Upload File

peeling back the layers of tor with egotisticalgiraffe

20

Upload: jonbonachon

Post on 18-Nov-2014

871 views

Category:

News & Politics


0 download

Report

DESCRIPTION

Selected extracts show how NSA uses a technique with codename EgotisticalGiraffe to attack Tor users through vulnerable software on their computers. The Guardian.

TRANSCRIPT

Page 1: Peeling back the layers of Tor with EgotisticalGiraffe
Page 2: Peeling back the layers of Tor with EgotisticalGiraffe

Overall Classification

Page 3: Peeling back the layers of Tor with EgotisticalGiraffe

(U) Overview

Page 4: Peeling back the layers of Tor with EgotisticalGiraffe

• (U) "The Onion Router"• (U) Enables anonymous internet activity

General privacyNon-attributionCircumvention of nation state internet policies

• (U) Hundreds of thousands of usersDissidents (Iran, China, etc)(5115 IIIRE L)(511511IREL) Other targets too!

(U)What isTOR?

Page 5: Peeling back the layers of Tor with EgotisticalGiraffe

The WebwI TOR client

Installed

(U) What isTOR?

Page 6: Peeling back the layers of Tor with EgotisticalGiraffe

ClienlBrowsingThe WebTOR clientInstalled

(U) What isTOR?

Page 7: Peeling back the layers of Tor with EgotisticalGiraffe

• (U) TOR Browser BundlePortable Firefox ao ESR(tbb-firefox.exe)VidaliaPolipoTorButtonTOR

" Idiot-proof"

(U)What isTOR?

Page 8: Peeling back the layers of Tor with EgotisticalGiraffe

(S//SI//REL) The TOR Problem

Page 9: Peeling back the layers of Tor with EgotisticalGiraffe

(TSIISIIIREL) FingerprintingTOR

Page 10: Peeling back the layers of Tor with EgotisticalGiraffe

(TSIISIIIREL) FingerprintingTOR

Page 11: Peeling back the layers of Tor with EgotisticalGiraffe

• (TS//SI//REL) TorButton cares about TORusers being indistinguishable from TOR users

• (TS//SI//REL) We only care about TOR usersversus non-TOR users

• (TS//SI//REL) Thanks to TorButton, it's easy!

(TSIISIIIREL) FingerprintingTOR

Page 12: Peeling back the layers of Tor with EgotisticalGiraffe

(S//SI//REL) The TOR Problem

Page 13: Peeling back the layers of Tor with EgotisticalGiraffe

• (TS//SI//REL) tbb-firefox is barebonesFlash is a no-noNoScript addon pre-installed ...... but not enabled by default!TOR explicitly advises against using any addons orextensions other than TorButton and NoScript

• (TS//SI//REL) Need a native Firefox exploit

(TS//SI//REL) Exploiting TOR

Page 14: Peeling back the layers of Tor with EgotisticalGiraffe

• (TS//SI//REL) ERRONEOUSINGENUITYCommonly known as ERINFirst native Firefox exploit in a long timeOnly works against ~3.0-~6.o.2

• (TS//SI//REL) EGOTISTICALGOATCommonly known as EGGOConfigured for ~~.o-~6.0.2......but the vulnerability also exists in ro.o:

(TS//SI//REL) Exploiting TOR

Page 15: Peeling back the layers of Tor with EgotisticalGiraffe

• (TS//SI//REL) Type confusion vulnerability inE4X

• (TS//SI//REL) Enables arbitrary read/writeaccess to the process memory

• (TS//SI//REL) Remote code execution via theCTypes module

· (U) EGOTISTICALGOAT

Page 16: Peeling back the layers of Tor with EgotisticalGiraffe

• (Ts//si//REL) Can't distinguish OS until on boxThat's okay

• (Ts//si//REL) Can't distinguish Firefox versionuntil on box

That's aIso okay

• (Ts//si//REL) Can't distinguish 64-bit from 32-bit unti I on box

I think you see where this is going

(TS//SI//REL) Exploiting TOR

Page 17: Peeling back the layers of Tor with EgotisticalGiraffe

(S//SI//REL) The TOR Problem

Page 18: Peeling back the layers of Tor with EgotisticalGiraffe

• (TS//SI//REL) Tests on Firefox 10 ESRworked• (TS//SI//REL) Tests on tbb-firefox did not

Gained executionDidn't receive FINI(DIFFERENT

• (TS//SI//REL) Defeated by Prefilter Hash!Requests EGGI: Hash(tor_exit_ip II session_id)Requests FIDI: Hash(target_ip II session_id)

(TSIISIIIREL) Callbacks from TOR

Page 19: Peeling back the layers of Tor with EgotisticalGiraffe

• (TS//SI//REL) Easy fixTurn off prefilter hashingFUNNELOUT

• (TS//SI//REL) OPSEC ConcernsPre-play attacks

PSPsAdversarial Actors

Targets worth it?

(TSIISIIIREL) Callbacks from TOR

Page 20: Peeling back the layers of Tor with EgotisticalGiraffe

(S//SI//REL) The TOR Problem


Ogres Are Like Onions: Peeling Back the Layers of Film as Text

Multi-Disc Peelers MSS - dornow.de · 9 · Roller inspection table in a MSS peel- ... 15 · The system is available as an onion-peeling ... tor with cleaning device

Peeling back your Network Layers with Security Onion

An Assessment of Ceramic Finds Recovered During the ... fileAn Assessment of Ceramic Finds Recovered During the Peeling Back the Layers Community Archaeology Project Under Whitle Farm

Core Body of Knowledge - earlychildhood.org...7. Administration and Management Assessment and Professional Development Planning Tool Glossary ... Peeling back the layers of each core

Page 1 (TS/S/REL) Peeling Back the Layers of TOR with EGO |S|CA

Peeling off the Layers on Knowledge Networks in terms of Collaboration and Communication Relations in the Systems of Innovation: a case of South Korea

PEELING BACK THE LAYERS OF THE ATMOSPHERE · 2018-10-26 · AIR •The atmosphere consists of layers of gases, called "air", that surround the planet and are retained by Earth's gravity

Peeling Design Patterns

Introducing convex layers to Traveling Salesman Problem · Introducing convex layers to the Traveling Salesman Problem. ... Onion-Peeling algorithms, convex layers

Peeling Back the Layers: A Community Archaeology Project ... › ... › Final-Historical... · Layers: A Community Archaeology Project at Under Whitle. Final Report, October

PEELING PROFUNDO FENOL DE ROSSI FATTACCIOLI- PEELING ETERNITY

Chemical peeling

Core Body of Knowledge - Earlychildhood.org...Peeling back the layers of each core competency would reveal a complex synthesis of factual and conceptual knowledge, dispositions (attitudes,

Dual Depth Peeling

Peeling Back the Layers of the Small Business Market

Peeling the Layers Copyright © Houghton Mifflin Harcourt Publishing Company What is inside Earth? Earth is made of several layers. Each layer has its own

Tools and inserts for bar peeling - Sanimex · The most modern technology for economical bar peeling Tools and inserts for bar peeling

Peeling Back the Layers to Create a Well-Written ETR State Support Team 13 Susan Burns, Deb McGraw With a special thanks to Sharon Rieke!!!

Fruit peeling machine

Skin Peeling Persentasi

PEELING B J RULE CORPORATE RESPONSIBILITY AFTER CHIQUITAblogs.law.widener.edu/delcorp/files/2015/05/Peeling-Back-the... · 1 PEELING BACK THE BUSINESS JUDGMENT RULE: CORPORATE RESPONSIBILITY

Development and evaluation of an onion peeling machine Engineering/1241... · and mechanical peeling. Lye peeling and flame peeling methods are harsh and are not suitable for many

Security Layers Peeling Back The Onion A Menu of Choices · Security Layers Peeling Back The Onion A Menu of Choices ... VacAtion – 7.6 minutes (upper/lower) VacAti0n – 31 minutes

PEELING THE ONION

DESIGN AND FABRICATION OF PEELING AND CUTTING MACHINE · peeling process faces a wide range of problems like that of ... chronological, peeling, cutting. Introduction Peeling of vegetables

DIAMIL Bar peeling

Peeling Back the Onion Layers - On With Life

Peeling Back the Layers of Tor With EgotisticalGiraffe

PEELING LINE - aroshauk.co.uk

Installation instructions Roxtec RS seal · Adapt the RS seal by peeling off layers from the halves until you reach the gap seen in step 7. The number of layers may not differ by

Peeling the Onion's User Experience Layer: Examining ... · for onion services implemented as a Tor Browser plugin called OnioNS. OnioNS utilizes Tor network nodes and the Bitcoin

Peeling Processkkm

Green walnut peeling and cleaning machineGreen Walnut Peeling and Cleaning Machine integrate peeling

Effects of peeling and steam-heating treatment on ...for.nchu.edu.tw/up_book/Effects of peeling and steam-heating treatment... · Epidermal peeling treatment (EPT) and steam-heating