Posts Tagged ‘NSA’

Tor-provided web anonymity not PRISM-proof – Microsoft security guru

The Tor anonymity network cannot provide internet users shelter from government hackers and cyber criminals, a top Microsoft security expert has revealed.

“There is no such thing as really being anonymous on the internet. If [hackers and government agencies] want you, they will get you,” Andy Malone, of Microsoft Enterprise Security and founder of the Cyber Crime Security Forum, said at the Microsoft TechEd North America 2014.

While The Onion Router (Tor) remains more resilient than alternatives such as virtual private networks, cyber criminals are able to exploit weaknesses in the system.

“At the moment the Tor network’s security has never been broken, but there are flaws around it that can be exploited,” Malone said.

One such example is the fact that Tor still uses third-party add-ons, allowing snoops to track, monitor and steal data from its users.

“Tor leaks do occur through third-party apps and add-ons, like Flash. If I was doing forensics on you and thought you were on Tor I wouldn’t attack the network I’d attack the weak areas around it.

Malone says that both the National Security Agency and its UK counterpart, GCHQ, are monitoring “hundreds of Tor relays” and are constantly trying to find ways to break down the secure network. By its very nature, Tor cannot and does not protect against monitoring of traffic on the edges of the Tor network, where traffic comes in and goes out. While it can protect against the process of intercepting and examining messages – traffic analysis – it cannot prevent traffic confirmation.

A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application.

“You can get people on Tor in a variety of ways. You could do a time attack, which involves catching traffic between relays. You could also do entry and exit node monitoring, which involves dropping a zero-day on the actual machine accessing Tor or hosting an exit node and monitoring what’s going in or out of it.”

Honey Pots and the Dark Web

Onion routing was initially designed at the US Naval Research Laboratory to protect the security and privacy of network communications. Tor was originally designed to shield intelligence gathering operations from open sources and protect military communications over public networks. The network works by routing traffic through multiple nodes in an effort to help mask the identities of its users.

It allows for the creation of “invisible websites” with the .onion extension that can’t be accessed using conventional browsers like Google Chrome or Firefox. Such sections of the internet comprise part of the Deep Web – the part of the web not indexed by search engines.

Tor is made possible through a network of donated servers that exchange encrypted data amongst each other before returning through an “exit node,” or the server that is connected back to the internet. The goal is to obscure just where traffic is moving, in order to evade any observers. Exit Nodes are on the edge of the Tor network, meaning traffic from this node can be traced back to its IP address.

While many law-abiding citizens and those seeking to circumvent government censorship have embraced Tor, the notorious online market Silk Road, sometimes called “the ebay for drugs”, was also a hidden Tor service.

Malone said that law enforcement agencies are actively working on more direct ways to penetrate the Tor network and monitor its users.

“I work with, and issue recommendations for, law enforcement and I’m telling you now, the dark web is heavily monitored. The NSA and GCHQ are already monitoring hundreds of Tor relays and exit nodes and trying to find ways to break the network down,” he said.

He further warned that users should be aware that the NSA and GCHQ are installing hundreds of onion routers in order to capture and analyze traffic. If a user visits the Deep Web, they should be aware of the existence of honey pots, or trap websites that appear to be part of the network, but are in fact created by law enforcement to catch criminals.

That the NSA and GCHQ are targeting Tor is no secret. Last October, documents leaked by NSA whistleblower Edward Snowden revealed that the intelligence agencies are working extensively towards compromising the computers of people who browse the internet with Tor.

According to the Guardian’s James Ball, Bruce Schneier and Glenn Greenwald, the NSA’s “current successes against Tor rely on identifying users and then attacking vulnerable software on their computer.”

“While it seems that the NSA has not compromised the core security of the Tor software or network, the documents detail proof-of-concept attacks, including several relying on the large-scale online surveillance systems maintained by the NSA and GCHQ through internet cable taps,” the writers added.

Source: RT


NSA testing smartphones, tablets on safe mobile architecture

The National Security Agency is testing a new mobile infrastructure, largely composed of commercial tools, to secure Top Secret information on portable devices, such as smartphones and tablet computers, a high-level NSA official said.

The intelligence community, like the rest of the federal workforce, increasingly wants to access information on the go, which is creating a challenge for Debora Plunkett, director of the NSA Information Assurance Directorate. Mobility is just one of about 10 challenges– or “opportunities” as Plunkett likes to call them — that she has set out to tackle this year.

Moving ahead, her priority will remain bolstering national security networks at the agency responsible for safekeeping the nation’s secrets and spying on others’ covert activities, she said. But the evolving threat landscape has prompted her to change tactics.

After the disclosure of thousands of pages of classified material on the WikiLeaks website, there is increased interest in the data that NSA houses. In addition, technology is rapidly advancing, and cyber adversaries are becoming more sophisticated.

To shore up mobile devices, NSA is experimenting through the summer with an architecture comprised of commercial handsets and a data delivery concept similar to one used by Amazon’s Kindle e-reader and OnStar Corp.’s navigation systems, Plunkett said. So-called mobile virtual network operators, or MVNOs, lease wireless capacity owned by other network providers, including Verizon Communications and Sprint, and then repackage the mobile services with their own specialized features under a new brand name, such as “OnStar.”

But “the IT architecture of the future,” said Plunkett, will be cloud computing –accessing over the Internet information technology systems that are grounded elsewhere– and virtualization, a means of segmenting one physical server into smaller servers that can be accessed remotely.

Last month, U.S. Cyber Command chief Gen. Keith Alexander endorsed this sentiment when he testified before a House subcommittee that cloud computing will help fortify military networks during the coming year.

“This architecture would seem at first glance to be vulnerable to insider threats — indeed, no system that human beings use can be made immune to abuse,” he said, “but we are convinced the controls and tools that will be built into the cloud will ensure that people cannot see any data beyond what they need for their jobs and will be swiftly identified if they make unauthorized attempts to access data.”

Both Plunkett and Alexander said they believe cloud computing will reduce security risks by moving information away from desktops to a centralized arrangement that allows for tighter control over access and more rapid responses to cyber incidents.

“We’re tracking, absolutely,” Plunkett said of their mutual goal. “I firmly believe that cloud computing is the way to go.”

Like civilian agencies, NSA aims to continuously monitor its security posture by automating the process of collecting network status indicators, such as data on anti-virus scans or software patches, she added.

Other challenges this year include software assurance –the practice of making sure “the millions and millions and trillions of lines of code” that personnel exchange “is both developed securely and that it stays secure throughout its life cycle,” Plunkett said.

CIA, NSA and Google are partnering up

Categories: Intelligence Tags: , ,