Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,950 --> 00:00:08,220
We're going to talk through the whole weaknesses now and what might de anonymize you and what finally
2
00:00:08,220 --> 00:00:16,830
you can do about it to get some insight into how the NSA and GCH Q view the anonymising Tor or at least
3
00:00:17,040 --> 00:00:19,920
how they viewed it in 2013.
4
00:00:19,920 --> 00:00:22,410
We can look at this document here.
5
00:00:22,440 --> 00:00:31,320
One of the leaked presentations we go down here we will never be able to do anonymize all users all
6
00:00:31,320 --> 00:00:39,380
the time but with manual analysis we can deal anonymize a small fraction of Tor users.
7
00:00:39,420 --> 00:00:46,650
The statement I think is still relatively true although they will be moving away from manual analysis
8
00:00:46,950 --> 00:00:51,210
towards more automated analysis as time goes by.
9
00:00:51,300 --> 00:00:58,110
But if you are a target or what you do or where you go makes you a target.
10
00:00:58,110 --> 00:01:01,910
You could be part of that small fraction.
11
00:01:02,040 --> 00:01:08,110
So let's go through some of the weaknesses and what you might do to mitigate them.
12
00:01:08,130 --> 00:01:15,630
So the first point toll is high profile many nation states intelligence agencies have declared war on
13
00:01:15,630 --> 00:01:22,190
Tor and will spend serious time and resources attempting to deal anonymize the users.
14
00:01:22,260 --> 00:01:28,910
These agencies are concerned about what they can't see what you're doing and why.
15
00:01:29,040 --> 00:01:37,230
You paint a target on your back by even using tool and will get placed on automatic profiling lists
16
00:01:37,380 --> 00:01:44,760
plus attacks against Tor or an active area of academic and security research.
17
00:01:44,820 --> 00:01:49,140
Tor is high profile there's no doubt about that.
18
00:01:49,200 --> 00:01:57,450
Tor is also complex and complexity is the nemesis of security and breeds mistakes that all browser is
19
00:01:57,450 --> 00:02:03,990
a good attempt to make Tor appear and be much more simple to the average user.
20
00:02:03,990 --> 00:02:11,700
But it's easy to get all wrong if you start making special configurations in that talk file or various
21
00:02:11,760 --> 00:02:12,840
other changes.
22
00:02:13,020 --> 00:02:19,040
And to be really safe when the consequences are high you do need to make some changes.
23
00:02:19,110 --> 00:02:26,030
Two examples of changes you need to make or warm you need to better isolate that or browser.
24
00:02:26,050 --> 00:02:29,270
I.e. just installing it in your standard operating system.
25
00:02:29,310 --> 00:02:30,730
That's really no good at all.
26
00:02:30,780 --> 00:02:35,730
And two you need better purging of the browser recorded data.
27
00:02:35,790 --> 00:02:39,020
The tool browser does an excellent job of removing that data.
28
00:02:39,120 --> 00:02:42,950
But for me it's not good enough when the stakes are high.
29
00:02:43,320 --> 00:02:45,130
So let's cover these two issues.
30
00:02:45,130 --> 00:02:51,350
Now the browser is not sufficiently isolated from exploitation.
31
00:02:51,360 --> 00:03:00,660
Nation states will spend serious time and resources in buying and developing exploits for the Tor Firefox
32
00:03:00,660 --> 00:03:01,550
browser.
33
00:03:01,560 --> 00:03:11,960
We know the NSA FBI and GCH Q use the quantum system Fox acid an egotistical giraffe to actively compromise
34
00:03:11,970 --> 00:03:22,560
browsers selected extracts from here show details of how the NSA is egotistical giraffe is used to attack
35
00:03:22,590 --> 00:03:24,590
Tor users.
36
00:03:24,590 --> 00:03:28,940
We also know the U.S. agencies had success in August 2013.
37
00:03:28,950 --> 00:03:37,770
The Firefox browser in many older versions of the Tor browser was vulnerable to a javascript type attack
38
00:03:37,860 --> 00:03:43,000
as no script was not enabled and is still not enabled by default.
39
00:03:43,050 --> 00:03:51,210
Once exploited the victims machines would then send the MAC address an IP address and Windows computer
40
00:03:51,210 --> 00:03:53,280
name to the attackers.
41
00:03:53,280 --> 00:03:56,880
Note this only targeted Windows users.
42
00:03:56,970 --> 00:04:04,000
So we should make the general assumption that serious nation states will have exploits for the Tor browser
43
00:04:04,260 --> 00:04:07,330
or if they don't they certainly may do tomorrow.
44
00:04:07,410 --> 00:04:14,610
If your adversary is a serious Nation-State then your security and privacy settings should be on high
45
00:04:15,030 --> 00:04:16,770
javascript disabled.
46
00:04:16,770 --> 00:04:25,910
Never any active content such as Java JavaScript Adobe Flash Adobe shockwave quick time reload Active-X
47
00:04:25,950 --> 00:04:26,950
etc..
48
00:04:27,150 --> 00:04:31,030
Don't install extensions in plugins unless you really know what you're doing.
49
00:04:31,050 --> 00:04:36,570
You need the smallest attack surface in your browser but even that's not good enough.
50
00:04:36,570 --> 00:04:42,870
Never install the browser on your main operating system and especially not on Windows and especially
51
00:04:42,870 --> 00:04:48,100
not on Windows 10 your main operating system is a soft target.
52
00:04:48,100 --> 00:04:52,600
You need to use isolation and compartmentalization.
53
00:04:52,600 --> 00:05:00,760
Look at that section in this course which provides details on how to provide isolation and compartmentalization
54
00:05:00,760 --> 00:05:08,300
for your browser by using things like virtual machines sandboxes physical isolation cubes.
55
00:05:08,350 --> 00:05:18,010
You can see here and so on to create the isolation for the browser or even use dedicated securely built
56
00:05:18,100 --> 00:05:20,090
devices for your isolation.
57
00:05:20,200 --> 00:05:23,350
Never install that whole browser on your main operating system.
58
00:05:23,440 --> 00:05:30,490
If the consequences are high you need isolation and the isolation also needs to be hard and I consider
59
00:05:30,820 --> 00:05:37,840
browser exploits one of the biggest risks for the anonymising new that you have to mitigate if you're
60
00:05:37,840 --> 00:05:41,050
just running the Tor browser in Windows.
61
00:05:41,050 --> 00:05:43,000
That's just not a good idea.
62
00:05:43,060 --> 00:05:49,050
Issue the Tor browser is exploitable mitigate through isolation.
63
00:05:49,090 --> 00:05:56,110
The second issue I mentioned the lack of browser non-persistent the browser is persistent.
64
00:05:56,230 --> 00:06:01,630
So all the data it collects has to be deleted according to tool.
65
00:06:01,660 --> 00:06:10,360
After closing all tabs they then emit browser code on purge session history which instructs Adams and
66
00:06:10,360 --> 00:06:17,250
various Firefox components to clear their session state and then manually clear the following state
67
00:06:17,260 --> 00:06:23,670
search box and find box Tex Hayes ETP or SSL state OSI as peace day.
68
00:06:23,680 --> 00:06:31,660
Site specific content preferences including hate vs TS state content and image cache off line cache
69
00:06:31,720 --> 00:06:39,820
off line storage Cookie's crypto tokens Dohme storage the safe browsing key and the Google Wi-Fi geo
70
00:06:39,820 --> 00:06:42,490
location token if it exits.
71
00:06:42,610 --> 00:06:50,260
We all so clear no scripts site and temporary permissions and all other the site permissions.
72
00:06:50,260 --> 00:06:58,330
So that's a lot of things that are cleared but only non-persistent can a future proof against the next
73
00:06:58,530 --> 00:07:06,300
on known tracking threat that could be stored in your browser and not deleted relatively recently haziest
74
00:07:06,400 --> 00:07:14,470
TS was used to track browsers which was previously on known AV So relying on the whole browser to purge
75
00:07:14,470 --> 00:07:16,890
the browser data isn't good enough.
