The Hacker News

on Saturday, 5 October 2013
 

 

The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers // via fulltextrssfeed.com

NSA using Browser Cookies to track Tor Users
10/5/2013 2:55:00 PM

Yesterday a new classified NSA document was leaked by Edward Snowden - titled 'Tor Stinks' in which ideas were being kicked around for identifying Tor users or degrading the user experience to dissuade people from using the Tor browser.
The NSA had a very hard time while tracking down all Tor users and monitoring their traffic, especially since Tor servers are all over the world, but they make tracking more easy adopting following techniques:
  1. By running their own hostile Tor nodes
  2. Using zero-day vulnerability of Firefox browser
  3. By tracking user Web Cookies
Tor access node tracking is not new and the Document says that both the NSA and GCHQ run Tor nodes themselves. In order to trace traffic back to a particular Tor user the NSA needs to know the 'entry, relay and exit' nodes in the anonymizer cloud between the user and the destination website.

So for tracking purpose they used self-hosted nodes, that is able to trace a very small number of Tor users in comparison to the whole system. Also, It is much difficult for the intelligence community to run enough nodes to be useful for tracking.

In the second method, NSA targeted the Tor users, using a zero-day vulnerability in Firefox browser, bundled with Tor, that allowed them to get the real IP address of Tor user. Using same technique FBI was able to track the Owner of 'Freedom Hosting', the biggest service provider for sites on the encrypted Tor network, hosted many child pornography sites. Mozilla has now fixed that Firefox flaw.

In another method, NSA is using web cookies to track Tor user widely. Even you are using the Tor Browser, doesn't mean that your browser isn't storing cookies in the system.

A cookie is a plain text file that sits on your computer in a temporary folder that stores data about a browsing session. If you log into a website it generally sets a cookie to temporarily store your information so you don't have to log in every time you change a page, because on your next visit - website can read your information from the same stored cookies from the browser.

A tracking cookie is a cookie that tracks your browsing behaviors. Advertisement Agencies i.e. Google, Bing uses this data to understand how users use their partner websites and optimize their networks for the average user that visits their networks.

How NSA is using Cookies to Track Tor users ?

Let suppose that there is a famous online shopping website, owned or controlled by NSA. When a normal user will open that website from his own real IP address, the website creates a cookie on the user ' system and to store real IP address from the browser.

If the same user will again visit the same NSA owned website, enabling Tor this time - website can read last created cookies from browser, that included the user' real IP address and other personal Information.

More Popular the site is, More users can be tracked easily. This way NSA using online advertisements i.e. Google Ads to make their tracking sites popular on the internet, and creating a database of Real IP addresses against the Tor Proxy enabled fake IP addresses to track anonymous users.

How you can avoid Cookie tracking ?

One browser can't read the cookies created by other broswr. So Don't use Tor on the same browser, that you use for regular use with your real IP address. Only use the standard Tor Browser Bundle instead for Anonymous activities, which include a preconfigured Firefox browser. Anything you do inside of that browser is anonymized.

You should always clear the cookies after you're done so any stored information, such as login information – will not be stored on that computer.

If you are doing something very interesting, you should use Tor on a virtual machine with the live OS so that cookies and cache and other OS data are dumped when the machine is closed.



This same technique is used by the Chinese government to block its citizens from reading censored internet content, and has been hypothesized as a probable NSA attack technique, but neither effort was successful enough to compromise the network as a whole.

Author

photo of Mohit Kumar

aka 'Unix Root' is Founder and Editor-in-chief of 'The Hacker News'. He is a Security Researcher and Analyst, with experience in various aspects of Information Security. Other than this : He is an Internet Activist, Strong supporter of Anonymous & Wikileaks.
Follow him @ Twitter | LinkedIn | | | Facebook Profile

Popular Stories

 

You are receiving this email because you subscribed to this feed at feedmyinbox.com

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)