 Hello everyone, the talk you're sitting in on right now is Cipher Spaces and Darknets and Overview of Attack Strategies. First of all, quickly, a little bit about me. I've been on Geek.com, hopefully some of you have visited the website before. I have an interest in infosec education. I don't know everything, I'm just geek with time in my hands. So I forget something slightly wrong on one of these Darknets I'll be talking about. Come up to me after the talk, I'll be interested in hearing about it. Back in the Q&A room. I'm also going to be regular on the ISD podcast. They podcast five times a week. I'm usually on Thursdays. And I'm also a researcher for the Tnasty Institute, which is kind enough to sponsor me coming here today. All right, a little bit of background information. First of all, what do I mean when I say a Darknet? Now, there's a lot of different definitions and it can get a little confusing. There's some name collision out there. But I'm using the broader sense of Darknet to be just an anonymizing network. Generally speaking, these Darknets are also known as mixed nets where you have multiple proxies that you hop through and different levels of encryption so that you can communicate and people don't know both where you're communicating to or what you're communicating. I also love the term cypher space and that might be a little clearer term to use for some of these networks. The two ones I'll be using is reference examples or of course Tor and I2P. But there's a lot of other ones and some of the attack strategies that we're talking about here are very academic and there's actually mitigations in place in both Tor and I2P to hopefully make them not be nearly the size of the problem that they could be. Things get subtle when you're talking about attacking mixed nets. Terms kind of vary between researcher and researcher. What they mean, some particular term means. For instance, who here has ever heard of a civil attack? Who here has ever heard of a sock puppet? Probably a few more people's sock puppet. I'll go into definitions of all those but a lot of our literature out there is very academically oriented and I'm going to try to make this talk begin in such a way that it helps people understand that academic research without necessarily having to read 20 papers on the subject. There's a lot of weaknesses that are interrelated. Civil attacks, for instance, can be used to help augment attacks like traffic correlation. And like I said, there's a lot of other cypher spaces out there besides Tor and I2P. The ones you see up there on the screen, it's just to name a few. But Tor seems to have gotten most of the ground and I2P is sort of a runner up. If anybody wants stickers from the I2P project, come up to me at the Q&A room. I have some. But like I said before, I'm going to focus on Tor and I2P for my illustrations. And some of the attacks are very academic and I'm trying to give a few real world examples though to illustrate how they can be used. Now, when it comes to attacking dark nets, threat model matters a whole lot. You can't really protect against everything. Some protocols may just be lost causes. One of the problems with some of these cypher spaces is that people try to throw protocols across them that just were never designed to be anonymized. Bit Torrent would be a good example which I'll go into a little bit later on. Users may do things to reveal themselves. No matter how anonymous someone is, if they start using a dark net and use the real name, well, you know who they are. Not all the attacks that we're talking about necessarily reveal the actual identity of the person. They may just reveal whether the IP address they're truly talking from or it may just reduce the anonymity set. For instance, you don't know the true IP they are from but you know they use ISPX or they're in country Y. Also, when it comes to attackers, there's different types. You have your active versus passive ones. Your active ones are actively doing stuff to manipulate the network and passive ones are just seeing their listening. You also have location, location, internal versus external. Externally listening like your ISP might be internally somebody who decides to join the dark net and screw around if it appears to see what they can find out. Adversaries of course also vary by the power level. You have like nation states which have a certain higher level of power. You're going to have things like ISPs as well. Then there's differences between Western democracies and other places. For instance, some of these dark nets, they might even do a very good job of hiding who you're talking to and what you're sending. Everybody knows you're using it. And some countries, just the fact you're trying to hide something from the government, may be enough to have someone come knock at your door. Also, some private interest groups may also be interested in figuring out who's actually behind a certain pseudonym or who's actually exchanging information on these dark nets. And finally, those schmucks like me who just like to play around. All right, the two dark nets I'm going to use for most of my illustrations are both Tor and ITP. I'm only going to quickly cover those. How many people have heard of Tor before? Pretty much everybody. How many people have heard of ITP? Oh, that's one. Cool. Awesome. But Tor essentially you have multiple levels of encryption. You pass something in. It's like Chinese nesting dolls or like an ogre with layers and each layer along the way gets stripped off to get to the exit point, then you reverse the process to get back in. Hidden services are a slightly different issue where you can host something inside the Tor network. But it's mainly focused on out proxy to the public internet. ITP on the other hand, a little bit different. Instead of using bidirectional tunnels where you build a circuit and it's both your in and your out, it has unidirectional tunnels where basically you have a series of out tunnels. You send something out and you send them into someone else's in tunnels. And you have in tunnels of your own which comes to you from other people's out tunnels. This unidirectionality is there to hopefully mitigate some traffic analysis attacks because you have to compromise more nodes in the network to figure out who's talking to who. It also uses layered encryption. It generally refers to it as a garlic routing. And I'll try to discuss the difference, sorry, well, garlic packets. And I'll try to explain some of the definitional differences between the two. But it's key focus is an out proxy to the public internet. It can do that, but generally you have like one out proxy. Its main goal is so you can host something internally without other people knowing you're the one hosting it. And this could be anything from well, an EAP site, which is a website, to a box you can SSH into, IRC, all those sorts of things. And in my opinion, this is rather subjective, it seems to do the hidden services type functionality faster than Tor does. But it doesn't really have great out proxy ability to the public internet because you generally have one out proxy, so it's easy to detect. Not that Tor can't be detected, but that's another subject matter. Essentially you have with ITP three levels of encryption, you have your end to end, you have between each hop and you have between your internal and your out tunnel. Conceptually though, it's pretty similar to onion routing. The key difference is it's called garlic because you have cloves in a piece of garlic to where in theory you could make a message, send it to an end point, actually have it separate out and have it separate out in the separate messages and have them all returned to you in different ways. Now the way ITP currently implements this, it doesn't really take that full functionality, it's actually a little closer to onion routing than that picture illustrates. But that's a concept of what you could potentially do with garlic routing and if you accentuate that some more, imagine if you can send a message out and have cloves of it separate here, separate there, come back in different directions and they're asking for this masking traffic for each other as you're sending these packets out on the network. It's not exactly that implement that way in ITP as of yet, but the packet format has that potential. All right, the first vulnerabilities we're going to talk about are untrusted exit nodes. You only have anonymous data you send. Quick overview, this is mostly Tor centric. You've got to wonder is the person who's running the exit point you're going through, are they looking at your data? The traffic may be encrypted while it's inside the network, but once it hits that exit point, it's unencrypted or it's encrypted as whatever protocol is riding inside of Tor. If you're using HTTPS, you may be okay, depending, and I'll get up to that depending here in a second. A few instances, Dan Igostad, the whole thing, embassy hack was called back in 2007. Essentially a bunch of people were, workers at embassies were using Tor to tunnel out of the host country so they could do things anonymously. Unfortunately, the things they were doing didn't lend themselves to being particularly anonymous. Yeah, the host country may not have been able to directly spy on the communications, but when you're using pop free SMTP, HTTP basic, authentication, and other plain text protocols, the person who's sitting there on that exit point can sniff it. What Dan did was he set up his own exit point and started sniffing the traffic to see what was going on out there. Not exactly the best way to keep yourself private if you're using Tor for those sorts of functionalities. So keep in mind, if you're using Tor, be careful what you send out there. You're only as anonymous as the data you request and send. Also, Moxie Mullenspeig had a similar thing, and this is where my little note about SSL comes in. He set up his own exit point and he put SSL strip on it. So even if someone was trying to use HTTPS and had it extra encrypted inside the Tor tunnel, he'd use SSL strip, knock that connection down to HTTP and be able to look at it. And if the person who was surfing using Tor wasn't paying attention and didn't notice that the lock wasn't there and the UOL didn't say HTTPS, then they might very well have been owned. Quick illustration of what this looks like and also gives you a better idea of what I mean by onion routing. Essentially, you have free layer of encryption on a message. One layer gets stripped off on each hop, hits the exit point, goes out unencrypted, and at that point the person can look at it and possibly modify it to do some other attacks I'll be talking about later on. You can tell, some people want to draw no diagrams of cypher spaces and mix nets that give you like circles and lines. So this is my interpretation of what a document should look like. It's all one big happy document. And of course anytime you see someone with a goatee, we obviously know the goatee one's evil. Okay, keep in mind mitigation wise, toys for anonymity, not necessarily security, but only as secure as the protocols you're trying to make right on top of it. Use you into encryption. Don't use plain text protocols. And if you do use plain text protocols, expect that other people might be able to see them. But sometimes that's fine. You just want to visit a web page without other people knowing you're visiting that web page. You don't care if they see that someone accessed this web page. Your email however is a slightly different matter. Don't use plain text protocols that send usernames and email addresses. If they, you're not very anonymous if people know your email address and name. But strange enough people at that embassy were doing it. The next type of attack I'm going to talk about is DNS leaks and other protocol leaks on the application layer. Does all the traffic you're trying to send actually go through the proxy or does some of it leak out in other ways? DNS leaks are a classic example and badly configured proxy settings could also lead to some types of traffic to go elsewhere. And I'll show some of those bad configurations here shortly. A snooper can set up web bugs and if the protocol that the web bug is accessed via isn't properly supported by the dark net it's possible they can find the real IP address of someone visiting a site. HTTPS is a good example of this. But plugins can also be an issue. There's a lot of plugins out there that don't necessarily properly respect the proxy settings of the browser that they're embedded in. Application level stuff is generally a problem. A whole lot of things in academia seem to evolve around traffic analysis attacks but it takes a little bit more powerful adversary to pull some of