Posted by: Kiell
October 27, 2014
Alex Biryukov and Ivan Pustogarov at the University of Luxembourg published a research paper titled, “Bitcoin over Tor isn’t a good idea.” The paper discusses possible security risks when using Bitcoin through Tor, and how these risks could possibly be countered. Bitcoin’s reputation system, designed to heighten security, includes protection against DoS attacks. If an attacker were to send malformed packets (a malformed transaction 60 bytes in size will get a peer immediately blacklisted for 24 hours) over Tor and force peer blacklisting of other Tor Exit nodes, they could hypothetically force all Bitcoin-over-Tor traffic to go through Exit nodes under their control. As a proof-of-concept, the researchers were able to get about 7,500 Bitcoin peers to blacklist their Exit node. This scenario creates multiple vectors for an attack. One, it could compromise anonymity by making traffic vulnerable to timestamp analysis. Two, with this centralization, an attacker could control what Bitcoin blocks and blockchain transactions clients are aware of. This could allow an attacker to not feed certain transactions to the client, or possibly send illegitimate transactions. The authors suggest a few possible solutions. One is the encryption and authentication of Bitcoin traffic. Another is disabling the DoS protections on Tor peers, since rate limits obviously present issues for Tor exit nodes. The third is the public listing of all verified peers’ hidden service addresses.
TorBirdy 0.1.3 has been released, making it the fourth beta release. TorBirdy is an add-on for Thunderbird, which is an open source Email client. TorBirdy allows Thunderbird to make connections through the Tor network, tunneling SMTP and IMAP/POP3 traffic.
Josh Pitts, a security researcher from Leviathan Security Group, reported that he experienced an Exit node performing a man-in-the-middle attack, inserting malware to binary files. The Exit node was actively patching any binaries that users attempted to download, adding malware to legitimate software. The researcher was worried that the same attack could be used against automated security updates. This situation highlights the importance of using TLS/SSL, even when unencrypted communication might not seem like a security risk.
Privacy and Digital Rights
Earlier this week, Paola Cardullo submitted a research paper on Turkey’s recent attempts to block the social network Twitter. In the paper, he first gives a summary of the events in Turkey. He then analyzes the importance of social media, and the impact of privacy-enabling tools, on the organization of protests and the empowerment of citizens. On March 20th, 2014, ten days before local elections in Turkey, Prime Minister Erdogan began to block Twitter, which he said a “minority of users” used to threaten national security. This attempted block proved to be immensely ineffective. Technology savvy citizens could circumvent the ban, and they spread information to other citizens on how to do the same. Mikko Hypponen, Chief Researcher at F-Secure, showed an increase of 138% on the volume of tweets from Turkey in the hours following the ban.
After citizens began to post on Twitter, the hashtag #TwitterIsBlockedInTurkey was soon trending. The rest of the world knew what was happening in Turkey. Initially, the ban was a Domain Name block. This soon escalated to a block of Twitter’s IP range. Circumventing the ban now required more sophisticated tactics, and many people began to use a VPN service or Tor. In his interviews with citizens in Turkey, Cardullo found that many of the people who chose to use these tools had never used them before. One person tweeted, “Every Turkish citizen has become some sort of Internet expert/amateur hacker after the ban.” In summary, Cardullo explains that while censorship may be temporary, the tools used and the techniques learned by citizens are not so temporary. He states that “these practices obviously come to the fore during censorship attempts. However, the knowledge and the reflexivity that users acquire cannot simply vanish.” In many interviews, people stated that they would definitely use these tools in the case of another censorship attempt. Some stated that they would begin to use these tools in their everyday lives. In this way, citizens are able to become adaptive to changing and sometimes hostile situations involving technology.
You can download the full research paper here, under ‘Cultural Practices of the Hacking Multitude”.
Verizon Wireless came under scrutiny earlier this week when it was revealed that the company has been injecting unique identifiers into customer traffic for advertising purposes. As part of their Relevant Mobile Advertising program, a Unique Identifier Header (UIDH) is added to all of a customer’s traffic sent over Verizon’s network. This token is used to track a user’s browsing habits, which can be used to serve more relevant advertisements. This created various privacy concerns over the scope of data collected by companies. Jacob Hoffman-Andrews, senior staff technologist with the Electronic Frontier Foundation, criticized the practice. He said, “There is this mentality of ‘if there is a way we can acquire more data on our users, that data is a legitimate target’.”