EL FVEY
  15. 15. TOP SECRETIICOMINTII REL FVEY Figure 4:A diagram of how the QUANTUM Survey/ Cookie rechnique works Yahoo I I"the: de..- GL Rcq:,tcsto YahOO.(""' ... '" Y-Cookl.I Qf'Cw"tahool C.grrc=;QndlnJ: I Cook;..!!ft4lI he ~fttffrlored on I I '1'Ied ent'l bt~e( IL _ lIotm~,1 EncI'YPt.dGET ~<rql,l.t:~ to Yahl)(l.con't~th v.coot. To. Cliero. (ftJr",.'Iht-IC,.b,~e,.bll"cllr ) ,-------------------------------------------------.I STAGE 2 ",thtcl..,c;.:,o.q'''tto I fOClVPtE'dGlTAeClUf:stto ~com vmh MlMO H~( ...... ah MUlO _ _ ~ I I I I I_------------------------------------------------~ we de__ttcr1l-u:Gel rc:quto and Tor CJ'M1t l,,,,,,r.lff: ~'i TlOrbrO'Wn~rb",,,d ~ ) www lr'lIorl~l.(om -------------------------------------------------~: STAGE 1 ....h. d•• Cia••que,,,. I EncrypttdGin hQ,ut:1tD 'Ywt~fT'Orht..co..,_...lbomb php I ..,IV,", tt rt"Of Sf C.Cl'I"lfb,ori) pho. - -- -- I • QUANTUMCOOKIE - forces clients to divulge stored cookies. • QUANTUM to degrade/deny/disrupt Tor access? (TS//SI)Exploitation: QUANTUM TOP SECRETIICOMINTII REL FVEY
  16. 16. • TOP SECRETIfCOMINTII REl FVEY Test current CNEtechniques (FA and SHORTSHEET) against Torbutton and TBB users. • Current: Torbutton and TBB prevent CNEsuccess. Possible success against "vanilla" Tor/Vidalia. • Goal: modifications to initial CNE surveys? Ignore user-agents from Torbutton or TBB? Improve browser fingerprinting? Using javascript instead of Flash? Exploitation: Existing Options (TS//SI) TOP SECRETIICOMINTII REL FVEY
  17. 17. 7 TOP SECRETIICOMINTII REL FVEY • Current: Can stain user agent working on shaping. • Given CNEaccessto a target computer can we shape their traffic to "friendly" exit nodes? • Route users to a separate "private" Tor network? • Stain their traffic or user agent? • Instruct target computer to use a service that connects outside Tor and reveal true IP? Exploitation: Shaping (TS//SI) TOP SECRETIICOMINTII REL FVEY
  18. 18. 8 TOP SECRETIICOMINTII REL FVEY Given CNEaccessto web server modify the server to enable a "timing/counting" attack similar to timing pattern idea. • Current: GCHQhas a research paper and demonstrated the technique in the lab. Exploitation: Web Server Enabling (TS/ /SI) TOP SECRETIICOMINTII REL FVEY
  19. 19. • TOP SECRETIICOMINTII REL FVEY Can we exploit nodes? Probably not. Legal and technical challenges. Exploitation: Nodes (TS//SI) TOP SECRETIICOMINTII REL FVEY
  20. 20. o TOP SECRETIICOMINTII REL FVEY Given CNEaccess to a network can we deny/ degrade/disrupt Tor users' ? Given CNEaccess to a web server make it painful for Tor users? Exploitation: Degrade Tor experience (TS/ /SI) TOP SECRETIICOMINTII REL FVEY
  21. 21. 1 TOP SECRETIICOMINTII REL FVEY How many nodes do we have cooperative or direct accessto? Can we deploy similar code to these nodes to aid with circuit reconstruction? Can we do packet timing attacks using nodes? Can we use the nodes to shape traffic flow? Can we use the nodes to deny/degrade/disrupt comms to certain sites? Nodes: Baseline Our Nodes (TS//SI) TOP SECRETIICOMINTII REL FVEY
  22. 22. TOP SECRETIICOMINTII REL FVEY Could we set up a lot of really slow Tor nodes (advertised as high bandwidth) to degrade the overall stability of the network? Nodes: Tor Node Flooding (TS//SI) TOP SECRETIICOMINTII REL FVEY
  23. 23. TOP SECRETIICOMINTII REL FVEY • Critical mass of targets use Tor. Scaring them away from Tor might be counterproductive. • We can increase our success rate and provide more client IPsfor individual Tor users. • Will never get 100% but we don't need to provide true IPsfor every target every time they use Tor. (5//51) Tor Stinks... But it Could be Worse TOP SECRETIICOMINTII REL FVEY

×