[tor-talk] Did Australian Authorities hack (US) computers with Tor's help?

Chris tmail299 at errtech.com
Sun Aug 21 01:06:12 UTC 2016 

On 2016-08-20 06:54 PM, tortalk at arcor.de wrote:
> Hi!
> 
> I found two articles which may have something in common. 1. Some Tor
> users (29.000) got deanonymized by authorities while up/downloading
> childporn. 2. Someone claims that "Tor suddenly dump over 30
> megabloats of steaming faeces onto a file system on exit".
> 1. Is it just a question of time when other deanonymisations will come 
> public?
> https://motherboard.vice.com/read/australian-authorities-hacked-computers-in-the-us
> "Australian Authorities Hacked Computers in the US
> Written by Joseph Cox Contributor
> August 15, 2016 // 10:10 AM EST
> ...
> By the very virtue of the investigation, Australian authorities likely
> would not have known where the computer they wanted to hack was
> located; indeed, that was the exact problem that the Tor network
> presented.
> 
>     Whether the Australian authorities hacked computers in other
> countries remains unclear.
> 
> It is unclear on what authority Australian law enforcement obtained a
> warrant, or whether one was obtained at all to gather IP addresses
> from Piccolo and others in the US. Task Force Argos declined to answer
> any questions or comment for this story.
> ...
> Whether using a hacking tool to grab the real IP address of a Tor user
> constitutes a search in a legal sense has recently become a
> contentious issue in the US. Several judges have said that suspects do
> not have a reasonable expectation of privacy around their IP address
> when using the Tor network, meaning that it is not protected by the
> Fourth Amendment, and a hack grabbing it would not require a warrant.
> The Electronic Frontier Foundation, as well as some courts, have
> argued otherwise.

The article seems to suggest that those taking proper security 
precautions would not have been impacted by this exploit. Users are 
warned that opening external files can compromise their security. In 
this case it was apparently a video file. If Tails has been designed 
properly this should not have been a problem for Tails users. I have not 
recently examined Tails, but from my understanding, in the past all 
traffic was routed through Tor. This would have included the video 
player. Most likely in that scenario if the exploit worked on Tails it 
would have only provided an IP address of a Tor exit node [which is not 
a privacy threat]. That was changed in a later version of Tails to drop 
traffic instead because it posed a security risk [maybe, I think most 
users would probably have been fine behind a NAT network assuming Tails 
is designed well]. This attack vector would not have worked in Tails for 
that reason. Now it also most likely would not have worked because the 
exploit almost certainly targets Microsoft's media player. The exploit 
(if you can call it that, given it's not designed to be privacy friendly 
and doesn't open up the media player or system to remote access, etc) is 
either a known problem that has never been fixed (not entirely sure it 
is an issue from a security perspective, though it is from a privacy 
perspective) or a new problem that should have been on the radar of any 
developer designing a secure privacy friendly operating system [which 
Microsoft Windows is not].

Microsoft Windows is a threat to your security. All proprietary software 
is a threat. Intel and AMD are a threat to your security. There is 
remote control functionality built into every Intel and AMD CPU since 
2009 and 2013. It would naive to think that US companies AMD and Intel 
have not been ordered to insert a backdor. Intel and AMD will not 
release the code and have signed these components such that even if they 
were reversed engineered the user can't load a backdoor free version of 
the software.

The answer to the problem is in crowd funding a new standard that has 
been in the works for years that modularizes critical components into a 
'computer card'. By doing this it gives computer designers a less 
expensive way to design backdoor-free computing devices. It also lets us 
utilize non-Intel/AMD designed CPUs from Chinese companies. Now this is 
not to say China isn't a threat to users privacy and security. We know 
about backdoors in homegrown Chinese designed laptops. The difference is 
the backdoors were inserted in keyboard controller firmwares and were 
dependent on an OS level component to work. By modularizing the design 
it was possible to produce a laptop (the first ever) that we can be 
reasonably confident is NSA/Chinese/Russian/etc backdoor free. The 
keyboard and LCD controller is based off work for which we have the 
complete set of source code. The equivalent microcode/firmware for CPU 
related components are available. There is no BIOS and the bootloader 
and other critical driver related components we have the complete set of 
source code for.

There are only five days left of the campaign. It is important that 
people contribute to it. The concept needs to succeed if we want to 
eventually have devices that we can be reasonably confident are secure 
from government(s) and other criminal elements.

Here is that crowd funding campaign:

https://www.crowdsupply.com/eoma68

* The people behind the project are more trustworthy than the people 
behind some other crowd supply campaigns. The FSF has worked with Luke 
(lead engineer) on ensuring the complete set of code is available. It's 
also the case that all code is available unlike past RYF laptops (for 
which there has been valid criticisms, particularly from a security 
stand point).

Now this doesn't make this device secure in and of itself. There is a 
lot that has to happen. This is only going to result in a base that can 
be used build truly secure and privacy friendly devices. More work needs 
to be done at porting key software to ARM, increasing the user base to a 
point where fingerprinting is less effective, etc. There are significant 
hurdles to overcome.

> "
> 2. The author embedded a list of his findings in his article.
> http://rixstep.com/2/2/20160817,00.shtml
> "Tor 6.0.4
> ...
> Why does Tor suddenly dump over 30 megabloats of steaming faeces onto
> a file system on exit?
> ...
> Most of the junk left behind comes from an EFF extension, but this
> extension has been used all along, and it serves no purpose to copy
> the data out to yet another location. If this is caused by an error at
> EFF, why hasn't this been corrected?"

If I had to guess it's probably a bug causing some component (the 
plug-in) to crash. It's not abnormal for reports to be generated after a 
crash and written to disk. There are good reasons users whom are at 
serious risk should run Tails and not the Tor Browser Bundle. Tails is 
designed to ensure nothing gets recorded to disk (especially 
unencrypted). The only exception I'm aware of is related to storing data 
on Tor entry nodes to thwart certain types of attack (it's possible 
other exceptions exist). Other data can be saved to encrypted 
partitions.

More information about the tor-talk mailing list