RT: TOR is NOT PRISM Proof

Posted by: DeepDotWeb

May 18, 2014

An interesting article that was published on RT quoted Andy Malone, of Microsoft Enterprise Security and founder of the Cyber Crime Security Forum, who said at the Microsoft TechEd North America 2014:

“There is no such thing as really being anonymous on the internet. If [hackers and government agencies] want you, they will get you,”

Mentioning that even though TOR still count as one of the better options to keep anonymity than VPN’s for example there are still weaknesses in the system that could be exploited – something that has yet to happen:

“At the moment the Tor network’s security has never been broken, but there are flaws around it that can be exploited,” Malone said.

The Rest of the article mentioned:

One such example is the fact that Tor still uses third-party add-ons, allowing snoops to track, monitor and steal data from its users.

“Tor leaks do occur through third-party apps and add-ons, like Flash. If I was doing forensics on you and thought you were on Tor I wouldn’t attack the network I’d attack the weak areas around it.

Malone says that both the National Security Agency and its UK counterpart, GCHQ, are monitoring “hundreds of Tor relays” and are constantly trying to find ways to break down the secure network. By its very nature, Tor cannot and does not protect against monitoring of traffic on the edges of the Tor network, where traffic comes in and goes out. While it can protect against the process of intercepting and examining messages – traffic analysis – it cannot prevent traffic confirmation.

“You can get people on Tor in a variety of ways. You could do a time attack, which involves catching traffic between relays. You could also do entry and exit node monitoring, which involves dropping a zero-day on the actual machine accessing Tor or hosting an exit node and monitoring what’s going in or out of it.”

He than said that many agencies are working hard to penetrate TOR’s anonymity:

“I work with, and issue recommendations for, law enforcement and I’m telling you now, the dark web is heavily monitored. The NSA and GCHQ are already monitoring hundreds of Tor relays and exit nodes and trying to find ways to break the network down,” he said.

He further warned that users should be aware that the NSA and GCHQ are installing hundreds of onion routers in order to capture and analyze traffic. If a user visits the Deep Web, they should be aware of the existence of honey pots, or trap websites that appear to be part of the network, but are in fact created by law enforcement to catch criminals.

That the NSA and GCHQ are targeting Tor is no secret. Last October, documents leaked by NSA whistleblower Edward Snowden revealed that the intelligence agencies are working extensively towards compromising the computers of people who browse the internet with Tor.

According to the Guardian’s James Ball, Bruce Schneier and Glenn Greenwald, the NSA’s “current successes against Tor rely on identifying users and then attacking vulnerable software on their computer.”

“While it seems that the NSA has not compromised the core security of the Tor software or network, the documents detail proof-of-concept attacks, including several relying on the large-scale online surveillance systems maintained by the NSA and GCHQ through internet cable taps,” the writers added.

Although we have heard all this before but have yet to see any large scale de-anonymizing of TOR users, it should be noted that it will probably not be like that forever, so DNM user should take their OPSEC even more seriously in light of this info.

Source of information: http://rt.com/news/159396-nsa-tor-ineffective-microsoft/

Updated: 2014-05-18