76
00:07:16,930 --> 00:07:20,920
If the consequences are high you need Norne persistence.
77
00:07:20,980 --> 00:07:27,910
You can get this through options like live operating systems such as tails and VM snapshots and you
78
00:07:27,910 --> 00:07:35,620
can also help mitigate this with special secure Dilley and hold this encryption or a combination of
79
00:07:35,740 --> 00:07:42,910
and what I mean by non-persistent is that the entire application and its data no longer exists anymore
80
00:07:42,920 --> 00:07:42,960
.
81
00:07:43,000 --> 00:07:45,210
And it goes back to its original state.
82
00:07:45,250 --> 00:07:49,290
After you are finished with it the browser fingerprint.
83
00:07:49,380 --> 00:07:56,140
It is obvious to an observer you are using the tool browser because it has a unique fingerprint which
84
00:07:56,440 --> 00:08:04,630
should make you look identical to all the other Tor users unless you do things like maximize your browser
85
00:08:04,640 --> 00:08:04,700
.
86
00:08:04,780 --> 00:08:07,110
So this is great for anonymity.
87
00:08:07,210 --> 00:08:10,200
In some ways but it makes you stand out.
88
00:08:10,290 --> 00:08:18,040
Anyone who is targeting all users and we know that all users are targeted in the examples of the NSA
89
00:08:18,340 --> 00:08:21,780
and DC-X Q with egotistical giraffe.
90
00:08:21,790 --> 00:08:28,270
So by using all this makes you a target and because they can't distinguish between people who they are
91
00:08:28,270 --> 00:08:30,640
actually interested in who they are not.
92
00:08:30,640 --> 00:08:41,350
This makes everyone using tor a target traffic confirmation or end and correllation attacks and in combination
93
00:08:41,350 --> 00:08:49,690
with civil attacks and or did us attacks so tall is a low latency anonymising service.
94
00:08:49,690 --> 00:08:54,030
This means the traffic has to get to the destination quickly and come back quickly.
95
00:08:54,030 --> 00:08:58,660
You can't wait five minutes for a response when you're browsing the web or you just going to get bored
96
00:08:58,660 --> 00:08:58,880
.
97
00:08:58,920 --> 00:09:00,030
You're not going to use Tor.
98
00:09:00,160 --> 00:09:08,110
As I've said previously all low latency anonymizing services VPN is towards on Dhanam are susceptible
99
00:09:08,110 --> 00:09:12,180
to traffic conformational and and correllation attacks.
100
00:09:12,190 --> 00:09:18,250
Let me read from the Tor blog traffic information attack is possible when the attacker controls or observes
101
00:09:18,580 --> 00:09:27,880
the relays on both ends of the Tor circuit and then compares traffic timing volume or other characteristics
102
00:09:28,180 --> 00:09:33,530
to conclude that the two relays are indeed on the same circuit.
103
00:09:33,550 --> 00:09:39,640
If the first relay in the circuit called the entry God knows the IP address of the user and the last
104
00:09:39,640 --> 00:09:47,630
relay in a circuit knows the resource or destination she is accessing then together they can deal anonymize
105
00:09:47,640 --> 00:09:54,340
her and you can read more about traffic confirmation attacks including pointers to many research papers
106
00:09:54,640 --> 00:09:57,070
on this blog post here.
107
00:09:57,430 --> 00:10:04,660
If we compare Tor to VPN which is not really an equal comparison in some way traffic information attacks
108
00:10:04,660 --> 00:10:10,950
are easier with Tor them with VPN and in other ways they are harder with Tor.
109
00:10:10,990 --> 00:10:16,710
It is not easy for an adversary to take control of VPN servers.
110
00:10:16,900 --> 00:10:23,650
Making it harder to correlate traffic and especially if the VPN is in a country out of the sphere of
111
00:10:23,740 --> 00:10:26,110
influence of your adversary.
112
00:10:26,110 --> 00:10:34,030
It is part of the design of Tor that anyone couldn't run a tall relay making it easier to do co-relation
113
00:10:34,030 --> 00:10:38,940
attacks on Tor if you act as a number of relays.
114
00:10:38,950 --> 00:10:45,370
An example of a similar attack is where you are running toll relays and clients to establish trust either
115
00:10:45,370 --> 00:10:50,260
by passively observing and or potentially injecting traffic.
116
00:10:50,260 --> 00:10:52,560
This is known as a simple attack.
117
00:10:52,570 --> 00:10:59,560
There is human oversight over the Tor network which could detect traffic ulcerations but this will not
118
00:10:59,560 --> 00:11:02,960
prevent passive observation in a single attack.
119
00:11:02,980 --> 00:11:10,150
It is in fact not part of the Tor design to defend against co-relation attacks although it does in some
120
00:11:10,150 --> 00:11:11,580
way do that.
121
00:11:11,590 --> 00:11:19,690
The big advantage for toll over VPN is in my initial comparison for traffic correllation attacks is
122
00:11:19,690 --> 00:11:26,120
that Tor has many many more nodes and uses than the average VPN service.
123
00:11:26,230 --> 00:11:29,860
Making co-relation a much larger problem.
124
00:11:29,860 --> 00:11:34,930
The larger the network gets the larger the tonette it gets the better.
125
00:11:34,930 --> 00:11:43,900
The anonymity it will provide and defense against co-relation and Sibylle attacks in combination and
126
00:11:43,900 --> 00:11:52,300
separately a notable civil attack in combination with a traffic confirmation attack was launched against
127
00:11:52,300 --> 00:12:00,850
the Tor anonymity network for several months in 2000 and 14 by unknown perpetrators.
128
00:12:00,910 --> 00:12:13,390
Probably the NSA or see a autonomous system an autonomous system is a collection of connected IP routing
129
00:12:13,390 --> 00:12:17,890
prefixes under the control of one or more network operator.
130
00:12:18,010 --> 00:12:23,950
That presents a common clearly defined routing policy to the Internet.
131
00:12:23,950 --> 00:12:30,230
They are uniquely identified as individual networks on the Internet and a.
132
00:12:30,250 --> 00:12:40,140
As an autonomous system a large telco or ISP might administer one of these autonomous systems.
133
00:12:40,210 --> 00:12:41,110
And why does this matter.
134
00:12:41,110 --> 00:12:49,510
You might ask well if your talk circuit and destination exist within a single A s the administrator
135
00:12:49,690 --> 00:12:57,730
of the A-S could perform a traffic confirmation attack on the entry and exit segments of the path and
136
00:12:57,730 --> 00:13:03,040
potentially infer the destination with which the client communicated.
137
00:13:03,040 --> 00:13:10,300
It is my personal opinion that traffic confirmation attacks especially in combination with a passive
138
00:13:10,510 --> 00:13:18,790
or active Sibylle attack i.e. running lots of relays and clients and watching and or changing the traffic
139
00:13:19,120 --> 00:13:25,600
is one of the most likely methods to deal anonymize you and your users going forward.
140
00:13:25,600 --> 00:13:32,280
They could also did us relays forcing their targets onto other relays.
141
00:13:32,290 --> 00:13:39,310
They own an adversary with sufficient means to have international influence would find it much easier
142
00:13:39,310 --> 00:13:40,200
to perform.
143
00:13:40,300 --> 00:13:48,910
Although just having enough resources is all they may require especially if they are targeting someone
144
00:13:49,000 --> 00:13:51,460
in particular.
145
00:13:51,460 --> 00:13:56,740
If you are interested more in traffic co-relation attack as a paper here traffic correllation on toll
146
00:13:57,070 --> 00:13:59,270
by realistic adversaries.
147
00:13:59,320 --> 00:14:04,310
You might want to give that a read if traffic co-relation attacks interest you
17004
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.