¤ NSA Hacks TOR in Germany, Calls Users Extremists :: http://cryptome.org/2014/07/nsa-tor-de.htm It is one of the most sensitive secrets of the NSA, the engine of the global monitoring machine: the source code of the XKeyscore program, the most comprehensive Ausspähprogramm of US foreign intelligence. NDR and WDR have excerpts of the source code. Parts of the collection infrastructure ie, so-called software rules that define the intelligence, what or who they want to investigate. There are only a few numbers and characters to string together the programmer. But when the program executes XKeyscore these rules, get people and their data in their sights. The connections from computers to the Internet are identified and stored in a database type. The users are quasi marked. It is the dragnet of the 21st century. http://download.media.tagesschau.de/video/2014/0703/TV-20140703-0546-2401.webl.webm MP4 Video Format » http://fileb.ag/u12my0tpvr8y ¤ XKeyscore Targets Tor Script :: http://daserste.ndr.de/panorama/xkeyscorerules100.txt ¤ NSA Targets the Privacy-conscious Using Tor :: http://daserste.ndr.de/panorama/aktuell/nsa230_page-1.html --------------------------------------- ¤ NSA/FRA XKeyscore Targets Tor, etc. :: http://cryptome.org/2013/12/nsa-xkeyscore-tor-slides.pdf ¤ NSA & GCHQ Counter-Tor Slides :: “Use cookies to identify Tor users when they are not using Tor.” “Investigate Evercookie persistence.” http://cryptome.org/2013/10/nsa-tor-stinks.pdf ¤ Cookies Threaten Tor User Anonymity :: “Just because you’re using Tor doesn’t mean that your browser isn’t storing cookies,” said Jeremiah Grossman, a colleague of Hansen’s who also specializes in browser vulnerabilities. As Grossman described the procedure to CNET, the NSA is aware of Tor’s entry and exit nodes because of its Internet wide surveillance. “The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the Internet, makes it easy to differentiate Tor users from other Web users,” he wrote. “The NSA then cookies that ad, so that every time you go to a site, the cookie identifies you. Even though your IP address changed [because of Tor], the cookies gave you away,” he said. http://news.cnet.com/8301-1009_3-57606178-83/nsa-tracks-google-ads-to-find-tor-users/ ¤ GCHQ ; MULLENIZE Operation to Tag and Identify Packet Traffic From Machines :: ¯¯¯¯¯¯¯¯¯¯¯¯¯ “Working together, CT and CNE have devised a method to carry out large-scale ‘staining’ as a means to identify individual machines linked to that IP address. ... ... User Agent Staining is a technique that involves writing a unique marker (or stain) onto a target machine. Each stain is visible in passively collected SIGINT and is stamped into every packet, which enables all the events from that stained machine to be brought back together to recreate a browsing session.” http://cryptome.org/2013/10/gchq-mullenize.pdf http://s3.documentcloud.org/documents/801762/mullenize-28redacted-29.pdf ¤ Packet Staining :: http://prezi.com/p5et9yawg2c6/ip-packet-staining/ http://tools.ietf.org/html/draft-macaulay-6man-packet-stain-00 http://tools.ietf.org/html/draft-macaulay-6man-packet-stain-01 http://cryptome.org/2013/10/packet-stain/packet-staining.htm ¤ NSA Peeling Back the Layers of Tor :: http://cryptome.org/2013/10/nsa-egotisticalgiraffe.pdf http://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraffe-nsa-tor-document http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption ¤ NSA ; Tor Source Code Vulnerabilities :: “We have seen several targets using Tor. Our goal was to analyze Tor source code and determine any vulnerabilities in the system. We set up an internal Tor network to analyze Tor traffic, in the hopes of discovering ways to passively identify it. We also worked to create a custom Tor client which allows the user finer control.” ... ... “This accomplishes several things. Most basically, the Tor servers, many of which are listed on publicly advertised directory servers, are chosen to act as a series of proxies. This may seem to be excessively complex, as a single proxy server can be used to hide one’s location, but a single-hop proxy is vulnerable in two ways. First, by analyzing the pattern of the traffic going to and from the proxy server, it is possible to deduce which clients are making which requests. Second, if an attacker owns the proxy server, then it certainly knows who is asking for what, and anonymization is ruined. By using multiple hops, Tor is much more resistant to both of these attacks. Traffic analysis becomes extraordinarily difficult, as it must be coordinated across several machines, and an attacker must own all the hops along the circuit in order to trace requests back to the originating client.” ... ... “In our time in the lab, we found that running an nmap on a node that is offering a hidden service will turn up the port that the hidden service is using to deal with incoming connections. It can then be directly connected to, outside of Tor.” ... ... “We would have to try to connect to each of the ports we see open on a machine to determine if there is a hidden service being run. We would not even know which protocol the hidden service is running. It may be an HTTP server, an FTP server, an SMTP server, etc. The only thing we know is that the protocol must run over TCP. It is not enough to attempt to connect once to each port, using an HTTP GET request. Several protocols must be tried.” ... ... “It may also be useful to study Tor directory servers in more detail. Our work focused solely on the client, but many attacks would be much easier with access to more Tor servers. The directory servers ultimately control which Tor servers are used by clients. We have found that a server can put itself on a directory server multiple times; all it takes is the server running several Tor processes, each having a different nickname, open port, fingerprint, and LOG FILE. This only requires different configuration files for the different processes, which are easy to set up. That machine will handle a disproportionate amount of traffic, since it is listed several times. This increases the density of friendly servers in the cloud without increasing the number of servers we have set up. Unfortunately, each listing has the same IP address, which would be very noticeable to anyone who inspecting the directories.” http://cryptome.org/2013/10/nsa-tor.pdf http://s3.documentcloud.org/documents/802061/ces-summer-2006-tor-paper-28redacted-29-1.pdf http://www.washingtonpost.com/world/national-security/secret-nsa-documents-show-campaign-against-tor-encrypted-network/2013/10/04/610f08b6-2d05-11e3-8ade-a1f23cda135e_story.html ¤ NSA ; Types of IAT :: http://cryptome.org/2013/10/nsa-iat-tor.pdf ¤ NSA Link Removed by Guardian :: http://cryptome.org/2013/10/nsa-link-removed.htm ¤ Tor Media Reports Disinformative (?) :: “This document doesn’t give much insight into capabilities the IC has developed against Tor. It’s apparently quite common to run multiple research teams (either known or unknown to each other) against a single target, and a few summer students with a dozen lab machines is a pretty small investment. I’d expect there are other programs with more sophisticated attacks, especially now 7 years later.” http://cryptome.org/2013/10/nsa-tor-disinfo.htm _______________________________________ n3tBin

pastebin - collaborative debugging

pastebin is a collaborative debugging tool allowing you to share and modify code snippets while chatting on IRC, IM or a message board.

This site is developed to XHTML and CSS2 W3C standards. If you see this paragraph, your browser does not support those standards and you need to upgrade. Visit WaSP for a variety of options.

n3tBin / Home / Archive

Copyright © 2007-2011, n3t-t3z Team

Syntax Highlighting:
To highlight particular lines, prefix each line with @@
Pressing TAB inserts 3 spaces