Month: September 2015

Russian Company Back Out Its Deal To Crack “Tor”

citizens who use the Internet anonymity network Tor hit a brick wallPlans by the Russian government to unmask its citizens who use the Internet anonymity network Tor seems to have hit a brick wall. This is after reports emerged that the company that had been hired by the Kremlin administration was reported to have hired a law firm to help it back out of the contract to unmask Tor.

The Russian government was willing to part with nearly $60,000 (3.9 million rubles) to have Tor cracked. Tor is a popular tool that is used to communicate anonymously across the internet. Now, it is emerging that the company which won the contract is ready to spend more than twice the amount it was to be paid by the government to abandon the Tor project.

The tender had been earlier won by the Central Research Institute of Economics, Informatics and Control Systems, which is a Moscow branch of Rostec -the state-managed manufacturer of weapons, helicopters and other industrial and military equipment. The company is willing to pay up to 10 million rubles (equivalent to some $150,000) to contract a law firm to negotiate a way out of the contract. This is according to state-purchase disclosures database.

According to leaked government documents, lawyers from Pleshakov, Ushkalov and Partners are working with Russian officials to put an end to Tor research project.

In 2014, the Interior Ministry of Russia posted a contract on its website looking to find a group that would study whether it was possible to obtain technical information not only on users but also on the user’s equipment of the Internet anonymity network Tor. A spokesman for Interior Ministry department which placed the Tor project order declined to give a comment when contacted. Also, the Rostec research group did not comment on the matter.

Tor Logo

This has not gone down well with Russian authorities especially considering that it is not a huge fan of Internet freedom. And it does not help that the use of the Internet anonymity software is growing in popularity within its borders. The Russian government has put in place draconian censorship laws that effectively stifle Internet privacy.

Judging by the latest developments, it appears Tor is very much secure. Although some strides have been made with regard to gleaning information from Tor network, anonymization has not been a complete failure.

It was never going to be easy for any company to unmask Tor. The government of the US, as well as other nations, has spent much more money to sponsor the building of Tor network. In fact, lots of intelligence agencies would part with a lot more just to access data running over the anonymous network.

About Internet Anonymity Network Tor

Tor, which is just an acronym for The Onion Router, is Internet anonymity software which sends the network traffic of each user to various nodes all over the globe. In so doing, it encrypts the data at every layer, thus making it nearly impossible to track. The network has been embraced by political dissidents, criminals and hackers the world over. Edward Snowden, who is an erstwhile U.S. intelligence contractor and currently living in Russia, is a known admirer of Tor. The number of people using the network in Russia has grown by 40% from the start of this year to reach more than 175,000 users. This is according to data provided by Tor project, the developer of the service.

Edward SnowdenUsing the Internet anonymity software makes it much more impossible to track online connectivity back to the user. In other words, web visits, instant messages, online posts as well as other communication forms to untraceable. The use of Tor is meant to users’ personal privacy, as well as their ability and freedom to communicate confidentially by keeping their Internet activities from monitoring. The US National Security Agency characterized Tor as “King of high-secure Internet anonymity.” In fact, the NSA adds that there are no contenders to that throne in waiting. The Parliamentary Office of Science and Technology described Tor as the most popular anonymous Internet communication system by miles. It currently has an estimated user population of 2.5 million people daily.

According to the July 2015 NATO analysis, the world should brace itself for the use of Internet anonymity tools such as Tor as they will only continue to thrive.

People use Tor to prevent their websites from being tracked, to connect to news websites or to access instant messaging service when they are blocked by local Internet providers. By using Tor’s hidden tools, users will be able to publish to websites as well as other services without requiring disclosing their sites’ location. People also use the network for socially sensitive communication.These include web forums and chat rooms for survivors of rape and abuse, or for individuals with illnesses.

Atlanta-Based Bitcoin Payment Processor Hit By Internet Security Attack

An Atlanta-based Bitcoin payment processing company, BitPay, has reportedly been hit by a costly phishing scam with loses estimated to be around $1.8 million. The hacker, who pretended to be BitPay’s CFO Mr. Bryan Krohn, sent dummy email messages from his account in the month of December. Sanctioning transfer of approximately 5,000 bitcoins in 3 separate transactions to the SecondMarket platform, he bypassed Internet security systems where in any normal situation such advanced payments would not be necessary.

BitPay’s CFO Mr. Bryan Krohn
The first victim of this elaborate scam touching on Internet security was David Bailey, founder of quarterly trading magazine yBitcoin. His email account had been hacked and an alleged message sent to Krohn, requesting that he reviews certain modifications published on a Google document. During this time, they were coincidentally in consultations about purchase of the company’s online magazine by yBitcoin. As shown by documents from BitPay.

Krohn suspects that his login details were breached when he tried accessing the alleged document. Thereafter, the fraudster didn’t just impersonate him, but also hacked into the company’s Internet security details to acquire details concerning procedures used to make transactions with customers.

On Dec 11th, somebody pretending to be Mr. Krohn sent an email to BitPay’s CEO Stephen Pair, demanding immediate transfer of about 1,000 bitcoins to the SecondMarket platform at an undisclosed wallet address. The request was processed within an hour’s time, then shortly afterwards another email was sent for 1,000 more bitcoins to the same account. Transactions were made directly from the firm’s official wallet on Bitstamp.

Phishing Scam
The next day, the hacker requested 3,000 more bitcoins to be transferred to SecondMarket but at a different wallet account. After these funds were sent, Pair confirmed them by relaying an email to both Krohn and SecondMarket’s executive Gina Guarnaccia, with the latter immediately denying that her firm was involved in purchase of any bitcoins. That’s when the victims discovered their Internet security protocols had been tampered with.

A few days later, BitPay filed an insurance claim seeking compensation from its coverer the Massachusetts Bay Insurance Company. However, on Sept 15th BitPay filed suit against MBIC for failing to meet the contract stipulations, having not paid statutory damages as requested. They are seeking $950,000 as fine including necessary court fees.

Tor’s .Onion Becomes Special-Use Domain Name

It was recently announced that .onion domain has been added to the list containing Special-Use Domain Names; this was done with help from the Engineering Task Force organization and Internet-Assigned Numbers Authority who together form part of ICANN. The technology was previously referred to as psdeuo-TLD, and made it possible for .onion domains to be applied on regular web. But now it’s only limited to the Tor network. There’s also possibility that site-specific encryption and use of Internet security certificates will follow.

Onion Domains

The level of online anonymity offered has numerous benefits not only to nefarious sites, but also news outlets which take it as a way of secretively gathering information, plus Facebook further uses it to protect accounts from unauthorized breaching.

Official recognition of this domain will help improve online anonymity for web users, by limiting the chances of their IP addresses being detected by other people. In light of these new changes, all applications including proxy servers which implement the Tor protocol must recognize .onion extension as unique by either accessing them straightly, or using proxy to do so. Similarly, those that don’t implement this network will generate a default error upon opening the onion site, they are also advised not to run a DNS checkup as this won’t help in resolving the issue.

Internet Domains

As for Libraries and Name Resolution APIs, respondents must either react to access requests by resolving them based on data from NXDOMAIN, also popularly known as tor-rendezvous. Similarly, Caching DNS Servers which may not have been explicitly improvised to interoperate with Tor shouldn’t attempt to check up records for network names, but must rather use NXDOMAIN for such queries. The same applies to Authoritative servers.

The prospects of TLS and SSL certification are important for standardization and wider recognition of Tor, both help give users confidence that the sites they’re dealing with are legit and capable of protecting their online anonymity. Generally, Tor ecosystem will benefit from same levels of security as the rest of the net but with an added layer of safety and online anonymity.

A Smartphone Designed To Preserve Internet Anonymity

An Australian-based smartphone company, Ncryptcellular, has designed a unique handset which gives users maximum privacy and Internet anonymity when browsing the net. These devices have gained tremendous popularity all around the globe since their launch. They are available in 3 versions which include the Ncrypt Mega ($1465), Ncrypt Super ($1314) and Ncrypt Slim ($1182).

Ncryptcellular
These Android-based gadgets are fitted with unique open-source apps and custom Internet anonymity tools, which allow owners to conceal identity information, encrypt voice and data communications as well as generate forged traffic designed to confuse government metadata breach attempts.

The company’s chief technical officer, Alex Kesik, says that these Internet anonymity smartphones were created as a response to people’s concerns that state agencies could be snooping on their web usage. A marketing campaign seeking official distributors has already been launched, spawning immense response from potential retailers keen on buying the smartphones wholesale and then selling to their native countries.

Ncryptcellular devices
Ncryptcellular devices are increasingly becoming popular amongst business and personal users, most of who want their online activities to remain anonymous. They have cutting-edge security features such as connectivity to the Tor network, and an integrated XMPP app which can also be linked to the onion system. In addition, there’s a Secure Talk, Secure Text and encrypted SMS service that ensures not only your web activities are kept safe but also everyday phone communications.

Furthermore, the Internet anonymity devices contain Anti Listening properties capable of detecting coded IMSI-Catcher surveillance programs, which may have been implemented as proxy Wi-Fi base stations. Ncryptcellular smartphones prevent such security breaches from happening, by determining what type of data each particular app can access. They also contain properties which spoof GPS web locations, allowing owners to alter their GPS details so as to confound any attempts towards hacking.

Though this software may be allowed to operate on other smartphone brands in the future, as for now they are only available on Oppo units which were selected because of their sleek design and comprehensive manufacturer warranty.