Networking, Cryptography
Cyber Ninjitsu "The Art of Invisibility - Online" --------------- I. Introduction --------------- When discussing "computer security" anonymity is often avoided or simply forgotten. I believe the reason is because we always begin the thought of "computer security" assuming that we are a target. The benefits of investing in computer security also only arise when we are actually targetted. My strict firewall is pretty pointless if nothing out of the ordinary ever happens. Really, we always begin with the fundamental assumption - "They have my IP Address. Now what?" This is a perfectly valid starting point if you are already know. For example, Google has every right to begin with this assumption. However for you and me, this isn't necessarily true. The only 'real' security ------------------------- Government. Let's just say it. The government is the biggest/best hacker of us all. Why? How? I'm not going to ramble on about some mythical uber technology they may or may not have. The truth of it is quite simple: If the government wants your computer, all they have to do is bust down your door and take it. If you try to stop them they just subdue you, either by force or by some other means. If you try to protest on some form of legal ground, they throw up a warrant in your face and laugh. It doesn't matter what kind of network security you have or physical security you have. They'll rip out your harddrive and mount the partitions to access your files without ever booting your computer. Government here is just the most obvious form. Really, anybody with a gun can do the same thing. Government is just the only ones who do this quite often. So what do you do against this? My firewall doesn't mean jack shit here. My local system permissions are worthless. My useraccount is pointless. Deleted files can be recovered. Encrypted files are a little better but all they need to do is lay in some legal pressure to get the password. They do, afterall, have a warrant. God forbid it's really bad and they drug you with some kind of truth agent. Ok so that's unlikely, but possible. God forbid you have anything incriminating in your deleted files - or swap memory - or your file system is a journaling file system that you can easily see the history of or "rewind" - or you have restore states on your OS. Etc... The only 'real' hope of keeping your ass out of this kind of situation is never get into it in the first place. In enters anonymity. The only 'real' security that you have. Seriously? ------------------ Yea ok, so getting raided by FBI or worse is unlikely for most of us. We're not exactly international terrorists (or are we?). That's not the point. We have a right to privacy. Maybe I don't want my ISP keeping a full history of my traffic. Maybe I don't want the good people of Soldierx.com to know where I'm from and be able google maps my ip address to find the exact address of my house. Perhaps I'm a well known member of the republican party and I want to make a donation to a democrat candidate that I believe is a good man? Who knows? Who cares? The point is, I have ever right NOT to tell someone my name, let alone my hobbies, interests, address, and credit card information. ----------------------- II. How to be Anonymous ----------------------- Anonymity is getting harder and harder. The more gifted people we have developing methods to track and trace end users, the more difficult it is to stay off the radar. I've been doing research for the last few months, truely trying to stay anonymous online. I've found that it takes a lot more than just using the right tools. The Mindset ----------- We're all used to thinking about how we can be unhackable. It's much like securing a prison. We put up as many walls and alarms as we can. We have a guard constantly patrolling for "infestations". We have penetration testing trying to break through the walls. Etc.. Computer Security really is Isolation - trying to be as isolated as possible. Then we control who comes in and who goes out. Anonymity is NOT isolation. Stop thinking about it the same way you normally think about computer security. Take the old oriental tradition of the wise man on the mountain. Getting to the wise man was very difficult. You'd have to climb a mountain. But you always know who the wise man was (because you never saw him) and where he lived (mountains are obvious). Anonymity is different. You want to be normal. You want to be common. You want to look no different than everybody else. Essentially, you want to be a brainwashed drone in boot camp - just like everyone else. But let's be realistic. 9 times out of 10 if you're going out of your way to be anonymous, you usually have a good reason, and that reason alone causes you to not be like everyone else. So, you need to hide. Marijuana Example ----------------- Take smuggling marijuana for example. You want the make the marijuana as anonymous as possible. So, before you take a drive, mow your yard and mix all the grass clippings in with the marijuana. I'm talking a 'lot' of grass. Then get a bucket full of garlic cloves and smash it all up. When thoroughly ground up - season and stir your grass/marijuana together until you have the weirdest smelling trunk in the world. At that point, finding the marijuana in your trunk is going to be literally like finding a needle in a haystack. Of course.. this is going to be true for you as well as any authorities. ;-) Rules when Hiding ----------------- 1. Don't trust your software. When surfing online using a webbrowser you usually have javascript turned on by default. Client side scripts can be written to reveal your true identity. Ever heard of Ajax? Same with java, flash, etc. All this is on by default. Some browsers don't let you turn them off. 2. Don't identify yourself Duh right? This also goes for nicknames. I use the name Kayin here at SoldierX. If I then go and hack a website and write "Kayin was here" all over the website, clearly that can be traced back to SX - which could potentially trace back to my real self a lot easier than the traces left over on the victim server. 3. Spoof what you can when you can I use linux at home. If you were to log my Http Requests you would think I'm runing IE7 on windows vista. I do this by spoofing my browser user-agent. There's an add-on in firefox to do this: https://addons.mozilla.org/en-US/firefox/addon/59 Take this idea and run with it. The following sections will discuss "spoofing your IP Address". I'll leave the rest up to you. 4. Clean up after yourself. Your local operating system caches a lot more than we think. I've been at this for probably 10 years now and I STILL learning about new caching mechanisms inside of Windows. If you're doing something extremely sensitive then I wouldn't even bother with Windows. That's just my personal preference. I'm not saying Windows isn't secure, but i am certainly saying it isn't anonymous - and i'm not just talking about clearing your browser cache. It'd be a 400 page book to describe everything that damn OS does. Doesn't help they change their methods every new release. Side note: I don't believe the developers of the OS do this intentionally. In software, verbosity is a side effect of complexity and Windows is just damn complex. You see, software doesn't intentionally try to trap you. It's just what accidentally happens. That's the real reason it's so damn hard to stay anonymous. -------------------------------- III. Tools for staying anonymous -------------------------------- When it comes to anonymity online (and your following the rules by not entering any personal information about yourself anywhere) then the next biggest obstacle is your IP address. I once downloaded a tool to "spoof my ip address" on my machine. At the time, I didn't really understand why that was a really stupid thing to do. You can't 'really' spoof your IP address. To do so just doesn't make any sense. If I sent Rat a letter and I put a different return address on it, then when he responds he'll send the response to the return address and not to me. I'll never get his response letter. It's the same with computer networks. I'll never be able to establish a TCP connection if I fake the source IP Address. Side Note: You can change the IP source address of outgoing packets. This is often useful for various types of attacks. However, for anonymity in everyday browsing, it's not useful. Fortunately, there are ways to "hide" your ip address. Proxy Server ------------- I'm assuming by now everybody's heard of a proxy server. A proxy server is basicaly something you act through. It is the most basic tool when it comes to anonymity. For instance, I want to deliver a message to santa clause. I give my message to Mr. X and Mr. X relays that message to Santa Clause. Likewise, I want to connect to an IRC server but still hide myself. I can use an IRC 'proxy'. Me => Proxy => IRC Server. The trick with proxies is that they don't tell the destination who the source is. For instance, Mr. X doesn't tell Santas Clause who I am. There are many proxies for various types of applications: IRC : http://gotbnc.com/ HTTP: http://www.stayinvisible.com/web_proxy_list.html FTP : http://www.ftpproxy.org/ Etc.. google.com Web Proxy Failure ----------------- There is a problem with several web proxies due to the "crapiness" of HTTP 1.1 When you type in www.example.com in your browser what happens is: 1. Your browser requests to fetch HTML from the path given. HTTP GET www.example.com/index.html 2. The browser then receives the HTML from the web server and begins to render this html. 3. When the browser encounters an Image in the webpage, it'll make A SEPARATE HTTP REQUEST for that image. The same with style sheets, javascripts, etc. Any extra file. You see, when your browser receives the HTML from www.example.com the connection is closed. That's the end of the transaction. Several web proxies (BUT NOT ALL) stop there. They let YOUR machine request any images, style sheets, etc.. This breaks the anonymity. The correct implementation would be for the web proxy to rewrite the image urls in the HTML so that YOUR MACHINE would request the image from the proxy server which would then request the image. These types of failures exist in other application proxies, not just web. It's important to look closer at the proxy your using and test them out first. Alternatively, you can use a Socks Proxy which avoids this problem entirely. Socks Proxy Server ------------------ The above list was several proxies for different applications. This means the proxy was setup specifically for the applications. From a technical standpoint: Me ------------> Relay ------------> Destination Server Protocol Protocol The actual relaying that is done utilizes a SPECIFIC protocol. The above lists are lists of proxies that operate this way. A Socks Proxy is a multi-application proxy server. It can technically work with any service. This is because it operates at lower network layer. The standard proxy (like those in the above list) operate at the application layer of the OSI Model (http://en.wikipedia.org/wiki/OSI_model). This makes them application specific. Socks proxies operate at Layer 4 or arguably 5. In the TCP/IP model, they operate at the TCP layer. This means that it simply relays whatever communication comes in. It doesn't care about the type of communication. The good thing about Socks proxies is that they're not susceptible to the type of problems found in application proxies such as the issue described above with web proxies. A Socks Proxy operates in app transactions. Instead of protocols specific transactions like the web problem described above, a socks proxy will be used by the application until you either close the application or tell it to stop using the socks proxy. This is the safer bet of the 2. Dangers of Proxy Administration -------------------------------- A proxy server is a dangerous thing to own and adminster. Just think about it. Do you really want someone to be able to control your machine? What could they do with it? What if they're using my proxy server to start a big f'kin fight on IRC. The result of such an act could get my machine attacked. Alternatively, the person could use my proxy to do something illegal. I could get a knock on my door by the FBI for something that I didn't even do. For these exact reasons, proxy servers keep logs of who uses them and who does what with them. In some places it's legally required that they keep logs. A proxy server logging things defeats the whole point of using them in the first place. Where's the anonymity in that? You may be thinking that the solution is to chain many proxies together. For example: Me -> Proxy 1 -> Proxy 2 -> Proxy 3 -> ... -> Destination. This, aside from it being incredibly slow, doesn't solve the problem. The problem isn't that 1 proxy is logging things. It's that they all are. You can follow the chain backwards and still arrive at the source. "Yea but who would do that" - The government if they want you bad enough. :) Relying on the laziness of people is not anonymity. So what's the solution then? Zombies ------- Well if all official proxy servers log (or potentially log) then we can just use an unofficial proxy server right? :) The idea here is to 'root'/'own'/'hack'/'some other buzzword' someone's computer and then install proxy software on that. Simple enough really and it seems like a safe idea, though illegal. There are a few potential problems with this. 1. The zombie machine could disappear at any given time. This is not that big of deal really. 2. Zombie machine could be logging things. Again, windows is nasty when it comes to that. Make sure to take care of that ahead of time. 3. ISP - if that ISP is like mine, then they have extremely annoying logging policies that could potentially lead back. Not likely but is a possibility. Overall a zombie isn't that bad of an idea if they have the bandwidth for it and it can be stable. Onion Routing ------------- Onion routing is considered by some to be the final solution to anonymity. I only agree to an extent. It is, essentially, a super socks proxy. Onion routing works as follows: Me ~> Entry Node ~> Onion Router ~> Onion Router ~> ... ~> Exit Node -> Destination My machine sets up a unique encrypted channel to an entry node. The entry node setups a unique encrypted channel to another node That node setups up an encrypted channel to another node ...etc... The last node (the exit node) setups an unencrypted channel to the destination. At each router hop, a layer of encryption is performed on top of the previous layer. This layer of encryption hides the previous hop to the router next in the path. For example: NodeA ~> NodeB ~> NodeC The encryption done at node B hides node A from node C. So, node C has no idea about node A. Essentially, each node in the path ONLY knows about the next node and the previous node. This is why it's called "Onion" routing, because each hop adds a layer of encryption. The result is what appears to be an "onion". The entire path from source to destination is hidden. The destination server only knows the exit point. The source user/server only knows about the entry point. Each node inbetween, only knows about its neighbors. I want to point out, the initial connetion between my machine and the entry point is an encrypted channel. The ISP between my machine and the entry node has no way of knowing what I'm doing or where I'm going. In the same way, only the entry node knows who I am - but not where I'm going. The exit node is a standard unencrypted connection. It acts like the proxy server in this case but it has no idea who made the original request. This technology hides a person extremely well and also is not illegal. It's also free. I for one am a huge fan of using onion routing. So are the folks in China as it allows them to get around the 'great firewall'. There are some downsides to this: 1. You're connection is traveling across the world several times being encrypted at each step. Your bandwidth takes a HUGE hit. I have faster than T1 speeds and it reduces me to DSL times. Though this isn't that bad for me, but if you're on 56k, it's a major hit. 2. It's breakable by an attacker with a LARGE amount of resources. Onion routing, by design, can withstand several "bad nodes". Remember, each node only knows about its neighbors. So if there is a compromised node in the network it has limited effect. A party with a large amount of resources could potentially flood the network with bad nodes. Again, they would have to have a LOT of resources. Side Note: In experimentation with onion routing, I've stumbled onto several nodes in an actual onion routing network that are government hosted. These nodes are actually set up in such a way that they are usually chosen "first" as entry nodes by onion routing clients. I don't know exactly what they're doing there, but it is clear to me that the gov't is watching. Message me if you have any questions on these findings. I won't get into too much detail here. 3. DNS. DNS requests are still sometimes made by applications outside of any proxies. This is basically just application flaws. Again, don't trust the software you use. Fortunately, the onion routing client implementations have taken this into account and have built in mechanisms to handle this. Still - be aware that you could have DNS leaks. 4. Timing attacks. If I'm an entry node and I'm a honeypot server, I could potentially tell, simply based off the time a connection was requested and the time it was established, which user was connecting to the honey pot. This could be resolved by client implementations that utilize throttling or even node relay implementations. Overall - onion routing is a pretty nifty thing. There is currently an onion network available to use. It is called TOR. http://www.torproject.org/ Tor is a wonderful technology that is, unfortunately, abused quite often. It's a spammer's paradise as well as a haven for pedofiles. If the scum of the earth can survive on it, I suppose then that it is safe for more noble uses. Still, I don't believe any other technology has ever challenged my beliefs in free information like this has. I strongly considered not even mentioning it in fear of leading others into this snake pit. What you do is your responsibility. --------------------------- IV Staying Invisible on P2P --------------------------- A friend of mine IRL recently got disconnected by his ISP for a bullshit DMCA violation. He was apparently caught downloading a CSI episode. Funny thing was he didn't watch CSI. He runs your typical Bit Torrent client on a windows platform. He also uses Peer Guardian. http://peerguardian.sourceforge.net/ Disclaimer: So yea, he was doing something illegal. But what if you don't want to do something illegal and you still don't want people watching you. Right? ;-) Zombies are unreliable and can be difficult to obtain. Onion routing takes a significant hit on your bandwidth making it unsuitable for p2p. What then? Freenet ------- On May 7th, 2009, Google donated $18,000 USD to the freenet project. http://freenetproject.org/ Freenet is one potential solution to the p2p problem of our age. I'm going to forgo the entire searching algorithm and just tell you how it keeps things anonymous. When you connect to freenet, you become a node. A large (10 gig for example) ENCRYPTED virtual partition gets setup on your harddrive. This is where files get stored - not the files you download or you upload, just files in general that travel the Freenet network. Freenet basically operates as one GIGANTIC Distributed Cache. Files are spread out throughout the entire network. No user actually knows what files he/she stores. Even if they wanted to find out, they can't because the files are encrypted and the names are hashed. To be really honest, 1 user doesn't even store the entire file, just pieces of it. When you search for a keyword, it is hashed and through some pretty cool algorithms, a file is quickly "located" and you begin downloading. All encrypted of course. This allows for no single person being responsible for file distribution. At the same time, nobody knows what you're searching for. And though they're connected to you downloading "it" the machine doing the trasfering to the downloader has no idea what's being uploaded. Basically, the only person who knows what's going on is the downloader doing the downloading. Of course the problem here is that you're still downloading something from someone else. If an attacker has a large amount of resources ;) they could potentially flood the network with known files of a certain type and track who downloads it. There has come a recent solution to this. Freenet can operate now using a darknet. A darknet being a small network of people he knows and trusts. For example, soldierx could form it's own darknet and basically have it's own small freenet network. Eventually this could grow as members trust outwardly. Freenet (along with all these other anonymous p2p networks I'm going to be talking about) is currently a fairly small network. It's therefore slow and kind of a pain. If the Bit Torrent crowd ever caught on, this could grow to extreme heights and become quite powerful. It's good to note that Freenet does not really provide anonymity but rather resistance to being held responsible for contribution. This could be the underlying flaw of the whole system. GNU Net ------- http://gnunet.org/ Gnunet is a fairly 'new' anonymous file sharing network. Unlike Freenet which provides legal deniability for file distribution, Gnunet provides actual anonymity for the distributers. Gnunet's fundamental principle is described in 2 sentences on the homepage: "Anonymity is provided by making messages originating from a peer indistinguishable from messages that the peer is routing. All peers act as routers and use link-encrypted connections with stable bandwidth utilization to communicate with each other." I love the simplicity. The request to downloader and response distribution is indistinguishable form routed requests. For example: A -> B -> C -> D A requests CSI episode. B Forwards the request to C. C has no way of telling whether the request was made by A or by B. It's just that simple. An advantage of GnuNet over Freenet is that you don't have to commit 10+ gigs of harddrive space to a distributed cache... and there's a guarantee of anonymity outside of a darknet. Again, an attack with a large amount of resources could both be B and C and therefore notice who is doing the original request. This would require a VAST amount of resoures in comparison to the number of Gnunet contributers. I2P ---- http://www.i2p2.de/ I2P is a fascinating concept. It is not limited strictly to p2p communication but can work with any application. The only requirement is that both ends of line utilize I2P. This makes it an appropriate fit with p2p, but can also work with IRC if the IRC client and server both have I2P. I2P is like a new encrypted IP layer on top of an encrypted routing layer. Client and server both have unique cryptographic addresses. Individual "router" hops also have unique cryptographic identity. The 'routers' communicate using basic TCP/IP communication. The client and server communicate through these virtual I2P 'routers'. It's very similar to taking the TCP/IP stack, building encryption into it, and putting it back on top of the existing TCP/IP stack. It's confusing at first but really cool when you get it. A -> B Due to the cryptographic identities, A doesn't know who B is and B doen't know who A is. And due to the encrypted channel between them, nobody knows what they're saying to eachother. I2P is actually designed to work in a hostile environment and was built to resist attackers with a large amount of resources. :) Conclusion ---------- A lot of time and effort has gone into preserving anonymity, even in this age of abundant technology. I find this refreshing that these technologies and networks are growing into something more prominent. I'm also disturbed by the abuse of such networks to accomplish evil ends. I find myself torn between wanting to throw it out in hopes to prevent such things, and calling it the price of freedom. Perhaps you can distinguish for yourselves. I hoped this helps. Enjoy. -K
none