Navigating Rensselaer & Beyond Day Trip Registration: Fill & Download for Free

State Capitol of New York; Hendrick Hudson’s final stop in exploration of the Hudson river because he couldn’t continue further north as the falls of the Mohawk river prevented further navigation. They then established the settlement of “Fort Orange” named for the House of Orange (rulers of the Netherlands). Across the river was established Fort Crailo which is the city of Rensselaer today. The initial articles of our Constitution were purported to have been drawn up at a meeting of some of the fathers of the Revolution at a conclave in Albany in 1774 at the home of Phillip Von Schuyler. don’t really know how true that is but it’s certainly plausible considering Albany’s strategic location on the river and a bastion of freedom from the French/Indian war.

I’ve looked at the other answers and think they all missed an important distinguishing characteristic of an RPI education:RPI teaches you the theoretical basis and understanding of engineering disciplines. I recall one student worried about changing majors getting this advice from a professor: It doesn’t matter much what field of engineering you’re in as an undergraduate at RPI. The important part is that RPI teaches you HOW TO THINK and that applies to *all* disciplines.Indeed I got my Masters in Engineering at RPI, and my thesis project was coordinated by NASA & JPL, and concerned the development of the Martian Rover which eventually landed on Mars. My part was to evaluate options for the power system needed. Others worked on obstacle detection using lasers, calculation of the required suspension system, and celestial navigation from the Martian surface. At the end of the year, we had a joint meeting with Cornell graduate students, who were also doing masters projects for NASA/JPL. Their projects included building a battery-operated go-cart, “obstacle detection” using a little wheel that would drop into holes, and a solenoid-activated steering system.The differences between the RPI projects and the Cornell projects epitomizes the difference in an RPI education versus others - even a well-respected University like Cornell. The Cornell graduate students spent their time building stuff. At RPI, it was mostly theoretical analysis. To this day, I think of “engineering” as the latter. That’s a huge “PRO” that overrides everything else.When the Martian Rover landed, do you think it used a little wheel for obstacle detection??? Sorry, Cornell, but your projects were suitable for a high school science fair. NASA actually *used* the studies coming out of RPI.There are other PRO’s and other CON’s, and they’ve been covered pretty well.Just one side comment: each Spring we used to laugh at the rear view mirrors from cars in the middle of people’s front lawns. They were from cars parked on the street but under the accumulated snow. Troy used snow blower trucks to clear the streets, and often they clipped a mirror which got thrown with the snow onto the front lawns. Come the Spring melt, people could recover their mirrors.

HelloThe Layer 8!!!!!Look at this title: “ Former Tor developer created malware for the FBI to hack Tor users” this method is just like the iPhone hacking way! The FBI & again the |=|8!●■> How does the U.S. government beat Tor, the anonymity software used by millions of people around the world? By hiring someone with experience on the inside.A former Tor Project developer created malware for the Federal Bureau of Investigation that allowed agents to unmask users of the anonymity software.BRGMatt Edman is a cybersecurity expert who worked as a part-time employee at Tor Project, the nonprofit that builds Tor software and maintains the network, almost a decade ago.Since then, he's developed potent malware used by law enforcement to unmask Tor users. It's been wielded in multiple investigations by federal law-enforcement and U.S. intelligence agencies in several high-profile cases.“It has come to our attention that Matt Edman, who worked with the Tor Project until 2009, subsequently was employed by a defense contractor working for the FBI to develop anti-Tor malware,” the Tor Project confirmed in a statement after being contacted by the Daily Dot.In 2008, Edman joined the Tor Project as a developer to work on Vidalia, a piece of software meant to make Tor easier for normal users by implementing a simple user interface. He was a graduate student then, pursuing a Ph.D. in computer science that he would obtain in 2011 from Rensselaer Polytechnic Institute.The Baylor University graduate became part of the close-knit pro-privacy community, attending the developer meetings and contributing to Vidalia development. He wrote and contributed to research papers with the creators of Tor and helped other members in their work building privacy tools. According to the Tor Project, however, “Vidalia was the only Tor software to which Edman was able to commit changes.”Tor dropped Vidalia in 2013, replacing it with other tools designed to improve the user experience.Edman joined the project the same day as Jacob Appelbaum, the hacker and journalist famous for his work with WikiLeaks and Edward Snowden, the former NSA contractor who leaked a trove of documents to the press in 2013, as well as Tor.By 2012, Edman was working at Mitre Corporation as a senior cybersecurity engineer assigned to the FBI's Remote Operations Unit, the bureau’s little-known internal team tapped to build or buy custom hacks and malware for spying on potential criminals. With an unparalleled pedigree established from his time inside the Tor Project, Edman became an FBI contractor tasked with hacking Tor as part of Operation Torpedo, a sting against three Dark Net child pornography sites that used Tor to cloak their owners and patrons.Tor works by encrypting Internet traffic so that users can hide their identity when accessing the open and free Web. It is also used to visit Dark Net sites, like those targeted by Operation Torpedo, that are inaccessible with standard browsers. Tor is used by millions of people, including soldiers, government officials, human rights activists, and criminals. The Tor Project gives instruction and education to law enforcement around the world on how to use and work with the software. FBI agents even use the software themselves.Tor is widely considered one of the most important and powerful Internet privacy tools ever made. The project has received the majority of its funding from the U.S. government.“This is the U.S. government that's hacking itself, at the end of the day,” ACLU technologist Chris Soghoian told the Daily Dot in a phone interview. “One arm of the U.S. government is funding this thing, the other is tasked with hacking it.”Mitre Corporation, where Edman did at least some of his work for the FBI, is a private nonprofit that makes nearly $1.5 billion annually, according to itsannual reports, from its work on security with the U.S. Department of Defense and a host of other federal agencies.Mitre occupies a paradoxical space in the cybersecurity world. It maintains the industry-standard list of Common Vulnerabilities and Exposures (CVE), meant to help share transparent security data to beat hackers across the tech world. But it's also being paid by the federal government to develop and deploy hacks.That seeming contradiction hasn't gone unnoticed. “They’re supposed to play this important and trusted role in the cybersecurity community,” Sogohian said. “On the other hand they’re developing malware which undermines their trusted role.”At Mitre, Edman worked closely with FBI Special Agent Steven A. Smith to customize, configure, test, and deploy malware he called “Cornhusker” to collect identifying information on Tor users. More widely, it’s been known as Torsploit.Cornhusker used a Flash application to deliver a user's real Internet Protocol (IP) address to an FBI server outside the Tor network. Cornhusker—so named because the University of Nebraska's nickname is the Cornhuskers—was placed on three servers owned by Nebraska man Aaron McGrath, whose arrest sparked the larger anti-child-exploitation operation. The servers ran multiple anonymous child pornography websites.The malware targeted the Flash inside the Tor Browser. The Tor Project has long warned against using Flash as unsafe but many people—including the dozens revealed in Operation Torpedo—often make security mistakes, just as they do with all types of software.Operation Torpedo netted 19 convictions and counting, and it resulted in at least 25 de-anonymized individuals.During the trial of Kirk Cottom, a 45-year-old from Rochester, New York, who would plead guilty to receiving and accessing with intent to view child pornography, the defense asked to see the source code—the human-readable code written by programmers that makes the software tick—behind Cornhusker. The defense wanted a look at the tool that pointed the finger at Cottom. The FBI said it lost the source code. Special Agent Smith insisted he never instructed anyone to destroy the code. The judge said the loss was “unfortunate” but “ultimately of little consequence.”According to court documents, Cornhusker is no longer in use. Since then, newer FBI-funded malware has targeted a far wider scope of Tor users in the course of investigations. Both Cornhusker and newer techniques, dubbed bulk hacking, have been criticized for their lack of congressional or public oversight.In addition to working on Operation Torpedo, Edman also did dozens of hours of work on the federal case against Silk Road, the first major Dark Net marketplace, and its convicted creator Ross Ulbricht. According to testimony, it was Edman who did the lion's share of the job tracing $13.4 million in bitcoins from Silk Road to Ulbricht's laptop, which played a key role in Ulbricht being convictedand sentenced to two life terms in federal prison. Edman worked as a senior director at FTI Consulting at the time.“This is the U.S. government that's hacking itself, at the end of the day.”The Tor malware Edman developed in Operation Torpedo for the FBI has been used in multiple “high-profile” investigations, according to a biography of Edman.“He has been recognized within law enforcement and the United States Intelligence Community as a subject-matter expert on cyber investigations related to anonymous communication systems, such as Tor, and virtual currencies like Bitcoin,” notes his company biography for Berkley Research Group, where Edman works as director in New York. “As part of his work, he assembled and led an interdisciplinary team of researchers that developed a state-of-the-art network-investigative technique that was successfully deployed and provided critical intelligence in multiple high-profile law enforcement cyber investigations.”Edman's résumé also includes a stint as a senior vulnerability engineer at Bloomberg L.P. in New York City, where he did penetration testing of the firm’s network. According to his biography, he also offers special expertise on subjects like Tor and Bitcoin.Today, at Berkeley Research Group, Edman works next to former federal prosecutor Thomas Brown as well as three former FBI agents, all of whom worked on the Silk Road case directly with Edman: Thomas Kiernan, Ilhwan Yum, and Christopher Tarbell.Edman did not respond to a request for comment.Editor's note: This post has been updated to add clarity on the nature of the malware and Tor Project's involvement with law enforcement.Correction: According to a Tor spokeswoman, Edman did not contribute to Tor's codebase.<■●In other hand some Hackers tried to Hack the Tor network by unsual ways to know whats going on at the middle of these networks! Also a writer in info science institute collected the Hacking ways from blogs and published this article in 2 sessions (it's really perfect!):Session I:Hacking Tor and Online AnonymityInformation Technology Training and BootcampsIntroductionTor is the acronym of “The onion router”, a system implemented to preserve online anonymity. Tor client software routes Internet traffic through a worldwide volunteer network of servers that hide user information, eluding surveillance of government and other bad actors.The Tor project was born in the military sector, sponsored the US Naval Research Laboratory, and from 2004 to 2005 it was supported by the Electronic Frontier Foundation. Today the software is under development and maintenance of the Tor Project Team.The encryption processes implemented in the Tor Network allow it to protect users’ privacy. Tor traffic is encrypted multiple times passing through different nodes of the network, also known as Tor relays.Law enforcement and Intelligence agencies all over the world are spending a considerable effort to try to break the encryption used with Tor. Practically every government is trying to infiltrate the network to de-anonymize its users. The Tor network is widely used by digital activists and individuals in many critical regions to avoid the Internet censorship operated by governments in China, Syria, Bahrain and Iran. According to Tor Metrics, the number of people worldwide who directly access the anonymizing network is 2.5 million.Figure – Users directly connected to Tor networkIn this post is an overview of the recent events regarding Tor and the attacks on its infrastructures, with explicit reference to principal initiatives conducted by governments to de-anonymize Tor users.Governments vs TorGovernments are spending great effort to improve monitoring capabilities. Tor networks and other anonymizing networks represent an obstacle to Internet monitoring. Governments sustain that technologies like Tor are abused by cybercrime and terrorists and are a potential source of threats, but organizations for the defense of online privacy and freedom of expression sustain that intelligence agencies are trying to extend their monitoring capabilities over anonymizing networks.Russian Government wants to crack TorIntelligence agencies declared war on the anonymizing network. Edward Snowden revealed months ago that the US intelligence is worried by possible misuses of the Tor network and was investing to compromise it. Also the Russian government is actively working to try to crack Tor encryption to de-anonymize its users. The Ministry of the Interior of the Russian Federation (MVD) has recently started an initiative to “study the possibility of obtaining technical information about users (user equipment) of Tor anonymous network”.The Russian government has issued a to recruit companies and organizations which are interested in developing the technology to track users and their activities within the Tor network. The authorities are offering nearly 4 million rubles, approximately $111,000, for the development of technology to decrypt data sent over Tor and identify Tor users. The tender, titled “Perform research, code ‘TOR’ (Navy),” was posted on July 11th on the official procurement website.Figure – Competition promoted by the Ministry of the Interior of the Russian Federation (MVD)Officially the Kremlin is sustaining similar projects “in order to ensure the country’s defense and security”. Russian intelligence fears that the anonymizing networks could be used by terrorists and foreign intelligence to conspire against the government of Moscow. A few days ago I asked a colleague to help me to translate the original tender, the spelling of “TOP” comes from that original document (all-caps, Russian transliteration). The tender is about Tor indeed and the term “Scientific Production Association” (Научно -производственное Объединение) is a Soviet/Russian cover word for a military or a KGB/FSB R&D outlet. The one in question belongs to the Interior Ministry, which is in charge of police and penitentiary.The tender requires active security clearance specifically in the LI (though I wonder if “legal” is applicable to Russia at all) and a general high level security clearance.Every company that desires to participate in the initiative has to pay a 195,000 ruble (about $5,555) application fee.Who is spying on Tor network exit nodes from Russia?The researchers Philipp Winter and Stefan Lindskog of Karlstad University in Sweden presented the results of a conducted to test Tor network for sneaky behavior. The expert noticed that a not-specified Russian entity is eavesdropping on nodes at the edge of the Tor network.The principle on which their investigation is based is the possibility to monitor for exit relays to snoop and tamper with anonymized network traffic. The researchers have worked to define a methodology to expose malicious exit relays and document their actions. The researchers used a custom tool, a “fast and modular exit relay scanner”, for their analysis, and they discovered that the entity appeared to be particularly interested in users’traffic.They designed several scanning modules for detecting common attacks and used them to probe all exit relays.“We are able to detect and thwart many man-in-the-middle attacks which makes the network safer for its users,” they reported in the paper published in their research.Winter and Lindskog identified 25 nodes that tampered with web traffic, decrypted the traffic, or censored websites. On the overall nodes compromised, 19 were tampered with using a on users, decrypting and re-encrypting traffic on the fly.Figure – Tor network infiltrated by malicious nodesanonymizes users’ web experience, under specific conditions, bouncing encrypted traffic through a series of nodes before accessing the web site through any of over 1,000 “exit nodes.”The study proposed is based on two fundamental considerations:User’s traffic is vulnerable at the exit nodes. For bad actors, the transit through an exit node of the traffic exposes it to eavesdropping. The case of WikiLeaks was very popular, which was initially launched with documents intercepted from the Tor networkon Chinese hackers through a bugged exit node.Tor nodes are run by volunteers that can easily set up and take down their servers every time they need and want.The attackers in these cases adopted a bogus to access the traffic content. For the remaining six cases, it has been observed that impairment resulted from configuration mistakes or ISP issues.The study revealed that the nodes used to tamper the traffic were configured to intercept only data streams for specific websites, including Facebook, probably to avoid detection of their activity.The researchers passive eavesdropped on unencrypted web traffic on the exit nodes. By checking the digital certificates used over Tor connections against the certificates used in direct “clear-web sessions”, they discovered numerous exit nodes located in Russia that were used to perform man-in-the-middle attacks.The attackers control the Russian node access to the traffic and re-encrypt it with their own self-signed digital certificate issued to the made-up entity “Main Authority.”It is difficult to attribute the responsibility for these attacks. Researchers speculated the attacks are part of a sophisticated operation conducted to de-anonymize the Tor network. The experts also noticed that when blacklisting the “Main Authority” Tor nodes, new ones using the same certificate would be setup by the same entity.The experts exclude that any government agency was conducting the attack because the technique adopted is too noisy. They suspect that a group of isolating individuals is responsible for the anomalous activity. One of the most noisy choices of the attackers is the use of self-signed certificates that cause a browser warning to Tor users when they visit the bogus website or were victims of MITM attacks.“It was actually done pretty stupidly,” says Winter.The National Security Agency wants to overwhelm Tor AnonymityAmerican Whistleblower Edward Snowden released a collection of classified NSA documents titled ‘‘, which explain how the NSA agency has developed the capability to de-anonymize a small fraction of Tor users manually. Tor Stinks isn’t an architecture for surveillance on a large-scale, but it allows US agents to track specific individuals during their navigation inside the Tor network. “We will never be able to de-anonymize all Tor users all the time, [but] with manual analysis we can de-anonymize a very small fraction of Tor users,” reports of the slides disclosed.In reality the intelligence agency is doing much more, trying to compromise the entire Tor network and degrading the user experience to dissuade people from using it.Figure – NSA Tor Stinks Project to overwhelm Tor AnonymityThe NSA is operating in different ways to reach its goals. Its strategy relies on the following principles to unhinge Tor anonymity. It is running malicious Tor nodes to infiltrate the Tor networks, and at the same time, it is trying to exploit unknown flaws in every component of the anonymizing architecture, on both client and server sides.Slides leaked by Snowden on the Stinks project reveal that the NSA is conducting the following operations:Infiltrate Tor network running its Tor nodes. Both the NSA and run Tor nodes to track traffic back to a specific user. The method is based on the circuit reconstruction from the knowledge of the ‘entry, relay and exit’ nodes between the user and the destination website.Exploiting of the Firefox browser bundled with Tor. With this technique, the NSA was able to get the user’s IP address. In this way the FBI arrested the owner of the Freedom Hosting service provider accused of aiding and abetting child pornography.NSA also uses web cookies to track Tor users widely. The technique is effective also for the Tor Browser. The cookies are used to analyze the user’s experience on the Internet. The intelligence agency owned or controlled a series of websites that was able to read last stored cookies from the browser on the victim’s machine. With this technique, the agency collects the user’s data, including the IP address. Of course. expert users can avoid this type of control in numerous ways, for example, using a dedicated browser for exclusive Tor navigation, using only the official preconfigured Tor bundle or properly managing the cookies stored on their machine. Unfortunately, the surveillance methods appeared effective for a huge quantity of individuals. I always suggest to use a virtual machine with a live OS for protecting your Tor anonymity. This way, cache and cookies will be lost once the machine is shut down. Documents leaked by Snowden show that the NSA is using online advertisements i.e. Google Ads to make their tracking sites popular on the Internet.German public broadcaster ARD recently published a report on the use of the XKeyscore platform to compromise Tor anonymity. The media agency reported that two Germany-based servers have been targeted by US intelligence. The broadcaster published for the first time the from Xkeyscore, even if ARD didn’t provide information on its origin and how they received it.gives the ‘widest-reaching’ collection of online data, analyzing the content of emails, and browsing history. In August 2014, The published an exclusive report on the NSA surveillance program, providing several NSA training slides from the secret program.Facebook chats and private messages become accessible to the intelligence agents simply providing the Facebook user name and a date range for the investigation. XKeyscore in fact provides instruments necessary for the analysis that are conducted also without any legal authorization or a warrant.“A top secret National Security Agency program allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals, according to documents provided by whistleblower Edward Snowden.” The boasts in training materials that the program, called XKeyscore, is its “widest-reaching” system for developing intelligence from the .The source code published by the ARD demonstrates that the NSA tracks people who are believed to live outside the US and who request Tor bridge information via e-mail or who search for or download Tor or the TAILS live operating system. The NSA was able to track their IP addresses. The XKeyScore analyzed by the experts includes IP addresses of the targeted Tor Directory Authority, part of the backbone of the Tor Network. These authorities are updated every hour with information related to new Tor relays.The post also explains that the authors, including the popular expert , were targeted by the XKeyscore.“Their research in this story is wholly independentfrom the Tor Project and does not reflect the views of the Tor Project in any way … During the course of the investigation, it was further discovered that an additional computer system run by Jacob Appelbaum for his volunteer work with helping to run part of the Tor network was targeted by the NSA. Moreover, all members of this team are Tor users and appear to be have been targets of the mass surveillance described in the investigation,”ARD stated.Going deep in the source code, it is possible to verify that the NSA is also targeting users of anonymous remailer ./**  * Placeholder fingerprint for Tor hidden service addresses.  * Real fingerpritns will be fired by the plugins  * 'anonymizer/tor/plugin/onion/*'  */ fingerprint('anonymizer/tor/hiddenservice/address') = nil; // END_DEFINITION // START_DEFINITION appid('anonymizer/mailer/mixminion', 3.0, viewer=$ascii_viewer) =  http_host('mixminion') or  ip('128.31.0.34'); // END_DEFINITION Law enforcement agencies, Tor Network and cybercrimeDe-Anonymization of the Tor Network users is also a goal for law enforcement agencies that need to track users in order to identify and prevent illicit activities. The FBI last year revealed that experts at the Bureau had compromised the Freedom Hosting company during an investigation of child pornography. Freedom Hosting was probably the most popular Tor hidden service operator company. The FBI exploited a malicious script that takes advantage of a to identify some users of the Tor anonymity network.In an Irish court, the FBI Supervisory Special Agent Brooke Donahue revealed that the FBI had control of the Freedom Hosting company to investigate on child pornography activities. Freedom Hosting was considered by US law enforcement to be the largest child porn facilitator on the planet.For its analysis, the FBI exploited a () for Firefox 17, also confirmed by Mozilla, that allowed it to track Tor users. It exploited a flaw in the Tor browser to implant a tracking cookie which fingerprinted suspects through a specific external server.