Hacker News new | past | comments | ask | show | jobs | submit login

If you have a suspected target and you can shape traffic on the internet (state actor) there's a much easier way to gain access to the websites visited by your target than by controlling a large number of nodes. It's still noisy, but doesn't generate any scary warnings in tor browser (unless you look at the logs, or pay attention to your connected nodes like with the Onion Circuit GUI in Whonix).

Use a DoS attack against nodes, like the 2-3 years ongoing attack which has lately progressed to a 100% CPU usage DoS against any targeted node. You still have to control a decent number of nodes, but you simply DoS (or DDoS, much noisier) the nodes that your target is connecting to. Once you have them connected to your guard, relay, and exit nodes, you continue the DoS on other nodes until you get the data you need - shorter time is better. I believe this method is being used currently, as I read a post from someone about it recently and noticed something similar happening when I started paying attention to nodes, although it seems it may have stopped for now.

I'm sure there are many vulnerability chains being exploited in tor. Here's an interesting tidbit from the Snowden leaks, which most people took that screenshot of "tor stinks :(" to mean it's safe. At least with JavaScript completely disabled, right?

> Tor users often turn off vulnerable services like scripts and Flash when using Tor, making it difficult to target those services. Even so, the NSA uses a series of native Firefox vulnerabilities to attack users of the Tor browser bundle.

> According to the training presentation provided by Snowden, EgotisticalGiraffe exploits a type confusion vulnerability in E4X, which is an XML extension for Javascript. This vulnerability exists in Firefox 11.0 – 16.0.2, as well as Firefox 10.0 ESR – the Firefox version used until recently in the Tor browser bundle. According to another document, the vulnerability exploited by EgotisticalGiraffe was inadvertently fixed when Mozilla removed the E4X library with the vulnerability, and when Tor added that Firefox version into the Tor browser bundle, but NSA were confident that they would be able to find a replacement Firefox exploit that worked against version 17.0 ESR. The Quantum system

> To trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target's browser to visit a Foxacid server.

> In the academic literature, these are called "man-in-the-middle" attacks, and have been known to the commercial and academic security communities. More specifically, they are examples of "man-on-the-side" attacks.

> They are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the internet backbone, and exploit a "race condition" between the NSA server and the legitimate website. This top-secret NSA diagram, made public last month, shows a Quantum server impersonating Google in this type of attack.

> The NSA uses these fast Quantum servers to execute a packet injection attack, which surreptitiously redirects the target to the FoxAcid server. An article in the German magazine Spiegel, based on additional top secret Snowden documents, mentions an NSA developed attack technology with the name of QuantumInsert that performs redirection attacks. Another top-secret Tor presentation provided by Snowden mentions QuantumCookie to force cookies onto target browsers, and another Quantum program to "degrade/deny/disrupt Tor access".

From https://www.theguardian.com/world/2013/oct/04/tor-attacks-ns...

Let's not forget about the NSA backdooring internet backbone routers and slurping data from undersea cables https://en.m.wikipedia.org/wiki/ANT_catalog

It's quite clear to me the US (and the other major Western players) are preparing for a large-scale war and know a great deal of spies are already living in the country. Warrantless wiretaps for any connections outside of the USA, and mandatory KYC for any cloud providers (VPS etc) within the US. In other words, the surveillance dragnet is now operating at a complete and full scale. Privacy is dead. If you would like to be an activist or give valid criticisms of the government, just know that your devices are likely going to be hacked and your communications decrypted. Airgapped computers may for now be safe with a faraday cage and components stripped out. Mesh networks like Briar are only useful as long as your phone is secure.

I wish I was simply being overly paranoid.

https://www.brennancenter.org/our-work/research-reports/refo...

https://torrentfreak.com/u-s-know-your-customer-proposal-wil...

https://www.ic3.gov/Media/Y2024/PSA240425

https://www.gov.uk/government/news/new-powers-to-seize-crypt...




>DoS nodes

DoS'ing a server and correlating timeouts is a well-known but still discernible technique.

Random delays and packet data have been added to help bugger against this and timing/padding/other side-channel attacks.

At this point most servers operate multiple random timeouts + blackouts + array of mirrors/jugglers to mitigate this de-anonymization technique.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: