Matt DeHart – Military, Programmer, Activist

Matt DeHart – Military, Programmer, Activist

Mar 13, 2015 | Anonymous, Whistleblowers & Dissidents

The case of Matt DeHart, a former U.S. drone pilot turned hacktivist, is as strange as it is disturbing. The 29-year-old was recently denied asylum in Canada, having fled there with his family after — he claims — he was drugged and tortured by agents of the FBI, who accused him of espionage and child pornography.

Prosecutors have shown they’re willing to say anything to convict a hacktivist, even if it means lying

Last week the Canadian Border Services Agency said he will be deported to the U.S. to stand trial “in very short order,” after a Canadian Immigration and Refugee Board ruling earlier this month denying his request for refugee status. He is being denied access to two thumb drives that he says contain evidence of illegal acts perpetrated by a U.S. government agency. Now after three unsuccessful attempts to gain political asylum, he fears that he and the files will be delivered to the very government he sought to escape.

“I cannot imagine any life in a country which has already tortured me,” Matt DeHart told reporter Adrian Humphreys, whose astonishing five-part series in Canada’s National Post documents the bizarre case. “Am I now to be given into the hands of my torturers?”

It’s tempting to dismiss DeHart’s claims based on their sheer outlandishness and his equally outlandish attempts to defect to Russia and Venezuela, which he now says he regrets. But given President Barack Obama’s administration’s penchant for punishing hacktivists and whistleblowers, a disturbing decades-long trend of prosecutorial misconduct and the now established fact that the U.S. has, as Obama put it, “tortured some folks,” it’s clear that the U.S. government’s claims in this case warrant even more skepticism.

Matt DeHart

According to government documents, Matt DeHart admitted during an interrogation to becoming involved with a spy ring during his time as a drone pilot, agreeing to broker the sale of military secrets for up to $100,000 per month through a Russian agent in Canada. But he claims he was being drugged and tortured and simply made the story up.

“I would have told them anything,” he told The National Post of his encounter with the FBI agents, during which he was denied a lawyer. “Information that is derived from torture — to use it against somebody is ridiculous. It’s garbage. I already said it’s not true.”

He testified that the agents admitted the child porn charges were fabricated — a ruse to enable investigation into his involvement with the nebulous hacktivist collective Anonymous. He says the investigation stems from a file he uploaded twice to a hidden website, hosted on the anonymous Tor network from a server in his parents’ house. DeHart claims it contained evidence of government wrongdoing, “an FBI investigation into the [CIA’s] practices.” Screen shots of the WikiLeaks website found on his computer suggest he intended to send the file to the whistleblowing organization.

After the asylum ruling earlier this month, three courts — two in the U.S. and one in Canada — have expressed strong doubts about the child pornography charges that triggered a search warrant onMatt DeHart’s parents’ home in the U.S. Those accusations date to 2008 and stemmed from his association with two teenagers while playing the online game “World of Warcraft,” one of whom was also involved with Anonymous; the charges were ultimately not proved.

After DeHart was arrested while crossing from Canada to the U.S. in 2010, a judge in Bangor, Maine, found it odd that prosecutors were suddenly citing the two-year-old porn accusations and that police hadn’t analyzed Matt DeHart computers for illicit files seven months after they were seized. A judge in Tennessee, where Matt DeHart ‘s family lived before moving to Canada, admitted that “the weight of the evidence is not as firm as I thought it was.” And most recently, the Canadian Immigration and Refugee Board concluded there was “no credible or trustworthy evidence” that DeHart had solicited child porn.

Prosecutorial misconduct helps the government railroad journalists, whistleblowers, hacktivists and any who dare to speak truth to power.

To be sure, Matt DeHart strange behavior throughout this ordeal doesn’t place him in a particularly flattering light. But it’s worth noting that these kinds of serious accusations are often made in cases against hacktivists and whistleblowers, helping place them in the government’s crosshairs and paint them as nefarious even when the accusations are easily disproved.

Barrett Brown, a journalist who investigated links between the U.S. government and private intelligence contractors, had all manner of ridiculous false accusations thrown at him before being sentenced last month to five and a half years in prison. He was initially charged for the innocuous act of copying and pasting a hyperlink to a public file stolen by Anonymous from one chat room into another. The charge was dropped, but the linking was still used to increase the length of his sentence, despite the fact that prosecutors had no evidence Brown had looked at the file or even known what was in it.

At one point, prosecutors claimed that Brown conspired with members of Anonymous to overthrow the U.S. government. They also accused him of participating in “SWATting,” the practice of making fake 911 calls to harass people in their homes, and even of plotting with another journalist to hack the Bahraini government. Not one of these claims was supported by the voluminous collection of chat logs that the government provided as evidence. Nor did additional logs obtained by The Daily Dot, which the prosecution had withheld under seal.

Brown was not entirely without fault in the case, having obstructed a search warrant and posted a YouTube video threatening an FBI agent in response to the seizure of his laptops. But in retrospect, it seems clear the impetus for the case was that the government saw Brown’s investigations as a threat and would say anything to guarantee his conviction, even if that meant knowingly making false statements. As Brown put it during his allocution, “This is not the rule of law … It is the rule of law enforcement.”

Close scrutiny

What can we expect from the Matt DeHart case if this is the prosecutorial legacy it follows?

As The New York Times editorial board recently noted, defendants have no recourse when police and prosecutors lie, cheat and conceal evidence in the courtroom, leading to what one federal judge has described (PDF) as a national epidemic of prosecutorial misconduct. Sometimes it leads to wrongful convictions. Other times, as in Brown’s case, it helps the government railroad journalists, whistleblowers, hacktivists and any who dare to speak truth to power.

Remember Aaron Swartz, an information activist who prosecutors pursued vigorously for the act of downloading too many academic articles from an MIT library? Much like in Brown’s case, prosecutors were accused of withholding evidence and coercing Swartz into taking a guilty plea. Swartz committed suicide in 2013 amid mounting legal costs and the possibility of up to 35 years in prison, triggering the DeHarts’ decision to flee the country.

“Aaron Swartz had very similar psychological makeup, similar age, same circumstances as Matt DeHart,” DeHart’s father, Paul DeHart, a retired U.S. Air Force major, told The National Post. “I do not want to wake up one day and find my son hanging from a rope in the garage of our house. And I have noplace to go to bring this to anyone’s attention.”

With Matt DeHart’s attempted defections and other erratic behavior, it’s admittedly difficult to determine where his true intentions lie. But the government’s actions against him have been just as sketchy, if not more so. His claims must be taken seriously, and his case should be closely scrutinized, lest another potential whistleblower fall prey to the state’s merciless war on leaks.

by Joshua Kopstein, a cyberculture journalist and researcher from New York City. His work focuses on Internet law and disorder, surveillance and government secrecy.

 

Recommendations for the Hacktivist Community

Recommendations for the Hacktivist Community

Nov 13, 2014 | 2020 Relevant, Anonymous, News

Statement of Purpose

I have been observing the hacker and hacktivist communities, at times very
closely, for many years. The exact definition of “hacker” and “hacktivist”
varies from author to author, so I shall make my interpretation of these words
very clear. Let us define a “hacker” as someone who utilizes their knowledge of
computers and of computer networks to make money via illegitimate means. Let us
define a “hacktivist” as someone who utilizes their knowledge of computers and
of computer networks to do justice when justice is not done by the state. I
have found that these two communities are inextricably linked, yet remain
completely separate entities. Many hackers double as hacktivists in their spare
time, although most hacktivists do not fancy themselves hackers.

Although hackers turned hacktivists have the very best of intentions, and their
input and expertise is of great value to the hacktivist community, they have
inadvertently suppressed the potential of the very community they are trying to
aid. The get-in-get-the-goods-get-out methodology of the stolen credit card
driven hacker community that has been transfered to the hacktivist community
via ideological osmosis has tragically affixed blinders to it. It has caused
the hacktivist community to think linearly and strive to do nothing more than
to blindly infiltrate target organizations and immediately leak whatever data
they happen to stumble across. This must change. Stealing and leaking data
makes a point, but it is sometimes necessary to do more than just make a point,
to inflict real, measurable damage. In certain, extreme cases an organization’s
disregard for human rights warrants its immediate and complete obliteration.

In this essay, I will discuss a multitude of ideological, operational, and
technical changes that ought to be made to the hacktivist community. These
proposed changes have been derived from my personal observations. Some will
find the ideas contained within this document to be the product of common
sense. I have found these people to be few in number. If the community accepts
my suggestions it will not only become more effective, but the risks associated
with participating in it will be drastically lowered. My intent in writing this
is not to aid criminals, but rather to aid people who wish to do battle with
governments and corporations that have become criminals. If freedom is to
remain on this earth, its people must be willing and able to take arms to
defend it, both physical and digital.

faceless-men

 

 

 

 

 

 

 

Personal Security

Sound operational security is the foundation from which all effective
cyber-offensives are launched. You should, at all times, put your own, personal
security above the success of your operations and interests. The security
precautions taken by most hacktivists I have met are mediocre at best, and
needlessly so. Maintaining sound personal security is by no means difficult. It
requires much caution but very little skill. I have devised a series of
security precautions that hactivists should take and divided them up into six
main categories: environmental, hardware, software, mental, pattern related,
and archaeological. We shall examine each individually.

(1) Environmental:

There are but two places you can work: at home or in public. Some people insist
that working at home is best and others insist that working in public is best.
The proper working environment debate has been raging on in the hacker
community for quite some time now, and has great relevance to the hacktivist
community, as most governments view hackers and hacktivists as one in the same.
Proponents of the “work in public” argument claim that by always working at a
different public location, you significantly lower your chances of being
apprehended. They argue that even if the authorities are able to trace many of
the cyber-attacks you took part in back to the public places where you took
part in them from, that does not bring them any closer to finding you. Most
retail stores and coffee shops do not keep surveillance footage for more than a
year at the most, and even if the authorities are able to get a photo of you
from some security camera, that does not necessarily lead them directly to your
front door, especially if you wore a hoody the entire time you where working
and the camera never got a clear shot of your face. On the other hand,
proponents of the “work at home” argument argue that the risk of being seen and
reported, or merely recorded while working in a public place far outweighs the
benefits of the significantly large increase in anonymity that working in
public provides. Both sides have legitimate points, and I urge you to consider
both of them.

If you decide to work in public, the number one threat you face is other
people. Numerous large criminal investigations have been solved using the
observations of average everyday citizens who just happened to remember seeing
something suspicious. If people sense that you are trying to hide something,
they will watch you more closely than they would otherwise. It is important to
always “keep your cool” as the old saying goes. Always try to sit in such a way
that your screen is facing away from the majority of the people in the room you
are sitting in. Corners are your friend. Try to blend in with the crowd. Dress
in plain cloths. Draw no attention. If you are in a coffee shop, sip some
coffee while you work. If you are in a burger joint, buy a burger. If you are
in a library or book store, set a few books beside your laptop. Also, be very
aware of security cameras, both inside the establishment you are working in as
well as on the street near it. Being captured on film is alright as long as the
camera can not see what is on your screen. Some store cameras are watched by
actual people who will undoubtedly report you if they find out what you are
doing. More and more governments are starting to place very high quality CCTV
cameras on their streets to monitor their citizens, and these devices can be a
problem if they are peering over your shoulder through a window you are sitting
beside. When working in public, it is possible that you may have to confront a
law enforcement officer face to face. Law enforcement officers can smell
uneasiness from a mile away, and if you look like you are up to no good it is
possible that a cop will come and talk to you. Always have some sort of cover
story made up before you leave home to explain why you are where you are. If
you are forced to confront a law enforcement officer you should be able to talk
your way out of the situation.

If you decide to work at home, the number one threat you face is your own ego.
Just because you are at home does not mean that your working environment is
secure. Be aware of windows in close proximity to your computer as well as your
security-illiterate or gossipy family members. Security issues in relation to
network configuration begin to come into play when you work at home. If your
computer were to somehow get compromised while you are working at home,
perhaps by your government, it would be nearly impossible for the person or
group of people rummaging around inside of your system to get your actual IP
address (provided that you adhere to the software security guidelines that we
will discuss later). However, if your wi-fi password (or the name of your
printer, or the name of another computer on the network) contains your actual
last name and part of your address, tracking you down becomes very easy. A lot
of people name their network devices and structure their network passwords in
this way.

It is also possible that if an attacker that has infiltrated your computer
notices other machines on your network they can pivot to them (infect them with
malware using your computer as a spring board of sorts) and use them to get
your IP address. A lot of Internet enabled household devices have cameras on
them (your smart TV, your Xbox, and your high tech baby monitor to name a few)
and said cameras can potentially be leveraged against you. It is in your best
interest to not have any other machines running on your home network while you
are working. Also, change your wi-fi password every once in awhile and make
sure that the password on the administrative interface of your router is
something other than the out-of-the-box default. If your computer gets
compromised, logging into your router using username “admin” and password
“admin” is elementary for a moderately skilled attacker. Most modern routers
list their WAN IP address on their control panels.

Regardless of where you decide to work, be aware of mirrors and glass picture
frames near your workplace. In the right light, both of these items have the
potential to reflect crystal clear images of your screen to onlookers across
the room. In addition to this, understand that modern cell phones are your
worst enemy. Not only are they always going to be the weakest link in your
security setup, but if they are somehow compromised they are equipped with a
camera and microphone. Recent studies suggest that it is possible for smart
phones to listen to the high pitched noise your CPU makes and deduce your PGP
private key. Furthermore, the metadata collected by your phone coupled with
pattern analysis techniques could potentially allow your government to link
your real life and online personas together after some time. We will discuss
this in depth later. Leave your phones at home and if possible keep all phones,
yours or otherwise, far away from your computer. Other portable devices such as
iPods and tablets potentially pose the same risk that phones do and should be
treated the same.

(2) Hardware:

Modern computers come equipped with microphones, speakers (which can be used as
microphones under the right circumstances), and cameras. All of these features
can potentially be leveraged to identify you if your computer is compromised.
To mitigate these risks, these features should be physically removed. Your
computer’s microphone and speakers should be ripped out of it, but you should
not rip out your web cam, as it will alter the outward appearance of your
computer and potentially draw attention to you. Instead, open your computer’s
screen and snip the wires that connect to your web cam. Wrap the ends of the
wires in electrical tape so sparks do not jump in between them. If you must
listen to an audio file while working, use headphones. Only keep your
headphones plugged into your computer when you are using them. The computer you
use for your hacktivist activities also should not contain a hard drive, as
they are unnecessary for our purposes.

(3) Software:

Always use a TOR enabled Linux live system when working. At the present moment,
Tails (The Amnesiac Incognito Live System) is by far the best live distribution
for your purposes. You can read more about TOR at www.torproject.org and you
can read more about acquiring, setting up, and using Tails at tails.boum.org.
The Tails operating system lives on a USB flash drive. Every time you start up
your computer, you must first insert your Tails flash drive into it. The Tails
website will guide you through making said flash drive. Tails will
automatically direct all of your outgoing traffic into the TOR network in an
effort to hide your IP address. If you use Tails you will be completely
anonymous and be able to work with impunity provided that:

* You keep your Tails USB up to date. New versions of the Tails
operating system are released every few months.

* You do not login into your “real world” accounts while using Tails.
Do not check your Twitter feed while you are working.

* You do not use Tails to create an account with an alias that you have
used before. If you have been “0pwn” for the past seven years, now
is a good time to stop being 0pwn.

* You do not alter Tails’ default security settings. They are the way
they are for a reason.

* You do not use Tails to create an online account with a password that
you have used before. Doing this only makes deanonymizing you easier.

* You do not install and use random packages that “look cool”; they
could be miscellaneous. Only use packages and scripts that you trust.
Tails is not bullet proof.

* If you decide to set a sudo password when starting up Tails, make
sure that it is very strong.

* You stay conscious of metadata analysis techniques. We will discuss
these later.

* You switch exit nodes every ten to fifteen minutes. This can be done
by double clicking the little green onion in the upper right hand
corner of your Tails desktop and hitting the “Use a New Identity”
button.

* You follow the communication guidelines laid out later in this
document.

More information can be found on the Tails warning page: https://tails.boum.org/
doc/about/warning/index.en.html. Be aware that it is very easy for your ISP
(which is probably working closely with your government) to tell that you are
using both TOR and Tails. It is probably in your best interest to use something
called “TOR bridge mode”. You can read more about how to configure Tails to
use TOR bridges here: https://tails.boum.org/doc/first_steps/startup_options/
bridge_mode/index.en.html.

Tails is unique in that it has a special feature that wipes your computer’s
memory before it shuts down. This is done in order to mitigate risks associated
with the dreaded “cold boot attack” (a forensics method in which a suspects RAM
is ripped out of his or her computer and then thrown into a vat of liquid
nitrogen to preserve its contents for later analysis). This feature is also
triggered if you pull your Tails flash drive out of your computer while you are
working. If while you are working you ever feel that the authorities are about
to move in on you, even if you have a seemingly irrational gut feeling, yank
your Tails flash drive out of your computer. Tails also has a feature that
allows it to disguises itself as a Windows desktop. Using this feature in
public will reduce your risk of capture significantly.

(4) Mental:

A skilled attacker is well disciplined and knows that he must keep his actions
and skills a secret in order to remain safe from harm. Do not flaunt the fact
that you are dissatisfied with your government, a foreign government, or a
particular corporation. Do not attend protests. Do not publicly advertise the
fact that you have an above average aptitude for computer security offensive or
otherwise. And whatever you do, do not tell anyone, even someone you think you
can trust, that you are planning to launch an organized cyber-attack on any
organization, big or small. If you draw attention to yourself no amount of
security precautions will keep you safe. Keep your “real” life mentally
isolated from your “hacktivist” life. One lapse in operational security could
end you.

Be alert and focused. Remain mentally strong. Come to terms with the illegality
of your actions and what will happen to you if you are apprehended. As a wise
man once said, “A warrior considers himself already dead, so there is nothing
to lose. The worst has already happened to him, therefore he’s clear and calm;
judging him by his acts or by his words, one would never suspect that he has
witnessed everything.” It is perfectly acceptable to be paranoid, but do not
let that paranoia consume you and slow your work. Even if you are extremely
cautious and follow this document’s advice to the letter, you still may be
hunted down and incarcerated, tortured, or killed. Some countries do not take
kindly to hacktivists. It is best that you be honest with yourself from the
beginning. In order to operate effectively you must be able to think clearly
and see the world as it actually is.

(5) Pattern Related:

When your online persona is active your real life persona ceases to exist, and
an observant adversary can use this to their advantage. If your ISP, bank, and
mobile phone provider are “cooperating” with your government and allowing them
to browse through all of their records (a fair assumption in this day and age)
then, eventually, they will be able to deduce your real identity by comparing
everyone’s data to information about your online persona. If the government
looks backs on all of the records they have collected in the past year and
notice that you never make a credit card purchase, watch Netflix, go on your
Facebook, Google, or Twitter account, or change your physical location while
1337Hax0r64 is online on some anti-government forum on the deep web, they will
assume that you are 1337Hax0r64. Even information about your home network’s
bandwidth usage can give away your real identity.

Luckily, performing the type of metadata analysis attack described above takes
time, usually many months. It is very important that you change aliases often,
preferably every three or four months. Shed your old names like a snake sheds
its skin. When you do change your online name, make sure your new identity
can not be tied back to your old one.

DO NOT not launch cyber-attacks from your own computer. Launch attacks only
from hacked servers, servers purchased with washed bitcoins, or free shell
accounts. Certain types of cyber-attacks produce a large amount of traffic over
a short amount of time. If the bandwidth usage of your home network spikes at
the same instant that a government or corporate server is attacked, the time it
takes to deanonymize you is reduced significantly. This is especially true if
you launch multiple attacks on multiple occasions. Launching attacks in this
way can be mentally exhausting. Configuring a new attack server with your tool
set every time your old attack server is banned (an inevitable occurrence) can
be a tedious task indeed. I personally recommend creating a bash script to
automatically install your favorite tools to make this transition process
easier. Most hackers and offensive security professionals use under thirty
non-standard tools to do their job, so configuring a new server with everything
you need should not take very long if you know what you are doing. Consider
equipping your server with TOR and a VNC server (for tools that require GUIs
such as most popular intercepting proxies) as well.

(6) Archaeological:

You must insure that there is no forensics evidence of your actions, digital or
otherwise. If the government breaks into your house and rummages through your
things, they should find nothing interesting. Make sure that you never make any
physical notes pertaining to your hacktivist activities. Never keep any
computer files pertaining to your hacktivist activities in your home. Keep all
of your compromising files, notes, scripts, and unusual attack tools (the ones
that can not be installed with apt-get or the like), and stolen information in
the cloud. It is recommended that you keep all of your files backed up on
multiple free cloud storage providers so that in the event that one of the
providers bans your account you still have all of your data. Do not name your
cloud accounts in such a way that they can be connected back to your online
persona. Never, under any circumstances, mention the names or locations of your
cloud accounts to the people you work with. Always hit the “Use New Identity”
button on your TOR control panel after accessing your cloud storage solutions.
Every time you shed your old alias, shed your old cloud accounts.

Security of Communications

The majority of hacktivists I have met communicate via public IRC. Using IRC is
fine for meeting other hacktivists, but as soon as you muster a team of other
hacktivists who wish to attack the same target as you, move to another more
secure form of communication. Some means of communication are more secure than
others, but completely secure communication does not exist. The following
guidelines are meant to work in conjunction with the personal security
guidelines that where discussed in the previous section. If proper personal
security measures are implemented effectively, compromised communication will
result in operational failure at worst and not complete deanonymization. Since
operational failure may very well set you and your cause back several months,
it is in your best interest to attempt to communicate securely:

* Remember that any of the people you meet on the clearnet, deep web,
or public IRC channels who claim to be on your side could actually
be government agents trying to sabotage your operations.

* If possible, communicate mainly via privacy friendly email accounts
(not Gmail, Yahoo, AT&T, etc.) and encrypt all of your messages with
PGP. When a cyber-attack is being carried out it is often necessary
to be able to communicate with your accomplices instantaneously.
Since encrypting, sending, receiving, and decrypting messages by hand
takes time, using PGP in time sensitive situations like this is not
feasible. If you have to confer in an IM environment, use a program
like TorChat that uses its own form of asymmetric encryption to send
and receive messages instantly.

* Use strong passwords for all of your online accounts. The best way to
make a strong password is to pick eight or nine random words and
string them together. Passwords like this are easy to remember but
hard to guess.

* Never give away any personal information (such as country, interests,
hobbies, health, etc.) or give insight into your feelings or
emotions. Your fellow hacktivists are not your friends and should
never be talked to as such. Giving away this sort of information will
make tracking you easier.

* When you receive messages, do not retain them, even if they are
encrypted. Read them, make note of any hard to remember details
(like long server passwords for example), and then delete them.
Having a mile long digital paper trail can not lead to anything good.
In some cases deleted messages on email serves can be recovered via
computer forensics, but deleting messages quickly may reduce the odds
that they can be.

* When typing messages, do so in a word processor on your computer.
Never write your message inside of a communication program (such as
an online email client, forum PM box, etc.). People have been known
to accidentally send unencrypted messages before. The effects of such
an error can be devastating.

* If you find yourself writing large swaths of text intended for public
release (like essays or manifestos) use a tool like Anonymouth to
obscure your writing style. Your writing style is as unique as a
finger print and can be used to identify you.

* Never, under any circumstances, execute a file on your computer or on
your server that has been given to you by a fellow hacktivist. You
should never run into a situation where doing this is necessary.

* Do not disclose information about your involvement in previous
hacktivist operations to people who where not also part of the same
operation.

* If one of the people that you are working with gets captured, assume
that the people who have captured them know everything that they do.

Philosophy of Attacking

The hacktivist community, like every community, has its own unique set of
philosophical musings, taboos, and dogmas. While I do not advocate the severe
alteration of the principles and philosophies on which the community was built,
I do wish to point out a number of flaws in certain aspects of their
composition. These flaws serve only to hold back the community and should be
openly discussed.

(1) When hacktivists target an organization, their goal is more often than not
to force said organization to stop functioning permanently, or at least for the
longest time possible, in an effort to stall unjust actions from being carried
out or to seek retribution for unjust actions done in the past. Leaking
databases, DoXing influential individuals, defacing websites, and launching
massive DDoS campaigns, four of the modern hacktivist community’s favorite
activities, accomplish this goal – to an extent. Infiltrating a target
organization and sowing discord within its ranks is magnitudes more effective
than leaking credit card numbers or putting a CEO’s social security number on
Pastebin, yet it is rarely, if ever, considered to be a viable course of
action. Subtly and silently fostering suspicion and distrust inside of your
target will have a longer lasting impact than simply pointing out that its
security policy has some weak points.

(2) Hacktivists crave publicity, yet they are the most effective when they
operate undetected. Stay hidden. Although it may seem tempting at times, do not
destroy large amounts of information on your target’s computers or servers.
Doing so will announce your arrival inside of your target’s network rather
loudly. Flashy, public displays of power have no place in the hacktivist
community. Just because you are hiding behind TOR does not mean that you should
not make an effort to cover your tracks. Conceal your attack not to mask your
identity, but to convince your target that no attack was carried out in the
first place.

(3) Once your hacktivist collective has decided to attack an organization,
strike fast and strike hard. Overwhelm your target. A well disciplined and well
organized team of attackers can penetrate most networks within a few hours.
Far too often I have seen hacktivist collectives declare all out war on someone
and then attack them slowly and gain entry into their network days, sometimes
even weeks later. By attacking slowly, you give your target time to react and
strengthen their defenses. Detecting an attack from a large hacktivist
collective is a trivial task, but as history has shown detecting the presence
of one inside of a network, especially a large network, can be tricky.

(4) Cyber-attacks seldom go as planned. If you are attempting to do anything
that involves the coordination of more than two people, keep this in mind. It
is not uncommon for tools to stop working in the middle of an attack. It is not
uncommon for reverse shells to die unexpectedly. It is not uncommon for
seemingly simple actions to take hours to perform. You must be ready to think
on your feet and quickly adjust your attack plan to accommodate the ever
changing conditions within the network you are attacking. Predefined
contingency plans are mostly useless.

(5) Remember that no system is impenetrable. On more than one occasion I have
seen hacktivists give up on trying to infiltrate a target network because their
Nessus scan did not yield any useful results. As a hacktivist, you are not
bound by the typical constraints of a pentester. If you can not successfully
attack a website, try attacking its hosting provider. Try attacking the
administrator’s email account. Try going after random social accounts belonging
to the administrator’s family. Try planting iframes in websites you suspect the
administrator frequents in an effort to infect him. If you cause extensive
collateral damage, who cares? It is not your problem. Sometimes the ends
justify the means. Be creative.

(6) Many hacktivists possess unrealistic, self-constructed mental images of the
ideal cyber-attack. In the majority of these movie-induced delusions, the ideal
attack utilizes numerous 0days, an arsenal of home made tools, and highly
advanced, unimaginably complex network intrusion techniques. In reality, this
type of thinking is incredibly dangerous and causes some hacktivists to attempt
to perform convoluted, elaborate attacks to gain the respect of their peers.
When breaking into highly secured networks, such attacks only draw unnecessary
attention. The best attacks are the ones that work. They are usually simple and
take little time to execute. Using sqlmap to spawn a shell on your target’s
server by exploiting a flaw in their website’s search feature is a viable if
not ideal attack. It allows you to access the inside of your target’s network.
Exploiting a vulnerable FTP daemon on one of your target’s servers using public
exploit code is a viable if not ideal attack. It allows you to access the
inside of your target’s network. Using Metasploit in conjunction with a fresh
Gmail account to launch a phishing campaign against your target’s employees is
a viable if not ideal attack. It allows you to access the inside of your
target’s network. The media hates it when hacktivists use open source software
to do their work. Whenever a hacker or hacktivist is arrested for doing
something that involved using “someone else’s” tools, they are publicly
shammed. “Anyone could have done that” they say. “He’s just an unskilled script
kiddie” they say. Claiming that someone is less of a hacker solely because they
partially depend on someone else’s code borders on absurd. It amounts to
claiming that Picasso is a bad artist because he did not carve his own brushes,
synthesize his own paints, and weave his own canvas. Do not shy away from using
open source tools and publicly available information to accomplish your goals.
Hacking is an art, and nmap is your brush.

Organization and Formation

Most of the hacker and hacktivist groups I have observed are unorganized and
undisciplined. They claim to perform actions as a collective, yet when it comes
time to actually launch an attack they attempt to infiltrate their targets as
individuals, each member launching attacks of their own without making the
faintest attempt to coordinate their actions with others. Here I shall describe
a schema that could be easily adopted by any hacktivist collective to allow it
to facilitate highly coordinated attacks involving large numbers of attackers
with great ease. It will be presented as a series of steps.

Step One: Organize yourselves into multiple small groups. These groups shall be
referred to as strike teams. The ideal strike team is composed of three parts
attack specialists, two parts social engineering specialists. Attack
specialists should at least be able to identify and competently exploit
potential vulnerabilities in websites and be able to exploit vulnerable or
misconfigured services. Social engineering specialists should have at least
some real world experience before participating in a strike team. Attack
specialists should only concern themselves with launching attacks and social
engineering specialists should only concern themselves with social engineering.
Well-defined roles are the key to a strike team’s success. This configuration
will often create an abundance of social engineering specialists, and that is
perfectly acceptable. Having the capability to immediately launch multiple well
planned social engineering campaigns is crucial. The size of a strike team
will be determined by the skill of its members. Highly skilled individuals
should work in very small strike teams (five member teams are acceptable)
whereas unskilled individuals should work in larger strike teams (up to a few
dozen). The organization of strike teams should be coordinated as a collective.
No one person should be given the authority to sort people themselves. Strike
teams should function as “sub collectives” and be autonomous. Hacktivist
collectives are composed of people around the world, most of whom can not be
online all the time. This means that all strike teams should set themselves up
knowing that their members will pop on and offline and that it is possible new
members will have to be annexed at a later time.

Step Two: Within each strike team, agree upon a stratagem; a broad, realistic,
nonspecific plan of action that aims to accomplishes one, very specific goal.
Strike teams should only execute one stratagem at a time. Multiple strike teams
within the same hacktivist collective can execute different stratagems at the
same time in an effort to accomplish some sort of final goal (perhaps to
destabilize an organization or to acquire trade secrets). The next section of
this essay is devoted solely to exploring the concept of stratagems and how to
best form and use them. Strike teams should be allowed to do what they want,
but their initial stratagem should be approved by the collective so that no two
strike teams attempt to do the same thing at the same time.

Step Three: As a strike team, map your target’s attack surface. If multiple
strike teams are all attacking the same network, they should share information
very closely in this step. It is very possible that multiple strike teams
working together to accomplish the same goal could actually be attacking
different networks, in which case mapping should be done within individual
strike teams. Each member of a given strike team should attempt to map the
target network themselves, and then members should compare information. It is
very unlikely that anything will be overlooked by every single member of the
team.

Step Four: Divide your target network up into manageable chunks and assign
certain individuals within your team to each one of those chunks. Efficient
devision of labor is key to launching speedy attacks. Here is an example
involving a network composed of four servers (two SQL servers, a DNS server,
and a web server hosting a feature rich corporate site) and a strike team
composed of six attack specialists and four social engineering specialists:

* Have one attack specialist attack the SQL and DNS servers.

* Have one attack specialist attack the website’s multistage user
registration mechanism and login mechanism.

* Have one attack specialist attack the contact and session management
mechanism.

* Have one attack specialist attack any forms not assigned to other
attack specialists as well as any other potentially exploitable
scripts, pages, or mechanisms.

* Have one attack specialist and two social engineering specialists
attempt to launch some sort of phishing champaign against the
company’s employees.

* Have one attack specialist and two social engineering specialists
attempt to convince the company’s hosting provider that they are the
rightful owners of the company’s four servers and have been locked
out of their email account.

Step Five: Drill yourselves. This step is optional but highly recommended.
Procure a server with a large amount of RAM and multiple processors. Have one
member of your strike team set up a virtual network on it that, to the best of
your knowledge, mimics the network you are planning to attack. This one team
member should not participate in the drills themselves, and they should not
give other team members details pertaining to the virtual network. If you are
planning on attacking a large cooperation, set up the virtual network like a
large cooperate network with a labyrinth of firewalls, routers, switches, and
domain controllers. If you are planning on attacking a small cooperation or
home business, set up your network accordingly. You should never have to
visualize more than 12 workstations, even if your team is doing a complex
pivoting exercise. As a group, attempt to break into your virtual network and
execute your stratagem. The virtual network should be deliberately
misconfigured so that there is a way for your team to infiltrate it and
accomplish their simulated goal, but the misconfigurations should be extremely
subtle. The team should have to work very hard to find them. Run multiple
drills. After each drill, the misconfigurations in the network, and potentially
the layout of the network itself, should be altered to force your team to
attack it in a different way or to exercise a different skill. The purpose of
these drills are two fold. Firstly, they allow your team members to get
accustomed to working together. Secondly, they will prepare your team for the
day when they actually go up against your real target network.

Step Six: Execute your stratagem on your target network. Your strike team
should attack methodically and silently. Every member should know what they
need to do and how they need to do it. No mistakes should be made. Every tool
you use should be well honed and function flawlessly. Not a second should be
wasted. Use time to your advantage. Your target organization will be the most
unprepared for an attack in the middle of the night when all of its IT staff
are at home sound asleep. If your stratagem calls for being embedded in your
target network for a long period of time, tread very lightly once you
infiltrate it.

Interlocking Stratagems in Theory

In this section I will give multiple examples of stratagems that an actual
strike team could make use of. You should combine multiple stratagems to
accomplish your ultimate goal. Individual stratagems are like pieces of a
jigsaw puzzle, and are intended to be pieced together. A strike team should
execute multiple stratagems in succession, possibly in cooperation with other
strike teams in an effort to accomplish a common goal. This section is not
intended to be a play book. I encourage you to build off of my stratagems or,
better yet, devise your own. Some stratagems are:

(1) Collect information on individuals within the target organization. Mount a
phishing campaign against the organization and gain access to as many
workstations as possible. Once you have breached its network, do not pivot.
Attempt to locate any useful information on the workstations you have
compromised, and then remain in the network for as long as possible doing
nothing more than idly gathering intelligence.

(2) Take complete or partial control over the target organization’s main means
of communication (usually email). Review a few of their messages and learn how
they are structured and formatted. Then, send a number of blatantly false
messages to one or more members of the organization using the credentials of
another member of the organization. Multiple false messages should be sent over
some period of time. When members of the organization begin to receive false
messages from their colleagues, distrust will begin to take root.

(3) Take complete or partial control over the target organization’s main means
of communication (usually email). Review a few of their messages and learn how
they are structured and formatted. Then, devise some way to intercept and
inspect or modify messages in transit within the target organization
(essentially, perform a man in the middle attack). Every once in awhile, alter
a message in a subtle but disruptive way. Perhaps change a date or a time so
certain individuals do not arrive at their meetings on time or do not arrive at
all. Once you have reason to believe that your modifications have taken their
toll (i.e. the person you targeted missed their meeting), undo the changes you
made to the message you intercepted so upon audit it appears as though the
message was never tampered with. Doing this is usually hard to detect and will
slowly cause the target organization to destabilize itself as tensions between
individuals within it begin to rise and their employees begin to question their
own sanity.

(4) Take complete or partial control over the target organization’s main means
of communication (usually email). Review a few of their messages and learn how
they are structured and formatted. Use the credentials of a high ranking
individual within the target organization to distribute a message that appears
to be from them that claims a terrible tragedy has occurred that warrants an
immediate, brash, resource intensive response from the rest of the
organization. You will most likely not be able to pull this off more than once.
This stratagem works especially well against militant groups with poorly
defined command structures but has other applications as well.

(5) Once inside of the target organization’s network, acquire a small amount of
classified data intended for the eyes of high ranking personnel only.
Strategically plant the data on the computer of one or more lower ranking
individuals. Make it look like an espionage attempt. If many key individuals
within the target organization are accused of trying to siphon out its secrets,
it will be forced to suspend a large portion of its operations while an
investigation is done.

(6) Use a DDoS attack to disrupt the target organization’s communications for a
short period of time when they are most in need of it. For a corporation, this
could be during an important international Skype call. For a government, this
could be immediately following a devastating attack from an insurgency group.
Doing this will cause panic, which will make the target organization
temporarily more susceptible to other kinds of attacks.

(7) Pose as a legitimate company selling legitimate software and befriend the
target organization. Create a piece of software with a very hard to detect
security flaw in it and sell it to them. The flaw could be as simple as a
poorly implemented encryption library or as complex as an insecure multistage
parsing algorithm. It must be incredibly subtle. So subtle that if it is
detected you will be able to write it off as unintentional. It should be
plausibly deniable. Once the target organization installs the vulnerable
software on their machines, leverage it to perform targeted attacks on key
individuals within it. Do not use it to infect entire subnets, as that will
draw to much attention.

(8) Locate a small software provider your target organization already does
business with and infiltrate their network by using other stratagems. Modify
their source code slightly so that their software becomes vulnerable to remote
attack. Do not modify just any code you come across, study the software
provider’s development process and target code that has already been checked
for bugs and is days away from being released to customers. When the target
organization installs the latest version of software from the company that you
have infiltrated, they will become vulnerable. Leverage this vulnerability to
perform targeted attacks on key individuals within the target organization. Do
not use it to infect entire subnets, as that will draw to much attention.

