Zoz contemplates on the potential weak links of using Tor hidden services, making some assumptions about OPSEC fails by the infamous Dread Pirate Roberts.Here’s some more good news: the big list and the small list. These are the recently leaked XKeyscore filter rules (see left-hand image). Basically, these ones show that security agencies are focused on making that big list as big as possible. Anyone who connects to the Tor directory servers or the Tor website gets put on that big list. In terms of the stated mission of the secret police, this is great, this is akin to looking for a needle in a haystack by piling on more hay. Great work! This is really good. It’s still upsetting and concerning that they are targeting everyone who uses Tor, especially in that it’s worse than criminal – it’s stupid way; but no more so than the rest of the blanket surveillance that we are talking about. It just reinforces “We need more people using these services.”
The other part is worse. This is what I mentioned: collecting the addresses of bridge relays by mining them out of the emails that people send when they get a bridge relay. I think this is a really scummy thing to do, and it’s worth being the way that they’re doing it. So, would the Harvard have been caught even using a bridge relay? Maybe, maybe not. We don’t know why because we don’t know how much information gets shared between these three-letter agencies. But be careful out there.
Finally, in terms of really loading up on the hay, Tails and Tor are advocated by extremists on extremist forums – that’s a comment from the XKeyscore rules. So, congratulations – we’re all extreme, have a Red Bull!Silk Road and Dread Pirate Roberts – we all know the story (see right-hand image). Silk Road operates as a Tor hidden service for over two years before it gets busted, not a bad effort by some metrics. Not everyone knows, but we know that the feds made hundreds of drug purchases through Silk Road, slowly, carefully building the case. They let it operate probably for longer than they had to, to make sure they could get a bust. This is like standard organized crime stuff. They bust the Dread Pirate Roberts at the same time that they image and seize the Silk Road server. So, what fucked it up? Well, we know that there were numerous OPSEC fails by the Dread Pirate Roberts: stack exchange posts, forum posts from the same account, including his real email, ordering fake IDs with his face on them – lots of things that were likely to fuck it up for him (see left-hand image). But we don’t know how this server was de-anonymized, and that’s the 180,000-Bitcoin question. How did that happen? We don’t know the answer. But here are some options. The Dread Pirate Roberts was already identified and monitored, and somehow he logs in without Tor one time, to fix the server for example, not out of the realm of possibility. The hosting company could have been identified by commercial means, like the pay tracing, and then imaged all the servers on that hosting company, like what happened with Freedom Hosting. They could have served an exploit to the Silk Road server, owned it and had it de-anonymize itself. That’s what they did to the Freedom Hosting customers. Or they could have performed a large-scale time-intensive hidden service de-anonymization attack.
We don’t know the answer, but let’s talk about the only one that involves an attack on Tor directly. Hidden services – what you need to know about them is they are a huge disadvantage in terms of correlation attacks, because the attacker can prompt them to generate traffic. They are basically two Tor circuits connected together around a rendezvous point. And anyone that connects to Tor long-term, to the same thing, is vulnerable to these kinds of things, especially the hostile relays, because the network is not that big. So, sooner or later you are going to go through a malicious node. Not such a problem for the typical user, but if you are maintaining a long-term repeat business, like a worldwide drug supply company, then it’s dangerous.I don’t have time to go into details, but this is a paper released recently by Biryukov et al. about de-anonymizing hidden services (see right-hand image). They were able to harvest hidden services and map the popularity of a number of hidden services, including Silk Road. This is just mapping Onion addresses and the usage of them – two days for less than 100 USD in Amazon EC2 instances. They were also able to confirm that a particular Tor node acted as a guard node for a given hidden service, which allowed the de-anonymization of that hidden service – with 90% probability, in eight months for 11,000 USD, well within the realm of possibility for state actors. This relied on a bug that has since been fixed. The Black Hat talk this week that was canceled relied on a different bug, also since fixed, but they were able to stain Tor traffic to hidden services. This was very irresponsible of them, because that stain is now preserved in all of the traffic that’s being collected by state surveillance agencies. So, if Tor’s crypto was broken at a later date, those people could potentially be de-anonymized. But the good news about it is this stuff leaves traces. This (see left-hand image) shows a spike in the number of Guard nodes when Biryukov and others were doing this, so it can’t be noticed. That’s the good news: we can find these bugs and fix them. But be aware that, yes, there are potential attacks on Tor, but not against everyone all the time, we think. About hidden services the state actors don’t have much to say (see right-hand image). That’s not in that paper, it’s the same kind of thing, harvesting hidden service addresses to see what’s out there, and then using cloud instances or Tor relays; presumably keeping up with what’s being done in the open source community, but no reports of noticing these attacks on a continuous basis. And let’s remember from the JTRIG Wiki (see left-hand image) conveniently released, I think, the day or the day before DEF CON slides were due, so I could put them in here. The spooks use Tor too, quite a lot. These are the British GCHQ JTRIG people using Tor for all kinds of things. So, even though they almost certainly commit the sin of overconfidence among others, they have a sense of assurance that their activities are not going to be de-anonymized all the time, for whatever that’s worth. And also, on the subject of whatever that’s worth, even though trust isn’t transitive and it doesn’t help anyone in this room, I know some of the Tor developers personally and I trust them not to run a government honeypot and not to make backdoors for the spooks, for whatever that is worth.
So, the key element to all this thing is not the de-anonymization of the Silk Road service, which is possible. The key element is being tied by identity to the operation of that service. It’s theoretically possible for the server to have been completely identified and imaged because it’s a bidirectional Tor circuit, without Dread Pirate Roberts being busted. If he had practiced his COMSEC properly, he might not have been caught. So the moral of the story there is: don’t run a massive online drug marketplace if you don’t have a plan for when that thing gets infiltrated. Maintaining anonymity with a large organization over a long period of time is really-really hard. You’ve got to do everything perfectly. And not everyone starts out intending to be an international cybercriminal, criminal mastermind, so they don’t take precautions ahead of time. Try and decide in advance where things might go. Do that tradecraft analysis.
Read previous: Don’t Fuck It Up 4: Use Tor the Right Way
Read next: Don’t Fuck It Up 6: OPSEC with Phones