21 March 2014
Compromised Comsec, Sys Admin Hunters and Tor
2014-0467.pdf NSA Hunt Sysadmins March 20, 2014 (1.2MB)
Note: The Intercept's redaction of sys admin hunting techniques from the
document above is ridiculous. These techniques have been long known and applied.
Sys admins catch you hunting them and arrange compromises to fit your demands
so you can crow about how skilled you are. Then you hire them after being
duped as you duped to be hired.
The lead Tor designer reportedly (via Washington Post) had a session with
NSA to brief on how to compromise it, although "compromise" was not used
nor is the word used by gov-com-org-edu.
[A sends link to Tor Project version:
Not many honest comsec wizards nowadays are promising more than compromised
comsec, and the compromise is gradually increasing as Snowden material is
dribbled out to convince the public and wizards not a hell of a lot can be
done about it except believe in and buy more compromised comsec.
Not news here (comsec lists) and in comsec wizard-land, to be sure, but
compromised comsec is the industry standard, as the industry and its wizards
in and out of government enjoy the boom and bust in comsec tools generated
by precursors of Snowden, Snowden and his successors.
Compromisability is assumed by the comsec industry to be a fundamental feature
in all nations, no need to advertise it, much better to advertise how great
comsec is and now much it is needed. Crypto-wizards have a long history of
compromising believers who hire them and who suffer their promises of highly
Trusted comsec is necessary to get persons to pack their comms with compromisable
information. The greater the trust the greater the revelations of just what
So what if laws are aleays jiggered to allow access to the revelations "under
legal pressure" and "FISC orders." That has been a fundamental feature of
crypto and comsec wizardry.
The marriage of flexible legal protections and malleable comsec is a venerable
dynasty of compromise.
At 06:04 AM 3/21/2014, you wrote:
As I am running a local cryptoparty and do a lot of basic encryption/privacy
talks and workshops, I am often recommending Tor as one of the means of
protecting one's privacy and yes, even security (for example, by running
hidden service and making it possible for users not to leave the darknet).
Of course it's far from being enough, and I make that very clear.
But lately I got to wonder if using Tor does more harm than good? If the
can impersonate any IP on the planet, they can impersonate any Tor node;
has two important consequences:
1. they know when you're using Tor, and can flag you accordingly, and (for
example) deliver some nastiness when (not "if"!) they get the chance,
because "when you have something to hide..."
2. they can guess with high probability whom are you communicating with;
don't have to break encryption, it's enough they listen-in and see that a
Tor packet from your IP to Node A is x bytes; a packet from Node A to Node
B is x-( header + Tor encryption layer size ) bytes, and so on.
So, is using Tor today doing more harm than good? Would ordinary Joe Schmoes
be far better of not using Tor? How about more high-profile targets, like