Help ATS with a contribution via PayPal:
learn more

NSA Hacking Tor - something to worry about?

page: 1
3
<<   2 >>

log in

join

posted on Jul, 4 2014 @ 07:31 PM
link   
I came across this document on Cryptome and wanted to get other people's opinions on it:

cryptome.org...

It sounds like they think anyone who uses Tor is an extremist or something, or at least that's what I thought. I rarely use Tor but it's nice to have on my computer because I tire of Google's constant "logged in" philosophy sometimes. Yes I know you can use incognito mode, but it's not quite the same.




posted on Jul, 4 2014 @ 07:35 PM
link   
a reply to: Sharted

Tor's security is based on the security and trust of the exit nodes. Anyone can run an exit node and anyone can monitor all traffic that goes over them.

If you only use a trusted exit node such as a friend or family member you will be safe.

To be totally honest, if you want security use a VPN.



posted on Jul, 4 2014 @ 08:21 PM
link   

originally posted by: shaneslaughta
a reply to: Sharted

Tor's security is based on the security and trust of the exit nodes. Anyone can run an exit node and anyone can monitor all traffic that goes over them.

If you only use a trusted exit node such as a friend or family member you will be safe.

To be totally honest, if you want security use a VPN.



And if the NSA already has back doors to the RSA algorithms what encryption would you recommend since the bulk of https is predicated on RSA?



posted on Jul, 4 2014 @ 08:47 PM
link   
I would recommend 256 bit AES encryption, assuming we are talking about VPN encryption algorithms, as it is generally assumed that 128 bit AES will be brute-forceable soon (2030 and beyond).

Also, it's much, much more likely that one end of the VPN tunnel is going to be compromised and that's what leaks your data, not the algorithm itself



posted on Jul, 4 2014 @ 08:57 PM
link   
a reply to: MarlinGrace

I have never been to concerned with security myself. I don't do anything that warrants me to scarification my data to that extent. My more secure information i use HTTPS/SSL and VPN.

Even using a VPN has its risks. You still are relying on a third party to safeguard your information. Lots of VPN companies do log your information and keep records of what machines are connected and to where.

I do not bank online nor or make online purchases, nor do i visit the deep web or anything that would draw unwanted attention to myself.

As for encryption protocols, that depends on what your using it for. That is far from a simple answer. All machines that your communicating with must use the same protocol. If they don't it will be like speaking Greek to German.

Certain protocols stick out more to malicious people monitoring your traffic.

Also, using file sharing software, java, flash, and a bunch of other peer assisted software make you visible even when using tor and freenet and other services like them.



posted on Jul, 4 2014 @ 08:59 PM
link   

originally posted by: hombero
I would recommend 256 bit AES encryption, assuming we are talking about VPN encryption algorithms, as it is generally assumed that 128 bit AES will be brute-forceable soon (2030 and beyond).

Also, it's much, much more likely that one end of the VPN tunnel is going to be compromised and that's what leaks your data, not the algorithm itself


Even AES makes me nervous since it was given to the government for approval. Some way we have to have something that they can't get there hands on. Don't know if its possible.

How is it possible to decrypt one end when it takes both keys to decrypt?



posted on Jul, 4 2014 @ 09:12 PM
link   
AES 256 is only as strong as the length of your password. Short passwords less than 8 characters can be crackled with GPU'S relatively easily.

Also using large random salt hashes prevent pre-computational attacks.

Dont use any easily definable passwords like ilovepizza or 1972transam or 1234567890

Take a look at word lists and dictionaries that hackers use for cracking to give you an idea about how to not make a password.

edit on 7/4/2014 by shaneslaughta because: (no reason given)



posted on Jul, 4 2014 @ 11:39 PM
link   

originally posted by: MarlinGrace

originally posted by: hombero
I would recommend 256 bit AES encryption, assuming we are talking about VPN encryption algorithms, as it is generally assumed that 128 bit AES will be brute-forceable soon (2030 and beyond).

Also, it's much, much more likely that one end of the VPN tunnel is going to be compromised and that's what leaks your data, not the algorithm itself

How is it possible to decrypt one end when it takes both keys to decrypt?


If hardware is compromised/has been or is accessible, all bets are off. Even if the channel between your computer and the VPN machine is secure, if someone on the other end can view memory via some utility (after decryption to plaintext), etc., then that's that. Or your end before it's encrypted and sent out.

This is like when the NSA sucked communications data from Google's nodes (by tapping them like someone taps a tree for honey)...
edit on 7/4/2014 by AkumaStreak because: (no reason given)



posted on Jul, 5 2014 @ 01:27 AM
link   
Ah Tor, does not surprise me in the least the NSA would consider any users of it extremists. When it comes to using Tor and security my philosophy is this - if you are doing enough illegal activities online to actually be a blip on TPTB's radar - well then they will get you if they want you. Simple as that.



posted on Jul, 5 2014 @ 02:22 AM
link   
a reply to: Sharted

It's a scary article. Sure, we all know that the Tor network was infiltrated by various intelligence agencies and that the NSA 'own' a proportion of the network. The scary part of the article is what will happen to people who search 'tor,' access the tor website, search for 'tails' or use the Tor network.

IPs are logged and stored whilst the traffic from that IP is scrutinised as if the owner is a threat to US security. This implies that anyone who has searched 'tor' will have subsequent searches logged and stored. By extension (the scary part), the simple act of showing an interest in anonymity will get you marked for surveillance.

The dragnet nature of this automated process means too much metadata for human agents to digest and analyse. There'd presumably be another filter to escalate the searches of individuals to a higher level of scrutiny. So downloading Tor to porn-cruise will get you listed by machine, using it to visit Arabic sites or technical specifications of chemical explosives will get you more personalised attention.

It's alarming how little is now needed to find yourself on a 'watch list.'



posted on Jul, 5 2014 @ 09:09 AM
link   

originally posted by: Kandinsky
a reply to: Sharted

It's a scary article. Sure, we all know that the Tor network was infiltrated by various intelligence agencies and that the NSA 'own' a proportion of the network. The scary part of the article is what will happen to people who search 'tor,' access the tor website, search for 'tails' or use the Tor network.

IPs are logged and stored whilst the traffic from that IP is scrutinised as if the owner is a threat to US security. This implies that anyone who has searched 'tor' will have subsequent searches logged and stored. By extension (the scary part), the simple act of showing an interest in anonymity will get you marked for surveillance.

The dragnet nature of this automated process means too much metadata for human agents to digest and analyse. There'd presumably be another filter to escalate the searches of individuals to a higher level of scrutiny. So downloading Tor to porn-cruise will get you listed by machine, using it to visit Arabic sites or technical specifications of chemical explosives will get you more personalised attention.

It's alarming how little is now needed to find yourself on a 'watch list.'


Well, I don't do anything noteworthy so I should be fine. It's lame that they flag people just for wanting total anonymity. I understand that they need to do it to catch perverts and drug lords, but the only way they can do that is by spying on everyone, so lame.



posted on Jul, 5 2014 @ 09:36 AM
link   
There is no encryption that is safe.

Gizmodo



posted on Jul, 5 2014 @ 11:37 AM
link   
The NSA wishes they could hack Tor. They can not.

They simply lack the talent. No computer programing wizards are willing to work for the NSA under the conditions and wages they offer.

They have minor league talent and are only fooling themselves to believe they can out hack the world's best.
edit on 5-7-2014 by jrod because: 1



posted on Jul, 5 2014 @ 04:19 PM
link   

originally posted by: jrod
The NSA wishes they could hack Tor. They can not.

They simply lack the talent. No computer programing wizards are willing to work for the NSA under the conditions and wages they offer.

They have minor league talent and are only fooling themselves to believe they can out hack the world's best.


If they have access to nodes can't they see what people are doing?



posted on Jul, 5 2014 @ 04:31 PM
link   
a reply to: Sharted

Beats me. All that stuff is beyond me. I can't hack.

What are these nodes you speak of?

Are there people floating around in the dark web?



posted on Jul, 5 2014 @ 04:35 PM
link   
a reply to: Kandinsky

Hey K. Ever since the discrete logarithm problem was part solved. I no longer put much bank in SSL certs. HTTPS Everywhere was great while it lasted. Frankly, RSA should be treated as though it is compromised. The only way the internet will have real anonymity again is if we put real effort into Meshnet. Even then though we'll probably have to setup websites to use something like Diffie-Hellman rather than one size fits all trapdoor RSA-type encryption.



posted on Jul, 5 2014 @ 04:35 PM
link   

originally posted by: jrod
The NSA wishes they could hack Tor. They can not.

They simply lack the talent. No computer programing wizards are willing to work for the NSA under the conditions and wages they offer.

They have minor league talent and are only fooling themselves to believe they can out hack the world's best.


Cool story, you know this how?
Oh wait you don't.

Just because you read about a few people that used a LOIC or DDoS or DOS or some script kiddie somewhere who heard about boxing at his local 2600 meeting ,ffs I wished red boxes still worked
, and wears a fawkes mask then makes quotes that sound like rejected dialogue from The Matrix doesn't give you any more insight into how the real world is than anyone else.



posted on Jul, 5 2014 @ 05:04 PM
link   

originally posted by: Xtraeme
a reply to: Kandinsky

Hey K. Ever since the discrete logarithm problem was part solved. I no longer put much bank in SSL certs. HTTPS Everywhere was great while it lasted. Frankly, RSA should be treated as though it is compromised. The only way the internet will have real anonymity again is if we put real effort into Meshnet. Even then though we'll probably have to setup websites to use something like Diffie-Hellman rather than one size fits all trapdoor RSA-type encryption.


Everyone can thank the Global warming expert Mr. Gore for the RSA backdoor. The problem is there are optical splitters installed in the fiber optic network that allow for capture without interruption, much less a slow down. Personally I don't think any of of it hasn't already been broken to some degree. The thing to remember is all encryption can be broken given the time, the question is the time sensitivity of your data. So they can tell where packets are going to and coming from but once you start in on the math, start the clock. Always use a passphrase as long as you can remember.

The "meta data" the two IP addresses, MAC addresses are all recorded and everything in the middle if they feel is worth the trouble will be looked at seriously. In most cases if you're under that much scrutiny they just break in and place a moving in memory logger and viola' the encryption doesn't matter. The really good government worms/loggers/ etc. move within blocks of memory and are virtually undetectable.



posted on Jul, 5 2014 @ 05:05 PM
link   
a reply to: Xtraeme

Great post though.



posted on Jul, 5 2014 @ 05:16 PM
link   
a reply to: Xtraeme

Hiya X, although the technicalities are beyond me, I've read enough to know you're right about anonymity being compromised. It'll take a while to go through your links, digest, and watch the YT vids.

Looking at the Meshnet article, wouldn't it be susceptible to 'sniffers' or 'man in the middle' players? Given the capabilities of major agencies, wouldn't they be able to monitor traffic from an IP via the ISP? The article mentions encrypted traffic that's limited between one IP and another and, in theory, would be anonymous to outside agents. However, the question crosses my mind about how those two parties come to agree to share an encrypted line of communication? Before they agree on the encryption, wouldn't their online correspondence be observable to others like ISPs, email hosts and those who monitor their traffic?

In that scenario, whether communication occurred via phone, SMS or snail-mail, we'd be using channels that are known to be under surveillance. The circumstantial evidence would have flagged our intent before we went 'dark.'





new topics

top topics



 
3
<<   2 >>

log in

join