I'm not presenting a scientific paper. Its an actual method that works. You can DDoS various networks to compare against active connections on TOR, and otherwise...
On Mon, Apr 10, 2017 at 12:22 PM, dawuud dawuud@riseup.net wrote:
Dear Mike Guidry,
My reply here is snarky but I just cannot help it. Please consider me a friend that is snarky rather than an enemy or an asshole.
I am finding it very hard to read. It is *extremely* annoying that you present your definition of "hacking" at the beginning and then go on to define TCP, UDP and other irrelavent things. it also buzzes and pops with wtf terms like "reflect lateral hacking movements". Is your target audience journalists who won't know what to look for in a good technical write up of an actual attack?
Perhaps it would be helpful for you to review some of the vast academic literature about breaking Tor since you are interested in breaking Tor:
https://www.freehaven.net/anonbib/
Sincerely,
David Stainton
On Mon, Apr 10, 2017 at 11:17:13AM -0400, Mike Guidry wrote:
I am not trolling you. I attached a PDF which explains how to trace TOR connections over the internet. It is not a joke. I have some other vulnerabilities at that URL I am releasing.
I'll include here:
Michael Guidry March 15, 2017
Tracing connections online from the virtual landscape to the physical
world
Hacking is the intrusion of a computer by an unwanted guest, and is
usually
used to express gaining access to corporate, or government networks. It requires either installing using malware, phishing, or directly
connecting
to machines and attacking their software with exploits. It is currently impossible to accurately trace hackers online unless they use the same software, and techniques for all their targets. It has become a major problem within the last decade due to globalization, and corporate
networks
directly connected to the Internet.
Tracing Transmission Control Protocol (TCP) connections across the
Internet
is inaccurate due to how routing is performed across global backbones.
The
global routing table is modified constantly with nodes, and routes being adjusted for optimization, or quality of service needs. TCP is the most used protocol therefore it is the only protocol which really matters to attempt to trace. User Datagram Protocol (UDP) is state less therefore
less
reliable for tracking, however has the same vulnerability. UDP is usually used by hackers for exfiltration, or remote control after other actions have been performed.
It is currently impossible to track connections over the Internet accurately. Several cases relate to The Onion Router (TOR) sites aka
“Dark
Web,” which were somehow uncovered using private technologies.
Technologies
used for those cases do not work properly over regular hacking via
proxies
online. Its an issue for the landscape of political hacking worldwide
which
has been increasing annually across the globe.
China, for example, has been having a lot of blame lately due to Internet Protocol (IP) addresses assigned within its borders being used in massive amounts of attacks. Some of these attacks have been supposedly verified, however it is impossible for China to have performed them all. Proxy servers being used in chains may just be victims themselves. The problem arises due to possible evidence planting being similar to proxying
through
their others networks, or borders. It is completely different comparing cyber war to traditional conflicts due to evidence being traceable, and soldiers physical evidence being easily recovered.
Hacking back is a concept any government, or corporation is now detailing within their playbook to understand how the liabilities may affect them.
It
is the terminology used to attack the source of an intrusion by means of hacking itself. Repercussions of hacking a country due to incorrectly assuming an attack was originating there is highly possible. Cyber war policies exists for a lot of nations, and it may easily escalate their attention on whom they believe is performing the attacks. The same
happens
with ‘proxy wars’ currently within the middle east, etc. Proxy wars traditionally will have global evidence allowing verification of weapon deliveries, or monetary exchanges to determine the origin of funding. Soldiers training methods, and other strategies may be impossible to
cloak.
It is generally accepted once verified, and escalation is directed
towards
the proper perpetrator.
Internet Service Providers (ISP) have the ability to perform various
tasks
internally to determine the pathways through their networks which would reflect lateral hacking movements. Connections leaving a single network that enter the realm of dynamic routing via Border Gateway Protocol (BGP) become a nightmare. The percentage of accuracy decreases
exponentially as each separate network is used to route the connection to its destination. It becomes nearly impossible to trace after just a few gateways at least publicly, or academically.
Unorthodox methods are required to allow tracing of connections under
these
circumstances. Distributed Denial of Service (DDoS) is a solution that allows you to turn the internet’s own packet distribution system into a tracking mechanism. Most people do not consider performing DDoS attacks
for
positive reasons. DDoS may have been used by targets to “quarantine”
their
hacking source temporarily from the Internet. This strategy is beyond the scope of this technique, and is literally only a bandaid for a single attack originating from possibly just a proxy.
DDoS is also illegal in most nations which have advanced their cyber
crime
laws. The fact that this technique requires many computers performing attacks strategically placed across the globe also ensures that they will be performed from countries where these laws are being enforced. The
attack
requires attacking all networks that you wish to verify against therefore you are immediately breaking laws on the destination side of most of the world simultaneously. It should not be used lightly, or regularly without cause and understanding.
DDoS attacks transmit more data to a destination than a that network can handle which forces it to stop responding in a timely fashion. The
latency
is so high that the TCP timeouts are reached, and connections break. New connections are also impossible during these attacks. It has only had negative effects since it began being used globally regularly. This technique could be considered a reverse DDoS.
The approach is to attack the entire world in a very strategically timed manner using worldwide machines. Each separate DDoS attack using machines worldwide would use different synchronization, and timing information
which
would allow embedding information directly into the latency it causes on those networks. The purpose is to compare that latency with the hack
taking
place to verify its source location. If the attack disrupts networks your attempting to verify against for milliseconds up to a few seconds then
you
can perform several of these sequentially to embed information in this timing itself. DDoS then becomes a positive useful solution even though technically illegal to a currently difficult problem.
You wouldn’t necessarily have to attack the entire world. Conceptually it would be better to use databases of networks wishing to verify against. Residential, and commercial IP delegations throughout most nations would cover a large portion. Government hacking groups have their IPs leaked often as well. It is possible to just perform the attacks on these particular sets of IP addresses rather than the world as a whole. It is also equally possible to perform the attacks on entire ISPs, and
countries
to quickly determine although this would not be accurate due to possible proxies in between being within that country.
If the technique is used on a major ISP network rather than a gateway
going
into an office then it is possible that a proxy exists within their
network
which would read off as a false positive. Accuracy relies on the networks your verifying against to be actual end user machines which would have human attackers. If you were to attack a network, or router of a network which has an office then it is highly likely they are going to notice
other
hackers using their network to hack externally on scales which would involve this type of solution. If you were to attack an entire country
then
you are going to have a problem of not recognizing from timing alone whether or not a proxy (of possibly several) just exist in that country.
It
is imperative to understand this, and always attempt to get as close to
the
networks in question being verified.
Original message:
Are you trolling us? I don't get it!
On Sun, Apr 09, 2017 at 08:19:28PM -0400, Mike Guidry wrote:
Hello,
Here is a document I've wrote regarding a concept to trace connections
even
through TOR. If you have any questions feel free to respond, and I'll attempt to explain. I have also considered a way to mitigate this situation being allowing TOR to be traced by using 'Transactional Requests.' I'll proceed to write it up, and post soon.
I have released some other short papers as well. It contains several
files
regarding a few vulnerabilities, and a couple concepts regarding things like quantum resistant cryptography, etc..
URL: https://mega.nz/#F!QnZRXKyS!oluyILlMPpyJjPS57w7axQ
Feel free to e-mail me directly..
Thanks, Mike Guidry
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev