GD Stinks .. Fe CT SIGDEV JUN 2012 Derived From: NSACSSM 1-52] Dated: 20070108 Dectassity On: 20370101 re secReT/COMNTIRELVEY Tor Stinks....; ¢ We will never be able to de-anonymize all Tor users all the time. ¢ With manual analysis we can de-anonymize a very small fraction of Tor users, however, no success de-anonymizing a user in response to a TOPI request/on demand. REMATION II « * Joint NSA GCHQ counter-Tor workshop ¢ Week one at MHS focus on analytics * Week two at GCHQ focus on exploitation https://wiki.gchq/index.php?title=REMATION PO ersecrericomnri never Laundry List «, Analytics to de-anonymize users * Exploitation — Circuit reconstruction (21) — QUANTUM attacks (1, 20, 22) — Goes inta goes outta/low latency (2) | — Existing options (8 + 11) — Cookie leakage — Shaping (9 + 16) — Dumb users (EPICFAIL) — Web server enabling (10) — Node Lifespan (17) — Nodes (14) — DNS — Degrade user experience (13 + 18) Technical Analysis/Research + Nodes — Hidden services (4, 5, 6, 7) — Baseline our nodes (21) — Timing pattern (3) — Tor node flooding — Torservers.net/Amazon AWS Analytics: Circuit Reconstruction .,. Terrorist with Tor client installed Tor relay node Internet site | @lorentrynode @orexitnode Nr ‘ANONYMIZER CLOUD * Current: access to very few nodes. Success rate negligible because all three Tor nodes in the circuit have to be in the set of nodes we have access to. — Difficult to combine meaningfully with passive SIGINT. * Goal: expand number of nodes we have access to — GCHQruns Tor nodes under NEWTONS CRADLE (how many?) — Other partners? — Partial reconstruction (first hops or last hops)? Analytics: Goes Inta Goes Outta/Low Latency «, Find possible alternative accounts for a target: look for connections to Tor, from the target’ s suspected country, near time of target’ s activity. Current: GCHQ has working version (QUICKANT). R has alpha tested NSA’ s version. NSA’ s version produced no obvious candidate selectors. * Goal: Figure out if QUICKANT works, compare methodologies. Gathering data for additional tests of NSA’ s version (consistent, random and heavy user) Analytics: Cookie Leakage jx. Use cookies to identify Tor users when they are not using Tor * Current: preliminary analysis shows that some cookies “survive” Tor use. Depends on how target is using Tor (Torbutton/Tor Browser Bundle clears out cookies). * Goal: test with cookies associated with CT targets — Idea: what if we seeded cookies to a target? — Investigate Evercookie persistence sc 5ccFeTHCOUNTIRELEVE Analytics: Cookie Leakage «= * DoubleclickID seen on Tor and non-Tor IPs FP cesccnetiCONNTIREL EY Analytics: Dumb Users (EPICFAIL) «: GCHQ QFD that looks for Tor users when they are not using Tor. * Current: GCHQ has working QFD based on hard selector (email, web forum, etc) but does not include cookies. * Goal: NSA investigating own version (GREAT EXPECTATIONS) that would include cookies. sc ccFeT/COUNTIRELVE Analytics: Node Lifespan .» How do | know WHEN a particular IP was a Tor node as opposed to IF it was a Tor node? * Current: detection done once an hour by NTOC. RONIN stores “last seen” and nodes age off slowly with no accurate lifespan. * Goal: Working with RONIN to add more details on node lifespan.