DOCSLIB.ORG

A Report on Fake Doma in Attacks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Report on Fake Doma in Attacks Global Civil SoCiety at RiSk // Fake Domain attaCkS 1 ONE OF THESE THINGS IS NOT LIKE THE OTHER — A R E P O R T O N F AKE D OMA I N A T T A C K S GLOBAL CIVIL SOCIETY AT RISK Report ONE OF A SERIES detaiLING SOME OF THE MAJOR DIGitaL THreats facinG CIVIL societY ORGANIZations AND HUMAN RIGHTS DEFENDERS Global Civil SoCiety at RiSk // Fake Domain attaCkS 2 OVERVIEW OF REPORTS ON GLOBAL CIVIL SOCIETY AT RISK Civil society organizations and human rights defenders have some of the most sophisticated, relentless, and well-resourced adversaries attempting to surveil and hinder their work. The threat of these adversaries to the operations of civil society groups is compounded by the low capacity of such groups to focus on and mitigate such threats. The situation is even more dire when compared to the growing corporate understanding of digital threats. In the corporate world, many companies periodically report and analyze digital threats to businesses -- McAfee, PandaLabs, Secunia, Symantec, Verizon, to name only a few. But just as the number and sophis- tication of attacks targeting corporations have increased over time, so too have the threats faced by civil society organizations to their operations. With our reports we hope to narrow this gap, and inform civil society groups of some of the digital threats that predominantly target them -- from DDoS and website defacement to fake domain attacks and account compromise. These are attacks we have seen in the operation of our digital security helpline and partner organizations have experienced in the course of their operations. By analyzing the specific threats to civil society organizations and human rights defenders, we aim to provide a higher-level understanding of the technical, socio-political, and legal ways they are perpetrated and mitigated. This report, “One of These Things is Not Like the Other: An Investigation of Fake Domain Attacks,” is the first report in the “Global Civil Society at Risk” series that will be released in the coming months. These reports expand on the general multi-issue report we released in 2012 titled, “Global Civil Society At Risk: An Overview of Some of the Major Cyber Threats Facing Civil Society.”1 In this follow-up report, we trying to delve into more detail on the specific attacks civil society actors face. We see this work as complementary to the tremendous efforts of other organizations in our space such as Citizen Lab in finding and analyzing digital attacks such as targeted malware on civil society organizations. Through this awareness building and information sharing, we aim to improve the ability of users and organi- zations to defend themselves against these digital security threats. 1 https://www.accessnow.org/page/-/docs/Access Tech/Global Civil Society at Risk.pdf Global Civil SoCiety at RiSk // Fake Domain attaCkS 3 AUTHORS AND ACKNOWLEDGEMENT This report was written and managed by Michael Carbone. Data analysis and visualization was provided by Béchir Nemlaghi and Dillon Reisman. Peter Micek, Drew Mitnick, and Wes Paisley contributed policy and legal analysis. Mira Rojanasakul designed the report. Many thanks to the following individuals and organiza- tions for their invaluable input into the fake domains chapter of the report: Gustaf Björksten, Brett Solomon, Jochai Ben-Avie, Patrick Ball (Human Rights Data Analysis Group), James Turnbull, Kayne Naughton (Asymmetric Security), Amin Sabeti, the engine room and May First/People Link. Access is an international human rights organization that defends and extends the digital rights of users at risk around the world. By combining innovative policy, user engagement, and direct technical support, we fight for open and secure communications for all. If you know of any fake domains attacks not covered in this report, please contact us at [email protected]. Global Civil SoCiety at RiSk // Fake Domain attaCkS 4 TABLE OF CONTENTS REPORTS ON GLOBAL CIVIL SOCIETY AT RISK 02 AUTHORS AND ACKNOWLEDGEMENTS 03 I. INTRODUCTION 05 II. METHODOLOGY 06 III. FAKE DOMAIN ATTACKS 07 CATEGORIES OF ATTACKS 07 1. MALWARE 07 2. ALTERNATIVE CONTENT 10 METHODS OF ATTACK 11 1. URL SIMILARITY 11 2. URL OBFUSCATION 11 3. DNS redirection BY state-owned TELECOS 11 4. TARGETING HIGH-PROFILE EVENTS 12 IV. MITIGATION STRATEGIES 12 TECHNICAL STRATEGIES 12 PROTECTING THE USER 12 PROTECTING THE WEBSITE 13 LEGAL/POLICY STRATEGIES -- TARGETING “THE STACK” 13 1. DOMAIN REGISTRIES AND REGISTRARS 14 2. NATIONAL TELECOMS AND ISPs 17 3. WEB HOSTS 18 4. SOCIAL MEDIA PROFILES 19 V. CONCLUSION 20 APPENDIX 22 DATA TABLE 22 HOW TO REMOVE FAKE PROFILES ON SOCIAL MEDIA WEBSITES 24 Global Civil SoCiety at RiSk // Fake Domain attaCkS 5 I. Introduction Civil society organizations and human rights defenders are the targets of a variety of sophisticated attacks to surveil their human and computer networks, impede their work, and dilute or confuse their message. Fake domains have