Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ
Ξ We've updated our CA certificate. All members need to be using the latest ones by Dec 22. See this page for more infoΞ

Adversary Resistant Systems

Encouraging best practices in the VPN industry via independent, community-certified verification of clean installers and clean basic service operations. Let's reward the good, and make the bad a little bit less tempting 〰 github repo#cleanVPN

Topic Author
killswitch
Posts: 8
Joined: Mon Jan 21, 2013 2:11 pm

Adversary Resistant Systems

Postby killswitch » Wed Jul 22, 2015 9:34 pm

The world has been shaken in 2015. First the Office of Personnel Management lost everything it had on four million Americans with security clearances. Then Italy's Hacking Team lost control of the entire contents of their corporate systems. Then in quick succession NYSE and United Airlines were down, around the same time an outsider managed to send commands to a Turkish Patriot missile battery deployed in the field.

Among the Hacking Team treasures was the source code for Remote Control System, a piece of second string espionageware, not quite as capable as Duqu or Flame, but still quite dangerous in the hands of an entity with good operating discipline. Along with the C&C (command & control) the world also got to see the range of methods used to compromise target systems. Among these was an appliance for man on the side attacks – a Corruptor-Injector Network tool.

We started to understand how dangerous things had truly become thanks to Snowden's leak in 2013. Now with the Hacking Team intrusion we can see the full spectrum of tools and methods employed by a small but skilled surveillance dragnet operator. No amount of legislation or law enforcement is going to fix problems like this unless it also utterly breaks the good stuff the Internet does.


What the world needs are Adversary Resistant Systems, and there are a number of grassroots projects that already provide quite a bit of functionality.

Adversary Resistant Computing

There are three well known adversary resistant computing platforms which you could download and start using today.

TAILS is short for The Amnesiac Incognito Live System, a live CD/USB system that enforces use of the Tor anonymization network and which, as the name implies, keeps nothing locally between sessions. This distro is about 900 megs and built to run on the smallest Atom based netbooks.

Whonix is another Tor focused system but it is served up as a pair of 1.5 gig virtual machines in OVA format, suitable for import into the free VirtualBox type two hypervisor. The gateway VM provides routing, firewall, and the Tor anonymizing network. The workstation, completely separate from any network duties, can not provide any information about the host OS such as public IP or actual MAC address. This thwarts both geolocation and equipment purchase tracking.

Qubes is a type one hypervisor, a 'bare metal' solution based on Linux + Xen. This system boots to a graphical environment that has no network connection at all, connectivity is provided by a NetVM that accesses hardware, a ProxyVM that implements services such as Tor or a VPN, and workstations. Templates are provided so users can create workstations from a Fedora or Debian install and there is an alpha grade port of the Whonix system which is currently in need of a maintainer.

Adversary Resistant Networking

There are two well known anonymizing networks supported by both TAILS and Whonix, namely Tor, The Onion Router, and I2P, the Invisible Internet Project. Cryptostorm's Zero Customer Knowledge VPN service is the third worthy contender in this category.

Tor was created at the U.S. Naval Research Laboratory and released to the public in 2004. This system provides a local SOCKS5 proxy that can access the clearnet via about 400 volunteer run Tor exit nodes. There is an internal addressing scheme where site operators can create .onion domains and these sites are used for all sorts of hosting, most notably for the dozen dark net markets that have sprung up in the wake of the takedown of the first two iterations of Silk Road, an online cybercrime/drug/weapons market.

I2P, the Invisible Internet Project, is similar to Tor in some ways, but there is no generalized access to the clearnet, so the primary function is for operators to create eepsites, which are similar to Tor hidden services, but ending with the extension .i2p instead of .onion. This network is a purely grassroots effort so it isn't nearly as large or as fast as Tor, but it has become more hidden site operator friendly with the publication of headless I2P software meant for virtual servers.

Cryptostorm provides a service that is superficially similar to other VPN providers, but there are important differences. These include:

Zero Customer Knowledge – instead of a userid/password subscribers purchase digital tokens, then use the hashed token as their username and no password. Other VPNs vow that they do not log, Cryptostorm simply avoids ever having enough information about its subscribers to do that.

Value added access and filtering – when the webrtc/STUN leak became public in early 2015 Cryptostorm had modifications to block this exposure within thirty six hours. When it became the Certificate Revocation Lists (CRLs) were being used to attack browsers they were immediately 100% filtered across the network. It is a testament to the hazard they CRLs represent that this change went entirely unnoticed by subscribers.

Hidden service in the Tor and I2P networks may be accessed directly via the Cryptostorm network, thanks to built in application proxies that translate requests for subscribers. There is room to debate the value of that versus local installation of Tor and I2P, but the service is present and no other VPN provider can make that claim.

Adversary Resistant Hosting

Hardening operating systems is offering a tool, network transport for encrypted traffic is providing a service without being aware of the content, but hosting is an entirely different matter. Content may be politically provocative or even outright criminal in some jurisdictions. Servers are in datacenters, subject to law enforcement seizure and continued operation as watering hole attack locations against visitors.

There have long been “bullet proof” hosting companies, located in jurisdictions with permissive laws and little enforcement, promising that operators will never be shut down due to administrative action. Existing at the fringes of polite society, they are as likely to rootkit and rob interesting sites as provide them the promised service level. Tor's ability for hidden services to conceal what a server actually does has cut into the business of such companies, making it possible to host questionable content at major providers like Rackspace, OVH, or Digital Ocean.

The shining example of journalism/whistleblower oriented adversary resistant hosting is Secure Drop, an architecture created by the late Aaron Swartz, who committed suicide after being subject to overzealous prosecution. The system is now maintained by Freedom of the Press Foundation.

Two other notable hosting service developers are Thomas White of CthuluSec and LulzSec veteran Donncha O'Cearbhaill, both of whom do research on hardening hidden services in the Tor network.


Conclusion

The militarization of cyberspace has been creeping up on us for a number of years now. The United States has pursued a failed strategy in the construction of CYBERCOM, attempting to build a deterrent, an analog to the role nuclear weapons played during the Cold War.

The Soviet Union's denied areas of the 1970s, thanks to satellite imagery and social media, are now accessible in a way the CIA could only dream of forty years ago. The shining example is Bellingcat's crowdsourced effort to identify who shot down MH17, and the grubby example is the smash & grab job on Hacking Team, who richly deserved such treatment.

The problems the Internet faces today will not be solved using lessons we learned in the Cold War. The only remedy when facing a network threat is to build a better network to face it.

User avatar

parityboy
Site Admin
Posts: 1220
Joined: Wed Feb 05, 2014 3:47 am

Re: Adversary Resistant Systems

Postby parityboy » Thu Jul 23, 2015 3:46 am

@OP

Great job with this write up. :D

There is room to debate the value of that versus local installation of Tor and I2P, but the service is present and no other VPN provider can make that claim.


This is true but there is a subtle yet crucial benefit. Using Cryptostorm as the first hop, a workstation or router can firewall everything except 443/UDP for each of the CryptoStorm exit nodes. If a user wants Tor running on top of this first hop, they will inherently benefit from this level of network security, since all traffic will still travel over the VPN link, only.

However, a "naked" VPN-less installation of Tor or I2P is a lot more difficult to secure in terms of outbound traffic, simply because other nodes can be available on any port number, including port 443, and the nodes used to build circuits (in the case of Tor) are unknown prior to activation of the local relay. Additionally, restricting outbound traffic to the default I2P or Tor ports limits the number of nodes that can be used to make a connection, so more ports have to be given permission.

This in turn gives an opportunity for other applications to leak traffic out to a given address on port 443. Not only that, but in a VPN-less environment the first entry node you hit will see your ISP-allocated WAN IP address; much better to let it see the address of a VPN exit node. Finally, added to the above is the fact that too many applications silently failover to the public Internet if something goes wrong with the SOCKS connection to the local I2P or Tor relay - this can be incredibly dangerous.

So, in conclusion I would say that a VPN first hop with transparent access to the I2P and Tor darknets is a much stronger model in terms of network security than relying on either of those two darknet technologies alone, and that having the further option of running Tor on top of that first hop - enabling the use of a Tor exit node to the clear Internet - serves as an extra layer of security.


Topic Author
killswitch
Posts: 8
Joined: Mon Jan 21, 2013 2:11 pm

Re: Adversary Resistant Systems

Postby killswitch » Thu Jul 23, 2015 9:51 am

Technically correct, parityboy, and there are places where defining Adversary Resistant Networking will get deep, but this is part of an overall effort to lay claim to and properly define the terms Adversary Resistant Computing, Hosting, and Networking. I imagine there will be a couple of posts a week at various places as the concepts are distributed and clarified.

Cryptostorm is patient 0 for this, where else do you think it should go? Do you have a presence on any of these other sites?

User avatar

parityboy
Site Admin
Posts: 1220
Joined: Wed Feb 05, 2014 3:47 am

Re: Adversary Resistant Systems

Postby parityboy » Fri Jul 24, 2015 1:24 am

@killswitch

Actually I don't. My "security & darknet information" presence is here on the CS forums. :)


Topic Author
killswitch
Posts: 8
Joined: Mon Jan 21, 2013 2:11 pm

Re: Adversary Resistant Systems

Postby killswitch » Fri Jul 24, 2015 12:08 pm

Cryptostorm is a marvel, but it's like a remote alpine valley - there is a huge learning curve to climb before one has enough background to read the content with any confidence that they're absorbing the details. This is great as a first cause, as an incubator for such thinking, but imagine how this place looks to someone who is trying to decide between Cryptostorm and one of the bigger VPN players like Cyberghost or Witopia.

Cryptostorm needs a simple, linear, confident presentation to the non-technical user. That's been done in hand to hand transactions, now it needs to go bigger. If we firmly grasp this emergent Adversary Resistant meme, the expansion will happen as a natural follow-on to putting some structure around this stuff we all do to keep our systems safe.


Return to “#cleanVPN ∴ encouraging transparency & clean code in network privacy service”

Who is online

Users browsing this forum: No registered users and 3 guests

cron

Login