“Security researcher Nils reported that specially crafted web content using the onreadystatechangeevent and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable.”The exploit is based on a JavaScript that is a tiny Windows executable hidden in a variable dubbed “Magneto”. Magneto code looks up the victim’s Windows hostname and MAC address and sends the information back to the FBI Virginia server, exposing the victim’s real IP address. The script sends back the data with a standard HTTP web request outside the Tor Network.Figure – Magneto script used by FBIThe investigation caused the identification and the arrest of Eric Eoin Marques, the 28-year-old Irishman owner and operator of Freedom Hosting.Freedom Hosting hosted hundreds of websites, many of them used to conduct illegal activities taking advantage of the anonymity provided by the Tor network. Tor is ordinarily used by cybercriminals to conduct illicit activities like , exchanging of child porn material, renting for hacking services, and sale of and weapons.Freedom Hosting was offering hosting services to criminal gangs which were moving their business in the Deep Web. Consider that hundreds of hacking sites such as HackBB were hosted by the company.Donahue revealed that the Freedom Hosting service hosted at least 100 child porn sites, providing illegal content to thousands of users, and claimed Marques had visited some of the sites himself.Eric Eoin Marques knew he was being hunted, apparently he sent the earnings to his girlfriend over in Romania. The FBI, analyzing the Marques’s seized computer, discovered that he had made inquiries about how to get a visa and entry into Russia, and residency and citizenship in the country.Marques also made searches for a US passport template and a US passport hologram star. He probably was planning an escape.Court documents and FBI files released under the FOIA have described the CIPAV () as software the FBI can deliver through a browser exploit to gather information from the suspect’s machine and send it to on the server of the Bureau in Virginia.The event is confirmation that the Tor network provides an extra layer of obfuscation, but it must be clear it does not provide bulletproof online . Many researchers demonstrated that it is possible to de-anonymize users by exploiting a flaw in the protocol itself, or in some of the numerous applications used, like web browser and live distro.Break Tor network anonymity with just $3000It is a common belief that to de-anonymize the Tor network, it is necessary to make a great effort in term of resources and computational capabilities. Many security experts have started to investigate the possibility that US intelligence and others have found a way to compromise the Tor network.A few weeks ago, two hackers, Alexander Volynkin and Michael McCord, revealed to be able to de-anonymize Tor users easily. They also announced that they will present the results of their study at Black Hat 2014, despite that a few days ago they canceled their participation in the event.“Unfortunately, Mr Volynkin will not be able to speak at the conference since the materials that he would be speaking about have not yet [been] approved by Carnegie Mellon University/Software Engineering Institute for public release,” states the posted on the official website of the event.Christopher Soghoian, principal technologist with the American Civil Liberties Union, has speculated that the researchers might have feared to be sued by criminal prosecution for illegal monitoring of Tor exit traffic.“Monitoring Tor exit traffic is potentially a violation of several federal criminal statutes,” he .The expert was preparing a presentation, , to explain how to identify Tor users with a very small budget, just $3,000.“There is nothing that prevents you from using your resources to de-anonymize the network’s users instead by exploiting fundamental flaws in Tor design and implementation. And you don’t need the NSA budget to do so. Looking for the IP address of a Tor user? Not a problem. Trying to uncover the location of a Hidden Service? Done. We know because we tested it, in the wild … In this talk, we demonstrate how the distributed nature, combined with newly discovered shortcomings in design and implementation of the Tor network, can be abused to break Tor anonymity,” are the statements used by the two researchers to describe their work.According to the researchers, it is possible to de-anonymize users with a limited budget. The worrying news is that a persistent adversary like an intelligence agency “with a handful of powerful servers and a couple gigabit links can de-anonymize hundreds of thousands of Tor clients and thousands of hidden services within a couple of months.”The discovery made by the researchers, even if it was never publicly disclosed, seems to confirm the fact that the popular anonymizing network is affected by serious flaws that could be exploited by attackers to track users.One of the creators of the Tor project, Roger Dingledine, speaking of the discovery announced by the two researchers, admitted that the Tor Project had been “informally” shown some of the materials that would have been presented by the two researchers.“In response to our questions, we were informally shown some materials. We never received slides or any description of what would be presented in the talk itself beyond what was available on theBlackHat Webpage.“I think I have a handle on what they did, and how to fix it. We’ve been trying to find delicate ways to explain that we think we know what they did, but also it sure would have been smoother if they’d opted to tell us everything. The main reason for trying to be delicate is that I don’t want to discourage future researchers from telling us about neat things that they find. I’m currently waiting for them to answer their mail so I can proceed … Based on our current plans, we’ll be putting out a fix that relays can apply that should close the particular bug they found. The bug is a nice bug, but it isn’t the end of the world,” he added.The Dingledine’ words confirm that there is a flaw in the Tor architecture that the two scientists probably exploited. This means that the software may have been already compromised in the past by Intelligence agencies.Ongoing attacksAs we discussed in the previous paragraph, law enforcement, intelligence agencies and individuals are interested in de-anonymizing Tor users for various purposes. Now it’s time to analyze a real ongoing attack, explaining the modus operandi of attackers.On July 30th, the members of the Tor project published on the official website a to reveal that earlier in the month, on July 4th, 2014, a group of relays was targeted by a cyber attack conducted with the goal to de-anonymize users. The experts on the Tor Project noticed that bad actors were targeting relays to track users accessing Tor networks or access Tor hidden services.“They appear to have been targeting people who operate or access Tor hiddenservices. The attack involved modifying Tor protocol headers to do traffic confirmation attacks.“The particular confirmation attack they used was an active attack where the relay on one end injects a signal into the Tor protocol headers, and then the relay on the other end reads the signal. These attacking relays were stable enough to get the HSDir (“suitable for hidden service directory”) and Guard (“suitable for being an entry guard”) . Then they injected the signal whenever they were used as a hidden service directory, and looked for an injected signal whenever they were used as an entry guard.The technique is simple as efficient. The attack is possible when the attacker controls or observes the relays on both ends of a Tor circuit and then compares traffic timing, volume, or other characteristics to conclude that the two relays are part of the same circuit, which routes information from source to destination.In the case of the first relay in the circuit (“entry guard”), it knows the IP address of the user, and the last relay in the circuit (“exit nodes”) knows the resource or destination the user is accessing. Then the attacker is able to de-anonymize Tor users.Attackers were leveraging a critical flaw in Tor architecture to modify protocol headers in order to perform a traffic confirmation attack and inject a special code into the protocol header used by attackers to compare certain metrics from relays to de-anonymize users.115 malicious fast non-exit relays (6.4% of the whole Tor network) were involved in the attack. The servers were actively monitoring the relays on both ends of a Tor circuit in an effort to de-anonymize users. The malicious relays were running Tor version 50.7.0.0/16 or 204.45.0.0/16 and bad actors were using them trying to de-anonymize Tor users who visit and run so-called hidden services. The malicious relays joined the Tor network on January 30th, 2014 and experts at Tor Project removed them from the network on July 4th, 2014.The members of the Tor project team also advised hidden service operators to change the location of their hidden service.“While we don’t know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected,” Tor said.When users access the Tor network with Tor software, their IP address is not visible and it appears to the Internet as the IP address of a Tor , which can be anywhere.Bad actors who were running the confirmation attack were looking for users who fetched hidden service descriptors. This means that attackers were not able to see pages loaded by users, nor whether users visited the hidden service they looked up.“The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service. In theory the attack could also be used to link users to their destinations on normal Tor circuits too, but we found no evidence that the attackers operated any exit relays, making this attack less likely. And finally, we don’t know how much data the attackers kept, and due to the way the attack was deployed (more details below), their protocol header modifications might have aided other attackers in de-anonymizing users too,” states the security advisory.In order to close the critical flaw, the Tor Project Team is suggesting Tor Relay Operators to upgrade Tor software to a recent release, either 0.2.4.23 or 0.2.5.6-alpha. Tor Project released a to prevent such attacks.ConclusionsLaw enforcement agencies and Intelligence are spending a great effort to de-anonymize the user experience on the Tor network, to discourage the use of anonymizing networks.Attackers can follow two directions:Try to break encryption used to anonymize the traffic.Try to exploit flaws in one of the numerous components present in the anonymizing architecture.As demonstrated by recent attacks on anonymizing software like Tails Live Distribution, probably the second choice is the most suitable. The presence of an unknown flaw in one of these components could allow a compromise of the entire architecture.Attackers know this, and they are concentrating all their effort to discover such flaws … but if you are a researcher, do not forget that every day anonymizing networks allow many individuals to avoid censorship and monitoring operated by authoritarian regimes.Session II:IntroductionIn a previous post, I presented the used to hack Tor networks and de-anonymize Tor users. Law enforcement and intelligence agencies consider “de-anonymization” of Tor users a primary goal.Authorities can try to implement techniques to break the encryption used to anonymize the traffic or to exploit vulnerabilities in one of the software modules that allows anonymizing the user’s online experience.There is also another option for authorities: to try secretly to destroy the overall Tor architecture or attack the hidden services to interfere with the traffic that flows to them.Operation OnymousSince the publication of the last post, a blow was dealt by the authorities to the cybercriminals that use the Tor network for illegal purposes. Police and intelligence agencies in a joint effort conducted the takedown of several illegal marketplaces as part of Operation Onymous. Coordinated by (EC3), hit the criminal organization that exploited the Tor network to manage black markets. The operation is considered an important success in the fight agaisnst cybercrime, but many experts have begun to question how law enforcement was able to locate the servers hosting hidden services and operators who ran the illegal activities. The developers of the Tor Project published an interesting blog post titled ““, in which they have explained the possible techniques adopted by authorities to locate the hidden services and de-anonymize the operators that managed the most popular black markets, including Silk Road 2.0.“Over the last few days, we received and read reports saying that several Tor relays were seized by government officials. We do not know why the systems were seized, nor do we know anything about the methods of investigation which were used,” states the post.The principal assumptions that law enforcement has made on the possible attack scenarios implemented by the law enforcement are:Lack of operational security of hidden servicesExploitation of bugs in the web applicationBitcoin de-anonymizationAttacks on the Tor networkThe members of the Tor Project highlighted that the police has compromised the anonymity of the location of the servers behind the hidden services due to the lack of one of the following conditions:The hidden service must be properly configured.The web server should be not vulnerable: this means that it must be not affected by any flaw and must be properly configured.The web application should have no flaws.An attacker that is able to exploit a vulnerability in the web server or in the web application (e.g. the e-commerce system exposed by the operators to propose the illegal products) could easily hack the targeted hidden service.Resuming, to de-anonymize Tor users it is possible to compromise a poorly configured server or the web application it exposes, and there is no need to search and exploit an alleged vulnerability in Tor architecture.By exploiting a vulnerability in a third-party application used by a dark marketplace, it is possible to install a backdoor on the server, revealing its location and the identities of its operators.Another possibility for law enforcement is to infect the machine of one of the alleged administrators with a spyware. The computer could be localized through ordinary investigations.Traffic analysis attack based on NetFlowExactly one week after the disclosure of Operation Onymous, a group of researchers presented the findings of a study conducted between 2008 and 2014 on the de-anonymization of the Tor users. The researchers analyzed the possibility to identify Tor users and reveal their originating IP addresses; they claimed to have obtained a 100 percent ‘decloaking’ success rate under laboratory conditions. The group led by professor , now researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology in Delhi, has published several papers on the topic over the last few years.The study revealed that more than 81 percent of Tor clients can be de-anonymized by exploiting thetechnology designed by Cisco for its network appliances.NetFlow was introduced by the IT giant into its routers to implement an instrument to collect IP network traffic as it enters or exits an interface. It is a precious instrument to analyze the network traffic managed by the router and identify the causes of congestion. The protocol is widespread, and many experts consider it as a standard de facto. It actually runs by default in the hardware of many other network device manufacturers.The proposed by Chakravarty and his team implements an active traffic analysis based on the introduction of specific traffic perturbations on server side. The researchers are able to de-anonymize Tor users by evaluating the effect of a similar perturbation on the client side through statistical correlation.In a previous study, Chakravarty demonstrated that an attacker can monitor a significant percentage of the network paths from Tor nodes to destination servers by having access to a few Internet exchange points. The control of a few Internet exchange points allows the monitoring of a significant percentage of the network paths from Tor nodes to destination servers. This means that a powerful and persistent attacker can run traffic analysis attacks by observing similar traffic patterns at various points of the network.The last study conducted by the team of researchers has revealed how to run an effective traffic analysis attack with less traffic monitoring capabilities, such as Cisco’s NetFlow, and run a traffic analysis attack on a large scale.Previous research, in fact, suggested a significant effort to de-anonymize users on a large scale. The experts consider that previous techniques required an effort sustainable only by a government or by an intelligence agency. The researcher explained that a single AS (Autonomous System) could monitor more than 39 percent of randomly-generated Tor circuits.A traffic analysis attack elaborated in the last study doesn’t request the enormous infrastructural effort as the previous techniques do, but it exploits one or more high-bandwidth and high-performance Tor relays. The team used a modified public Tor server, hosted at the time at Columbia University, running on Linux for its tests.Figure 1 – Traffic Analysis based on NetFlowThe group of experts simulated the Internet activity of a typical Tor user: they injected a repeating traffic pattern (i.e. HTML files) into the TCP connection that they saw originating in the target exit node, and then analyzed the traffic at the exit node, as derived from the router’s flow records, to improve client identification.Figure 2 – Traffic Analysis attackIn the first phase, the researchers conducted specific tests in a lab environment with surprising results. In the second phase, the team started the live sessions using real Tor traffic. The team analyzed the traffic obtained from its public Tor relay that served hundreds of Tor circuits simultaneously.The targeted victims were hosted on three different locations in the , the global research network that supports the development of new network services. The chosen locations were Texas (US), Leuven (Belgium) and Corfu (Greece).The victim clients downloaded a large file from the server that deliberately introduced perturbations in the arriving TCP connection’s traffic, thereby deliberately injecting a traffic pattern in the stream between the server and the exit node.“The process was terminated after a short while and we computed the correlation between the bytes transferred between the server and the recently terminated connection from the exit node and the entry node and the several clients that used it, during this interval,” states the paper.The test sessions were organized in two phases based on the source of data analyzed: a first session to evaluate the effectiveness when retrieving data from open-source NetFlow packages, and a second part based on sparse data obtained from an institutional Cisco router accessed by the group of researchers.Figure 3 – Test results for Traffic Analysis based on NetFlow“We present an active traffic analysis method based on deliberately perturbing the characteristics of user traffic at the server side, and observing a similar perturbation at the client side through statistical correlation. We evaluate the accuracy of our method using both in-lab testing, as well as data gathered from a public Tor relay serving hundreds of users. Our method revealed the actual sources of anonymous traffic with 100% accuracy for the in-lab tests, and achieved an overall accuracy of about 81.4% for the real-world experiments, with an average false positive rate of 6.4,” states the paper.The method elaborated by the researchers obtained excellent results: the researchers were able to de-anonymize traffic with 100% accuracy with in-lab tests and achieved an accuracy of about 81 percent for live sessions.Many experts speculate that the recent , which allowed the seizure of several , may have exploited a traffic analysis attack against the Tor network to identify the operators of the black markets.De-anonymize Tor users from their Bitcoin transactionsWhile the majority of Bitcoin users considers Bitcoin one of the most secure systems to pay online without being tracked by law enforcement, the members of Tor Project warned of the possibility that the recent Operation Onymous exploited the Bitcoin to identify the operators behind the seized