Delivery-Date: Sat, 28 Jun 2014 19:56:48 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 17B9C1E0941
	for <archiver@seul.org>; Sat, 28 Jun 2014 19:56:47 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 5965E2F699;
	Sat, 28 Jun 2014 23:56:45 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 409032F649
 for <tor-talk@lists.torproject.org>; Sat, 28 Jun 2014 23:55:55 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 0mKyulxjZrrB for <tor-talk@lists.torproject.org>;
 Sat, 28 Jun 2014 23:55:55 +0000 (UTC)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com
 [66.111.4.25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 25D382F638
 for <tor-talk@lists.torproject.org>; Sat, 28 Jun 2014 23:55:54 +0000 (UTC)
Received: from compute5.internal (compute5.nyi.mail.srv.osa [10.202.2.45])
 by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 48A2E20EE1
 for <tor-talk@lists.torproject.org>; Sat, 28 Jun 2014 19:55:51 -0400 (EDT)
Received: from web6 ([10.202.2.216])
 by compute5.internal (MEProxy); Sat, 28 Jun 2014 19:55:51 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.net; h=
 message-id:from:to:mime-version:content-transfer-encoding
 :content-type:in-reply-to:references:subject:date; s=mesmtp; bh=
 uc9THMaFM3u18En/f3AC34lAGEM=; b=R2wyHVnTHPQBDjZlsMnt1CO2ZJxmurv9
 s/RlNed5ykx3UbIvzPsfAJH6X4Xk3xCD1Y5HzKinS4F3KYDRUFYv6m4DjfmZrIRB
 UDSKGSL7InRYLN0hhtiBpm65OROPAT/u3aiuiUeACCgCR+h2DEf7MzXuze5eGpoc
 2339lR7lsIE=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=message-id:from:to:mime-version
 :content-transfer-encoding:content-type:in-reply-to:references
 :subject:date; s=smtpout; bh=uc9THMaFM3u18En/f3AC34lAGEM=; b=ECK
 dWpnRpfUZ2Emx1ohHrx9NeRJpWJnM44h6p3Z1ZEtx0VTrZ7xeGVCNNF/RUMwz/Gt
 jXSszrylO/mGe7vLhCzwchylLrGKQhi0GtckY1Xjs0whB4Aj8iSY0wPOhLQQdODh
 /RFtrferzFdlGfH+Q/lRIV9c6rhcAGXspVfbDSfQ=
Received: by web6.nyi.mail.srv.osa (Postfix, from userid 99)
 id 281B729B0A6; Sat, 28 Jun 2014 19:55:51 -0400 (EDT)
Message-Id: <1403999751.5347.135648965.58165086@webmail.messagingengine.com>
X-Sasl-Enc: Dvzm+naGtLbzCkJ+y/6pU7D6Mj+AGFL0pQ76uWFB4G26 1403999751
From: Geoff Down <geoffdown@fastmail.net>
To: tor-talk@lists.torproject.org
MIME-Version: 1.0
X-Mailer: MessagingEngine.com Webmail Interface - html
In-Reply-To: <cead7373f87c023abecd06b62ebfc474@openmailbox.org>
References: <cead7373f87c023abecd06b62ebfc474@openmailbox.org>
Date: Sun, 29 Jun 2014 00:55:51 +0100
Subject: Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and
	Tor.
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>



On Sat, Jun 28, 2014, at 10:38 PM, williamwinkle@openmailbox.org wrote:
> I recently read a Guardian article from last October 
> (www.theguardian.com/world/2013/oct/04/tor-attacks-cnsa-users-online-anonymity) 
> by Bruce Schneier about the N_S_A and Tor. His story was based on the 
> "Tor Stinks" and "Egotistical Giraffe" presentations.
> 
> My understanding of the article is that if individual(s) are requesting 
> http://www.target_website.com then, once the request leaves the exit 
> node, the N_S_A can use their Quantum servers on the Internet's 
> backbones to redirect the request to their FoxAcid servers in order to 
> compromise the requester.
> 
> I don't understand what Schneier means by this:
> 
> "After identifying an individual Tor user on the internet, the NSA uses 
> its network of secret internet servers to redirect those users to 
> another set of secret internet servers, with the codename FoxAcid, to 
> infect the user's computer."
> 
> Surely the whole point of Tor is that the requester of 
> http://www.target_website.com cannot be identified based on the traffic 
> which leaves the exit node. Since the N_S_A would only know the IP 
> address of the exit node and the destination 
> http://www.target_website.com, how can the client be identified even if 
> the traffic is redirected to the FoxAcid servers?

 They are identified as a person of interest by visiting
 target_website.com (where target_website.com might be an 'extremist'
 site or a webmail box that has attracted attention) and then *in real
 time* code injection and redirection can be used to attack the person's
 computer. So 'identifying an individual Tor user' means 'identifying as
 a person of interest, new or previously encountered but not yet
 traced'.
GD

-- 
http://www.fastmail.fm - Email service worth paying for. Try it for free

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