emerged as a unique method employed by the adversaries of civil society organizations towards these goals. Fake domain attacks are defined as attacks in which an adversary creates a similar-looking website or social media profile to the targeted website. This may be done with the intent to draw readership from the original website and display alternative content, create confusion amongst a targeted community, or serve malware to compromise the target audience of the original website. In the past, fake domain attacks were used mainly by spammers and online criminals to trick individuals into sharing their private information (often banking credentials) through a fake look-alike or website. That website would often be promulgated through a “phishing” email purported to come from the original website.2 The attacks analyzed in this report represent an evolution of these attacks, targeting the online presences and user trust of civil society organizations and media organizations for socio-political rather than economic goals. In addition, the perpetrators of these attack are predominantly state-aligned actors, and in some cases leveraged the privileged position of state-owned Internet Service Providers to propagate the attacks. A. B. Figures (A) and (B) are screenshots of two nearly-identical news sites (images taken July 3rd, 2013). These fake domains range are often very faithful imitations of the target domain. Figures (A) and (B) are screen- shots of two nearly-identical websites from July 3rd, 2013. Only one of them is the legitimate BBC Persian news site (officially bbcpersian.com or bbc.co.uk/persian), while the other is a fake domain (persianbbc.ir) serving alternative content under the same logo, design, and layout. The fake website (B) substitutes pro-government content for the original news content on the targeted BBC website (A). The effect of such imitation can be extremely harmful to consumers of media and the supporters of civil society organizations; in the past, they have successfully drawn a significant amount of both domestic and international traffic away from victimized domains. In certain instances fake domains have even garnered better Alexa traffic rankings than their targets. 2 These types of phishing attacks have also perpetrated in political contexts -- most recently in the lead-up to the 2013 Iranian presidential election, Iranian users received such attacks in an attempt to steal their Google account credentials, likely for intelligence and surveillance purposes. See: http://googleonlinesecurity.blogspot.com/2013/06/iranian-phishing-on-rise-as-elections.html Global Civil SoCiety at RiSk // Fake Domain attaCkS 6 AGGREGate internationaL/domestic traffic score (100/LN(ALEXA rank)) of tarGet domain VS. fake domain As news organizations and citizen media increasingly rely on digital means to present their work, state- level adversaries are relying on novel ways of diminishing their impact and targeting their readers. Our data provides a window into the methods and effectiveness of these attacks and the type of government environ- ment that gives rise to them. II. Methodology For each fake domain incident shared with us or encountered during the course of our digital security helpline work, we have sought to distill the most important data points to aid in comparison and analysis. Some of the different aspects we looked at are the domain name and registrar, web host, and attack type for the targeted and fake domains. In addition to similar domain incidents shared with us or encountered during the course of our digital security helpline work, we also endeavored to find additional fake domains we were not aware of. Two strat- egies in particular proved fruitful: analyzing other websites hosted on the same IP address as fake domains, and building an automated tool that searched for fake domains from a list of websites likely targeted. One difficulty in acquiring usable data on these attacks is that the fake domains may only be accessible online for a short period of time, such as around a presidential election. Because of this, we must rely on contemporaneous accounts of these attacks to provide context for the attack, and in malware attacks may be unable to recover the malware itself. With this report, we hope to provide the framing and tools for indi- viduals and organizations to proactively report fake domain attacks, and allow for the more timely collection of data on these attacks. Global Civil SoCiety at RiSk // Fake Domain attaCkS 7 Individuals and organizations can use our online tool at fakedomains.accessnow.org to search for possible fake domains of their website. While it cannot catch all fake domains, it does look for the most common ways fake domains are generated through modified related urls, and we will continue to improve this tool over time to include other mechanisms for detection. III. FAKE DOMAIN Attacks The incidents of fake domain attacks on civil society and media organizations reveal widely divergent methods, uses, and geographies of fake domains.
Load more

Recommended publications
  • Reporters Without Borders TV5 Monde Prize 2015 Nominees
    Reporters Without Borders ­ TV5 Monde Prize 2015 Nominees Journalist Category Mahmoud Abou Zeid, aka Shawkan (Egypt) “I am a photojournalist, not a criminal,” Shawkan wrote from Tora prison in February. “My ​ ​ ​ indefinite detention is psychologically unbearable. Not even animals would survive in these conditions." ​ Shawkan is an Egyptian freelance photojournalist who has been in pre­trial detention for more than 760 days. He was arrested on 14 August 2013 while providing the US photojournalism agency Demotix and the US digital media company Corbis with coverage of ​ ​ ​ ​ the violence used to disperse demonstrations by deposed President Mohamed Morsi’s supporters in Rabiaa Al­Awadiya Square. Three journalists were killed that day in connection with their work Aged 28, Shawkan covered developments in Egypt closely from Mubarak’s fall to Morsi’s overthrow and on several occasions obtained striking shots of the popular unrest. His detention became illegal in August of this year because, under Egyptian law, pre­trial detention may surpass two years only in exceptional cases. Few people in Egypt have ever been held pending trial as long as him. A date has finally been set for the start of his trial, 12 December 2015, when he will be prosecuted before a Cairo criminal court along with more than 700 other defendants including members of the Muslim Brotherhood, which was declared a terrorist organization in December 2013. Many charges have been brought against him without any evidence, according to his lawyer, Karim Abdelrady. The most serious include joining a banned organization [the Muslim Brotherhood], murder, attacking the security forces and possession of weapons.
    [Show full text]
  • An Evaluation of Developments of E- Commerce Practices in Kazakhstan in the Framework of Historical Process
    ISSN 0798 1015 HOME Revista ESPACIOS ÍNDICES / Index A LOS AUTORES / To the ! ! AUTORS ! Vol. 40 (Number 22) Year 2019. Page 10 An evaluation of developments of e- commerce practices in Kazakhstan in the framework of historical process Una evaluación de la evolución de las prácticas de comercio electrónico en Kazajstán en el marco del proceso histórico SEN, Bulent 1; YDYRYS, Serikbay 2; MUNASSIPOVA, Malike 3 & KURALBAYEV, Almas 4 Received: 28/02/2019 • Approved: 07/06/2019 • Published 01/07/2019 Contents 1. Introduction 2. Methodology 3. Results 4. Conclusions Bibliographic references ABSTRACT: RESUMEN: The use of internet in Kazakhstan seems to have El uso de internet en Kazajstán parece haber increased considerably, especially between 2008 and aumentado considerablemente, especialmente entre 2011. The increase of 176.4% in 2008 is the highest 2008 y 2011. El aumento del 176,4% en 2008 es el in all years. When the country’s wide land and low más alto de todos los años. Cuando se considera la population ratio is considered, the given situations amplia proporción de tierra y baja población del país, make it an ideal candidate for the internet ordering las situaciones dadas lo convierten en un candidato sector. Products that are developing in the sense of ideal para el sector de pedidos por Internet. Los retail and that are considered suitable for electronic productos que se están desarrollando en el sentido de commerce are respectively as follows: cosmetics, la venta minorista y que se consideran adecuados electronic goods, home textile and leisure products. para el comercio electrónico son, respectivamente, los Keywords: public-private partnerships, public-private siguientes: cosméticos, productos electrónicos, partnership projects, project efficiency, technical and textiles para el hogar y productos de ocio.
    [Show full text]
  • The Limits of Commercialized Censorship in China
    The Limits of Commercialized Censorship in China Blake Miller∗ September 27, 2018 Abstract Despite massive investment in China's censorship program, internet platforms in China are rife with criticisms of the government and content that seeks to organize opposition to the ruling Communist Party. Past works have attributed this \open- ness" to deliberate government strategy or lack of capacity. Most, however, do not consider the role of private social media companies, to whom the state delegates information controls. I suggest that the apparent incompleteness of censorship is largely a result of principal-agent problems that arise due to misaligned incentives of government principals and private media company agents. Using a custom dataset of annotated leaked documents from a social media company, Sina Weibo, I find that 16% of directives from the government are disobeyed by Sina Weibo and that disobedience is driven by Sina's concerns about censoring more strictly than com- petitor Tencent. I also find that the fragmentation inherent in the Chinese political system exacerbates this principal agent problem. I demonstrate this by retrieving actual censored content from large databases of hundreds of millions of Sina Weibo posts and measuring the performance of Sina Weibo's censorship employees across a range of events. This paper contributes to our understanding of media control in China by uncovering how market competition can lead media companies to push back against state directives and increase space for counterhegemonic discourse. ∗Postdoctoral Fellow, Program in Quantitative Social Science, Dartmouth College, Silsby Hall, Hanover, NH 03755 (E-mail: [email protected]). 1 Introduction Why do scathing criticisms, allegations of government corruption, and content about collective action make it past the censors in China? Past works have theorized that regime strategies or state-society conflicts are the reason for incomplete censorship.
    [Show full text]
  • Per Concordiam V7N2 ENG.Pdf
    per VOLUME 7, ISSUE 2, 2016 ConcordiamJournal of European Security and Defense Issues n BALTIC CYBER DEFENSE n BATTLING BOKO HARAM Nations sign important agreement Nigeria’s online war against extremism n CYBER TERRORISM PLUS Categorizing attacks by severity Partnership for Peace n PROTECTING UKRAINE Kazakhstan seeks security Kyiv faces an array of threats Georgia’s approach to cyber INFORMATION SHARING A Cooperative Approach to Cyber Security Table of Contents features ON THE COVER Cyber attacks rarely recognize national borders. So the strategies aimed at preventing, deflecting and responding to these attacks must also be regionally and globally oriented. GETTY IMAGES 24 10 Defining Cyber Terrorism 28 Online Extremism in Nigeria By Ruben Tuitel By Tommy Victor Udoh, Nigerian Defense Space Agency Coming up with a globally acceptable definition The government focuses on countering Boko Haram’s of what constitutes Internet-based terrorism is use of social media to seduce vulnerable recruits. difficult. 34 Kazakhstan Adapts to the 18 Baltic Cyber Cooperation Cyber Age By Vytautas Butrimas, senior advisor, Cybersecurity By Anna Gussarova, Kazakhstan Institute for and IT Department, Ministry of National Defense, Strategic Studies Republic of Lithuania The country’s growing reliance on the digital economy Lithuania, Latvia and Estonia advance regional demands a change in thinking about security. cooperation by aligning their cyber defense policies. 40 Moldova’s Cyber Security Center By Natalia Spinu, Chief, Moldovan Cyber Security Center, 24 A New Cyber Security Curriculum E.S. Center for Special Telecommunications By Sean Costigan and Michael Hennessy The country uses a comprehensive approach to NATO and the Partnership for Peace devise an improve its ability to defend itself against online threats.
    [Show full text]
  • Shedding Light on Mobile App Store Censorship
    Shedding Light on Mobile App Store Censorship Vasilis Ververis Marios Isaakidis Humboldt University, Berlin, Germany University College London, London, UK [email protected] [email protected] Valentin Weber Benjamin Fabian Centre for Technology and Global Affairs University of Telecommunications Leipzig (HfTL) University of Oxford, Oxford, UK Humboldt University, Berlin, Germany [email protected] [email protected] ABSTRACT KEYWORDS This paper studies the availability of apps and app stores across app stores, censorship, country availability, mobile applications, countries. Our research finds that users in specific countries do China, Russia not have access to popular app stores due to local laws, financial reasons, or because countries are on a sanctions list that prohibit ACM Reference Format: Vasilis Ververis, Marios Isaakidis, Valentin Weber, and Benjamin Fabian. foreign businesses to operate within its jurisdiction. Furthermore, 2019. Shedding Light on Mobile App Store Censorship. In 27th Conference this paper presents a novel methodology for querying the public on User Modeling, Adaptation and Personalization Adjunct (UMAP’19 Ad- search engines and APIs of major app stores (Google Play Store, junct), June 9–12, 2019, Larnaca, Cyprus. ACM, New York, NY, USA, 6 pages. Apple App Store, Tencent MyApp Store) that is cross-verified by https://doi.org/10.1145/3314183.3324965 network measurements. This allows us to investigate which apps are available in which country. We primarily focused on the avail- ability of VPN apps in Russia and China. Our results show that 1 INTRODUCTION despite both countries having restrictive VPN laws, there are still The widespread adoption of smartphones over the past decade saw many VPN apps available in Russia and only a handful in China.
    [Show full text]
  • The State of the Internet in France
    2020 TOME 3 2020 REPORT The state of the Internet in France French Republic - June 2020 2020 REPORT The state of the Internet in France TABLE OF CONTENTS EDITORIAL 06 CHAPTER 3 ACCELERATING Editorial by Sébastien Soriano, THE TRANSITION TO IPV6 40 President of Arcep 06 1. Phasing out IPv4: the indispensable transition to IPv6 40 NETWORKS DURING 2. Barometer of the transition HET COVID-19 CRISIS 08 to IPv6 in France 47 3. Creation of an IPv6 task force 54 PART 1 000012 gathering the Internet ecosystem ENSURING THE INTERNET FUNCTIONS PROPERLY PART 2 58 CHAPTER 1 ENSURING IMPROVING INTERNET INTERNET OPENNESS QUALITY MEASUREMENT 14 CHAPTER 4 1. Potential biases of quality of service GUARANTEEING measurement 15 NET NEUTRALITY 60 2. Implementing an API in customer 1. Net neutrality outside of France 60 boxes to characterise the user environment 15 2. Arcep’s involvement in European works 65 3. Towards more transparent and robust measurement 3. Developing Arcep’s toolkit 68 18 methodologies 4. Inventory of observed practices 70 4. Importance of choosing the right test servers 22 CHAPTER 5 5. Arcep’s monitoring of mobile DEVICES AND PLATFORMS, Internet quality 26 TWO STRUCTURAL LINKS IN THE INTERNET ACCESS CHAPTER 2 CHAIN 72 SUPERVISING DATA 1. Device neutrality: progress report 72 INTERCONNECTION 29 2. Structural digital platforms 74 1. How the Internet’s architecture has evolved over time 29 2. State of interconnection in France 33 PART 3 76 TACKLE THE DIGITAL TECHNOLOGY’S ENVIRONMENTAL CHALLENGE CHAPTER 6 INTEGRATE DIGITAL TECH’S ENVIRONMENTAL FOOTPRINT INTO THE REGULATION 78 1.
    [Show full text]
  • Digital Silk Road in Central Asia: Present and Future
    Digital Silk Road in Central Asia: Present and Future NARGIS KASSENOVA & BRENDAN DUPREY, EDITORS JUNE 2021 Digital Silk Road in Central Asia: Present and Future Nargis Kassenova & Brendan Duprey, Editors JUNE 2021 Digital Silk Road in Central Asia: Present and Future is a project of the Davis Center for Russian and Eurasian Studies at Harvard University, and the Sustainable Kazakhstan Research Institute, Narxoz University, supported by a grant from Friedrich Ebert Foundation in Kazakhstan. © 2021 Davis Center for Russian and Eurasian Studies Cataloging-in-Publication data ISBN: 978-0-578-93435-8 Please direct inquiries to: Nargis Kassenova Kathryn W. and Shelby Cullom Davis Center for Russian and Eurasian Studies Harvard University 1730 Cambridge Street, Suite S301 Cambridge, MA 02138 Phone: 617.496.5684 Fax: 617.495.8319 [email protected] The full text of this report can be accessed at https://daviscenter.fas.harvard.edu/digital-silk-road. Limited print copies are also available. ii Digital Silk Road in Central Asia: Present and Future Contents iv Acknowledgements v Introduction Nargis Kassenova and Brendan Duprey vii Executive Summary 1 The Puzzle of the Digital Silk Road Elisa Oreglia, Hongyi Ren, and Chia-Chi Liao 9 Sino-Russian Advocacy for “Internet Sovereignty” and State-Led Internet Governance Miranda Lupion 17 Digital Silk Road and Surveillance Technology in Central Asia Cian Stryker 55 The Sino-Russian Digital Cooperation and Its Implications for Central Asia Miranda Lupion 77 Beyond the GovTech: The Pitfalls of Kazakhstan’s Digitalization Agenda Anna Gussarova 85 Turkmenistan’s Digitalization Strategy: Old Practices, New Façade? Rustam Muhamedov 93 The Role of Big Earth Data for the Implementation of the Sustainable Development Goals in Central Asia Brendan Duprey and Akmal Akramkhanov 118 About the Authors Contents iii Acknowledgements We would like to thank the Friedrich Ebert Foundation in Kazakhstan for providing moral and financial support to the project.
