[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] German BND 2010: Tor Unsuitable

On 21/09/17 11:25 AM, grarpamp wrote:
> https://netzpolitik.org/2017/secret-documents-reveal-german-foreign-spy-agency-bnd-attacks-the-anonymity-network-tor-and-advises-not-to-use-it/
> https://www.reddit.com/r/TOR/comments/71cxy2/secret_documents_reveal_german_federal/
> https://www.freehaven.net/anonbib/cache/timing-fc2004.pdf 
> https://www.freehaven.net/anonbib/cache/murdoch-pet2007.pdf 
> http://www.spiegel.de/media/media-35540.pdf 
> http://www.spiegel.de/media/media-35541.pdf 
> http://www.spiegel.de/media/media-35543.pdf 
> http://www.spiegel.de/media/media-35538.pdf 
> http://www.spiegel.de/media/media-35540.pdf 
> https://assets.documentcloud.org/documents/801433/doc1-1.pdf 
> https://assets.documentcloud.org/documents/1342115/timeline-correlation-jeremy-hammond-and-anarchaos.pdf
> A global passive adversary
> Like all low-latency anonymity systems used in practice, Tor cannot 
> protect against „a global passive adversary“. This is defined in the 
> design document. The software documentation warns: „If your attacker 
> can watch the traffic coming out of your computer, and also the 
> traffic arriving at your chosen destination, he can use statistical 
> analysis to discover that they are part of the same circuit.“ The
> goal of NSA’s and GCHQ’s internet surveillance is to achieve exactly
> that.
> A number of researchers have demonstrated this attack in practice, 
> either by simply counting transmitted packets, by analyzing time 
> windows, or correlation attacks with only a fraction of traffic. All 
> this research is public. The spy agencies followed this research,
> used it for their own purpose and turned theoretical vulnerabilities
> into real-world surveillance systems.
> Very high level of surveillance
> One and a half years later, the BND warned German federal agencies
> not to use Tor. The hacker unit „IT operations“ entitled its report:
> „The anonymity service Tor does not guarantee anonymity on the
> internet“. The six-page paper was sent to the chancellery,
> ministries, secret services, the military and police agencies on 2
> September 2010.
> According to the executive summary, Tor is „unsuitable“ for three 
> scenarios: „obfuscating activities on the internet“, „circumventing 
> censorship measures“ and „computer network operations for
> intelligence services“ – spy agency hacking. The BND assumes „a very
> high level of surveillance within the network“

Well of course, they want to make it easy to monitor all government
traffic and discourage the public from using encryption, but as far as i
was aware Tor is still one of the best tools available and forces TLAs
to up their game.
What do they recommend for their own online communication in 2017?
Sorry i can't read technical German.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to