[cryptography] Compromised Sys Admin Hunters and Tor

Jane third at angels.la
Fri Mar 21 17:42:32 EDT 2014


Not to intrude onto a finely crafted discourse, but I saw nothing
particularly damning with regards to the brief Dingledine gave to NSA.
Talking to NSA politely != installing backdoors into people's stuff. He
didn't say anything we did not know, and the only revelation, as far as I
am concerned, is that NSA people are apparently allowed to use emoticons in
documents. Way to look professional, guys.

Now...

As to the original question, you have got to weight the "gravity" of using
TOR versus complexities needed to thwart local adversary's attempts at
finding out whether you are using TOR.

Basically, if your cryptoparty is somewhere in EU or US, and the activists
in question are mild-mannered folks who aren't "high profile targets" in
any way, you guys would probably do good by just using plain TOR (and
running nodes, though asking to run exit nodes might be asking for a bit
too much commitment)

If one is a high-profile target or operating in conditions where TOR use is
dangerous in and on itself, it might be prudent to rent a VPS (come on,
it's just $5 or so nowadays!) and use it as a SOCKS 5 SSH proxy (Windows
users can do this via putty), since TOR client can be configured to use a
SOCKS proxy between itself and the rest of the net, and Putty (or any
equivalent SSH client on your OS of choice) can set up a SOCKS5 on
localhost and forward all traffic directed at it through the server SSH
client has connected to.

The setup will end up being Alice>SSH_proxy>Remote_machine>TOR>Bob.

Since a local adversary can not get access to the VPS and can only observe
the connection between Alice and the VPS (which is an SSH connection), it
will remain largely oblivious to the fact that Alice is in fact using TOR
(and there are perfectly pedestrian reasons for having an SSH connection to
a remote machine)

The VPS provider will, of course, be able to learn that something TORish is
going on, but won't be able to decrypt traffic.

Thus, you now have plausibly deniable TOR as far as a local adversary is
concerned

Main caveats -
choose VPS provider and server jurisdiction very wisely.

also, if a break-in-and-search happens (can happen to hi-profile targets),
TOR (TOR bundle, one would assume) is still installed locally (which isn't
very plausibly deniable), but management of evidence on local machines for
high-profile activists is a very different and way more contrived subject.


On Fri, Mar 21, 2014 at 4:01 PM, John Young <jya at pipeline.com> wrote:

> Sys admins catch you hunting them and arrange compromises
> to fit your demands so you can crow about how skilled you are.
> Then you hire them after being duped as you duped to be hired.
>
> The lead Tor designer reportedly (via Washington Post) had a
> session with NSA to brief on how to compromise it, although
> "compromise" was not used nor is the word used by
> gov-com-org-edu.
>
> http://cryptome.org/2013/10/nsa-tor-dingledine.htm
>
> Not many honest comsec wizards nowadays are promising
> more than compromised comsec, and the compromise is gradually
> increasing as Snowden material is dribbled out to convince the
> public and wizards not a hell of a lot can be done about it except
> believe in and buy more compromised comsec.
>
> Not news here and in comsec wizard-land, to be sure, but
> compromised comsec is the industry standard, as the industry
> and its wizards in and out of government enjoy the boom and
> bust in comsec tools generated by precursors of Snowden,
> Snowden and his successors.
>
> Compromisability is assumed by the comsec industry to be a
> fundamental feature in all nations, no need to advertise it, much
> better to advertise how great comsec is and now much it is
> needed. Crypto-wizards have a long history of compromising
> believers who hire them and who suffer their promises of
> highly trusted protection.
>
> Trusted comsec is necessary to get persons to pack their
> comms with compromisable information. The greater the
> trust the greater the revelations of just what is desired.
>
> So what if laws are aleays jiggered to allow access to the
> revelations "under legal pressure" and "FISC orders."
> That has been a fundamental feature of crypto and
> comsec wizardry.
>
> At 06:04 AM 3/21/2014, you wrote:
>
>> Hi there,
>>
>> As I am running a local cryptoparty and do a lot of basic
>> encryption/privacy
>> talks and workshops, I am often recommending Tor as one of the means of
>> protecting one's privacy and yes, even security (for example, by running a
>> hidden service and making it possible for users not to leave the darknet).
>>
>> Of course it's far from being enough, and I make that very clear.
>>
>> But lately I got to wonder if using Tor does more harm than good? If the
>> NSA
>> can impersonate any IP on the planet, they can impersonate any Tor node;
>> tis
>> has two important consequences:
>>
>> 1. they know when you're using Tor, and can flag you accordingly, and (for
>>    example) deliver some nastiness when (not "if"!) they get the chance,
>>    because "when you have something to hide..."
>>
>> 2. they can guess with high probability whom are you communicating with;
>> they
>>    don't have to break encryption, it's enough they listen-in and see
>> that a
>>    Tor packet from your IP to Node A is x bytes; a packet from Node A to
>> Node
>>    B is x-( header + Tor encryption layer size ) bytes, and so on.
>>
>> So, is using Tor today doing more harm than good? Would ordinary Joe
>> Schmoes
>> be far better of not using Tor? How about more high-profile targets, like
>> activists/hacktivists, etc?
>>
>> --
>> Pozdr
>> rysiek
>>
>
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140322/f37a96f6/attachment-0001.html>


More information about the cryptography mailing list