Impostor - Polluting Tor Metadata

Presented at DEF CON 22 (2014), Aug. 9, 2014, 3 p.m. (30 minutes).

Just using Tor can bring the cops to your door. While the security community was busy scolding the Harvard bomb threat kid for his poor OPSEC, this ugly revelation was largely ignored. Malware authors are doing their part to remedy the situation; by adding thousands of infected hosts to the Tor network, they're making Tor traffic more common, and making dragnet investigation techniques less viable. But the hackers need to step up and help too. By taking advantage of weak detection techniques in security tools, fake Tor traffic can be injected with some simple JavaScript. We'll show how easy it is to fool open source monitoring tools, and present a variety of options for testing your closed source gear. In this fast-paced talk we'll cover how Tor traffic is detected, how false positives can be generated, and how you can help fight for anonymity on the Internet.


Presenters:

  • Charlie Vedaa
    Charlie Vedaa, CCIE #7502, is a fork and spoon operator for the US government. He's living proof that they'll let anyone speak at DEF CON, BSidesLV, Notacon, and HOPE. Twitter: @charlievedaa
  • Mike Larsen
    Mike Larsen is the world's dopest application security consultant. He's a Don Juan, lover, Lothario, straight up out the EFNET barrio.

Links:

Similar Presentations: