[cryptome] Re: 3 Cryptographers at Dinner Mathematical Model

  • From: doug <douglasrankine2001@xxxxxxxxxxx>
  • To: cryptome@xxxxxxxxxxxxx
  • Date: Tue, 18 Nov 2014 19:16:00 +0000

Hi Jason,
On 18/11/14 16:50, Jason Iannone wrote:
It looks like the high performance exit node weakness has been exploited.


Further to my last posting, I re-read the article. Ha! Ha! That is exactly what they have done, in their little experiment...run TOR off and online using open source software, and got an 81% correlation between input and output, with a few false positives and negatives (if I have understood the conclusions correctly). And they are going to conduct more exacting experiments on it.

Now if a little tinpot organisation can do something like that with a few whiz kids doing the intellectual work, then just imagine what the NSA, Chinese and GCHQ can do in their well resourced well funded, academic research institutions....

On 18/11/14 17:30, doug wrote:

Hi Jason,
Tx for bringing that up.
A little while back I read the same article on Cryptome...but I didn't really understand it, low latency and high latency el al, and couldn't find it when I came back from holiday.

However, in another article on Cryptome, the FBI had been monitoring Sabu and correlating his stay at home with his use of TOR on his computer and comparing the outcome with someone else who was being monitored as a target agent of operations. Traffic and statistical software being used to correlate the transmission of the information and its reception. They managed to tie in the information from Sabu to the recipient. They did the same thing with the transmissions and receptions in the Silk Road case.

Combine that with large scale monitoring and access to cables by the security and intelligence services and it might become a viable proposition to be able to crack or regularly break into who is communicating with whom on TOR. On looking further at the TOR website, I discovered that the maximum amount of users at any one time is 250,000. They also break down the users into categories, for instance a lot more bots have been using TOR which has pushed up the usage figures quite dramatically.
see url: https://metrics.torproject.org/

It isn't beyond the realms of possibility that one of those large warehouses of intelligence, be it state or private, can, or have set up networks of virtual or real computers on the hardware they can afford and do experiments with TOR, encryption and Bitcoin in an internal form of internet, or virtual private network. Over a period of time, such an experiment could reveal what is possible and not possible regarding synchronising inputs to TOR with outputs from TOR, particularly using those very cribs and other sources of information which they have.

I notice too, that on reading the FBI affadavit regarding the 2nd Silk Road, that it states that as well as tapping into foreign servers and getting foreign governments to give information to aid their case, they also say that they had an insider at work, who used various methods to check that the CEO was on line and using a certain computer. They also followed him and homed in on his use of a computer at an hotel and, I think at his home, which also tied in with his TOR transmissions to the servers...which the FBI were able to monitor one way or another. In law, it is a question of how one gets information of course and in the US if it is deemed to be illegal it usually cannot be used in court. However, illegal information, say gained form the CIA, can be useful and allow law enforcement to gather the information in another, legal way, suitable for submission to the courts. The criminals, after all, cannot expect to get away carte blanche with illegal or criminal activity, and expect the law enforcement agencies to use purely legal ways of gathering information. In the real world, that doesn't happen and has never happened...

On Tue, Nov 11, 2014 at 2:10 PM, Jason Iannone <jason.iannone@xxxxxxxxx> wrote:

While I have no direct information, history and common sense suggest that
a failure of operational security rather than a failure of tools is to
blame. Your scenario talks to that as well. Investigative techniques can
validate and deanonymize users of a tool before they make use of it.
That¹s not to discredit the very interesting attack surface presented by
the exit node selection criteria that Tor utilizes, but any exploits
utilizing such a feature would likely be added to the pile rather than
represent a key point of entry. Driving known targets to your sniffer box
is more valuable when you know which flows are theirs.


Other related posts: