De-Anonymizing Alt.Anonymous.Messages

You're browsing without Javascript! If you have no idea what that means, you should ask your technical friend about it.
Otherwise - kudos. The website should work - with the exception of comments. You can learn what they are; however, by visiting /comments.py?postid=blog-deanonymizing_amm
If it doesn't, please contact me and let me know.

3 Aug 2013 16:00:00 PDT

For the past four years I've been working on a project to analyze Alt.Anonymous.Messages, and it was finally getting to a point where I thought I should show my work. I just finished presenting it at Defcon, and because a lot of the people I know are interested in this were not able to make it, I'm making the slides, and more importantly the speaker notes, available for download. This kind of kills the chance anyone will actually watch the video, but that's all right.

The slides cover the information-theoretic differences between SSL, Onion Routing, Mix Networks, and Shared Mailboxes. It talks about the size of the dataset I analyzed, and some broad percentages of the types of messages in it (PGP vs Non-PGP, Remailed vs Non-Remailed). Then I go into a large analysis of the types of PGP-encrypted messages there are. Messages encrypted to public keys, to passwords and passphrases, and PGP messages not encrypted at all!

For messages encrypted to a public key, I can draw communication graphs, and there are some interesting graphs - some very symmetrical ones where everyone talks to everyone else, and some less structured ones that may model a larger community where not everyone knows everyone else. I also perform brute force attacks against password-encrypted messages, using GPU-powered crackers I had to develop myself. These usually crack into messages encrypted to public keys and are sent from a Type I nymserv.

On the statistical analysis-like side of things, I correlate subjects that are in plaintext and hexadecimal (including cracking hsubs using more custom GPU code). I also look at message headers, including several unique ones added on the client (such as distinguishing ones like unique Newsgroups headers, and misspellings of X-No-Archive). Several Type I remailer directives made their way into AAM, even though they shouldn't have - Type I remailers are pretty difficult to use. And there are some very interesting message patterns such as redundant messages and off response patterns.

Summing up, I talk about Nymservs (and Pynchon Gate), the current status of the Mixmaster and Mixminion networks and software (and the path forward for Mixminion), and finally wax poetically about the need for a high-bandwidth, high-latency... something to securely leak and share large files.

For more on this and related topics like remailers, I slowly write about them over at crypto.is (and copy the blogs posts here), and on IRC in OFTC #cryptodotis

Comments

/comments.py?postid=blog-deanonymizing_amm

Add a comment...

Name: required
E-Mail: required, hidden, gravatared
Website:
Comment: required, markdown enabled (help)

you type:	you see:
italics	italics
bold	bold
[stolen from reddit!](http://reddit.com)	stolen from reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"