(9) Locate a small software provider your target organization already does
business with and infiltrate their network by using other stratagems. Most
software companies offer rewards to security researchers who find
vulnerabilities in their products. Determine how reported vulnerabilities are
managed by the company you have infiltrated and devise a way to monitor them
in real time. As soon as a security researcher reports a major vulnerability
in a product your target organization uses, use it to perform targeted attacks
on key individuals within it. Do not use it to infect entire subnets, as that
will draw to much attention.

(10) Using other stratagems, infiltrate the computers of a number of influential
individuals within the target organization. Monitor their activity constantly
and closely. If possible, listen to them through their computer’s microphone.
When you believe that one of them has left their computer, undo things they
have just done. Delete the last sentence they wrote. Hit the back button on
their web browser. Close the program they just opened. Over time, this will
lead them to question their sanity.

(11) Using other stratagems, infiltrate the computers of a number of influential
individuals within the target organization. Most modern governments and
corporations are at least partially corrupt. Find evidence of this corruption
and use it to compel one or more of these influential individuals to aid your
cause. If you are unable to find any evidence of corruption, do not be afraid
to bluff. If you make a mysterious window pop up on, say, a CFO’s computer that
alludes to some sort of dirty secret, it is very possible that the CFO will
assume that the hacker who caused the widow to appear knows something about
them that they actually do not. A lot of powerful people have skeletons in the
closet. The media has instilled a fear of hackers into the general populace,
and this fear can be used to your advantage. Most normal people, upon being
confronted by a hacker that has gained complete control of their computer, will
be inclined to believe plausible sounding white lies. Having an “inside man”
within your target organization can be extremely useful.

Interlocking Stratagems in Practice

In this section I shell present an example of a plausible situation that could
warrant the involvement of hacktivists and a corresponding attack loosely built
upon the stratagems from the last section. I have tried to make the situation
realistic, but it is very likely that if you use my writing to plan and execute
your own attack it will play out nothing like the attack depicted below. Most
actual attacks are far more complex than the one presented here. The purpose
of this example is to demonstrate the way in which multiple strike teams should
work together. Notice how at all times each team has one or more specific
goals.

Situation: A hacktivist collective has decided to attack the terrorist
organization Bina Al-ar-mal after they captured and executed a tourist in
Syria. Bina Al-ar-mal is believed to consist of over 40,000 people, has
hundreds of public Twitter feeds and Facebook accounts, and runs a small
terrorist news site hosted on a Russian server. It has three known leaders, who
we shall refer to as Head Terrorist 1, Head Terrorist 2, and Head Terrorist 3.
Twenty-seven hacktivists have joined the effort. They have been split into
three teams: team 1 consists of five of the most highly skilled hacktivists,
team 2 consists of seven moderately skilled hacktivists, and team 3 consists of
fifteen amateur hacktivists.

Time Line:

(Day 1, Hour 1) Team 1 is initially tasked by the collective with infiltrating
as many terrorist Twitter and Facebook accounts as possible. The team starts
enumerating the accounts immediately. They decide that no drill will be
executed, as breaking into Facebook and Twitter accounts is a trivial task.

(Day 1, Hour 1) Team 2 is initially tasked by the collective with infiltrating
the web hosting provider hosting the terrorist group’s website. They begin
reconnaissance.

(Day 1, Hour 1) Team 3 is initially tasked by the collective with attacking
Bina Al-ar-mal’s website directly. They begin to map the website.

(Day 1, Hour 2) Team 1 finishes enumerating the terrorist Facebook and Twitter
accounts. They begin attempting to break into them.

(Day 1, Hour 2) Team 3 finishes mapping Bina Al-ar-mal’s website and begins to
attack.

(Day 1, Hour 3) Team 1 has breached a few terrorist Facebook and Twitter
accounts. After examining their contents they determine that the terrorists
are using SpookyMail email service to communicate off of social media. A few
terrorist email accounts are identified and the team begins to try to break
into those as well.

(Day 1, Hour 3) Team 3 gains read/write access to a limited portion of the
server Bina Al-ar-mal’s website is hosted on. The other teams are alerted.
They set up a simple php based IP logger script to capture the IP addresses of
Bina Al-ar-mal members attempting to check their organization’s news feed.

(Day 1, Hour 6) Team 2’s reconnaissance ends. They have located the web hosting
provider and gathered information on said provider’s website and servers. They
begin attacking them.

(Day 1, Hour 7) Team 1 breaches their first few terrorist email accounts.

(Day 1, Hour 9) Team 2 locates a vulnerability in the the terrorist’s web
hosting provider’s website. They are not able to fully compromise any of their
servers, but they are able to get a list of customer names, domain names, and
billing addresses by exploiting a flaw in the website’s shopping cart feature.
Upon inspecting the list, they discover that the person paying Bina Al-ar-mal’s
hosting bill has a British billing address. The other teams are alerted and
Scotland Yard is notified of the terrorist threat immediately.

(Day 1, Hour 23) Team 1 is able to get Head Terrorist 1’s email address off of
the “contact” pane of one of the hacked terrorist email accounts. They make
ready for a spear phishing attack against him, but decide to wait some time to
launch it, as it is currently the middle of the night where Head Terrorist 1 is
believed to be.

(Day 2, Hour 3) Team 3 has gathered over seven thousand IP addresses of people
viewing Bina Al-ar-mal’s news feed and tries to attack them all using known
router vulnerabilities. When all is said and done they have infected
thirty-seven routers and forty-six workstations. They determine that
thirty-four of these work stations belong to active members of Bina Al-ar-mal.
They observe these workstations passively, hoping to gather information. The
other two teams are briefed on their success.

(Day 2, Hour 8) Team 1 launched a spear phishing attack against Head Terrorist
1 using the hacked email account of another terrorist.

(Day 2, Hour 9) Team 1’s spear phishing attack against Head Terrorist 1 is a
success. They now have full control over his Windows XP laptop and inform the
other two teams of their success. After searching the laptop’s hard drive and
downloading a half gigabyte of confidential documents and IM logs, the team
decides to plant a PDF of the Christian Bible on it along with some real
looking fake papers from the CIA. After gleaning Head Terrorist 2’s and Head
Terrorist 3’s email addresses from the stolen IM logs, the team sends them both
emails from the hacked email account of a lower level terrorist claiming that
Head Terrorist 1 is dirty.

(Day 2, Hour 9) Team 3 decides to take the sensitive information stolen from
Head Terrorist 1’s computer stolen by Team 1 along with other fake CIA
documents and place it on all thirty-four of the terrorist workstations they
control. They use a hacked email account belonging to an uninvolved terrorist
to inform Head Terrorist 2 and Head Terrorist 3 that Head Terrorist 1 is a
traitor an he has at least thirty-four moles inside of their organization, all
of whom they mention by name.

(Day 2, Hour 10) Head Terrorist 1’s laptop is searched by security forces under
the control of Terrorist 2. Head Terrorist 1 is determined to be part of the
CIA and is placed into a cell to be used as leverage against the United States.

(Day 2, Hour 17) Head Terrorist 2 and Head Terrorist 3 raid all thirty-four of
the suspected moles and find the planted documents. They begin to interrogate
all thirty-four of them in order to find out how deep the CIA has penetrated
their organization. None of them know anything but most of them make up real
sounding false information to make the interrogations end.

(Day 3, Hour 3) Team 1 determines that most remaining Facebook and Twitter
accounts can not be breached. Several team members leave and a few stick around
to try and finish off the remaining accounts.

(Day 6, Hour 17) Scotland Yard arrests the person allegedly paying for Bina
Al-ar-mal’s web hosting. It is later determined that the person is actually
part of a London-based Bina Al-ar-mal cell.

(Day 6, hour 20) Team 2 destroys Bina Al-ar-mal’s web site after catching word
of the Scotland Yard raid.

End Result: One of three head terrorists is being held by their own
organization as a traitor and thirty-four unrelated terrorists are being held
by their own organization and brutally interrogated about actions they did not
commit. One terrorist is in the custody of the Scotland Yard, and a British
terror cell has been exposed. Bina Al-ar-mal’s entire communication network is
compromised (but they do not know that yet), and their website has been taken
offline permanently. All members of Bina Al-ar-mal are now becoming
increasingly suspicious of their fellow members and the hacktivist collective
is now in a position to launch further attacks on Bina Al-ar-mal (using the
compromised email and social media accounts) at a later time. This has all been
accomplished in under a week.

________________________________________________________________________________

My public key is available here:

http://pastebin.com/VhW0bmAt
https://paste.ee/p/C5M3U
http://tny.cz/c9b82da0
http://hastebin.com/jikebijifu.hs
http://chopapp.com/#w04dkx06

SHA1: cb36db996bb684e569663ca7b0d93177ecc561be

Grab it while you still can.

________________________________________________________________________________
Disclaimer: All information provided in this document is for educational
purposes only. The ideas presented here are solely academic and should never be
acted upon or put into practice. The author of this document will not be held
responsible in the event any criminal or civil charges be brought against any
individuals misusing the information in this document to break the law.

—–BEGIN PGP SIGNATURE—–

iQIcBAEBCgAGBQJUWbobAAoJEDWMWw6MLtALcMgP/3FVybGLvoK2rigce8BoxlVx
I06UKO0jh8iUpWxSKFC1mI9phCed8Dhx1nb9bwuY6CWa5NPnn8+R8O98wyvzW5aX
4UVytZ8aqxn83RocLGjkRF6TaCBFaD3V81IHaNY1ODuXBGVR7IG4djS6pDw9BJda
f19L3a8zdr8yoczisdpckIWEqWfLSRgwkOcJ9xtDYG6FuDjs++4ZdncUfwCg76aw
xYJVACdXsI1VDjVtGr1Fx756DuPkFr5APQG64dor5iOxhXw+9sEVD7AnzjpSCxCK
MtaHzkuiwwnp38z9PlaSPqxwyNZ6t8F9FPsgf76x7+egqZ0/Q158NR7gGb1XqaL9
V6mopDiGeQveHePG1zpOv22YBMkrxi0KjFDDTOM/xYBw/+wZnjXjoL+eC2vegQxU
cvcntSXN8l5Wtjc+mX9GdKF+RmjQvN62TmpxB9i35ZhdR7ogk1uqPGqxbova6v/f
3VSfroFWoOo2wkx/aZLpo3Sqe6JS+lRBpZkysWsJHcbNjUfYG6BDWameXvBuIecB
Q1kdRhrQKayoaVOVrzLTmm4T+Nu9/0Vcdx9AO5FF4eShHNa93ybDVOcUaweYoO/K
CngW+eRkz2B+YOOTOeAq9JfvAlo89HUWCRj+OOvWsjJAy5eEQWYcH2X7b7CyGkZb
U4SaSVZVhGFN1kQgCIlV
=QuZa
—–END PGP SIGNATURE—–

Question: Should You Trust Tor?

Question: Should You Trust Tor?

Jul 19, 2014 | Activism, News

nsa-tor-spying

Answer: Not if Your Life is at Stake

By Bill Blunden, July 16, 2014

In the ongoing drizzle of Snowden revelations the public has witnessed a litany of calls for the widespread adoption of online anonymity tools. One such technology is Tor, which employs a network of Internet relays to hinder the process of attribution. Though advocates at the Electronic Frontier Foundation openly claim that “Tor still works[1]” skepticism is warranted. In fact anyone risking incarceration (or worse) in the face of a highly leveraged intelligence outfit like the NSA would be ill- advised to put all of their eggs in the Tor basket. This is an unpleasant reality which certain privacy advocates have been soft-pedaling.

The NSA Wants You To Use Tor

Tor proponents often make a big deal of the fact that the NSA admits in its own internal documents that “Tor Stinks,” as it makes surveillance more work-intensive[2]. What these proponents fail to acknowledge is that the spies at the NSA also worry that Internet users will abandon Tor:

[A] Critical mass of targets use Tor. Scaring them away from Tor might be counterproductive”

Go back and re-read that last sentence. Tor is a signal to spies, a big waving flag that gets their attention and literally draws them to your network traffic[3]. Certain aspects of Tor might “stink” but ultimately the NSA wants people to keep using Tor. This highlights the fact that security services, like the FBI[4], have developed sophisticated tools to remove the veil of anonymity that Tor aims to provide.

For example, the Washington Post reports[5]:

One document provided by Snowden included an internal exchange among NSA hackers in which one of them said the agency’s Remote Operations Center was capable of targeting anyone who visited an al-Qaeda Web site using Tor.”

It’s well known that Tor is susceptible to what’s called a traffic confirmation attack (AKAend-to-end correlation), where an entity monitoring the network traffic on both sides of a Tor session can wield statistical tools to identify a specific communication path. Keep in mind that roughly 90 percent of the world’s internet communication flows through the United States[6], so it’s easy for U.S. intelligence to deploying this approach by watching data flows around entry and exit points[7].

Another method involves “staining” data with watermarks. For example, the NSA has been known to mark network traffic by purchasing ad space from online companies like Google. The ads cause web browsers to create a cookie artifact on the user’s computer which identifies the machine viewing the ad[8]. IP addresses may change but the cookie and its identifiers do not.

De-cloaking Tor users doesn’t necessarily require a federal budget either. According to a couple of researchers slated to speak at Black Hat in a few weeks[9]:

In our analysis, we’ve discovered that a persistent adversary with a handful of powerful servers and a couple gigabit links can de-anonymize hundreds of thousands Tor clients and thousands of hidden services within a couple of months. The total investment cost? Just under $3,000.”

Client Network Exploitation (CNE) Trumps Crypto

Back in 2009 security researcher Joanna Rutkowska implemented what she dubbed the “Evil Maid” attack to foil TrueCrypt’s disk encryption scheme[10]. By compromising the Windows boot environment her team was able to capture the hard disk’s encryption passphrase and circumvent TrueCrypt’s protection. While users can [usually] defend against this sort of monkey business, by relying on a trusted boot process, the success of the Evil Maid attack underscores the capacity for subversion to trump encryption.

This type of client-side exploitation can be generalized for remote network-based operations. In a nutshell, it doesn’t matter how strong your network encryption is if a spy can somehow hack your computer and steal your encryption passphrase (to decrypt your traffic) or perhaps just pilfer the data that they want outright.

Enter the NSAs QUANTUM and FOXACID tag team. QUANTUM servers have the ability to mimic web sites and subsequently re-direct user requests to a second set of FOXACID servers which infects the user’s computer with malware[11]. Thanks to Ed Snowden it’s now public knowledge that the NSA’s goal is to industrialize this process of subversion (a system codenamed TURBINE[12]) so it can be executed on an industrial scale. Why go to the effort of decrypting Tor network traffic when spies can infect, infiltrate, and monitor millions of machine at a time?

Is it any wonder that the Kremlin has turned to old-school typewriters[13] and that German officials have actually considered a similar move[14]? In the absence of a faraday cage even tightly configured air- gapped systems can be breached using clever radio and cellular-based rootkits[15]. As one user shrewdly commented in an online post[16]:

Ultimately, I believe in security. But what I believe about security leaves me far from the cutting edge; my security environment is more like bearskins and stone knives, because bearskins and stone knives are simple enough that I can *know* they won’t do something I don’t want them to do. Smartphones and computers simply cannot provide that guarantee. The parts of their security models that I do understand, *won’t* prevent any of the things I don’t want them to do.”

Software is hard to trust, there are literally thousands upon thousands of little nooks where a flaw can be “accidentally” inserted to provide a back door. Hardware is even worse.

Denouement

About a year ago John Young, the operator of the leaks site Cryptome, voiced serious concerns in a mailing list thread about the perception of security being conveyed by tools like Tor[17]:

Security is deception. Comsec a trap. Natsec the mother of secfuckers”

Jacob Appelbaum, who by the way is intimately involved with the Tor project, responded:

Whatever you’re smoking, I wish you’d share it with the group”

Appelbaum’s cavalier dismissal fails to appreciate the aforementioned countermeasures. What better way to harvest secrets from targets en mass than to undermine a ubiquitous technology that everyone thinks will keep them safe? Who’s holding the shit-bag now? For activists engaged in work that could get them executed, relying on crypto as a universal remedy is akin to buying snake oil. John Young’s stance may seem excessive to Tor promoters like Appelbaum but if Snowden’s revelations have taught us anything it’s that the cynical view has been spot on.

Bill Blunden is an independent investigator whose current areas of inquiry include information security, anti-forensics, and institutional analysis. He is the author of several books, including The Rootkit Arsenal and Behold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-IndustrialComplex. Bill is the lead investigator at Below Gotham Labs.

End Notes

1 Cooper Quintin, “7 Things You Should Know About Tor,” Electronic Frontier Foundation, July 1, 2014, https://www.eff.org/deeplinks/2014/07/7-things-you-should-know-about-tor

2 ‘Tor Stinks’ presentation, Guardian, October 4, 2013,http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document

3 J. Appelbaum, A. Gibson, J. Goetz, V. Kabisch, L. Kampf, L. Ryge, “NSA targets theprivacy-conscious,” http://daserste.ndr.de/panorama/aktuell/nsa230_page-1.html

4 Kevin Poulsen, “FBI Admits It Controlled Tor Servers Behind Mass Malware Attack,”

Wired, September 13, 2013, http://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/

5 Barton Gellman, Craig Timberg, and Steven Rich, “Secret NSA documents show campaign against Tor encrypted network,” Washington Post, October 4, 2013

6 James Ball, “NSA stores metadata of millions of web users for up to a year, secret files show,” Guardian, September 30, 2013, http://www.theguardian.com/world/2013/sep/30/nsa-americans-metadata-year-documents/print

7 Maxim Kammerer, [tor-talk] End-to-end correlation for fun and profit, August 20, 2007,https://lists.torproject.org/pipermail/tor-talk/2012-August/025254.html

8 Seth Rosenblatt, “NSA tracks Google ads to find Tor users,” CNET, October 4, 2013, http://news.cnet.com/8301-1009_3-57606178-83/nsa-tracks-google-adsto-find-tor-users/

9 Alexander Volynkin & Michael McCord, “You Don’t Have to be the NSA to Break Tor: Deanonymizing Users on a

Budget,” Black Hat USA 2014, https://www.blackhat.com/us-14/briefings.html#you-dont-have-to-be-the-nsa-to-break-tor-deanonymizing-users-on-a-budget

10 Joanna Rutkowska, “Evil Maid goes after TrueCrypt!” Invisible Things Lab’s Blog, October 16, 2009, http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html

11 Bruce Schneier, “Attacking Tor: how the NSA targets users’ online anonymity,” Guardian, October 4, 2013, http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity/print

12 Ryan Gallagher and Glenn Greenwald, “How the NSA Plans to Infect ‘Millions’ of Computers with Malware,”

Intercept, March 12, 2014, https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/

13 Chris Irvine, “Kremlin returns to typewriters to avoid computer leaks,” Telegraph, July 11, 2014,http://www.telegraph.co.uk/news/worldnews/europe/russia/10173645/Kremlin-returns-to-typewriters-to-avoid-computer-leaks.html

14 Cyrus Farivar, “In the name of security, German NSA committee may turn to typewriters,” Ars Technica, July 14, 2014, http://arstechnica.com/tech-policy/2014/07/in-the-name-of-security-german-nsa-committee-may-turn-to-typewriters/

15 Jacob Appelbaum, “Shopping for Spy Gear: Catalog Advertises NSA Toolbox,” Der Spiegel, December 29, 2013, http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html

16 “Iron Box Security,” Cryptome, June 6, 2014, http://cryptome.org/2014/06/iron-box-security.htm

17 “Natsec the Mother of Secfuckers,” Cryptome, June 9, 2013, http://cryptome.org/2013/06/nat-secfuckers.htm

Whonix: The Anonymous Operating System

Whonix: The Anonymous Operating System

Oct 13, 2012 | Anonymous, Survivalism

Whonix is an anonymous general purpose operating system based on Virtual Box, Ubuntu GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible. Not even malware with root rights can find out the user’s real IP/location.

Whonix consists of two machines, which are connected through an isolated network. One machine acts as the client or Whonix-Workstation, the other as a proxy or Whonix-Gateway, which will route all of the Whonix-Workstation’s traffic through Tor. This setup can be implemented either through virtualization and/or Physical Isolation.

Whonix advantages:

  • All applications, including those, which do not support proxy settings, will automatically be routed through Tor.
  • Installation of any software package possible.
  • Safe hosting of Hidden services possible.
  • Protection against side channel attacks, no IP or DNS leaks possible^3^ To test for leaks, see LeakTests.
  • Advantage over Live CD’s: Tor’s data directory is still available after reboot, due to persistent storage. Tor requires persistent storage to save it’s Entry Guards.
  • Java / JavaScript / flash / Browser Plugins / misconfigured applications cannot leak your real external IP.
  • Whonix does even protect against root exploits (Malware with root rights) on the Workstation.
  • Uses only Free Software.
  • Building Whonix from source is easy.
  • Tor+Vidalia and Tor Browser are not running inside the same machine. That means that for example an exploit in the browser can’t affect the integrity of the Tor process.
  • It is possible to use Whonix setup in conjunction with VPNs, ssh and other proxies. But see Tor plus VPN/proxies Warning. Everything possible, as first chain or last chain, or both.
  • Loads of Optional Configurations (additional features / Add-Ons) available.
  • Best possible Protocol-Leak-Protection and Fingerprinting-Protection.
Cryptoparty Goes Viral: Pen testers, Privacy Geeks Spread Security to the Masses

Cryptoparty Goes Viral: Pen testers, Privacy Geeks Spread Security to the Masses

Sep 4, 2012 | Anonymous, News

Security professionals, geeks and hackers around the world are hosting a series of cryptography training sessions for the general public.

The ‘crytoparty’ sessions were born in Australia and kicked off last week in Sydney and Canberra along with two in the US and Germany.

Information security experts and privacy advocates of all political stripes have organised the causal gatherings to teach users how to use cryptography and anonymity tools including Tor, PGP and Cryptocat.

Multiple sessions were proposed in Melbourne, Sydney, Adelaide, Canberra, Perth and two in Queensland. A further 10 were organised across Europe, Asia, Hawaii and North America, while dozens of requests were placed for sessions in other states and countries.

The cryptoparties were born from a Twitter discussion late last month between security researchers and Sydney mum and privacy and online activist known by her handle Asher Wolf.

For Wolf, the sessions were a way to reignite technical discussions on cryptography.

“A lot of us missed out on Cypherpunk (an electronic technical mailing list) in the nineties, and we hope to create a new entry pathway into cryptography,” Wolf said.

“The Berlin party was taught by hardcore hackers while Sydney had a diverse range of people attending. The idea is to teach people who don’t crypto how to use it.”

The concept resonated with the online security and privacy community.

It took only hours for about a dozen sessions to spring up around the world on a dedicated wiki page following what was only a casual Twitter exchange between Wolf and others — now cryptoparty organisers.

“When I woke up in the morning, they were all there,” Wolf said.

There was no formal uniformity between each crytoparty. Some were hands-on, with users practising on laptops and tablets, while others were more theory-based with some organisers.

Each session runs for around five hours.

The free classes could accommodate a maximum of about 30 to 40 attendees. One of the first parties in the Southeastern US state of Tennessee had more than 100 people turn up to its afterparty, an event complete with music, beer and fire-twirling.

Copyright © SC Magazine, Australia

August 3, 2012 – DCMX Radio: Re-cap Week’s Alternative News, Intro to CyberWar: Viruses, Hacking, & Black Security Breaches, Protecting Your Computer, Securing Your Internet Connection & Maintaining Privacy Online

August 3, 2012 – DCMX Radio: Re-cap Week’s Alternative News, Intro to CyberWar: Viruses, Hacking, & Black Security Breaches, Protecting Your Computer, Securing Your Internet Connection & Maintaining Privacy Online

Aug 3, 2012 | DCMX Radio

Cyber Security Industry Explosion, Intelligence Spying, Data-mining, Black-Hats, White-Hats, Gray-Hats abound. Alphabet Agencies, Corrupt Globalist Corporations exploiting your info. Micro Tutorial on Protecting Your Computer, Securing Your Internet Connection, Maintaining ‘some’ Privacy Online


Every Week Night 12-1am EST (9-10pm PST)

– Click Image to Listen LIVE –

How to secure your computer and surf fully Anonymous BLACK-HAT STYLE

How to secure your computer and surf fully Anonymous BLACK-HAT STYLE

May 21, 2012 | Anonymous

This is a guide with which even a total noob can get high class security for his system and complete anonymity online. But its not only for noobs, it contains a lot of tips most people will find pretty helpfull. It is explained so detailed even the biggest noobs can do it^^ :

=== The Ultimate Guide for Anonymous and Secure Internet Usage v1.0.1 ===

Table of Contents:

  1.   Obtaining Tor Browser
  2.   Using and Testing Tor Browser for the first time
  3.   Securing Your Hard Drive
  4.   Setting up TrueCrypt, Encrypted Hidden Volumes
  5.   Testing TrueCrypt Volumes
  6.   Securing your Hard Disk
  7.   Temporarily Securing Your Disk, Shredding Free Space
  8.   Installing VirtualBox
  9.   Installing a Firewall
  10.   Firewall Configuration
  11.   Installing Ubuntu
  12.   Ubuntu Initial Setup
  13.   Installing Guest Additions
  14.   Installing IRC (Optional)
  15.   Installing Torchat (Optional)
  16.   Creating TOR-Only Internet Environment
  17.   General Daily Usage

By the time you are finished reading and implementing this guide, you will be able to securely and anonymously browse any website and to do so anonymously. No one not even your ISP or a government agent will be able to see what you are doing online. If privacy and anonymity is important to you, then you owe it to yourself to follow the instructions that are presented here.

In order to prepare this guide for you, I have used a computer that is running Windows Vista. This guide will work equally well for other versions of Windows. If you use a different operating system, you may need to have someone fluent in that operating system guide you through this process. However, most parts of the process are easily duplicated in other operating systems.

I have written this guide to be as newbie friendly as possible. Every step is fully detailed and explained. I have tried to keep instructions explicit as possible. This way, so long as you patiently follow each step, you will be just fine.

In this guide from time to time you will be instructed to go to certain URLs to download files. You do NOT need TOR to get these files, and using TOR (while possible) will make these downloads very slow.

This guide may appear overwhelming. Every single step is explained thoroughly and it is just a matter of following along until you are done. Once you are finished, you will have a very secure setup and it will be well worth the effort. Even though the guide appears huge, this whole process should take at the most a few hours. You can finish it in phases over the course of several days.

It is highly recommended that you close *ALL* applications running on your computer before starting.

SOURCE:
http://www.cyberguerrilla.org/?p=3322

TOR Made for USG Open Source Spying Says Maker

TOR Made for USG Open Source Spying Says Maker

Jan 26, 2012 | Anonymous, Black Technology

Donate $25 for two DVDs of the Cryptome collection of files from June 1996 to the present

16 April 2011. A sends: Roger Dingledine writes that the US Navy uses Tor for open source spying:

http://idtrail.org/files/Dingledine%20-%20Tor.pdf

28 March 2011. Add comments from 1997 on TOR, called then the Onion Router.

25 March 2011. Add messages from A3 and JY.

24 March 2011. Add message from A and EFF.

 

22 March 2011

Creators of TOR:
David M. Goldschlag <goldschlag[at]itd.nrl.navy.mil>
Michael G. Reed <reed[at]itd.nrl.navy.mil>
Paul F. Syverson <syverson[at]itd.nrl.navy.mil>
Naval Research Laboratory

More:

http://www.onion-router.net/Publications/IH-1996.pdf
http://www.isoc.org/inet97/proceedings/F7/F7_1.HTM
http://www.onion-router.net/

 

TOR Made for USG Open Source Spying Says Maker

Date: Tue, 22 Mar 2011 16:57:39 -0400
From: Michael Reed <reed[at]inet.org>
To: tor-talk[at]lists.torproject.org
Subject: Re: [tor-talk] Iran cracks down on web dissident technology

On 03/22/2011 12:08 PM, Watson Ladd wrote:
> On Tue, Mar 22, 2011 at 11:23 AM, Joe Btfsplk<joebtfsplk[at]gmx.com>  wrote:
>> Why would any govt create something their enemies can easily use against
>> them, then continue funding it once they know it helps the enemy, if a govt
>> has absolutely no control over it?  It's that simple.  It would seem a very
>> bad idea.  Stop looking at it from a conspiracy standpoint&  consider it as
>> a common sense question.
> Because it helps the government as well. An anonymity network that
> only the US government uses is fairly useless. One that everyone uses
> is much more useful, and if your enemies use it as well that's very
> good, because then they can't cut off access without undoing their own
> work.

