pastebin - collaborative debugging

pastebin is a collaborative debugging tool allowing you to share and modify code snippets while chatting on IRC, IM or a message board.

This site is developed to XHTML and CSS2 W3C standards. If you see this paragraph, your browser does not support those standards and you need to upgrade. Visit WaSP for a variety of options.

n3tBin / Home / Archive

Copyright © 2007-2011, n3t-t3z Team

Posted by How The NSA Bypa on July Thu 3rd 5:30 PM - Never Expires
download | new post

  1.  
  2. � NSA Hacks TOR in Germany, Calls Users Extremists ::
  3.  
  4. http://cryptome.org/2014/07/nsa-tor-de.htm
  5.  
  6.  It is one of the most sensitive secrets of the NSA,
  7. the engine of the global monitoring machine: the source
  8. code of the XKeyscore program, the most comprehensive
  9. Aussp�hprogramm of US foreign intelligence.
  10.  
  11.  NDR and WDR have excerpts of the source code. Parts of
  12. the collection infrastructure ie, so-called software rules
  13. that define the intelligence, what or who they want to
  14. investigate.
  15.  
  16.  There are only a few numbers and characters to string
  17. together the programmer. But when the program executes
  18. XKeyscore these rules, get people and their data in their
  19. sights. The connections from computers to the Internet
  20. are identified and stored in a database type. The users
  21. are quasi marked. It is the dragnet of the 21st century.
  22.  
  23. http://download.media.tagesschau.de/video/2014/0703/TV-20140703-0546-2401.webl.webm
  24.  
  25. MP4 Video Format � http://fileb.ag/u12my0tpvr8y
  26.  
  27. � XKeyscore Targets Tor Script ::
  28.  
  29. http://daserste.ndr.de/panorama/xkeyscorerules100.txt
  30.  
  31. � NSA Targets the Privacy-conscious Using Tor ::
  32.  
  33. http://daserste.ndr.de/panorama/aktuell/nsa230_page-1.html
  34. ---------------------------------------
  35. � NSA/FRA XKeyscore Targets Tor, etc. ::
  36.  
  37. http://cryptome.org/2013/12/nsa-xkeyscore-tor-slides.pdf
  38.  
  39. � NSA & GCHQ Counter-Tor Slides ::
  40.  
  41.  �Use cookies to identify Tor users when
  42. they are not using Tor.�
  43.  
  44. �Investigate Evercookie persistence.�
  45.  
  46. http://cryptome.org/2013/10/nsa-tor-stinks.pdf
  47.  
  48. � Cookies Threaten Tor User Anonymity ::
  49.  
  50.  �Just because you�re using Tor doesn�t mean that your
  51. browser isn�t storing cookies,� said Jeremiah Grossman,
  52. a colleague of Hansen�s who also specializes in browser
  53. vulnerabilities.
  54.  
  55.  As Grossman described the procedure to CNET, the NSA is
  56. aware of Tor�s entry and exit nodes because of its Internet
  57. wide surveillance.
  58.  
  59.  �The very feature that makes Tor a powerful anonymity
  60. service, and the fact that all Tor users look alike on the
  61. Internet, makes it easy to differentiate Tor users from
  62. other Web users,� he wrote.
  63.  
  64.  �The NSA then cookies that ad, so that every time you go
  65. to a site, the cookie identifies you. Even though your IP
  66. address changed [because of Tor], the cookies gave you away,�
  67. he said.
  68.  
  69. http://news.cnet.com/8301-1009_3-57606178-83/nsa-tracks-google-ads-to-find-tor-users/
  70.  
  71. � GCHQ ; MULLENIZE Operation to Tag and
  72. Identify Packet Traffic From Machines ::
  73.                         �������������
  74.  �Working together, CT and CNE have devised a method to carry
  75. out large-scale �staining� as a means to identify individual
  76. machines linked to that IP address. ... ...
  77.  
  78.  User Agent Staining is a technique that involves writing a
  79. unique marker (or stain) onto a target machine. Each stain
  80. is visible in passively collected SIGINT and is stamped into
  81. every packet, which enables all the events from that stained
  82. machine to be brought back together to recreate a browsing
  83. session.�
  84.  
  85. http://cryptome.org/2013/10/gchq-mullenize.pdf
  86.  
  87. http://s3.documentcloud.org/documents/801762/mullenize-28redacted-29.pdf
  88.  
  89. � Packet Staining ::
  90.  
  91. http://prezi.com/p5et9yawg2c6/ip-packet-staining/
  92. http://tools.ietf.org/html/draft-macaulay-6man-packet-stain-00
  93. http://tools.ietf.org/html/draft-macaulay-6man-packet-stain-01
  94. http://cryptome.org/2013/10/packet-stain/packet-staining.htm
  95.  
  96. � NSA Peeling Back the Layers of Tor ::
  97.  
  98. http://cryptome.org/2013/10/nsa-egotisticalgiraffe.pdf
  99. http://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraffe-nsa-tor-document
  100. http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity
  101. http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption
  102.  
  103. � NSA ; Tor Source Code Vulnerabilities ::
  104.  
  105.  �We have seen several targets using Tor. Our goal was to
  106. analyze Tor source code and determine any vulnerabilities
  107. in the system. We set up an internal Tor network to analyze
  108. Tor traffic, in the hopes of discovering ways to passively
  109. identify it. We also worked to create a custom Tor client
  110. which allows the user finer control.� ... ...
  111.  
  112.  �This accomplishes several things. Most basically, the Tor
  113. servers, many of which are listed on publicly advertised
  114. directory servers, are chosen to act as a series of proxies.
  115. This may seem to be excessively complex, as a single proxy
  116. server can be used to hide one�s location, but a single-hop
  117. proxy is vulnerable in two ways. First, by analyzing the
  118. pattern of the traffic going to and from the proxy server,
  119. it is possible to deduce which clients are making which requests.
  120. Second, if an attacker owns the proxy server, then it certainly
  121. knows who is asking for what, and anonymization is ruined. By
  122. using multiple hops, Tor is much more resistant to both of
  123. these attacks. Traffic analysis becomes extraordinarily
  124. difficult, as it must be coordinated across several machines,
  125. and an attacker must own all the hops along the circuit in
  126. order to trace requests back to the originating client.�
  127.  
  128. ... ...
  129.  
  130.  �In our time in the lab, we found that running an nmap on a
  131. node that is offering a hidden service will turn up the port
  132. that the hidden service is using to deal with incoming
  133. connections. It can then be directly connected to, outside
  134. of Tor.�
  135.  
  136. ... ...
  137.  
  138.  �We would have to try to connect to each of the ports we see
  139. open on a machine to determine if there is a hidden service
  140. being run. We would not even know which protocol the hidden
  141. service is running. It may be an HTTP server, an FTP server,
  142. an SMTP server, etc. The only thing we know is that the protocol
  143. must run over TCP. It is not enough to attempt to connect once
  144. to each port, using an HTTP GET request. Several protocols must
  145. be tried.�
  146.  
  147. ... ...
  148.  
  149.  �It may also be useful to study Tor directory servers in more
  150. detail. Our work focused solely on the client, but many attacks
  151. would be much easier with access to more Tor servers. The
  152. directory servers ultimately control which Tor servers are
  153. used by clients. We have found that a server can put itself on
  154. a directory server multiple times; all it takes is the server
  155. running several Tor processes, each having a different nickname,
  156. open port, fingerprint, and LOG FILE. This only requires different
  157. configuration files for the different processes, which are easy
  158. to set up. That machine will handle a disproportionate amount of
  159. traffic, since it is listed several times. This increases the
  160. density of friendly servers in the cloud without increasing the
  161. number of servers we have set up. Unfortunately, each listing
  162. has the same IP address, which would be very noticeable to anyone
  163. who inspecting the directories.�
  164.  
  165. http://cryptome.org/2013/10/nsa-tor.pdf
  166. http://s3.documentcloud.org/documents/802061/ces-summer-2006-tor-paper-28redacted-29-1.pdf
  167. http://www.washingtonpost.com/world/national-security/secret-nsa-documents-show-campaign-against-tor-encrypted-network/2013/10/04/610f08b6-2d05-11e3-8ade-a1f23cda135e_story.html
  168.  
  169. � NSA ; Types of IAT ::
  170.  
  171. http://cryptome.org/2013/10/nsa-iat-tor.pdf
  172.  
  173. � NSA Link Removed by Guardian ::
  174.  
  175. http://cryptome.org/2013/10/nsa-link-removed.htm
  176.  
  177. � Tor Media Reports Disinformative (?) ::
  178.  
  179.  �This document doesn�t give much insight into capabilities
  180. the IC has developed against Tor. It�s apparently quite common
  181. to run multiple research teams (either known or unknown to
  182. each other) against a single target, and a few summer
  183. students with a dozen lab machines is a pretty small
  184. investment. I�d expect there are other programs with more
  185. sophisticated attacks, especially now 7 years later.�
  186.  
  187. http://cryptome.org/2013/10/nsa-tor-disinfo.htm
  188. _______________________________________

Submit a correction or amendment below. (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.
Syntax Highlighting:
To highlight particular lines, prefix each line with @@
Pressing TAB inserts 3 spaces