We thought TOR became more popular..

What is TOR? Care about your privacy? Check out ourprivacy.org, service by High Desert Technology.

 

Despite speculation that Operation PRISM and concerns over NSA surveillance are spurring users to take up online privacy safeguards in droves, the sudden spike in usage for the Tor browser that began in August can be attributable to pretty much one thing: a massive botnet.

 

Starting around August 19, there has been a sudden spike in the number of Tor clients. Tor is an anonymity network operated by volunteers that provides encryption and identity protection capabilities. It allows users to avoid surveillance and traffic interception as well as circumvent internet censorship, and is a favorite of whistleblowers and political activists.

Within one week the number of users doubled to 1.2 million, up from 600,000. Now, in early September, users have reached 3.5 million – and the base continues to grow.

“Some people have speculated that the growth in users comes from activists in Syria, Russia, the United States, or some other country that has good reason to have activists and journalists adopting Tor en masse lately,” explained Tor project leader Roger Dingledine, in a blog. “Others have speculated that it's due to massive adoption of the Pirate Browser (a Tor Browser Bundle fork that discards most of Tor's security and privacy features), but we've talked to the Pirate Browser people and the downloads they've seen can't account for this growth. The fact is, with a growth curve like this one, there's basically no way that there's a new human behind each of these new Tor clients.”

The service thinks that the new Tor clients were somehow bundled into a software that was installed onto millions of computers “pretty much overnight.”

“Since no large software or operating system vendors have come forward to tell us they just bundled Tor with all their users, that leaves me with one conclusion: somebody out there infected millions of computers [with malware] and as part of their plan they installed Tor clients on them,” Dingledine said.

The new clients give themselves away, because they’re not actually browsing websites, nor are they generating enough traffic to be a legitimate user. Tor’s early indications are that they're accessing hidden services, DIngledine noted, and one plausible explanation is that the botnet is running its command-and-control (C&C) point as a hidden service.

“I still maintain that if you have a multi-million node botnet, it's silly to try to hide it behind the 4,000-relay Tor network,” said DIngledine. “These people should be using their botnet as a peer-to-peer anonymity system for itself. So I interpret this incident as continued exploration by botnet developers to try to figure out what resources, services and topologies integrate well for protecting botnet communications."

Tor is exploring ways to mitigate the effects of the botnet on its network and on other users, but it’s not devoting resources to shutting it down. That’s a job for someone else, Dingledine said.

“It would be great if botnet researchers would identify the particular characteristics of the botnet and start looking at ways to shut it down (or at least get it off of Tor),” he explained. “Note that getting rid of the C&C point may not really help, since it's the rendezvous attempts from the bots that are hurting so much.”

Tor is looking for ways to prevent botnets from infiltrating in the future. For example, it could rate-limit circuit create requests at entry guards, or learn to recognize the circuit-building signature of bot clients in order to refuse or tarpit connections from them. Entry guards could also demand that clients solve captchas before they can build more than a certain threshold of circuits.

Dingledine added, “Another facet of solving this problem long-term is helping [botnet operators] to understand that Tor isn't a great answer for their problem.”

Can We Trust IPSEC?

Cryptographer and EFF board member Bruce Schneier has given advice on how to be as secure as possible. "Trust the math," he says. "Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That's how you can remain secure even in the face of the NSA."

He confirms the growing consensus that Bullrun's greatest success is in subverting the implementations of encryption rather than in the ability to crack the encryption algorithms themselves. The general belief is that the NSA has persuaded, forced or possibly even tricked individual companies into building weaknesses or backdoors into their products that can be exploited later.

The bottom line, however, is that the fabric of the internet can no longer be trusted. Meanwhile, John Gilmore, co-founder of EFF and a proponent of free open source software, has raised a tricky question: has NSA involvement in IPv6 and IPSEC discussions effectively downgraded its security? IPSEC is the technology that would make IP communications secure.

Gilmore notes that he had been involved in trying to make IPSEC "so usable that it would be used by default throughout the internet." But "NSA employees participated throughout, and occupied leadership roles in the committee and among the editors of the documents." 

The result was "so complex that every real cryptographer who tried to analyze it threw up their hands and said, 'We can't even begin to evaluate its security unless you simplify it radically'" – something that never happened.

Gilmore doesn't explicitly say that the NSA sabotaged IPSEC, but the fact remains that in December 2011, IPSEC in IPv6 was downgraded from 'must include' to a 'should include.' He does, however, make very clear his belief in NSA involvement in other security standards. 

Discussing cellphone encryption, he says "NSA employees explicitly lied to standards committees" leading to "encryption designed by a clueless Motorola employee."

To this day, he adds, "no mobile telephone standards committee has considered or adopted any end-to-end (phone-to-phone) privacy protocols.  This is because the big companies involved, huge telcos, are all in bed with NSA to make damn sure that working end-to-end encryption never becomes the default on mobile phones."

NSA and Encryption

The U.S. National Security Agency's efforts to defeat encrypted Internet communications, detailed in news stories this week, are an attack on the security of the Internet and on users' trust in the network, some security experts said.

The NSA and intelligence agencies in allied countries have found ways to circumvent much of the encryption used on the Internet, according to stories published by The New York Times, ProPublica and the Guardian. The NSA, the British GCHQ and other spy agencies have used a variety of means to defeat encryption, including supercomputers, court orders and behind-the-scenes agreements with technology companies, according to the news reports.

The reports, relying on documents provided by former NSA contractor Edward Snowden, show that many tech companies are collaborating with the spy agencies to "destroy privacy," said cryptographer and security specialist Bruce Schneier. "The fundamental fabric of the Internet has been destroyed."

The new revelations should raise major concerns from Internet users over who they can trust, Schneier added. "I assume that all big companies are now in cahoots with the NSA, cannot be trusted, are lying to us constantly," he said. "You cannot trust any company that makes any claims of the security of their products. Not one cloud provider, not one software provider, not one hardware manufacturer."

It doesn't appear that the NSA is defeating encryption by brute force but by "cheating" by attempting to build backdoors into systems and strong-arm companies into giving it information, Schneier said.

Digital rights group the Center for Democracy and Technology echoed some of Schneier's concerns, with CDT senior staff technologist Joseph Lorenzo Hall calling the NSA's encryption circumvention efforts "a fundamental attack on the way the Internet works."

The NSA has been working for years to build backdoor vulnerabilities into encryption standards and technology products, the stories said. A representative of the NSA didn't respond to a request for comment on the stories.

Hall criticized those efforts. "In an era in which businesses, as well as the average consumer, trust secure networks and technologies for sensitive transactions and private communications online, it's incredibly destructive for the NSA to add flaws to such critical infrastructure," he said in an email. "The NSA seems to be operating on the fantastically naïve assumption that any vulnerabilities it builds into core Internet technologies can only be exploited by itself and its global partners."

The New York Times story this week, citing a Guardian report from July, said Microsoft has worked with the NSA to provide the agency with pre-encryption access to Outlook, Skype and other products.

Microsoft has repeatedly denied helping the NSA break encryption on its products. The company complies with legal court orders for information on its customers and will provide agencies with unencrypted customer information residing on its servers if ordered by a court to do so, a spokeswoman said.

Microsoft General Counsel Brad Smith, in a July blog post, detailed the way Microsoft responds to court surveillance orders.

"We do not provide any government with direct access to emails or instant messages," Smith wrote then. "Full stop."

CDT's Hall defended Microsoft's approach. "It seems pretty clear that Microsoft is legally compelled to do this and would not otherwise do it voluntarily," he said.

But Matthew Green, a cryptographer and research professor at Johns Hopkins University, suggested Microsoft is due for scrutiny on encryption security, if encryption has been compromised, as the recent news stories suggest. Most commercial encryption code uses a small number of libraries, with Microsoft CryptoAPI being among the most common, he wrote in a blog post.

"While Microsoft employs good (and paranoid!) people to vet their algorithms, their ecosystem is obviously deeply closed-source," Green wrote. "You can view Microsoft's code (if you sign enough licensing agreements) but you'll never build it yourself. Moreover they have the market share. If any commercial vendor is weakening encryption systems, Microsoft is probably the most likely suspect."

Microsoft IIS runs on about 20 percent of the Internet's Web servers, and nearly 40 percent of the SSL servers, while third-party encryption programs running on Windows depend on Microsoft APIs (application programming interfaces), Green noted.

"That makes these programs somewhat dependent on Microsoft's honesty," he said.

The good news for privacy-minded Internet users is that security researchers questioned whether the foundations of cryptography itself have been compromised. Some encryption protocols are vulnerable, but it's likely that the NSA is attacking the software that encryption is implemented with or relying on human mistakes, Green wrote.

"Software is a disaster," he added. "Hardware isn't that much better. Unfortunately active software exploits only work if you have a target in mind. If your goal is mass surveillance, you need to build insecurity in from the start. That means working with vendors to add backdoors."

Any compromises are unlikely to be related to weakness in the underlying cryptography, added Dave Anderson, a senior director at Voltage Security.

"It seems likely that any possible way that the NSA might have bypassed encryption was almost certainly due to a flaw in the key management processes that support the use of encryption, rather than through the cryptography itself," he said by email. "So, is it possible that the NSA can decrypt financial and shopping accounts?  Perhaps, but only if the cryptography that was used to protect the sensitive transactions was improperly implemented through faulty, incomplete or invalid key management processes or simple human error."

Feds Are Suspects in New Malware That Attacks Tor Anonymity

Security researchers tonight are poring over a piece of malicious software that takes advantage of a Firefox security vulnerability to identify some users of the privacy-protecting Tor anonymity network.

The malware showed up Sunday morning on multiple websites hosted by the anonymous hosting company Freedom Hosting. That would normally be considered a blatantly criminal “drive-by” hack attack, but nobody’s calling in the FBI this time. The FBI is the prime suspect.

“It just sends identifying information to some IP in Reston, Virginia,” says reverse-engineer Vlad Tsyrklevich. “It’s pretty clear that it’s FBI or it’s some other law enforcement agency that’s U.S.-based.”

If Tsrklevich and other researchers are right, the code is likely the first sample captured in the wild of the FBI’s “computer and internet protocol address verifier,” or CIPAV, the law enforcement spyware first reported by WIRED in 2007.

Court documents and FBI files released under the FOIA have described the CIPAV as software the FBI can deliver through a browser exploit to gather information from the target’s machine and send it to an FBI server in Virginia. The FBI has been using the CIPAV since 2002 against hackers, online sexual predators, extortionists, and others, primarily to identify suspects who are disguising their location using proxy servers or anonymity services, like Tor.

The code has been used sparingly in the past, which kept it from leaking out and being analyzed or added to anti-virus databases.

The broad Freedom Hosting deployment of the malware coincides with the arrest of Eric Eoin Marques in Ireland on Thursday on an U.S. extradition request. The Irish Independent reports that Marques is wanted for distributing child pornography in a federal case filed in Maryland, and quotes an FBI special agent describing Marques as “the largest facilitator of child porn on the planet.”

Freedom Hosting has long been notorious for allowing child porn to live on its servers. In 2011, the hactivist collective Anonymous singled out Freedom Hosting for denial-of-service attacks after allegedly finding the firm hosted 95 percent of the child porn hidden services on the Tor network.

Freedom Hosting is a provider of turnkey “Tor hidden service” sites — special sites, with addresses ending in .onion — that hide their geographic location behind layers of routing, and can be reached only over the Tor anonymity network.

Tor hidden services are ideal for websites that need to evade surveillance or protect users’ privacy to an extraordinary degree – which can include human rights groups and journalists. But it also naturally appeals to serious criminal elements.

Shortly after Marques’ arrest last week, all of the hidden service sites hosted by Freedom Hosting began displaying a “Down for Maintenance” message. That included websites that had nothing to do with child pornography, such as the secure email provider TorMail.

Some visitors looking at the source code of the maintenance page realized that it included a hidden iframe tag that loaded a mysterious clump of Javascript code from a Verizon Business internet address located in eastern Virginia.

By midday Sunday, the code was being circulated and dissected all over the net. Mozilla confirmed the code exploits a critical memory management vulnerability in Firefox that was publicly reported on June 25, and is fixed in the latest version of the browser.

Though many older revisions of Firefox are vulnerable to that bug, the malware only targets Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle – the easiest, most user-friendly package for using the Tor anonymity network.

“The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based,” the non-profit Tor Project wrote in a blog post Sunday. “We’re investigating these bugs and will fix them if we can.”

The inevitable conclusion is that the malware is designed specifically to attack the Tor browser. The strongest clue that the culprit is the FBI, beyond the circumstantial timing of Marques’ arrest, is that the malware does nothing but identify the target.

The heart of the malicious Javascript is a tiny Windows executable hidden in a variable named “Magneto.” A traditional virus would use that executable to download and install a full-featured backdoor, so the hacker could come in later and steal passwords, enlist the computer in a DDoS botnet, and generally do all the other nasty things that happen to a hacked Windows box.

But the Magneto code doesn’t download anything. It looks up the victim’s MAC address — a unique hardware identifier for the computer’s network or Wi-Fi card — and the victim’s Windows hostname. Then it sends it to the Virginia server, outside of Tor, to expose the user’s real IP address, and coded as a standard HTTP web request.

“The attackers spent a reasonable amount of time writing a reliable exploit, and a fairly customized payload, and it doesn’t allow them to download a backdoor or conduct any secondary activity,” says Tsyrklevich, who reverse-engineered the Magneto code.

The malware also sends, at the same time, a serial number that likely ties the target to his or her visit to the hacked Freedom Hosting-hosted website.

In short, Magneto reads like the x86 machine code embodiment of a carefully crafted court order authorizing an agency to blindly trespass into the personal computers of a large number of people, but for the limited purpose of identifying them.

But plenty of questions remain. For one, now that there’s a sample of the code, will anti-virus companies start detecting it?

Update 8.5.13 12:50: According to Domaintools, the malware’s command-and-control IP address in Virginia is allocated to Science Applications International Corporation. SAIC is a major technology contractor for defense and intelligence agencies, including the FBI. I have a call into the firm.

13:50 Tor Browser Bundle users who installed or manually updated after June 26 are safe from the exploit, according to the Tor Project’s new security advisory on the hack.

Update 14:30: SAIC has no comment.

StartPage and Ixquick Deploy Newest Encryption Standards against Mass Surveillance

First search engines to offer TLS 1.1.and 1.2 as well as "Perfect Forward Secrecy"

NOTE: High Desert Technology provides a SECURE SEARCH PAGE which is directly tied in with STARTPAGE (the service mentioned below).

NEW YORK & AMSTERDAM - In the wake of the US PRISM Internet surveillance scandal, companies are revisiting how they do business online and beefing up their privacy practices to protect their users.

Private search engines StartPage and Ixquick have pioneered a new advance in encryption security this week, becoming the first search engines in the world to enable "Perfect Forward Secrecy" or PFS in combination with a more secure version of SSL encryption known as TLS 1.1. and 1.2 , which works by setting up a secure "tunnel" through which users' search traffic cannot be intercepted. 

This is the latest in a series of security firsts by StartPage and Ixquick, which pioneered the field of private search in 2006. Combined, StartPage/Ixquick is the largest private search engine, serving well over 4 million searches daily.

Harvard-trained privacy expert Dr. Katherine Albrecht, who helped develop StartPage, says, "We take encryption very seriously, and we've always led the way when it comes to security. We were first to adopt default SSL encryption in 2011, and now we're setting the standard for encryption in the post-PRISM world."

SSL encryption has been proven to be an effective tool for protecting sensitive online traffic from eavesdropping and surveillance. However, security researchers now worry that SSL encryption may not provide adequate protection if Government agencies are scooping up large amounts of encrypted traffic and storing it for later decryption. 

With SSL alone, if a target website's "private key" can be obtained once in the future - perhaps through court order, social engineering, attack against the website, or cryptanalysis - that same key can then be used to unlock all other historical traffic of the affected website. For larger Internet services, that could expose the private data of millions of people.

StartPage and Ixquick have now deployed a defense against this known as "Perfect Forward Secrecy," or PFS. 

PFS uses a different "per-session" key for each data transfer, so even if a site's private SSL key is compromised, data that was previously transmitted is still safe. Those who want to decrypt large quantities of data sent using PFS face the daunting task of individually decrypting each separate file, as opposed to obtaining a single key to unlock them all.

This can be likened to replacing the master "skeleton key" that unlocks every room in a building with a tight security system that puts a new lock on each door and then creates a unique key for each lock.

