[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

German BND 2010: Tor Unsuitable

Subject: German BND 2010: Tor Unsuitable
From: grarpamp at gmail.com (grarpamp)
Date: Thu, 21 Sep 2017 11:25:14 -0400

https://netzpolitik.org/2017/secret-documents-reveal-german-foreign-spy-agency-bnd-attacks-the-anonymity-network-tor-and-advises-not-to-use-it/
https://netzpolitik.org/2017/geheime-dokumente-der-bnd-hat-das-anonymisierungs-netzwerk-tor-angegriffen-und-warnt-vor-dessen-nutzung/
https://www.reddit.com/r/TOR/comments/71cxy2/secret_documents_reveal_german_federal/
https://www.freehaven.net/anonbib/cache/SS03.ps
https://www.freehaven.net/anonbib/cache/timing-fc2004.pdf
https://www.freehaven.net/anonbib/cache/murdoch-pet2007.pdf
http://www.spiegel.de/media/media-35540.pdf
http://www.spiegel.de/media/media-35541.pdf
http://www.spiegel.de/media/media-35543.pdf
http://www.spiegel.de/media/media-35538.pdf
http://www.spiegel.de/media/media-35540.pdf
https://assets.documentcloud.org/documents/801433/doc1-1.pdf
https://assets.documentcloud.org/documents/1342115/timeline-correlation-jeremy-hammond-and-anarchaos.pdf
https://edwardsnowden.com/wp-content/uploads/2014/04/2009-sigdev-conference.pdf

A global passive adversary

Like all low-latency anonymity systems used in practice, Tor cannot
protect against â??a global passive adversaryâ??. This is defined in the
design document. The software documentation warns: â??If your attacker
can watch the traffic coming out of your computer, and also the
traffic arriving at your chosen destination, he can use statistical
analysis to discover that they are part of the same circuit.â?? The goal
of NSAâ??s and GCHQâ??s internet surveillance is to achieve exactly that.

A number of researchers have demonstrated this attack in practice,
either by simply counting transmitted packets, by analyzing time
windows, or correlation attacks with only a fraction of traffic. All
this research is public. The spy agencies followed this research, used
it for their own purpose and turned theoretical vulnerabilities into
real-world surveillance systems.

Very high level of surveillance

One and a half years later, the BND warned German federal agencies not
to use Tor. The hacker unit â??IT operationsâ?? entitled its report: â??The
anonymity service Tor does not guarantee anonymity on the internetâ??.
The six-page paper was sent to the chancellery, ministries, secret
services, the military and police agencies on 2 September 2010.

According to the executive summary, Tor is â??unsuitableâ?? for three
scenarios: â??obfuscating activities on the internetâ??, â??circumventing
censorship measuresâ?? and â??computer network operations for intelligence
servicesâ?? â?? spy agency hacking. The BND assumes â??a very high level of
surveillance within the networkâ??

Follow-Ups:
- German BND 2010: Tor Unsuitable
  - From: grarpamp at gmail.com (grarpamp)

Prev by Date: More #$%& from #$%&#$ %&#$%&#$ Re: [ PFIR ] Netanyahu's son removes anti-Semitic meme from Facebook following outcry
Next by Date: Freesociety.com to Form the World's First Libertarian Country... By Purchasing Its Own Sovereignty
Previous by thread: Is a BTC - BCC flippening in the offing?
Next by thread: German BND 2010: Tor Unsuitable
Index(es):
- Date
- Thread