[cryptome] Re: 3 Cryptographers at Dinner Mathematical Model

  • From: Shaun O'Connor <capricorn8159@xxxxxxxxx>
  • To: cryptome@xxxxxxxxxxxxx
  • Date: Tue, 18 Nov 2014 20:04:49 +0000

there is probably a place man on every exit node the five eyes spy
agencies can get their grubby little hands on, and some. and little
doubt the likes of china are just as well placed.

Better a slow node that is probably more secure than a fast one that
puts convenience ahead of security. its what the spy agencies bank on,
convenience features.

I have a great dislike for "out of the box convenience" because it makes
you lazy.


On 18/11/2014 19:16, doug wrote:
>> W
> Hi Jason,
> On 18/11/14 16:50, Jason Iannone wrote:
>> It looks like the high performance exit node weakness has been
>> exploited.
>> https://mice.cs.columbia.edu/getTechreport.php?techreportID=1545&format=pdf&;
> Further to my last posting, I re-read the article.    Ha! Ha!  That is
> exactly what they have done, in their little experiment...run TOR off
> and online using open source software, and got an 81% correlation
> between input and output, with a few false positives and negatives (if
> I have understood the conclusions correctly).  And they are going to
> conduct more exacting experiments on it.
>   Now if a little tinpot organisation can do something like that with
> a few whiz kids doing the intellectual work, then just imagine what
> the NSA, Chinese and GCHQ can do in their well resourced well funded,
> academic research institutions....
> Dougie.
> On 18/11/14 17:30, doug wrote:
>> Hi Jason,
>> Tx for bringing that up.
>> A little while back I read the same article on Cryptome...but I
>> didn't really understand it, low latency and high latency el al, and
>> couldn't find it when I came back from holiday.
>> However, in another article on Cryptome, the FBI had been monitoring
>> Sabu and correlating his stay at home with his use of TOR on his
>> computer and comparing the outcome with someone else who was being
>> monitored as a target agent of operations.  Traffic and statistical
>> software being used to correlate the transmission of the information
>> and its reception.  They managed to tie in the information from Sabu
>> to the recipient.   They did the same thing with the transmissions
>> and receptions in the Silk Road case.
>> Combine that with large scale monitoring and access to cables by the
>> security and intelligence services and it might become a viable
>> proposition to be able to crack or regularly break into who is
>> communicating with whom on TOR.  On looking further at the TOR
>> website, I discovered that the maximum amount of users at any one
>> time is 250,000.  They also break down the users into categories, for
>> instance a lot more bots have been using TOR which has pushed up the
>> usage figures quite dramatically.
>> see url: https://metrics.torproject.org/
> It isn't beyond the realms of possibility that one of those large
> warehouses of intelligence, be it state or private, can, or have set 
> up networks of virtual or real computers on the hardware they can
> afford and do experiments with TOR, encryption and Bitcoin in an
> internal form  of internet, or virtual private network.   Over a
> period of time, such an experiment could reveal what is possible and
> not possible regarding synchronising inputs to TOR with outputs from
> TOR, particularly using those very cribs and other sources of
> information which they have.
>> I notice too, that on reading the FBI affadavit regarding the 2nd
>> Silk Road, that it states that as well as tapping into foreign
>> servers and getting foreign governments to give information to aid
>> their case, they also say that they had an insider at work, who used
>> various methods to check that the CEO was on line and using a certain
>> computer.  They also followed him and homed in on his use of a
>> computer at an hotel and, I think at his home, which also tied in
>> with his TOR transmissions to the servers...which the FBI were able
>> to monitor one way or another.  In law, it is a question of how one
>> gets information of course and in the US if it is deemed to be
>> illegal it usually cannot be used in court.  However, illegal
>> information, say gained form the CIA, can be useful and allow law
>> enforcement to gather the information in another, legal way, suitable
>> for submission to the courts.  The criminals, after all, cannot
>> expect to get away carte blanche with illegal or criminal activity,
>> and expect the law enforcement agencies to use purely legal ways of
>> gathering information.  In the real world, that doesn't happen and
>> has never happened...
>> ATB
>> Dougie.
>>> On Tue, Nov 11, 2014 at 2:10 PM, Jason Iannone
>>> <jason.iannone@xxxxxxxxx> wrote:
>>>> Dougie,
>>>> While I have no direct information, history and common sense
>>>> suggest that
>>>> a failure of operational security rather than a failure of tools is to
>>>> blame. Your scenario talks to that as well. Investigative
>>>> techniques can
>>>> validate and deanonymize users of a tool before they make use of it.
>>>> That¹s not to discredit the very interesting attack surface
>>>> presented by
>>>> the exit node selection criteria that Tor utilizes, but any exploits
>>>> utilizing such a feature would likely be added to the pile rather than
>>>> represent a key point of entry. Driving known targets to your
>>>> sniffer box
>>>> is more valuable when you know which flows are theirs.
>>>> Jason


Other related posts: