Deanonymizing Alt.Anonymous.Messages (and lock/safe stuff)

From the ‘anonymity is hard’ department.

Alt.Anonymous.Messages is a Usenet newsgroup where people post anonymous and generally encrypted messages. Anyone who wants to post there can.

In short, it’s about the most paranoid place you could imagine.

What happens when a clever guy spends *four years* and a fair bit of GPU power trying to analyze or crack a huge trove of messages from that newsgroup?

It turns out it’s less anonymous than expected. Apart from obvious identifiers like “which PGP key is encrypting to which PGP key,” tiny details like capitalization in the X-No-Archive header set certain senders apart from the rest.

In other cases, there are timing patterns in the message traffic —
just about every time someone from remailer X posts a message with certain characteristics, someone from remailer Y posts a message five hours later.

And so on and so forth. It thus becomes possible to map out the different communications networks using the newsgroup. It’s even possible to decrypt some of the subject lines and messages. (One of the stranger things — a recursively-encrypted message that’s still encrypted after being decrypted 10,000 times.)

Ultimately, the problem is simply volume. Even if you do it right, you’re only one in about 1,500 people using alt.anonymous.messages… and it’s not too hard for a large organization to watch all 1,500 and see what they’re up to.

Lock & Safe stuff: Ever wonder about those massive commercial burglary safes that only had a tiny amount of space inside? After dropping a 1500lb scrap motor on one of them ten or twelve times, one person determined that yes, they really are just concrete blocks with a small welded-steel metal box embedded in the center. http://imgur.com/a/QeEfM

And if you need to duplicate a key for a Kaba Gemini, there’s now a “physical keygen” for your 3D printer. https://twitter.com/cmonkey/status/373878312549896192/photo/1 https://github.com/nrpatel/PhysicalKeygen/blob/master/kaba_gemini.scad

http://ritter.vg/p/AAM-defcon13.pdf
http://ritter.vg/blog-deanonymizing_amm.html

“For the past four years I’ve been working on a project to analyze Alt.Anonymous.Messages, and it was finally getting to a point where I thought I should show my work. I just finished presenting it at Defcon, and because a lot of the people I know are interested in this were not able to make it, I’m making the slides, and more importantly the speaker notes, available for download. This kind of kills the chance anyone will actually watch the video, but that’s all right.

The slides cover the information-theoretic differences between SSL, Onion Routing, Mix Networks, and Shared Mailboxes. It talks about the size of the dataset I analyzed, and some broad percentages of the types of messages in it (PGP vs Non-PGP, Remailed vs Non-Remailed). Then I go into a large analysis of the types of PGP-encrypted messages there are. Messages encrypted to public keys, to passwords and passphrases, and PGP messages not encrypted at all!

For messages encrypted to a public key, I can draw communication graphs, and there are some interesting graphs – some very symmetrical ones where everyone talks to everyone else, and some less structured ones that may model a larger community where not everyone knows everyone else. I also perform brute force attacks against password-encrypted messages, using GPU-powered crackers I had to develop myself. These usually crack into messages encrypted to public keys and are sent from a Type I nymserv.

On the statistical analysis-like side of things, I correlate subjects that are in plaintext and hexadecimal (including cracking hsubs using more custom GPU code). I also look at message headers, including several unique ones added on the client (such as distinguishing ones like unique Newsgroups headers, and misspellings of X-No-Archive). Several Type I remailer directives made their way into AAM, even though they shouldn’t have – Type I remailers are pretty difficult to use. And there are some very interesting message patterns such as redundant messages and off response patterns.

Summing up, I talk about Nymservs (and Pynchon Gate), the current status of the Mixmaster and Mixminion networks and software (and the path forward for Mixminion), and finally wax poetically about the need for a high-bandwidth, high-latency… something to securely leak and share large files.”

Advertisements
%d bloggers like this: