Research & News in Tor, Privacy, & Security – Nov 30th, 2014

Posted by: Kiell

November 30, 2014

Research

Wei Yu et al. published a research paper titled “On Effectiveness of Hopping-Based Spread Spectrum Techniques for Network Forensic Traceback”. The paper analyzes efficient techniques for tracing the origin of “cyber crimes through anonymous communication networks.” The paper outlines techniques for performing traffic confirmation attacks through the use of Frequency Hopping Direct Sequence Spread Spectrum (FHSS), Code Hopping-DSSS (CH-DSSS), and Time Hopping-DSSS. An attacker, or as the research paper states, “an investigator”, can use these tecniques to “mark” a target’s traffic. These techniques could be used to trace traffic through anonymizing networks with both a very low rate of false positives and very low risk of detection.

News

A new version of GetTor has been announced on The Tor Blog. GetTor is a program designed to provide heavily censored users access to the Tor Browser. To fetch the package over email, a user simply sends an email to gettor@torproject.org with the subject line windows, osx, or linux in the body of the email. Since many packages have become too large to send over email, GetTor now replies to emails with a Dropbox link containing the required packages.

Note: there are better ways you can download Tor if you cannot reach the official website. The best source is through the official mirrors: EFF and torservers.net.

A new version of Orbot, a popular Android application developed by The Guardian Project, has been released. This marks version 14.1.3 of the software, which builds on the earlier 14.0.1 release. It includes better handling of background processes and includes support for Android 5.0.

—

In a new counter-terrorism effort, the UK Government has announced a measure that could force ISPs to retain information linking an IP address to a user for 12 months. The measure will be included in the proposed Anti-Terrorism and Security Bill, a controversial bill that included the failed “Snoopers’ Charter” – or the Communications Data Bill. The “Snoopers’ Charter” would have required ISPs to store records of customer metadata for 12 months. The Liberal Democrats have voiced support for the measure, stating that the measure is important for national security and that the Snooper’s Charter is “dead and buried”.

The European parliament voted 384 to 174 on a resolution that calls for the separation of commercial services from search engines. It aims to prevent monopolization of commercial services and to eliminate unfair or paid ranking of services. The resolution “. . .calls on the Commission ‘to prevent any abuse in the marketing of interlinked services by operators of search engines’, stressing the importance of non-discriminatory online search.” MEPs also made statements in support of net neutrality, aiming to impose restrictions on ISPs and to end roaming charges within the EU.

Twitter has announced an opt out policy that would track installed applications on a user’s smartphone for advertising purposes. In a blog post, Twitter stated, “We are collecting and occasionally updating the list of apps installed on your mobile device so we can deliver tailored content that you might be interested in.” This information will be used to serve targeted advertisements to users and to suggests pages a user may be interesting in following. Users can opt out of this feature by activating “Limit Ad Tracking” or “Opt out of interest-based ads”.

Facebook has updated their privacy policy, bringing very few changes to the data collection policies that many have criticised. Facebook will continue to use targeted advertising based upon several variables, including personal information such as age, gender, and location data, and viewed pages, “likes”, and messages. The company also collects data through partnerships with several analytics companies, including Acxiom, Datalogix and Epsilon.

These updates will take effect on January 1, 2015.

—

Many users holding bitcoin wallets on blockchain.info have reported that their bitcoins have been stolen. A total of 26 users, including some merchants, reported that funds funds were transferred to various blockchain.info wallets. Some users were utilizing two-factor authentication, while others reported that they used only a weak passphrase to secure their wallets.

At the time of this article, there is no further information about how the wallets were hacked/withdrawn from. A reminder to everyone out there – host your own Bitcoin wallet.

Later, Blockchain.info announced that they have launched an .onion address, which should solve all issues of wallets being taken over via malicious Tor exit nodes:

When using your #Blockchain wallet via #Tor, you can now access us through this .onion link: http://blockchatvqztbll.onion/ @torproject

— Blockchain (@blockchain) November 29, 2014

Europol announced the arrest of 118 people accused of purchasing plane tickets using fraudulent credit cards. During the operation, the agency sent alerts to airport police in real time, who would then detain suspects who were attempting to travel using “fraudulently obtained flight tickets.” The operation involved 45 law enforcement agencies around the world, involved several bank networks, and included 60 airlines and 80 airports.

Updated: 2014-11-30