Agent Staining is a technique that involves writing a unique marker (or stain) onto a target machine. Each stain is visible in passively collected SIGINT and is stamped into every packet, which enables all the events from that stained machine to be brought back together to recreate a browsing session.” http://cryptome.org/2013/10/gchq-mullenize.pdf http://s3.documentcloud.org/documents/801762/mullenize-28redacted-29.pdf ¤ Packet Staining :: http://prezi.com/p5et9yawg2c6/ip-packet-staining/ http://tools.ietf.org/html/draft-macaulay-6man-packet-stain-00 http://tools.ietf.org/html/draft-macaulay-6man-packet-stain-01 http://cryptome.org/2013/10/packet-stain/packet-staining.htm ¤ NSA Peeling Back the Layers of Tor :: http://cryptome.org/2013/10/nsa-egotisticalgiraffe.pdf http://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraffe-nsa-tor-document http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption ¤ NSA ; Tor Source Code Vulnerabilities :: “We have seen several targets using Tor. Our goal was to analyze Tor source code and determine any vulnerabilities in the system. We set up an internal Tor network to analyze Tor traffic, in the hopes of discovering ways to passively identify it. We also worked to create a custom Tor client which allows the user finer control.” ... ... “This accomplishes several things. Most basically, the Tor servers, many of which are listed on publicly advertised directory servers, are chosen to act as a series of proxies. This may seem to be excessively complex, as a single proxy server can be used to hide one’s location, but a single-hop proxy is vulnerable in two ways. First, by analyzing the pattern of the traffic going to and from the proxy server, it is possible to deduce which clients are making which requests. Second, if an attacker owns the proxy server, then it certainly knows who is asking for what, and anonymization is ruined. By using multiple hops, Tor is much more resistant to both of these attacks. Traffic analysis becomes extraordinarily difficult, as it must be coordinated across several machines, and an attacker must own all the hops along the circuit in order to trace requests back to the originating client.” ... ... “In our time in the lab, we found that running an nmap on a node that is offering a hidden service will turn up the port that the hidden service is using to deal with incoming connections. It can then be directly connected to, outside of Tor.” ... ... “We would have to try to connect to each of the ports we see open on a machine to determine if there is a hidden service being run. We would not even know which protocol the hidden service is running. It may be an HTTP server, an FTP server, an SMTP server, etc. The only thing we know is that the protocol must run over TCP. It is not enough to attempt to connect once to each port, using an HTTP GET request. Several protocols must be tried.” ... ... “It may also be useful to study Tor directory servers in more detail. Our work focused solely on the client, but many attacks would be much easier with access to more Tor servers. The directory servers ultimately control which Tor servers are used by clients. We have found that a server can put itself on a directory server multiple times; all it takes is the server running several Tor processes, each having a different nickname, open port, fingerprint, and LOG FILE. This only requires different configuration files for the different processes, which are easy to set up. That machine will handle a disproportionate amount of traffic, since it is listed several times. This increases the density of friendly servers in the cloud without increasing the number of servers we have set up. Unfortunately, each listing has the same IP address, which would be very noticeable to anyone who inspecting the directories.” http://cryptome.org/2013/10/nsa-tor.pdf http://s3.documentcloud.org/documents/802061/ces-summer-2006-tor-paper-28redacted-29-1.pdf http://www.washingtonpost.com/world/national-security/secret-nsa-documents-show-campaign-against-tor-encrypted-network/2013/10/04/610f08b6-2d05-11e3-8ade-a1f23cda135e_story.html ¤ NSA ; Types of IAT :: http://cryptome.org/2013/10/nsa-iat-tor.pdf ¤ NSA Link Removed by Guardian :: http://cryptome.org/2013/10/nsa-link-removed.htm
Friday, February 19, 2016
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment