Wei Yu et al. published a research paper titled “On Effectiveness of Hopping-Based Spread Spectrum Techniques for Network Forensic Traceback”. The paper analyzes efficient techniques for tracing the origin of “cyber crimes through anonymous communication networks.” The paper outlines techniques for performing traffic confirmation attacks through the use of Frequency Hopping Direct Sequence Spread Spectrum (FHSS), Code Hopping-DSSS (CH-DSSS), and Time Hopping-DSSS. An attacker, or as the research paper states, “an investigator”, can use these tecniques to “mark” a target’s traffic. These techniques could be used to trace traffic through anonymizing networks with both a very low rate of false positives and very low risk of detection.
A new version of GetTor has been announced on The Tor Blog. GetTor is a program designed to provide heavily censored users access to the Tor Browser. To fetch the package over email, a user simply sends an email to [email protected] with the subject line windows, osx, or linux in the body of the email. Since many packages have become too large to send over email, GetTor now replies to emails with a Dropbox link containing the required packages.
A new version of Orbot, a popular Android application developed by The Guardian Project, has been released. This marks version 14.1.3 of the software, which builds on the earlier 14.0.1 release. It includes better handling of background processes and includes support for Android 5.0.
In a new counter-terrorism effort, the UK Government has announced a measure that could force ISPs to retain information linking an IP address to a user for 12 months. The measure will be included in the proposed Anti-Terrorism and Security Bill, a controversial bill that included the failed “Snoopers’ Charter” – or the Communications Data Bill. The “Snoopers’ Charter” would have required ISPs to store records of customer metadata for 12 months. The Liberal Democrats have voiced support for the measure, stating that the measure is important for national security and that the Snooper’s Charter is “dead and buried”.
The European parliament voted 384 to 174 on a resolution that calls for the separation of commercial services from search engines. It aims to prevent monopolization of commercial services and to eliminate unfair or paid ranking of services. The resolution “. . .calls on the Commission ‘to prevent any abuse in the marketing of interlinked services by operators of search engines’, stressing the importance of non-discriminatory online search.” MEPs also made statements in support of net neutrality, aiming to impose restrictions on ISPs and to end roaming charges within the EU.
Twitter has announced an opt out policy that would track installed applications on a user’s smartphone for advertising purposes. In a blog post, Twitter stated, “We are collecting and occasionally updating the list of apps installed on your mobile device so we can deliver tailored content that you might be interested in.” This information will be used to serve targeted advertisements to users and to suggests pages a user may be interesting in following. Users can opt out of this feature by activating “Limit Ad Tracking” or “Opt out of interest-based ads”.
These updates will take effect on January 1, 2015.
Many users holding bitcoin wallets on blockchain.info have reported that their bitcoins have been stolen. A total of 26 users, including some merchants, reported that funds funds were transferred to various blockchain.info wallets. Some users were utilizing two-factor authentication, while others reported that they used only a weak passphrase to secure their wallets.
At the time of this article, there is no further information about how the wallets were hacked/withdrawn from. A reminder to everyone out there – host your own Bitcoin wallet.
Later, Blockchain.info announced that they have launched an .onion.rent address, which should solve all issues of wallets being taken over via malicious Tor exit nodes:
— Blockchain (@blockchain) November 29, 2014
Europol announced the arrest of 118 people accused of purchasing plane tickets using fraudulent credit cards. During the operation, the agency sent alerts to airport police in real time, who would then detain suspects who were attempting to travel using “fraudulently obtained flight tickets.” The operation involved 45 law enforcement agencies around the world, involved several bank networks, and included 60 airlines and 80 airports.