BINGO, we have a winner!  The original *QUESTION* posed that led to the
invention of Onion Routing was, "Can we build a system that allows for
bi-directional communications over the Internet where the source and
destination cannot be determined by a mid-point?"  The *PURPOSE* was for
DoD / Intelligence usage (open source intelligence gathering, covering
of forward deployed assets, whatever).  Not helping dissidents in
repressive countries.  Not assisting criminals in covering their
electronic tracks.  Not helping bit-torrent users avoid MPAA/RIAA
prosecution.  Not giving a 10 year old a way to bypass an anti-porn
filter.  Of course, we knew those would be other unavoidable uses for
the technology, but that was immaterial to the problem at hand we were
trying to solve (and if those uses were going to give us more cover
traffic to better hide what we wanted to use the network for, all the
better...I once told a flag officer that much to his chagrin).  I should
know, I was the recipient of that question from David, and Paul was
brought into the mix a few days later after I had sketched out a basic
(flawed) design for the original Onion Routing.

The short answer to your question of "Why would the government do this?"
is because it is in the best interests of some parts of the government
to have this capability...  Now enough of the conspiracy theories...

-Michael
_______________________________________________
tor-talk mailing list
tor-talk[at]lists.torproject.org
24 March 2011

A sends:

From: A
Date: Thu, 24 Mar 2011 01:41:41 +0000
Subject: Cryptome Fwd: Re: Fwd: The onion TOR network
To: cryptome[at]earthlink.net
Following the publication of the email extract on TOR, I asked
the EFF what they made of it. Here it is. You can of course publish it.
---------- Forwarded message ----------
From: Rebecca Jeschke <rebecca[at]eff.org>
Date: 23 March 2011 21:29
Subject: Fwd: Re: Fwd: The onion TOR network
To: A
Hi A.  This is from Senior Staff Technologist Seth Schoen.  Thanks -- Rebecca
-------- Original Message --------
Subject: Re: Fwd: The onion TOR network
Date: Wed, 23 Mar 2011 11:15:24 -0700
From: Seth David Schoen <schoen[at]eff.org>
To: Rebecca Jeschke <rebecca[at]eff.org>
CC: chris <chris[at]eff.org>, Peter Eckersley <pde[at]eff.org>,
    Seth Schoen <schoen[at]eff.org>
Rebecca Jeschke writes:

     any thoughts on this?
It's totally true that the military people who invented Tor were
thinking about how to create a system that would protect military communications.  The current iteration of that is described at 
https://www.torproject.org/about/torusers.html.en#military 
right on the Tor home page. 
However, the Tor developers also became clear early on that the system wouldn't protect military communications well unless it had a very diverse set of users.  Elsewhere in that same e-mail discussion, Mike Perry (a current Tor developer) alludes to this: 
https://lists.torproject.org/pipermail/tor-talk/2011-March/019898.html 
  In fact, the best known way we have right now to improve anonymity   is to support more users, and more *types* of users. See: 
  http://www.freehaven.net/doc/wupss04/usability.pdf   http://freehaven.net/~arma/slides-weis06.pdf 
The first link is to a paper called "Anonymity Loves Company", which explains the issue this way: 
  No organization can build this infrastructure for its own sole use.   If a single corporation or government agency were to build a private   network to protect its operations, any connections entering or   leaving that network would be obviously linkable to the controlling   organization. The members and operations of that agency would be   easier, not harder, to distinguish. 
  Thus, to provide anonymity to any of its users, the network must   accept traffic from external users, so the various user groups can   blend together. 
You can read the entire (ongoing) discussion about government funding for Tor development via 
https://lists.torproject.org/pipermail/tor-talk/2011-March/thread.html 
(search for "[tor-talk] Iran cracks down on web dissident technology"). 
-- 
Seth Schoen Senior Staff Technologist                         schoen[at]eff.org Electronic Frontier Foundation                    https://www.eff.org/ 454 Shotwell Street, San Francisco, CA  94110     +1 415 436 9333 x107 
Subject: Re: [tor-talk] Iran cracks down on web dissident technology
From: A3
To: John Young <jya[at]pipeline.com>
Cc: A2, cypherpunks[at]al-qaeda.net

On Tue, 2011-03-22 at 17:43 -0400, John Young wrote:
> Fucking amazing admission. No conspiracy theory needed.

Wasn't this already very common knowledge?
Subject: Re: [tor-talk] Iran cracks down on web dissident technology
To: A3, A2, cypherpunks[at]al-qaeda.net
From: John Young <jya[at]pipeline.com>

That's what the Eff-folks advocating TOR are saying. And point to a
file on Torproject.org. See:

http://cryptome.org/0003/tor-spy.htm

However, this appears to be a giant evasion perhaps a subterfuge,
even reminds of what Big Boys say when customers learn they are
siphoning customer data. Read the privacy policy the lawyer-advised
apologists bark, and upon reading the privacy policy see that it only
emphasizes the subterfuge. Openly admitting siphoning is supposed
to make it okay because everyone does it under cover of lockstep
privacy policy. Reject that.

If the Tor operators really know what they are being used for, then
they should admit to being agents of the USG, as Michael Reed had
the guts to do.

Claiming this US spying role for Tor is well known is a crock of slop,
but then spies lie all the time and care not a whit that they peddle
shit for eaters of it. If you believe them and like what they do then
don't shilly-shally, just do what Michael Reed did but others are
too ashamed to do after having been duped since 1996.

If Reed's precedent for honesty is followed, there will be an
admission that the Internet was invented for spying by its inventor.
And then cryptography and other comsec tools. And then cellphones
and the like. Hold on now, this is getting out of hand, the apologists
will bellow, everybody has always known that there is no privacy
in digital world.

Actually, no, they did not. And those who knew keep their Janusian
mouths writhing to reap the rewards of deception. Now that is a truth
everyone knows. No conspiracy theory needed.
http://cryptome.org/jya/onion.htm25 April 1997: Add Lucky Green’s comments.
3 March 1997 (Thanks to LG for pointer)

Date: Sun, 02 Mar 1997 18:20:49 -0800
To: cryptography[at]c2.net, coderpunks[at]toad.com, weidai[at]eskimo.com
From: Lucky Green <shamrock[at]netcom.com>
Subject: PipeNet implemented?

At the FC’97 rump session, Paul Syverson from NRL presented a paper titled “Onion Routing”. The description of the system sounds very much like Wei Dai’s PipeNet. However, the development team seems to be unaware of PipeNet and the discussions about it that we had in the past.

NLR has currently five machines implementing the protocol. Connection setup time is claimed to be 500 ms. They are looking for volunteers to run “Onion Routers”. It appears the US military wants to access websites without giving away the fact that they are accessing the sites and is looking to us to provide the cover traffic. What a fortunate situation.

They said that the source would soon be on the web page, but so far it has not appeared.

http://www.itd.nrl.navy.mil/ITD/5540/projects/onion-routing/

 

To: cypherpunks[at]cyberpass.net
Date: Fri, 25 Apr 1997 01:24:29 -0700
From: Lucky Green <shamrock[at]netcom.com>
Subject: Re: A new system for anonymity on the web

At 12:59 PM 4/20/97 -0700, Steve Schear wrote:

>Hal,
>
>What do you think of the “onion routing” approach from the group at Naval
>Postgraduate? How would compare it to this newest proposal?

Neither one of them is any good in its present form. The folks at the FC’97 rump session got to watch Jim and myself poke truck sized holes into the NRL design within seconds of them ending their presentation. :-)

Here was a US military research lab presenting a system they thought would give them a way to surf the Net anonymously by using the public for cover traffic. [Let me just spell out here that I believe that the people from NRL and Cypherpunks are on the same side on this issue. Their concern is COMSEC, not SIGINT.]

Anyway, we knew how to crack their system without even having to think about it, since folks on Cypherpunks, especially Wei Dai, had discovered various venues of attack on such systems long ago. Cypherpunks are teaching the military about traffic analysis. :-)

The one good thing about NRL is that they seem to be willing to learn. [The other being that they get paid to write our code for us.] Though I get the distinct feeling that they don’t like the required solution. There is simply no way to harden the system against attack without using a constant or at least slowly varying (I would guess we are talking about periods of several hours here, certainly not minutes, but I haven’t done the math, nor do I have the time to do so) bandwidth data stream between the end user and the first Onion Router. This will invariably require special software on the end user’s machine. I think the best design would be a client side proxy. [That much Crowds got right.]

As to Crowds, they got to be kidding. How many end users are willing to become, even without their direct knowledge, the last hop to <enter evil URL here>? I believe that relatively few users would want their IP address to be the one showing up in the server log of <enter seized machine’s name here> because their jondo happened to be the exit point chosen.

 

 

— Lucky Green <mailto:shamrock[at]netcom.com> PGP encrypted mail preferred

“I do believe that where there is a choice only between cowardice and violence, I would advise violence.” Mahatma Gandhi

http://cryptome.org/0003/tor-spy.htm