Belmont Club

Seeking Mount Doom

The BBC says that a huge series of law enforcement raids have shut down Silk Road 2.0 and 400 other sites belonging to the “Dark Net”, which is an unlisted part of the global network.  The raid claimed to have interrupted the trade in weapons, drugs and human traffic conducted through these channels.

The sites operated on the Tor network – a part of the internet unreachable via traditional search engines. …

It was the operation last year to take down the drugs marketplace Silk Road which was the first major success in the battle against criminal use of the dark net.

Now this much bigger operation involving global cooperation amongst law enforcement agencies sees that battle taken to a new level, with Silk Road 2.0 amongst 400 sites closed. …

The BBC understands that the raid represented both a technological breakthrough – with police using new techniques to track down the physical location of dark net servers – as well as seeing an unprecedented level of international co-operation among law enforcement agencies.

The basic defense of Tor is what is called ‘onion routing’.  Conceptually it is like a clandestine network of cells. Traffic travels between the cells through a series of hops which are cut-outs. However, the successes scored by this latest raid are not as revolutionary as the BBC makes it seem. Tor had a number of known weaknesses, including susceptibility provided by traffic analysis techniques. The security it provided was not provided in principle, but only relative with respect to the correlation of the attack and defense.

The term “onion routing” refers to application layers of encryption, nested like the layers of an onion, used to anonymize communication. Tor encrypts the original data, including the destination IP address, multiple times and sends it through a virtual circuit comprising successive, randomly selected Tor relays. Each relay decrypts a layer of encryption to reveal only the next relay in the circuit in order to pass the remaining encrypted data on to it. The final relay decrypts the innermost layer of encryption and sends the original data to its destination without revealing, or even knowing, the source IP address. Because the routing of the communication is partly concealed at every hop in the Tor circuit, this method eliminates any single point at which the communication can be de-anonymized through network surveillance that relies upon knowing its source and destination.

The BBC notes that like IP itself, Tor was originally developed by US defense agencies, before others discovered its utility and used it for their own purposes.  “Tor’s users include the military, law enforcement officers and journalists – who use it as a way of communicating with whistle-blowers – as well as members of the public who wish to keep their browser activity secret.”

Attacking TOR has been an NSA priority for some time, according to Bruce Schneier. “The work of attacking Tor is done by the NSA’s application vulnerabilities branch, which is part of the systems intelligence directorate, or SID. The majority of NSA employees work in SID, which is tasked with collecting data from communications systems around the world.”

The first step of this process is finding Tor users. To accomplish this, the NSA relies on its vast capability to monitor large parts of the internet. This is done via the agency’s partnership with US telecoms firms under programs codenamed Stormbrew, Fairview, Oakstar and Blarney….

Using powerful data analysis tools with codenames such as Turbulence, Turmoil and Tumult, the NSA automatically sifts through the enormous amount of internet traffic that it sees, looking for Tor connections.

Last month, Brazilian TV news show Fantastico showed screenshots of an NSA tool that had the ability to identify Tor users by monitoring internet traffic.

The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the internet, makes it easy to differentiate Tor users from other web users. On the other hand, the anonymity provided by Tor makes it impossible for the NSA to know who the user is, or whether or not the user is in the US.

But of course the NSA is working on other techniques to pierce the veil of anonymity.  Last in October the Washington Post reported that “hackers thought to be working for the Russian government breached the unclassified White House computer networks in recent weeks, sources said, resulting in temporary disruptions to some services while cybersecurity teams worked to contain the intrusion. … U.S. officials were alerted to the breach by an ally, sources said.”

This is interesting because a) someone was able to pierce the veil of Russian “anonymity” in the White House attacks and b) that someone was an “ally”.  It is almost certain that by the time the source of the invading packets hitting the White House had been well and truly laundered, but it ultimately it did not avail.

Time Magazine, citing the same incident says “experts say the White House attack shows just how wide a net Russian hackers appear to have cast … earlier this month, a Russian hacking group reportedly exploited a Microsoft Windows flaw to spy on NATO and the Ukrainian government. Russian hackers were also behind an attack on JPMorgan Chase that compromised customer information linked to 83 million accounts, according to a recent report. If Russian hackers are indeed behind the White House attack, we should be concerned about their possible intent to probe deeper into the White House network.”

It also shows how wide a defensive net the NSA or our unnamed “ally” has cast. No one can consider himself safe. If you think hacking is something that happens to somebody else think again. The hordes of the Dark Net are everywhere on the march. The Atlantic reports that Russia has mobilized a vast “troll army” to comment on popular websites on the Internet. “Moscow is financing legions of pro-Russia Internet commenters.”

A June article by Max Seddon of BuzzFeed reported the Kremlin was spending millions of dollars to pay English-speaking Russians to promote President Vladimir Putin and his policies in U.S. media like Fox News broadcasting and The Huffington Post and Politico news sites. Trolls are reportedly expected to manage multiple fake accounts and post on news articles 50 times a day, often with sentiments as simplistic as “Putin makes Obama look stupid and weak!”

How do you know you’re an online nobody?  When there isn’t at least a company of Russian trolls assigned to harass your readership and the NSA hasn’t paid you the compliment of a surreptitious visit. Syrup attracts the flies.  For example Michael Kassner, writing in Tech Republic seriously asks: “does using encryption make you a bigger target for the NSA?”. As a practical matter he argues that attempting to protect your privacy suggests ‘you have something to hide’ One source interviewed for the article said:

I’ve spoken to security researchers who believe all modern encryption methods have been broken — encryption is dead. If you rely on that assumption, plus the knowledge that encrypted files are being stored indefinitely, then encryption is indeed asking the government to investigate.

Legally there is some basis for this argument. One decision out of Minnesota held that “appellant’s Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state’s case against him.”

You can imagine the scene. The judge sternly faces the defendant.

“What does this encrypted message mean?”

“The top line translates into, ‘Pharaoh gobbles donkey goobers.'”

“And the bottom line, ‘Cleopatra does the nasty.'”

“A likely story. You wouldn’t have encrypted it if you weren’t concealing something.”

“But judge, it’s the truth.”

Since when was truth a defense? Funny, because there was a time when the Internet was greeted as a field of freedom, a realm of privacy, a forum for democracy. There was a time. But that is the way of things. Every glittering opportunity conceals a flip side.  Implicit in the promise of the power of connecting to all things was the requirement to be accessible to things out there in the Dark. How did Sauron put it? “One Ring to rule them all, One ring to find them; One ring to bring them all and in the darkness bind them.”

Recently purchased by readers:

Brave New World and Brave New World Revisited, Aldous Huxley with foreword by Christopher Hitchens
Hell to Pay: Operation Downfall and the Invasion of Japan, 1945-1947
30 Count – Lavazza K-Cup Variety Pack Sampler, For Keurig K-Cup Brewers
Zippo Brushed Brass 1941 Replica Lighter
The Wind Rises (2-Disc Blu-ray +DVD Combo Pack)
Defense of Japan 1945 (Fortress), if Japan had been invaded
Ocean Beauty Seafoods Salmon Jerky, 3.0oz (85g) (Pack of 2) (Original)
The Basics of Web Hacking: Tools and Techniques to Attack the Web, [Kindle Edition]

The Peripheral, [Kindle Edition], William Gibson
Count Zero, [Kindle Edition], William Gibson
Thin Air, Encounters in the Himalayas [Kindle Edition]
Casio Men’s AWGM100-1ACR “Atomic G Shock” Watch
Brookside Dark Chocolate Covered Goji and Raspberries, 7-Ounce (Pack of 4)
Lasko 5307 Oscillating Ceramic Tower Heater, 16-Inch
The Undocumented Mark Steyn [Kindle Edition]

Did you know that you can purchase some of these books and pamphlets by Richard Fernandez and share them with you friends? They will receive a link in their email and it will automatically give them access to a Kindle reader on their smartphone, computer or even as a web-readable document.

The War of the Words for $3.99, Understanding the crisis of the early 21st century in terms of information corruption in the financial, security and political spheres
Rebranding Christianity for $3.99, or why the truth shall make you free
The Three Conjectures at Amazon Kindle for $1.99, reflections on terrorism and the nuclear age
Storming the Castle at Amazon Kindle for $3.99, why government should get small
No Way In at Amazon Kindle $8.95, print $9.99. Fiction. A flight into peril, flashbacks to underground action.
Storm Over the South China Sea $0.99, how China is restarting history in the Pacific
Tip Jar or Subscribe or Unsubscribe to the Belmont Club