black markets.In effect, it is possible to de-anonymize clients in a Bitcoin P2P network, as demonstrated by a team of researchers working at the University of Luxembourg.The researchers Alex Biryukov, Dmitry Khovratovich, and Ivan Pustogarov published a paper titled “” to explain how to exploit a built-in flaw in the Bitcoin architecture to reveal the IP address of a client who makes a payment with the virtual currency.The attack consists in generating a ‘malformed message’, faking that it had been sent by the user through the Bitcoin peer-to-peer network. These malformed messages cause the increase for the penalty score of the IP address, and if fake messages exceed 100, the IP could be banned for 24 hours.The mechanism is implemented as a DoS protection and could be abused to separate Tor from Bitcoin.The attackers force Bitcoin servers to refuse connections via Tor and other anonymity services. This results in clients using their actual IP addresses when connecting to other peers and thus being exposed to the main phase of the attack, which correlates pseudonyms with IP addresses. At this point, every time a user’s client makes a connection to the Bitcoin server, its address will be revealed.Resuming, if a Bitcoin client is proxying its connection over a Tor relay and sends malformed messages, the IP address of this relay will be banned after a specific number of messages, and the Bitcoin client will continue to work with its original IP address.This technique allows the isolating of any target client from the entire Tor network, if the attacker is able to force the separation of Bitcoin clients from the entire Tor network by sending malformed messages to every Tor sever.“For the time of writing there were 1008 Tor exit nodes. Thus the attack requires establishing 1008 connections and sending a few MBytes in data. This can be repeated for all Bitcoin servers, thus prohibiting all Tor connections for 24 hours at the cost of a million connections and less than 1 GByte of traffic. In case an IP address of a specific Bitcoin node can be spoofed, it can be banned as well,”states the paper.“Once the hacker knows this address, he can trick the Bitcoin server into revealing the IP address of the user,” states the post.The researchers described their technique with the following statements:“The crucial idea of our attack is to identify each client by an octet of outgoing connections it establishes. This octet of Bitcoin peers [entry nodes] serves as a unique identifier of a client for the whole duration of a user session and will differentiate even those users who share the same NAT IP address.“As soon as the attacker receives the transaction from just two to three entry nodes he can with very high probability link the transaction to a specific client.”The researchers explained in the paper that the anonymity in the Bitcoin virtual currency scheme is weak. Many features could be exploited to run a cyber attack on the crypto currency and reveal a user’s identity.Figure 4 – Trickling of ADDR messagesThe usage of Tor could increase the level of anonymity, but a hacker can always track users from their Bitcoin payments.“We demonstrate that the use of Tor does not rule out the attack as Tor connections can be prohibited for the entire network. It shows that the level of network anonymity provided by Bitcoin is quite low. Several features of the Bitcoin protocol makes the attack possible. In particular, we emphasize that the stable set of only eight entry nodes is too small, as the majority of these nodes’ connections can be captured by an attacker,” states the paper.Another problem related to the anonymity of Bitcoin is that the virtual currency’s lack of a robust authentication system makes it easy for an attacker to cause nodes to blacklist the IP addresses of seemingly misbehaving connections.“We figured out that very short messages may cause a day IP ban, which can be used to separate a given node or the entire network from anonymity services such as proxy servers or Tor. If the Bitcoin community wishes to use Tor, this part of the protocol must be reconsidered.”Experts at Tor Project speculated that a similar technique could have been exploited by law enforcement in the recent against in the Tor Network, allowing authorities to persecute their operators.Mary-Ann Russon on the International Business Times reports that, as explained by researchers, a hacker could de-anonymize a Bitcoin user from its transactions through Tor for €1,500.Not only de-anonymization … the seizure of the directory authoritiesSo far we have discussed the possibility of revealing the IP addresses of Tor users, however there is also the possibility of compromising the entire architecture, targeting critical components such as the directory authorities.The Tor network relies on nine directory authorities located in the Europe and United States, which provide a signed list of all the relays of the Tor network. Experts at Tor Project highlighted that an attack to these servers can “incapacitate” the overall architecture of Tor.“The Tor Project has learned that there may be an attempt to incapacitate our network in the next few days through the seizure of specialized servers in the network called directory authorities,” Tor Project leader Roger Dingledine explained in a .“We are taking steps now to ensure the safety of our users, and our system is already built to be redundant so that users maintain anonymity even if the network is attacked. Tor remains safe to use … We hope that this attack doesn’t occur; Tor is used by many good people.”The seizure of the directory authorities could have the primary target to sabotage the entire Tor network, but it would not be effective to reveal the identities of its users. An attacker, by seizing at least five of the directory authorities belonging to the Tor network, could force Tor clients to connect other relays.This kind of attack could be conducted only by an actor that is interested in dismantling the Tor network. Experts speculate that law enforcement could run covert operations to block the infrastructure and hinder criminal crews that exploit the anonymizing system.This could be a serious problem. Do not forget that the Tor network provides a safe network from surveillance and censorship for millions of people who live in repressive regimes.“Every person has the right to privacy. This right is a foundation of a democratic society.”ReferencesPossible upcoming attempts to disable the Tor networkSeizure of the directory authorities could block the Tor networkBitcoin Anonymity: There's a Way For Hackers To Find Out Your IP Address?(Paste it because it's really perfect, with great pharsing & abstracted) hope it helps you.Good luck.