those off. The application layer stuff most people can pull off I imagine in this room. JavaScript is pretty much just hosed. Definitely use the tour browser, tour button for the tour browser bundle. Try to sanitize some of the JavaScript issues. Probably won't turn scripting off but for more information on how JavaScript can totally poem somebody go check out Gregory Fleischer's talk from DefCon 17. But to give you a graphical illustration here's what a DNS leak looks like. Let's say you go out and you visit irongeek.com but you don't want anybody to know you're visiting irongeek.com. Well sometimes when people configure Tor or ITP for that matter if the request for that host name is not sent into the dark net itself it may be sent out to the public internet. Now in this particular illustration my ISP wouldn't necessarily know what information I'm sending out onto the dark net but since they see I'm making a DNS request for irongeek.com well they know I'm going to be web surfing there even though they don't know what date I'm getting from irongeek.com. The same thing goes for .onion and .ITP addresses. These are hidden services and EAP sites respectively while your communications to them might be secured and no one can see what you're sending. If your DNS entries or your DNS settings are misconfigured or your browser is not probably supporting them someone who controls the DNS server can just sniff that connection to the DNS server can figure out oh well I'm not sure what he's doing with this ITP site but I know he's contacting it and depending on what the site is that could be bad enough. Mitigations for this? Well first thing you should probably do is connect to Tor ITP, follow up Wireshark or TCP dump and use that little TCP dump filter port 53 and see if anything is actually going out there on port 53. See if anybody is doing any kind of DNS communications while you're surfing around using Tor ITP. If you have Firefox set up you may want to make sure that this particular configuration is set. You go on this bout config and just set it to use remote DNS through the proxy to hopefully mitigate those kind of leaks. Now some applications no matter what they don't have a setting where you can say send everything through my SOX proxy to do all name resolutions. So Tor button can also help with this. Tor button actually makes some of these settings for you. Other applications vary where you have to make these settings. You may have to file all off of machines port 53 entirely might be an option. Another option out there is inside of Tor. You can edit the RC file and there's a setting called DNS port 53. You set DNS port 53 and your local machine will now have a DNS server on it and you can set your machine to use that as a DNS server in your IP settings so that hopefully that will totally mitigate the problem of people being able to see your DNS traffic and figuring out where you're surfing. Another thing is grabbing content outside the dock net. I stumbled across this while I was playing around with ITP and didn't exactly have all my settings done correctly. Essentially what happens is let's say someone requests a hidden server or an EAP site and that service happens to have some extra stuff embedded in it. This could be a plug in. It could be just an image. In this case I configured an HTTP proxy using ITP but I did not configure an HTTPS proxy. So if someone happened to have an image embedded in the page that said HTTPS some URL to some image it would not be going from my dock net. Instead it'd be going directly and let's say they're serving up serial numbered images. They can quickly correlate who visited this page with this particular person who contacted me inside of the dock net. Now here's what I screwed up. When I first did my settings on a ITP I just set an HTTP proxy. A couple options I could set. I could say use this proxy for all protocols. In ITP's case that setting isn't exactly ideal because all those protocols are not supported by the proxy but at least it's keeping that little SSL issue from happening. Another option would be to actually configure an SSL proxy which ITP does have though that particular out proxy has a tendency to be down. Slightly related would be things like cookies. Let's say you're web surfing along, you're visiting Google and you go okay I'm going to go look for some websites now and I want to be anonymous. However you didn't change context or anything like that and you just started saying okay start using my Tor proxy. Well if you got a cookie while you were outside the dock net and you haven't changed context, you can switch into private browser mode or use a different browser or change profiles. Well that same cookie could very well be served up to host while inside the dock net and through it and then go well I saw this person coming to me from the public internet and now I see them coming to me from the dock net with the same cookie I know it's the same person. There's also a possibility of making hidden services contact you. For instance let's say someone's running a vulnerable web application on an EAP site or Tor hidden service. It's possible you could throw an exploit and payload something like let's say some kind of shell execution vulnerability and actually get that remote target server to contact you outside the dock net and now you know who they actually are. Another example would be BitTorrent. BitTorrent has a lot of issues and all this work I've pulled from the folks whose names are at the bottom of the slide I really don't want to butcher their names so I'll go out and check it out later it should be on your DEF CON CD. But BitTorrent has multiple issues. One of its issues is if Tor is only being used for contacting the tracker I could just watch announced messages and extension protocol handshakes to extract real IPs. Another thing is again if Tor is only being used for contacting the tracker and SSL is not used I could sit there as the exit point and I could change the return peer list to point to me as one of the sources and watch for the outside contact then try to correlate an IP based on the peer ID and the port. Another option would be even if the peer traffic is sent over Tor which generally most people are hopefully not going to do. First of all using Tor for BitTorrent is kind of frowned upon but if even if you did do it it's pretty slow thing to do so most people only configure the tracker for BitTorrent use not necessarily direct communication to other clients. But even the peer traffic is sent over Tor if the DHT issues the distributed hash table issues the IP may still be revealed because UDP packets aren't sent over Tor. So you can scrape the DHT and find out who all share that particular file based on peer ID and port ID. You may also then be able to because you de-anonymize someone via BitTorrent and figure out who they are. If you see messages coming through that same circuit through that same tunnel and some other protocol like HTTP well you go what's coming from the same circuit I've de-anonymized the BitTorrent use so I know it's the same person who's visiting this particular website. So it can also leak out and cause issues for other protocols you're using at the same time. Another example of an application floor I'd like to mention is IRC and for a while I was trying to keep a different identity inside the ITP network and I kind of botched it but I was using Pigeon as my IRC client and by default if you don't configure it's identification whenever someone does a who is on your NIC in IRC they can find out what username you log into machine ads. Now in my case if you google up ITP and Adrian it comes pretty quick to figure out who I am even though I was using a different handle while I was inside of IRC. Luckily you can fix this and this is going to vary from client to client you can go in and set a username and real name so you can put information that's not necessarily connected to you. Then when someone does a who is it doesn't necessarily come up with the name that you log into the box with. Probably a good call. Some general mitigations. Client wise make sure your browser is set to send all the traffic through the dark net. You may want to start using the dark net, fire up a sniffer, test a few protocols go hmm is anything leaking out to the public internet that I wouldn't want people to see. Also look into setting up firewall rules on a box so that nothing can go out besides going out through the dark net support. Limit the plugins used if you decide that you want to use every single possible plugin out there. You don't know when that they properly respect proxy settings. You'll probably be hosed. And using the separate browser like I keep a copy of the tour browser bundle that I've also configured so I can switch between it and the ITP back and forth separate from everything else and then I want to use that for accessing these networks and I don't use my core web browser at all. Also you might want to check when you're using one of these dark nets, visit one of these sites like decloka.net and panopticlic. Decloka.net is from the same people that do the Metasploit project. Basically they try a bunch of different, embedding a bunch of different file types like let's say Word docs and they try a few different plugins and so forth and try to get something not to respect your proxy settings in your browser and find out your real IP address that way. Panopticlic is somewhat similar. It's more about trying to figure out how anonymous you are via your user agent string and a few other factors like JavaScript or JavaScript returns and it tries to figure out out of this many hundreds of thousands of people how unique is your particular web browser. Obviously you don't want to be unique because if you are unique then you can be profiled. Also of course on the hidden server side don't run vulnerable web applications or any other kind of applications inside of a dark net. If you do and someone happens to be able to hit it with an exploit doing a payload that does a reverse TCP connect well they quickly figure out who you are. Also don't run on a box that routes to the public internet. If you're going to have a box that you want to host stuff as a hidden service or a Tor EAP site there's no real reason it has to contact the internet other than just the dark net client and it could actually be running on a different machine and on your network. The dark net client could be running on another machine and just communicate and forward all its port activity but the box you actually running can't directly contact the internet no matter what people send and that might be a good call as well. Another class of attack I like to talk about is attacks on central resources and infrastructure attacks as well as just general DOS attacks. Now as far as DOS attacks on individual hosts inside the network more unlikely most of the blunt of the damage is going to happen to all the nodes between you and them so it's going to be more of a D-DOS against the network than any individual hidden service inside of it. There's a whole bunch of categories of general DOS attacks on the network looks like starvation attacks where you maybe promise to give certain resources and don't partitioning attacks where you do various things in the network saying all right if I take out this particular one that's routing and this particular one that's routing kind of still get a message out I've split down the network and I start whittling it down towards a smaller cross section and I have less possible people will have to look at and of course there's this flooding just sending a crap ton of stuff into the dark net to disturb it. Standard D-DOS attacks generally speaking well first of all I've people who do D-DOS for the sake of political being a political advocate thank you yeah just don't and if you're gonna do it definitely don't do it over talk because you're going to be destroying Tor not whoever you're targeting anyway but I find the maturity if you're into free speech then pretty much at all times D-DOS is wrong you can debate with me about that in the Q&A session later on I'm sure someone would want to. Shared known infrastructure is also a problem this is not necessarily a direct attack inside the dark net but if certain core servers out there like let's say the Tor directory servers are taken out well it comes really hard for people to be able to use Tor if they can't fire out anybody to vouch for similar things with I2P website went down a lot of people wouldn't know where to download the client also they have well they try to use a distributed system where you don't necessarily have to talk to a directory server to figure out other people you can bounce through they use a distributed hash table called net DB however there are certain re-seeds they'll use so that if you're a new client it will start to the re-seeds to get the initial contacts inside that distributed hash table if you don't have that initial re-seed if you can't contact that well you're pretty much not going to be able to get on the network also of course total or severe blocking of the internet will keep a dark net from functioning at all obviously now a few incidents have happened in the past back in 2009 when China blocked some of the Tor directory servers this caused huge issues for people being to use Tor luckily there's mitigations out there for that there's also other general blocking of the internet that's happened like Egypt and Libya and Iran in more recent days so let's say someone tosses the directory server if they do that then you can't find nodes to route through you can't find nodes to route through you can't get on Tor total mitigation well for Tor to something called bridge nodes instead of having all the routers in Tor be announced via the directory servers you can actually find out these bridge nodes in other ways it could be something like email someone at the Tor project and they send you back a small list of bridge nodes or you could maybe meet someone at the conference and say yeah I run a bridge node in that particular country here connected this and I'll get you on the rest of the network the core idea is not to have all your eggs in one basket where someone can easily block all access to Tor distributed infrastructure may help for instance ITP instead of having core directory servers tries to do everything in a distributed hash table where everybody is kind of responsible for sharing this information once you get in the network and you've had some time to get well integrated into it this kind of information just comes to you and you it's sort of like a distributed database so that might help somewhat but even ITP does have some central infrastructure protocol obfuscation may help in some cases so people don't know that you're using Tor ITP and I know both of those projects are working on better forms of obfuscation because in some cases like I said before depending on what country you're working out of just the fact you're hiding something maybe enough for someone to come knocking on your door also total and severe blocking of the internet that's a little bit harder problem to get around and this is one I'd really like to do more research on so if anybody has any information on this come up to me during the Q&A session I'd like to hear it mesh networks the core idea is a think of kind of like a I guess a layer one dark net where you basically build your own infrastructure so let's say you had some cheap hardware with some kind of wireless connectivity you could strip spread these nodes out across the geographical location and basically have not met messages bounce around in them so this hosts may forward a message for this host to hear to hear to hear to hear and eventually get it out on the public internet in some way now depending on the location though and the type of message you're trying to get out you may not necessarily be able to be fully integrated at all times and get a message out so it's also things like store and forward where essentially someone creates a message and let's say you made a client for phone systems where okay this person trying to get a message out they do the message and they carry it around the pocket whenever their phone comes in each of another phone that can send the message out it passes it along passes it along store and forward until eventually you can get to a place where that message gets out now obviously we're not talking about low-latency protocols like HTTP for this but for an email just trying to get an email out of a country the store and forward method might very well work so I'd like to be I'd be interested in seeing more work on a mesh networks and easily deploying them to get around problems where people do complete blocking of the internet right for more info on mesh networks I got a few resources for you I don't know if any clear front runner saying this is the technology we'd be able to use to quickly and cheaply deploy a bunch of nodes in the mesh network Wikipedia has a few entries of course also does the village infrastructure in a kit alpha project you might want to check out and maybe some of you heard about the whole internet and suitcase project New York Times and article that a while back with the US government is funding money so they can send these basically internet in a box to various countries to help dissidents out the next category attack I want to talk about a clock based attacks some protocols out there like well HTTP for example allow you to check the remote systems clock so clock differences can be an issue if someone's clock is set way different in years and way different than everybody else you contact in a network well that's a point of profiling major differences are easy spot minor differences are a little bit more difficult but there has been some work on doing statistical analysis where you even if it's a very minor difference with enough time you can do your thing now a few instances one major paper that's been in a research circles on this would be Steve Murdock's hot or not and this is a neat concept essentially different hardware has different reactions that when it gets hot it's internal clock skews a little bit and not all hardware is the same and not basically in the same temperatures so you there's a certain unique pattern to how much this internal clock skews so what he did is he set up his own private tour network and this is my experimentation I was able to at least partially the anonymized people or the anonymous nodes based on how different the clock was and he was using HTTP requests and pulling off the time header now unfortunately though he was having to do this inside of it's been a while since I read it full paper but he had to do this on his own private tour network because the general tour network how many people have complained about tour network being slow so there's enough network jitter as far as timing out there already that it makes some types of attack hard to do because you don't know whether or not this guy two seconds off of my clock or did it just take two seconds for the message to get to me or in some cases this guy really five minutes off and to take five minutes to get back to me there's also been some research on it to be clock differences and I'm going to show your table here in a second for a project I did for tenacity a few months back but quick illustration just because I love putting up these smiley computers you ask what time it is you get a report back and you can start profiling well how different is this person for me and how different is he from everybody else in the network there's a table I generated and hopefully it's somewhat readable where I essentially went out there and looked at each node I could find inside of it to be that was running in each site and requested from each site hey give me this web page and I took note of the time and at that particular time it to be didn't strip out the server it was if it returned that information so I find out is this each site hosted the patchy or I I S of something else they've since stripped this out which was a great thing to do the very responsive but let's ignore that for a second I was pulling down times and if the time is only a few seconds different from me that could very well be network jitter it takes a while for that tunnel to build and for a message get out my out tunnel into someone else's internal out there out tunnel back into my internals that all takes time with multiple hops so a few seconds that probably isn't significant however when someone's almost a minute different than me and I found an IP address on the public internet that I knew was using ITP that was about the same difference I have a good idea especially when I find out that the web server software is the same that those are probably the exact same box the reason I could know the IP addresses of the people who are using ITP is I basically scraped that distributed hash table for all right give me all the IPs of anybody who's using this and sit there and wait for a while and log them and log them and log them and basically go out there and well this next graphic should illustrate that better I'll do it in a second see these tags can be kind of hard to pull off from the standpoint of actually don't illustrate in this one pardon me essentially what I did was basically query all those websites inside of ITP via the each side address find out the time difference then create all those IP addresses see if they were running a web server find out its time difference and stored correlating them now some of these attacks this actually inverted mitigations in there already by their very nature mix nets are going to be slowed in the public internet because you have to hop to multiple proxies to be able to get anywhere so that little bit of tiny jitter can obfuscate those clock differences also setting your clock to reliable NTP server will probably help some protocols actually have stuff in place already to try to synchronize timers for instance ITP does a lot of work to try to make sure that it's internal clock is set appropriately but ITP's internal clock isn't necessarily used to set the web service offer that you're hosting from so it only goes so far back to the NTP server thing I specifically outlined it has to be reliable because if it's not reliable well using NTP server that's reliably three minutes off is still a point of profiling another class of attack that I think is fascinating is a tax and metadata using metadata to profile people now data first of all who knows what metadata is alright I'm preaching to the crowd then metadata is interesting data about data all sorts of examples out there if you look at a PDF might be embedded who to offer it was same thing for word doc then those things like EXIF data that's inside of JPEGs they might give you information like GPS coordinates lovely stuff way too many to possibly name and in some older formats of office docs they've actually even better MAC address in your word doc now that's good profiling right there but that's been a while I think that was office 97 that did that now I don't know if anybody who's actually been de-anonymized inside of a document because of metadata but it's easy to see how someone could be let's say you're hosting some site inside of ITP or tour you have a bunch of PDFs on it someone start looking at these PDFs and going huh what can I find out about the person who offered it but to give you some examples of what people have been pwned by metadata catch what is one of my favorite examples a few years back she took a sexy picture of herself where head leaned back smoking and she crafted and posted up on her blog so people could look at the photo well when she crafted the software she used didn't rewrite the ex ex if data one of the things the ex ex data actually maintains besides just like things like GPS coordinates if someone decided to put them in there is of the application said to put them in there is a thumbnail well when she cropped the image application she used cropped the main image but did nothing to the thumbnail so let's just say that picture goes down a little bit further than what I have up on the screen right now another example would be Dennis Rader better known as the BTK killer way back before everybody had a computer in the home he would talk to police and so forth and get away with it and they won't be able to trace him down eventually I think someone was writing a book on him and decided to start talking to the police again so he sends like a floppy disk with a word doc on it to the police with a taunt well they look at the word doc I guess they right click don't look at its properties and saw that it was offered by Dennis and it was registered to some church so they go visit that church find the guy named Dennis and they caught him a fun example might be a I have no idea how much that man handles I'm just going to call him nephew chan nephew chan decided to post pictures of he apparently took his iPhone of his aunt showering on 4chan probably not a good idea especially you don't sanitize data well anonymous being anonymous decides to look at these jpegs and goes hey you know what the GPS information is still in that EXF data because at the time the iPhones are thrown into the default and it was saying things like well we're going to tell your aunt what perv you are unless you give us the rest of the pictures unfortunately my main sources for this are gone cuz uh encyclopedia dramatically that once was either deleted the article or well as it was it's now gone but at some point in time even before it was gone they deleted the article luckily there's archive.org which has a version of the page for many years ago if you want to read more about that story well mitigations there is not a lot I can say here and clean it out but that varies from application to application make sure that your applications don't have metadata go in your phone make sure you don't have it set to store GPS coordinates and so forth but of course apps vary from app to app on how well you can do this and how you do it local attacks okay at this point it's pretty much a lost cause but we'll talk a little bit about them if someone has access to your local box well it's only so anonymous you can actually be cuz at this point it comes down to you know classic data forensics data on your hard drive someone looking for cash URLs memory forensics if necessary so you to mitigate this this is your general any forensics techniques and I have a three hour class out there on any forensics this would be things like using a boot CD using a boot USB so hopefully when you shut the machine down and no one gets the memory fast enough or if you shut the machine down and hold it away from the person attacking you like that for a little while you could hopefully get away with it though Andrew case has been doing some work on if you find a box that is currently booted from a live CD or USB looking at memory and being able to carve stuff and information out of that and he has his PDF out there on the black hat website if you want to view it hopefully he'll be able to post this video sometime on his blog also of course full hard drive encryption is probably a good option now on to Sibler attacks and I asked earlier how many people would hood a Sibler attacks and not a whole lot have in this crowd that's because mostly you see people refer to Sibler attacks it's usually in academia you don't see them referred to it as much in the hacker scene but think of sock puppets one entity acting as many and there's multiple reasons why someone might want to do this this allows them to control some things especially in systems that have a more distributed way of handling routing they might be to say let's say your mix net is based on a random walk will you randomly decide which way to go well it's possible that if someone controls more of those nodes and there's some kind of peer profiling place saying who do you trust well if I can vote hey I don't want a thousand nodes and all of them vote this guy is trustworthy that's probably a bad thing it makes a lot of other attacks easier the more nodes that you own in the network the easier it is to pull off traffic analysis attacks can you can see the data passing through you at more locations so to give you an illustration of that all these different nodes may look like they are long to different people but they're all controlled by the same person he can start manipulating the network in various ways for instance when in the case of ITP the core people who are taking care of distributed hash table or if I recall right the flood field routers there's only so many of these and it's partly based on what kind of resources they have so let's say you start controlling a large percentage of the flood field routers put up a lot of boxes of a lot of bandwidth donate a lot to the network and then all of a sudden decided to start manipulating them would that be an example of a civil attack a whole bunch of nodes all controlled by one person now there's no absolute fixes out there for civil attacks you can make it cost more to have nodes in the network so that someone can't spin up five thousand nodes in the network try to manipulate it using some kind of proof of work algorithm like hash cash how many people are familiar with bitcoin bitcoin then similar concept you have cryptographical problems that are easy to check when not someone got them right but hard to actually calculate CPU rise or take longer to calculate CPU rise another mitigation that's out there both torn I.T.P. restrict peering between two nodes on the same slash sixteen IP network this is to keep you from hitting someplace and going okay you have a tunnel through this network but all the I.P.s near tunnel all the sorry all the IPs near tunnel all belong to the same ISP and they can look at all of it that would not be so good for anonymity also central infrastructure may be somewhat more resilient to civil attacks though as I discussed earlier it has its own issues and hopefully better peering and profiling strategies might help to be of the spot bad actors in the network there's also been some ideas put forth like a civil limit civil guard and civil identifier which try to rely on real life social networks to decide whether or not as I understand it whether or not you should peer with somebody but after the whole robin stage event yeah people appear of anyone people allow other people to say to their friends even if they're not next class of tax more talk about a traffic analysis attacks and as I said before academia really likes to focus on traffic analysis attacks I really think the application layer stuff is where most people are going to have issues as far as the identity viewing being revealed but it's all sorts of the classes of this and there's a lot of subtle variations on how people are profiling this traffic it could be things like timing of data exchanges total amount of data someone sends in a network tagging of the traffic by colluding peers so that hey I'm the first hop I mess with the data I pass it along later on I see it again I'm going oh so I know you the person that contacted me on this note back here so I can make a connection there also it generally takes a more powerful adversary to pull off and it's really hard to defeat in low latency networks but low latency I mean things like HTTP where you expect a quick response email systems well those can be made somewhat more resilient but to give you an example uh this is a example of a one-way mesh network your ISP's view of it might be something more like this once it gets out of uh your connection they may not know who else is talking to it but they can watch all the traffic going to and from you and may still be able to do some kind of uh correlation from that but let's go back to an earlier example let's say all the data is encrypted as in Tor and uh someone controls both your first hop and your last hop well you send in five megs of data they send back eight megs of data and this may also have timings to it like how many seconds between each exchange of data well they control both the first hop and the last hop well even if the information is encrypted they can go huh this person sent 10 megs of data and I just received 10 megs of data on the exit point and at the exit point I can actually unencrypted look at it I can kind of draw a connection there or if they see a protocol that sends 2k of data rates 3 seconds sends 4k of data and I see that same pattern later on even though it's encrypted and encrypted with a different key later on just that pattern that profile they can use to de-anonymize another example might be timing correlations like I was saying there was that whole delay between exchanges between different nodes in the dark net it could also they could also do things like DDoS nodes they know that are in the path and try to cause a certain pattern in that timing by overloading the server and making it delay other packets so they can impose the timing themselves if they happen to be in the path they can try to pulse the data flow and tag it via timing though both Tor and ITP I believe sign the data they're sending so they can't directly tag it but they might be a tag it via timing I'm not sure I need to look deeper into the protocols for that also just change the load in the path like I was mentioning before mitigation of course more routers help the more routers you have the more people you have the bounce through more cover traffic will help cause the more other people out there talking the more confusing they would be to an adversary trying to figure out who's talking to who entry guards may help and entry guards is a concept that Tor uses where essentially you have a certain set of points that are always going to be your first hop and then you might somewhat randomly choose from there on out now the first obvious thing to do would be to randomly choose your path every single time the problem of this is eventually choose someone who controls both or you may randomly choose a first hop and a last hop that are controlled by the same person now it's granted it's true with entry guards you may have a bad and eventually what's like it's true with entry guards you may eventually have you have really bad luck and on your initial setup choose someone who is malicious and so you're always being profiled no matter what but at least you have a chance of that in the case of a random choice every single time eventually with enough time someone's going to be both first hop and the last hop control both nodes and be a look at your traffic one way tunnels may also help somewhat if your message is going out one set of nodes but it's not coming back the same path it should confuse some traffic analysis attacks short-lived tunnels may also help giving people less time to profile a bit of peer profiling to try to spot bad actors signing of the data of course and fixed speeds is nothing's been proposed to where someone only sends at a certain data rate of course and low latency networks this is hard to pull off not to mention a various dark nets as slow enough as it is so if you limited how fast they could communicate probably cause problems for people this is also the idea of padding and chaffing to where basically you pad a message so people can't see how big it is and later on you drop off some of that extra added useless data so that the same message is 5k here 20k here 4k here and still gets out but it's harder to know whether or not it was the same message originally the problem this of course is it takes up extra bandwidth also non-travel delays making a message wait a while before it's sent out can also confuse an attacker for low latency protocols like HTTP this really isn't so much of an option but for things like mail does it really matter if it gets there a minute from now or 5 minutes from now probably not then there's also intersection and correlation attacks this could be as simple as knowing who's up in the hidden service at the same time as the public IP address is available these techniques can be used to reduce an anonymity set maybe not necessarily out we reveal some button but at least help me profile them you can use various harvesting attacks to find out who's inside of a dog net so that you can try to contact them outside the dog net and use information from that plus the existence inside the dog net to figure out who they are to give an example of that I'm using ping but a better example would be an HTTP request you might make an HTTP request to a bunch of nodes you know or inside of the dog net well first you check the bunch of hidden services to see whether or not they're up now then a bunch of suspect nodes on the I on the public internet you may make send a request each one of them and see if they're up at the same time and if they're profiling over long enough period you may eventually be able to figure out okay this particular hidden service or each side is down at the same time this particular IP address is down and be able to correlate those two are possibly the same you can also do various things to cut down the number of checks one minute okay what service software is running on the EAP site I mentioned that someone before you can harvest as many as IPs as possible is the web server on the public facing IP running the same daemon you can make a V host request and see if you can get the EAP site from the public facing IP address and if so yippee you've found what box that is mitigations well more nodes helps being a smaller needle and a larger haystack giving less data also helps which is a good thing why ITP pulled out the server header in newer versions making harvesting and scraping harder uh... checking out or check out my article on a de-analyzing ITP later on I go into a lot more details of how those attacks work various links out there for if you want more information on this and this is all on your DEF CON CD and thanks to the comments organizers for having me to nasty helping me get the DEF CON my buddies from DEF CON and the ISD podcast and across the open icon library for some of the artwork I used events and questions which I'll be doing back in the room