How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID

ones-and-zeros

Computer/privacy guru Bruce Schneier discusses Stasi-West’s efforts against your secure email comms, circa 2013.

Got meatspace?

10 responses to “How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID

  1. Alfred E. Neuman

    Reblogged this on The Lynler Report.

  2. Marlo Stanfield

    2010 American doctors wrote 250 scripts for anti depressants. The longer one is on this stuff the duller their minds get. One of my moms CNAs said that she could not remember what she did the day before. Which includes tending to my 83 year old mother. I asked the agency to replace her with someone not on head meds. What I am getting at is there may not be a need for  crypto. With that many peoples minds already fried and take in account the 60 million who abuse booze. And the 30-40 million who abuse all sorts of drugs.  As long as you are dealing with people in your group/network who are total drug free and who can keep their mouths shut. Of course some bug detectors would come in handy. I consider any one on meds to be on the end of a government leash. You are only going to be able to stock up a limited amount of doctor meds. Maybe 90 days worth? Basically the vast majority of Americans who are on what ever or addicted to what ever are pretty useless in a emergency. According to an FBI article they say they can pick up  on the TOR because there are so few users of it. Article said maybe 70,000 users in this country. Could be FBI BS? In my neck of the woods when one is looking for a non secure wireless connect, the most common connect is from Charter Cable. Those are secure but very noticeable when you are on your network screen. Pretty much like driving around town and you notice who owns a deuce and a half. Screams prepper? Or the young guy driving a 1968 D100. Reliable but few on the road and it stands out. When one is online and looking at apps, some only have a few hundred or thousand users. Something to be said for Glocks and AR15s for EDC. Pretty much everyone has seen one. For the few people in this country who are not on meds who are concerned about their future need to pre-position themselves now. While the 250 million medicated haven’t been traumatized into zombies blocking traffic and gate crashing the local big boxes. What we need to know and do isn’t a secret. Where we went while the medicated were sleeping that’s another story.    From: Western Rifle Shooters Association To: marlostanfield53@yahoo.com Sent: Thursday, July 2, 2015 11:01 AM Subject: [New post] How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID #yiv9991908187 a:hover {color:red;}#yiv9991908187 a {text-decoration:none;color:#0088cc;}#yiv9991908187 a.yiv9991908187primaryactionlink:link, #yiv9991908187 a.yiv9991908187primaryactionlink:visited {background-color:#2585B2;color:#fff;}#yiv9991908187 a.yiv9991908187primaryactionlink:hover, #yiv9991908187 a.yiv9991908187primaryactionlink:active {background-color:#11729E;color:#fff;}#yiv9991908187 WordPress.com | Concerned American posted: “Computer/privacy guru Bruce Schneier discusses Stasi-West’s efforts against your secure email comms, circa 2013.Got meatspace?” | |

    • The “big pharma” shuffle is rampant and endemic. Thank you for continuing to point it out and post on it. I work with whomever I can to educate against the dangers of the current system. I have helped two people to get off of the crap that is dispensed by state licensed drug dealers. In one case a shrink had been prescribing a heavy dose for 10 years despite the fact the patient had dealt with the underlying anxiety issue 5 years prior and had experienced few symptoms since dealing with the issues that caused the anxiety. Understand something, getting people off this shit is similar to heron and other drugs, the dealer doesn’t like it and discourages at every turn. The fucking shrink warned and almost threatened the patient with the idea they would meltdown when the patient discussed reducing dosage. Once the shrink understood that the patient was well enough to challenge the paradigm and discuss why she had never recommended reducing the dosage the shrink began to make the right noises and agreed to begin titrating.

      Folks, I’m not a prude, in some cases these things are helpful in keeping deeply clinically anxious or depressed people alive, but they have replaced traditional therapy and are being dispensed like magic mood rings to people who are vulnerable. There is NO ONE around to help them understand what’s being done to them. In one case I know personally a woman has been prescribed multiple meds over the last 2-3 years which has resulted in her becoming dependent on both the meds and the shrink. Shit’s fucked up.
      That said, getting people to reduce and get off this garbage is as rewarding as helping them get off dope. Thanks again Marlo.

      PS-If you have been on any of the wonder drugs (Xannax, Lexipro etc) DO NOT STOP ABRUPTLY! Like ETOH stopping this shit abruptly can result in death, only in this case you spin out mentally upon rapid cessation.

  3. Meatspace. Or a hardened version of Linux (lots of ’em, google it.) which usually includes a co-hardened browser app as well as lots of other little things Mr. Snowden still recommends.. For everything else, there’s the usual suspects of OS’s and browsers. Cyber opns conducted against .mil/.gov focus primarily on MS systems and the common tools bundled with them because they’re, well, bigger target, well-documented vulnerabilities – risk/reward math. (Firefox is in that “well-known/commonly-used” category. If you use a common system you already stepped into the batter’s box with a strike against you.)

    Learn something a little new for those times when you need it. One of the ways the other tools are better is that they fit on the smallest commonly available flashdrives or even little flash cards – that’s how little overhead (read “bullshit”) there is in the operating system, vis a vis MS and Apple ‘feelgood’ operating systems.

  4. summertime is a good time to search thru the local yard sales. shouldn’t take long to find an old but serviceable royal or smith-corona manual typewriter that looks like it was never used. finding a trusted courier in meats-pace is the next trick. if only i’d saved some of that micro-dot film from way back. the old tech will become the new tech again.

  5. Interesting obs but a key piece is missing — No consideration to using GPG or other email crypto software. Nor is Tor so foolproof. If you have the horsepower to monitor sufficient exit points (like the NSA) one is not so anonymous anymore.

  6. BlueLightMemory

    The NSA hates, and I mean hates, when people use Tor and Tails(the live CD) together, with no-scripts activated. Especially if you’re using one of the many free and legal access points to get onto the internet.

    If you do this correctly, you are practically untouchable by the NSA and their friends the FBI.

    Be careful of end to end correlation attacks. But for this to work, they would have to know or suspect correctly what site you are visiting. Be careful also of what you click.

    Take care everyone.

  7. NightWatcher

    Different tools for different tasks.

    End to end encryption keeps the “what” obscured, but not the “who”. Even fully encrypted e-mail will identify who the sender is and who the recipient is, as well as the “subject” assuming you are foolish enough to make it pertinent.

    Once your packet “leaves” the onion network (such as browsing WRSA), the “what” is in plain view, but the “who” is obscured. Hence it is known for anonymity. WRSA (WordPress) could be forced to divulge the IP for this post, but it would simply point to some random Tor exit node.

    Tor actually puts a lot of effort into thwarting “traffic analysis” with mundane actions such as packet padding and timing irregularities. Nothing is perfect, but it is far better than the “party line” (I’m showing my age) of the Internet. It is actually a “cat and mouse game” to identify and exploit vulnerabilities. It keeps a lot of people busy on both sides (some making money, some not). The exploits from 2013 have been fixed, but new ones are being developed. It is never ending.

    Peer to peer networks can offer a semblance of both properties (obscuring both who and what), but still identifies you as a “member”. They offer relative anonymity only when they are large, but don’t scale very well since to maintain anonymity, all packets must be delivered to each “member”.

    Perhaps the best compromise is Tor’s “hidden service”, where all the traffic remains inside the onion network, where both the who and what are obscured. This is the approach taken by LookingGlass. You just have to be sure who you are communicating with.

    • I am fully confident that someone like the NSA can institute a man in the middle attack at will. All they have to do is add any one of a dozen or more flags to the appropriate headers in the TCP packet stream BEFORE it hits the Tor entry/exit points. Then all they have to do is wait and listen for the TCP headers with the appropriate flags at the other end.

      Nor is crypto fool proof. If an agency is confident that the stream they have is their chosen target capture is no problem even with the Tor network. The question is not will the crypto be broken but when? The equation boils down to the ‘time value of information’. If it takes the CIA a month to crack a communique on a terrorist op that occurs this week its worthless in all but the confirmation of the cleanup in aisle 6.