On 08/07/2013 03:26 AM, Bill Woodcock wrote:
On Aug 7, 2013, at 12:05 AM, Roger Dingledine <[email protected]> wrote:
Consider two scenarios. In scenario one, NSA doesn't run any Tor
relays, but they have done deals with AT&T and other networks to be
able to passively monitor those networks -- including the (honest,
well-intentioned) Tor relays that run on those networks. They're able to
monitor some fraction of the Tor network capacity -- whether that's 1%
or 10% or 30% is a fine question, and depends on both Internet topology
and also what deals they've done.
In scenario two, they do that plus also run some relays. They have to
deal with all the red tape of deploying and operating real-world things
on the Internet, and the risk that they'll do it wrong, somebody will
notice, etc. And the benefit is maybe a few percent increase in what
they can watch.
Why would they choose scenario two?
Geographic reach. In order to observe exit and entry nodes that are not within
the coverage footprints of the telcos with whom they have special relationships.
1) Rent VPS with CC that doesn't connect back to the agency (or hell,
generate some Bitcoins
on a rig somewhere and pay with those)
2) Run patched version of Tor for relay or exit node that leverages Tor
to phone home without disclosing "home"
3) Repeat
Anyone outside of the VPS and the attacker cannot know whether that
relay/exit node
has been patched. Now just work with the NSA's equivalent in the
country of the exit node
to make sure the VPS remains unaware of any shenanigans (and why
wouldn't they?). If
they do see something weird happening from the patch and make some noise
about it
then just gag them as the Guardian reports show they are quite good at
doing.
Roger-- how exactly would you check to make sure something like this
scenario isn't
happening?
-Jonathan
-Bill
--
Liberationtech list is public and archives are searchable on Google. Too many
emails? Unsubscribe, change to digest, or change password by emailing moderator
at [email protected] or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Liberationtech list is public and archives are searchable on Google. Too many
emails? Unsubscribe, change to digest, or change password by emailing moderator
at [email protected] or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
