Blocking Anonymity – China and TOR

There’s loads of places where it’s pretty simple to bypass the blocks and restrictions that Governments put up. In reality a lot of countries have no access to the skills, equipment and in some cases the will to ensure that they really do control access to the internet. For instance in Turkey, there are a lot of sites which are officially blocked like Gay and Lesbian groups ( serious sites not porn) but thousands of people access every day with no problem.

Subscribing to a anonymity service is quite common in many countries, not particularly due to the privacy issues but more because they want to access TV and media sites in other countries. The Geographical blocks that stations like the BBC and Hulu put above are easily circumvented by using a security program like . .   In fact if you speak to these companies you’ll find that 95% of the traffic is related to watching video and not to secure or private browsing.   In Identity Cloaker for example you can turn off the encryption to increase speed which is what many users do. Then people select the proxy server that they need – anything from an Australian proxy or a French, German or British one.

However the simple Geo blocks of the media companies are much worse for many people – for instance in China.  Whilst many countries are as mentioned pretty hopeless at controlling internet access – the techies behind the Great Firewall of China are very switched on indeed.

TOR Access Block

TOR is free software which links to an open network run by it’s users, it’s designed to provide anonymity online and let users bypass blocks and firewalls.   It does have it’s problems mainly based on the open format of it’s network – you relay traffic through other users computers.  As such there are security problems and it can be painfully slow to use.  But it is very difficult to block as you are not reliant on specific servers and there’s no specific IP addresses you can restrict access to.   But the Chinese have reportedly been block TOR users for several months.

The security team at Team Cymru have recently investigated how the Chinese Government was blocking access made to the TOR network.  It’s pretty interesting reading and demonstrates that the Chinese are actively combating the use of Tor through the Great Firewall of China.   Every time a user connected to a one of the Tor Bridges (which relays the connection through the Open network) then probes would be sent out from a Chinese IP address.  The probe was only sent if a connection was made to port 443 (HTTPS) in which an SSL negotiation was performed, any non secure connection did not cause the probe.

The probe was extremely sophisticated and designed specifically to connect with Tor, even able to communicate using the Tor Protocol.  As soon as one  of the probes was received the connection of the original Tor User was blocked by the Chinese Firewall and the connection dropped.

The team Cymru researcher was able to identify how the Tor connection was been identified.  The Tor handshake was located by inspecting inside the packet and locating the specific SSL ciphers used by Tor to establish the handshake.

Pretty heavy stuff,  to utilize this level of Deep Packet Inspection requires very sophisticated technology and obviously teams of people actively researching  how to block anonymity systems like Tor!

You can read the full details of this research conducted by Tim Wilde of Team Cymru here – Great Firewall of China Tor Probing.

Apple iOS Hacker Banned

You’d think computer companies would learn wouldn’t you, when you see someone who points out a problem with your code, hardware or processes then you should thank them, embrace them – heck employ them if you can.   Apple however have failed dismally in their response to Charlie Miller’s assistance on highlighting the problems in the App Store security process.

Photo Charlie Miller – Twitter@0xcharlie

I means there’s two types of people out there who do this sort of hacking – white hat guys like Charlie Miller who will demonstrate the vulnerabilities, publish proof of concepts and let the company know. Of course it can be slightly embarrasing sometimes when you’ve dropped a bit of a clanger but there is an upside.

The upside is that the other type of people don’t get chance to figure it out – the Bulgarian uber hacker working underground for a Russian or Brazilian cyber criminal gang who exploit the hole after they’ve found it.

So what did Charlie Miller actually do?

Well it’s probably best to let the author demonstrate – make sure you watch it until the end to see the full extent of what this hack is capable of !

Pretty incredible heh!! The potential of this in the hands of the bad guys is probably what scared Apple and made them act like a spoilt brat by kicking Charlie Miller off the iOS developer program. White hat hackers as talented as this guy should be treated a bit better even if he did perhaps break a few little terms and conditions to illustrate the vulnerability.

I haven’t thought about the criminal possibilities of this but I am sure there are many beyond downloading everyone’s address book. I confess I’m still stuck on the prank possibilities of having every iPhone on the planet vibrate at exactly the same time. Pointless but fun and pandering to my inner megalomania without causing any real harm! If only I was as clever as Charlie Miller !!

Hopefully the kicking Apple is currently getting in the online media for their reaction will make them think again. Perhaps in some high up meeting somewhere in Apple Towers it will occur to someone that they should be actually thanking this guy. Otherwise they should get worried if he starts taking long holidays in Moscow next year.

Internet Filtering, Censorship, Surveillance and Stuff Like That

One of the many justifications used across the world by agencies, governments, regimes etc for spying on us and filtering internet feeds is that it actually protects us.    By that they generally mean by employing these tactics they are able to catch more terrorists, paedophiles and various nasty people using the internet for their naughtiness.  In fact in many sectors of society if you argue that the internet shouldn’t be monitored or filtered then you will often find yourself grouped with these unsavory characters. Now just to clarify I’m not talking about carefully targeted surveillance and filtering on suspects (fair enough on that) but the general broad monitoring and filtering on an entire population on the off chance of picking up something interesting !

The problem is that it’s utter rubbish for one very good reason – it simply doesn’t work.    It’s all very well a Government thinking that they can routinely pick up terrorists by swooping on a Facebook page – but in reality what sort of hardened operatives are they going to pick up?   One thing for sure they won’t be very clever – in fact you’ll probably pick up the likes of these two harmless muppets who tried to organise a riot on Facebook.   Their riot attracted no rioters and they were picked up and sentenced to four years (which will probably be reduced to 2 weeks on appeal).

Jordan Blackshaw, left, and Perry Sutcliffe-Keenan

Now to be honest I don’t know about you, but I might be prepared to concede a large part of my liberty and privacy if I thought the world would become a genuinely safer and better place.   However picking up the likes of these two hardly meets that criteria.

The point I’m trying to make is that when internet filtering, censoring and surveillance techniques are utilised the only people who are affected are those with nothing to hide, plus perhaps a few thick criminals/terrorists who are probably of limited danger.   There are many ways to circumvent filters, there are lots of ways to communicate anonymously and all those who need to are doing just that.

Do Al Qaeda communicate through Facebook, My Space or Twitter – I suspect not.  Do they send out their orders by emails in clear text with PDF attachments detailing their targets – of course they don’t.    They’ll be using TOR, encrypted emails, hidden web sites and communication networks on the Dark web.   There will be codes, ciphers and carefully devised communication methods and strategies plus loads of other stuff on here The Ninja Proxy!

Of course they might be like this lot from the rather funny film Four Lions –

 

But I suspect not.