    [Show full text]
  • Forbidden Feeds: Government Controls on Social Media in China
    FORBIDDEN FEEDS Government Controls on Social Media in China 1 FORBIDDEN FEEDS Government Controls on Social Media in China March 13, 2018 © 2018 PEN America. All rights reserved. PEN America stands at the intersection of literature and hu- man rights to protect open expression in the United States and worldwide. We champion the freedom to write, recognizing the power of the word to transform the world. Our mission is to unite writers and their allies to celebrate creative expression and defend the liberties that make it possible. Founded in 1922, PEN America is the largest of more than 100 centers of PEN International. Our strength is in our membership—a nationwide community of more than 7,000 novelists, journalists, poets, es- sayists, playwrights, editors, publishers, translators, agents, and other writing professionals. For more information, visit pen.org. Cover Illustration: Badiucao CONTENTS EXECUTIVE SUMMARY 4 INTRODUCTION : AN UNFULFILLED PROMISE 7 OUTLINE AND METHODOLOGY 10 KEY FINDINGS 11 SECTION I : AN OVERVIEW OF THE SYSTEM OF SOCIAL MEDIA CENSORSHIP 12 The Prevalence of Social Media Usage in China 12 Digital Rights—Including the Right to Free Expression—Under International Law 14 China’s Control of Online Expression: A Historical Perspective 15 State Control over Social Media: Policy 17 State Control over Social Media: Recent Laws and Regulations 18 SECTION II: SOCIAL MEDIA CENSORSHIP IN PRACTICE 24 A Typology of Censored Topics 24 The Corporate Responsibility to Censor its Users 29 The Mechanics of Censorship 32 Tibet and
    [Show full text]
  • What We Can Learn About China from Research Into Sina Weibo
    CHINESE SOCIAL MEDIA AS LABORATORY: WHAT WE CAN LEARN ABOUT CHINA FROM RESEARCH INTO SINA WEIBO by Jason Q. Ng English Literature, A.B., Brown University, 2006 Submitted to the Graduate Faculty of the Dietrich School of Arts and Sciences in partial fulfillment of the requirements for the degree of Master of Arts of East Asian Studies University of Pittsburgh 2013 fcomfort UNIVERSITY OF PITTSBURGH THE DIETRICH SCHOOL OF ARTS AND SCIENCES This thesis was presented by Jason Q. Ng It was defended on April 9, 2013 and approved by Pierre F. Landry, Associate Professor, Political Science Ronald J. Zboray, Professor, Communication Mary Saracino Zboray, Visiting Scholar, Communication Thesis Director: Katherine Carlitz, Assistant Director, Asian Studies Center ii Copyright © by Jason Q. Ng 2013 iii CHINESE SOCIAL MEDIA AS LABORATORY: WHAT WE CAN LEARN ABOUT CHINA FROM RESEARCH INTO SINA WEIBO Jason Q. Ng, M.A. University of Pittsburgh, 2013 Like all nations, China has been profoundly affected by the emergence of the Internet, particularly new forms of social media—that is, media that relies less on mainstream sources to broadcast news and instead relies directly on individuals themselves to share information. I use mixed methods to examine how three different but intertwined groups—companies, the government, and Chinese Internet users themselves (so-called “netizens”)—have confronted social media in China. In chapter one, I outline how and why China’s most important social media company, Sina Weibo, censors its website. In addition, I describe my research into blocked search terms on Sina Weibo, and explain why particular keywords are sensitive.
    [Show full text]
  • Technical and Legal Overview of the Tor Anonymity Network
    Emin Çalışkan, Tomáš Minárik, Anna-Maria Osula Technical and Legal Overview of the Tor Anonymity Network Tallinn 2015 This publication is a product of the NATO Cooperative Cyber Defence Centre of Excellence (the Centre). It does not necessarily reflect the policy or the opinion of the Centre or NATO. The Centre may not be held responsible for any loss or harm arising from the use of information contained in this publication and is not responsible for the content of the external sources, including external websites referenced in this publication. Digital or hard copies of this publication may be produced for internal use within NATO and for personal or educational use when for non- profit and non-commercial purpose, provided that copies bear a full citation. www.ccdcoe.org [email protected] 1 Technical and Legal Overview of the Tor Anonymity Network 1. Introduction .................................................................................................................................... 3 2. Tor and Internet Filtering Circumvention ....................................................................................... 4 2.1. Technical Methods .................................................................................................................. 4 2.1.1. Proxy ................................................................................................................................ 4 2.1.2. Tunnelling/Virtual Private Networks ............................................................................... 5
    [Show full text]
  • Online Security for Independent Media and Civil Society Activists
    Online Security for Independent Media and Civil Society Activists A white paper for SIDA’s October 2010 “Exile Media” conference Eric S Johnson (updated 13 Oct 2013) For activists who make it a priority to deliver news to citizens of countries which try to control the information to which their citizens have access, the internet has provided massive new opportunities. But those countries’ governments also realise ICTs’ potential and implement countermeasures to impede the delivery of independent news via the internet. This paper covers what exile media can or should do to protect itself, addressing three categories of issues: common computer security precautions, defense against targeted attacks, and circumventing cybercensorship, with a final note about overkill (aka FUD: fear, uncertainty, doubt). For each of the issues mentioned below, specific ex- amples from within the human rights or freedom of expression world can be provided where non-observance was cata- strophic, but most of those who suffered problems would rather not be named. [NB Snowden- gate changed little or nothing about these recommendations.] Common computer security: The best defense is a good … (aka “lock your doors”) The main threats to exile media’s successful use of ICTs—and solutions—are the same as for any other computer user: 1) Ensure all software automatically patches itself regularly against newly-discovered secu- rity flaws (e.g. to maintain up-to-date SSL certificate revocation lists). As with antivirus software, this may cost something; e.g. with Microsoft (Windows and Office), it may re- quire your software be legally purchased (or use the WSUS Offline Update tool, which helps in low-bandwidth environments).
    [Show full text]
  • Internet Censorship in Thailand: User Practices and Potential Threats
    Internet Censorship in Thailand: User Practices and Potential Threats Genevieve Gebhart∗†1, Anonymous Author 2, Tadayoshi Kohno† ∗Electronic Frontier Foundation †University of Washington [email protected] [email protected] 1 Abstract—The “cat-and-mouse” game of Internet censorship security community has proposed novel circumvention and circumvention cannot be won by capable technology methods in response [10, 25, 38]. alone. Instead, that technology must be available, The goal of circumventing censorship and attaining freer comprehensible, and trustworthy to users. However, the field access to information, however, relies on those largely focuses only on censors and the technical means to circumvent them. Thailand, with its superlatives in Internet circumvention methods being available, comprehensible, use and government information controls, offers a rich case and trustworthy to users. Only by meeting users’ needs can study for exploring users’ assessments of and interactions with circumvention tools realize their full technical capabilities. censorship. We survey 229 and interview 13 Internet users in With this goal in mind, the field lacks sufficient inquiry Thailand, and report on their current practices, experienced into the range of user perceptions of and interactions with and perceived threats, and unresolved problems regarding censorship. How do users assess censored content? What is censorship and digital security. Our findings indicate that the range of their reactions when they encounter existing circumvention tools were adequate for respondents to censorship? How does censorship affect the way they not access blocked information; that respondents relied to some only access but also produce information? extent on risky tool selection and inaccurate assessment of blocked content; and that attempts to take action with In addition to guiding more thorough anti-circumvention sensitive content on social media led to the most concrete strategies, these questions about users and censorship can threats with the least available technical defenses.
    [Show full text]