Quantcast

Masquerade 3: “The Great Firewall of China”

In addition to describing China’s web traffic restriction approaches, the speakers also touch upon the benefits and disadvantages of VPNs and Tor.

Stuff gets blocked in China

Stuff gets blocked in China

Ryan Lackey: Then we’ve got examples of when you travel to places like China. China is a great place to visit, but they have a fairly restrictive international firewall, the “Great Firewall” (see right-hand image). It’s not really one firewall, it’s a different firewall in every province, and different operators have different policies. But in addition to being monitored, there is just a basic problem of stuff getting blocked. And it’s really annoying when you go and you want to connect to your services, you want to basically operate like you would at home. You’d think just a VPN would protect you and would allow you to bypass all this stuff, but in a lot of cases it’s a little of a “whack-a-mole” game they play, where they block different VPN technologies all the time. So it’s a pain to deal with.

Marc Rogers: One more thing on the Chinese Firewall is they are actually getting smart with how they are looking out for VPNs. Before, it was identification of VPN points – and they would get blocked. Now, as we have seen with Tor since about 2011, they are actively scanning suspected nodes and they are doing things like talking Tor to suspected nodes, and if they get a reply they flag it and they block it. But that makes it really difficult, because now you’ve got folks who are actively looking for your tools and blocking them. So, whatever you have to do has to be robust enough to protect it.

Protective tools

Protective tools

Ryan Lackey: There’s a bunch of tools that people use today that help users protect themselves and that are provided to users (see right-hand image). Some basic principles that make certain tools easier to use and more privacy-protecting than other tools: generally, I would say decentralized tools and tools that are used by smaller communities rather than a wider tool are going to be more likely to work in any given scenario, though there’s an engineering quality issue of a tool that’s not used by very many users isn’t going to generally be as high quality. Generally, I like things like real-time, things that are asynchronous, like email-based systems rather than connection-oriented systems. However, we’ve really moved to the worldwide web and everybody wants to use connection-based systems, and it’s sort of a pain. And then, encryption – even if it doesn’t provide you with full protection – it does provide you with a little bit of content protection in a lot of cases, even if it’s not implemented terribly thoroughly. So if you get the choice, always add encryption.

Cheap hardware has gotten so cheap that you can dedicate a given piece of hardware to a certain task.

Also there are a lot of common tools that can be reconfigured. VPNs were never really intended as anonymity technology; they just happened to be useful in certain circumstances. They do provide some privacy and they provide some firewall busting just because people don’t want to block all VPNs because it will block a lot of business traffic. So it’s an interesting thing. And the really awesome thing is that cheap hardware has gotten so cheap that you can dedicate a given piece of hardware to a certain task. It’s really-really hard to build a secure multi-user, multi-application operating system; it’s really a much simpler challenge to build a single-purpose device and dedicate it to a certain thing.

Marc Rogers: Before we move off of VPNs, one amusing thing that came off in our discovery. As we were playing around with the Great Firewall, we discovered that you can actually weaponize it. The Great Firewall, really, detects a node doing something it doesn’t like, it floods it with reset packets, and it’s not really doing much to validate the source address. It’s also quite nice that it floods it with reset packets for sometimes up to 30 seconds, so it’s an amplifier. I was just playing around at another conference and I sent some packets spoofing a colleague, and the Great Firewall flooded him with reset packets for the next couple of hours, and he couldn’t do anything. Although I hardly advocate doing this, be careful.

Features of preferable tools

Features of preferable tools

Ryan Lackey: …Yeah, so tempted. Another thing that’s really scary is JavaScript. If you don’t have a great separation between your data and your code, bad things happen. And a lot of the problems with anonymity tools leaking information are either when addressing information is somehow conflated with the messages, so the OSI stack isn’t really kept as separated as it should be; or where code is mixed with data. These things lead to very bad stuff.

Using disposable hardware right

Using disposable hardware right

As we were saying, cheap hardware is great, it prevents a lot of user errors. The problem with a lot of these secure systems is users use them incorrectly (see left-hand image), and if you give somebody a single device and say that’s for talking to one other person, that’s a much easier user model than you need to enter this code every time you use it, you need to authenticate then and do all sorts of stuff.

Marc Rogers: I had a great real-life example of this, literally yesterday. As part of my goon job I had to provide protection for John McAfee. And we’re walking around with John, who is a colorful character, with his security detail who are even more colorful (especially the one who remembers faces). And he was talking about security with phones, he’s like: “I always use burner phones and I’m very careful. Once I’ve used a phone for a certain amount of time I attach it to a lorry, and it goes off around the country, and they can follow that. But they always track me down within a couple of days and find me again.” And I said: “By the way, do you regularly call the same kinds of numbers?” He said: “Yes.” I’m like: “That’ll be why.” It doesn’t matter if you are changing your phone if you keep calling your mom.

Precautions when paying for hardware

Precautions when paying for hardware

Ryan Lackey: One of the issues is, again, if you go by this hardware and you order hardware from the Internet, your odds are going to be pretty high (The Grugq knows that pretty well) that that hardware is not going to come to you exactly as the hardware vendor intended it (see right-hand image). And you probably want to start buying stuff off the shelf that’s pretty configured, it’s sort of commodity thing. It’s unlikely that they are going to backdoor every single piece of hardware that’s a retail thing out there, but the one piece of hardware that The Grugq orders is very likely to be backdoored.
Facts on disposable accounts

Facts on disposable accounts

And cash is great. And Bitcoin is not so anonymous. The same things sort of apply to accounts (see left-hand image).

Types of VPNs and common concerns

Types of VPNs and common concerns

VPNs are sort of nearer to my heart; I ran a VPN provider for about a year and then we shut it down when the Lavabit thing happened. They are definitely useful tools (see right-hand image). There are some concerns: they are not end-to-end; they are not really designed for anonymity, so they don’t give you anonymity. You have to use them correctly and all sorts of stuff like that. And then there’s of course the problem of your trusting the operator of some service to 1) operate in a certain way, keep logs and things; and 2) it’s really-really a bad idea to ever expect the third party to break the law on your behalf for, like, $3 a month – it’s not going to happen. So you’re going to have data turned over. The third-party doctrine in the U.S. means that a server provider, really, has very little ability to protect their customer data.

Using Tor to counter SIGINT

Using Tor to counter SIGINT

There’s some cool stuff that sort of counters this. There’s Tor (see left-hand image). Tor is a great tool, it can keep you anonymous. I believe Snowden has endorsed it, lots of other people have endorsed it. But it’s got some disadvantages. It has a very recognizable signature. It’s a high-profile, lots of people are looking for it. And it’s pretty complicated and not really so simple for users to understand. You have to build additional systems on top of it to make it usable. Tor Browser Bundle and other similar things are great, but you need that level of additional tool to make it a really useful end user tool.

Further nuances of Tor

Further nuances of Tor

However, it’s got some enemies (see right-hand image). If you are trying to use it in a place like China, they are getting better and better at blocking it if it’s the default Tor protocol. Deep packet inspection can block it, and then of course if you have exfiltrated data from some secure network that logs everything, there might be a human analyst looking at it after the fact, and the Tor traffic will be pretty obvious. So whoever sent the Tor traffic is bound for a visit. So people realize this is a problem and they came up with transforms.
 

Read previous: Masquerade 2: The Verbose Metadata

Read next: Masquerade 4: Introducing Secure Travel Routers

Like This Article? Let Others Know!
Related Articles:

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: