Jump to content
Not connected, Your IP: 18.191.200.223
hashtag

How the NSA attacks Tor

Recommended Posts

Tor users often turn off vulnerable services like scripts and Flash when using Tor, making it difficult to target those services. Even so, the NSA uses a series of native Firefox vulnerabilities to attack users of the Tor browser bundle.

 

One of the top-secret documents provided by Snowen demonstrates how FoxAcid can circumvent commercial products that prevent malicious software from making changes to a system that survive a reboot process.

 

http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity

 

NSA and GCHQ target Tor network that protects anonymity of web users

http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption

 

PDFs of the leaked documents:

https://s3.amazonaws.com/s3.documentcloud.org/documents/801433/doc1-1.pdf

http://s3.documentcloud.org/documents/801434/doc2.pdf

http://s3.documentcloud.org/documents/801435/doc3.pdf

 

 

Rather than use the highly exploitable TBB on your desktop run these applications inside a virtual machine like VirtualBox or VMware Player. See reference to Tails in the Tor: 'The king of high-secure, low-latency anonymity' presentation.

 

Liberté Linux

http://dee.su/liberte

 

Tails

https://tails.boum.org/index.en.html

 

Whonix

https://www.whonix.org/wiki/Main_Page

Share this post


Link to post

I agree with virtualization being an additional layer of security.

I disagree with TBB being "highly exploitable". The leaked presentation clearly shows that digging up native FF vulns is a pain in the ass, even for the NSA.

So, they won't waste such vulns for wide-spread attacks against Joe Blow users. ¹ ³

 

Also, VirtualBox is not a security product and it's maintained by Oracle, a commercial vendor with an awful track record wrt to code quality and security management. ²

 

---

 

¹ Case in point: The FF vuln recently used by FBI for their "Torsploit" was no 0day, it was long patched - which either means they didn't have a better vuln for a more effective exploit - or they didn't want to waste it for this particular attack. 

² https://www.whonix.org/wiki/Advanced_Security_Guide#About_VirtualBox

³ "The good news is that they went for a browser exploit, meaning there's no indication they can break the Tor protocol or do traffic analysis on the Tor network. (..) you can target individuals with browser exploits, but if you attack too many users, somebody's going to notice." from: https://blog.torproject.org/blog/yes-we-know-about-guardian-article


all of my content is released under CC-BY-SA 2.0

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...