In addition to its pioneering use of PFS, earlier this month StartPage and Ixquick deployed Transport Layer Security, or TLS, encryption versions TLS 1.1 and 1.2 on all of its servers. TLS is an upgraded form of SSL encryption, which sets up a secure "tunnel" that protects users' search information. 

In independent evaluation, StartPage and Ixquick outscore their competitors on encryption standards. See Qualys' SSL Labs evaluation of StartPage's encryption features:

https://www.ssllabs.com/ssltest/analyze.html?d=startpage.com&s=69.90.210.72 

CEO Robert Beens urges other companies to upgrade to these new technologies. "With Perfect Forward Secrecy and TLS 1.1 and 1.2 combined, we are once again leading the privacy industry forward. For the sake of their users' privacy, we strongly recommend other search engines follow our lead."

Government requests for private SSL keys

 The U.S. government has attempted to obtain the master encryption keys that Internet companies use to shield millions of users' private Web communications from eavesdropping.

These demands for master encryption keys, which have not been disclosed previously, represent a technological escalation in the clandestine methods that the FBI and the National Security Agency employ when conducting electronic surveillance against Internet users.

If the government obtains a company's master encryption key, agents could decrypt the contents of communications intercepted through a wiretap or by invoking the potent surveillance authorities of the Foreign Intelligence Surveillance Act. Web encryption -- which often appears in a browser with a HTTPS lock icon when enabled -- uses a technique called SSL, or Secure Sockets Layer.

"The government is definitely demanding SSL keys from providers," said one person who has responded to government attempts to obtain encryption keys. The source spoke with CNET on condition of anonymity.

The person said that large Internet companies have resisted the requests on the grounds that they go beyond what the law permits, but voiced concern that smaller companies without well-staffed legal departments might be less willing to put up a fight. "I believe the government is beating up on the little guys," the person said. "The government's view is that anything we can think of, we can compel you to do."

A Microsoft spokesperson would not say whether the company has received such requests from the government. But when asked whether Microsoft would turn over a master key used for Web encryption or server-to-server e-mail encryption, the spokesperson replied: "No, we don't, and we can't see a circumstance in which we would provide it."

Google also declined to disclose whether it had received requests for encryption keys. But a spokesperson said the company has "never handed over keys" to the government, and that it carefully reviews each and every request. "We're sticklers for details -- frequently pushing back when the requests appear to be fishing expeditions or don't follow the correct process," the spokesperson said.

Sarah Feinberg, a spokeswoman for Facebook, also declined to answer whether her employer has received encryption key requests. In response to a question about divulging encryption keys, Feinberg said: "We have not, and we would fight aggressively against any request for such information."

Apple, Yahoo, AOL, Verizon, AT&T, Opera Software's Fastmail.fm, Time Warner Cable, and Comcast declined to respond to queries about whether they would divulge encryption keys to government agencies.

Encryption used to armor Web communications was largely adopted not because of fears of NSA surveillance -- but because of the popularity of open, insecure Wi-Fi networks. The "Wall of Sheep," which highlights passwords transmitted over networks through unencrypted links, has become a fixture of computer security conventions, and Internet companies began adopting SSL in earnest about three years ago.

"The requests are coming because the Internet is very rapidly changing to an encrypted model," a former Justice Department official said. "SSL has really impacted the capability of U.S. law enforcement. They're now going to the ultimate application layer provider."

An FBI spokesman declined to comment, saying the bureau does not "discuss specific strategies, techniques and tools that we may use."

Top secret NSA documents leaked by former government contractor Edward Snowden suggest an additional reason to ask for master encryption keys: they can aid bulk surveillance conducted through the spy agency's fiber taps.

One of the leaked PRISM slides recommends that NSA analysts collect communications "upstream" of data centers operated by Apple, Microsoft, Google, Yahoo, and other Internet companies. That procedure relies on a FISA order requiring backbone providers to aid in "collection of communications on fiber cables and infrastructure as data flows past."

Mark Klein, who worked as an AT&T technician for over 22 years, disclosed in 2006 (PDF) that he met with NSA officials and witnessed domestic Internet traffic being "diverted" through a "splitter cabinet" to secure room 641A in one of the company's San Francisco facilities. Only NSA-cleared technicians were allowed to work on equipment in the SG3 secure room, Klein said, adding that he was told similar fiber taps existed in other major cities.

 But an increasing amount of Internet traffic flowing through those fiber cables is now armored against surveillance using SSL encryption. Google enabled HTTPS by default for Gmail in 2010, followed soon after by Microsoft's Hotmail. Facebook enabled encryption by default in 2012. Yahoo now offers it as an option.

"Strongly encrypted data are virtually unreadable," NSA director Keith Alexander told (PDF) the Senate earlier this year.

Unless, of course, the NSA can obtain an Internet company's private SSL key. With a copy of that key, a government agency that intercepts the contents of encrypted communications has the technical ability to decrypt and peruse everything it acquires in transit, although actual policies may be more restrictive.

One exception to that rule relies on a clever bit of mathematics called perfect forward secrecy. PFS uses temporary individual keys, a different one for each encrypted Web session, instead of relying on a single master key. That means even a government agency with the master SSL key and the ability to passively eavesdrop on the network can't decode private communications.

Google is the only major Internet company to offer PFS, though Facebook is preparing to enable it by default.

Even PFS isn't complete proof against surveillance. It's possible to mount a more advanced attack, sometimes called a man-in-the-middle or active attack, and decode the contents of the communications.

A Wired article in 2010 disclosed that a company called Packet Forensics was marketing to government agencies a box that would do precisely that. (There is no evidence that the NSA performs active attacks as part of routine surveillance, and even those could be detected in some circumstances.)

The Packet Forensics brochure said that government agencies would "have the ability to import a copy of any legitimate key they obtain (potentially by court order)." It predicted that agents or analysts will collect their "best evidence while users are lulled into a false sense of security afforded by Web, e-mail or VOIP encryption."

With a few exceptions, even if communications in transit are encrypted, Internet companies typically do not encrypt e-mail or files stored in their data centers. Those remain accessible to law enforcement or the NSA through legal processes.

Leaked NSA surveillance procedures, authorized by Attorney General Eric Holder, suggest that intercepted domestic communications are typically destroyed -- unless they're encrypted. If that's the case, the procedures say, "retention of all communications that are enciphered" is permissible.

 It's not entirely clear whether federal surveillance law gives the U.S. government the authority to demand master encryption keys from Internet companies.

"That's an unanswered question," said Jennifer Granick, director of civil liberties at Stanford University's Center for Internet and Society. "We don't know whether you can be compelled to do that or not."

The government has attempted to use subpoenas to request copies of encryption keys in some cases, according to one person familiar with the requests. Justice Department guidelines say subpoenas may be used to obtain information "relevant" to an investigation, unless the request is "unreasonably burdensome."

"I don't know anyone who would turn it over for a subpoena," said an attorney who represents Internet companies but has not fielded requests for encryption keys. Even a wiretap order in a criminal case would be insufficient, but a FISA order might be a different story, the attorney said. "I'm sure there's some logic in collecting the haystack."

Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation, challenged the notion that current law hands the government the power to demand master encryption keys. Even with a FISA order for the private key, Opsahl said, the amount of technical assistance that a company must provide to the NSA or other federal agencies "has a limit."

Federal and state law enforcement officials have previously said encrypted communications were beginning to pose an obstacle to lawful surveillance. Valerie Caproni, the FBI's general counsel at the time, told a congressional hearing in 2011, according to a transcript:

Encryption is a problem, and it is a problem that we see for certain providers... For individuals who put encryption on their traffic, we understand that there would need to be some individualized solutions if we get a wiretap order for such persons... We are suggesting that if the provider has the communications in the clear and we have a wiretap order, that the provider should give us those communications in the clear.

"One of the biggest problems with compelling the [private key] is it gives you access to not just the target's communications, but all communications flowing through the system, which is exceedingly dangerous," said Stanford's Granick

Subscribe to our Newsletter

Search ALL Articles

Managed V. Non-Managed

 
NON-MANAGED=REACTIVE
MANAGED=PROACTIVE
 
 

ourprivacy.org

US-CERT Latest Warnings

Latest US-CERT Released Warnings

Posted Articles