My last post noted that the Guardian had posted a series of articles on the Tor network and Snowden’s latest revelations about how the NSA has been attacking that network.
All those posts are worth reading, but my favourite is the one by Bruce Schneier explaining how the NSA has attacked Tor users through browser exploits – including native vulnerabilities in the versions of Firefox included in the Tor browser bundle (note to self, maybe opera was a good choice after all).
In the article, Schneier describes the “FoxAcid” CNE system used to attack a target’s browser. He explains that, whilst the FoxAcid server is publicly accessible, it would appear completely innocuous to casual visitors unless a specifically crafted URL, called a FoxAxcid tag, were used, whereupon the server would attempt an attack on the visiting browser as a precursor to a complete compromise of the end user system. Schneier went on to explain that the NSA would use a variety of methods to get a target to use a FoxAcid tag and then helpfully included an actual example as an active link. Way to go Bruce. (That link has since been removed, but it was certainly active last night, I know – and so do most people who read the tor-relays list). That is a pretty good social engineering attack. Note to NSA. If you want to know whether I use Tor, it is easy, just read this blog.
[The comments at the end of Schneier’s article contain this gem:
“This article by Bruce Schneier is the main reason that I have never used the internet.”
How does that work then?]