Interesting blog post:
We are able to de-anonymize executable binaries of 20 programmers with 96% correct classification accuracy. In the de-anonymization process, the machine learning classifier trains on 8 executable binaries for each programmer to generate numeric representations of their coding styles. Such a high accuracy with this small amount of training data has not been reached in previous attempts. After scaling up the approach by increasing the dataset size, we de-anonymize 600 programmers with 52% accuracy. There has been no previous attempt to de-anonymize such a large binary dataset. The abovementioned executable binaries are compiled without any compiler optimizations, which are options to make binaries smaller and faster while transforming the source code more than plain compilation. As a result, compiler optimizations further normalize authorial style. For the first time in programmer de-anonymization, we show that we can still identify programmers of optimized executable binaries. While we can de-anonymize 100 programmers from unoptimized executable binaries with 78% accuracy, we can de-anonymize them from optimized executable binaries with 64% accuracy. We also show that stripping and removing symbol information from the executable binaries reduces the accuracy to 66%, which is a surprisingly small drop. This suggests that coding style survives complicated transformations.
Here’s the paper.
And here’s their previous paper, de-anonymizing programmers from their source code.
Posted on January 4, 2016 at 7:41 AM •
There’s pretty strong evidence that the team of researchers from Carnegie Mellon University who cancelled their scheduled 2015 Black Hat talk deanonymized Tor users for the FBI.
Details are in this Vice story and this Wired story (and these two follow-on Vice stories). And here’s the reaction from the Tor Project.
Nicholas Weaver guessed this back in January.
The behavior of the researchers is reprehensible, but the real issue is that CERT Coordination Center (CERT/CC) has lost its credibility as an honest broker. The researchers discovered this vulnerability and submitted it to CERT. Neither the researchers nor CERT disclosed this vulnerability to the Tor Project. Instead, the researchers apparently used this vulnerability to deanonymize a large number of hidden service visitors and provide the information to the FBI.
Does anyone still trust CERT to behave in the Internet’s best interests?
EDITED TO ADD (12/14): I was wrong. CERT did disclose to Tor.
Posted on November 16, 2015 at 6:19 AM •
Those of you unfamiliar with hacker culture might need an explanation of “doxing.”
The word refers to the practice of publishing personal information about people without their consent. Usually it’s things like an address and phone number, but it can also be credit card details, medical information, private e-mails — pretty much anything an assailant can get his hands on.
Doxing is not new; the term dates back to 2001 and the hacker group Anonymous. But it can be incredibly offensive. In 2014, several women were doxed by male gamers trying to intimidate them into keeping silent about sexism in computer games.
Companies can be doxed, too. In 2011, Anonymous doxed the technology firm HBGary Federal. In the past few weeks we’ve witnessed the ongoing doxing of Sony.
Everyone from political activists to hackers to government leaders has now learned how effective this attack is. Everyone from common individuals to corporate executives to government leaders now fears this will happen to them. And I believe this will change how we think about computing and the Internet.
This essay previously appeared on BetaBoston, who asked about a trend for 2015.
EDITED TO ADD (1/3): Slashdot thread.
Posted on January 2, 2015 at 7:21 AM •
Kevin Poulson has a good article up on Wired about how the FBI used a Metasploit variant to identify Tor users.
Posted on December 17, 2014 at 6:44 AM •
Interesting essay on the sorts of things you can learn from anonymized taxi passenger and fare data.
Posted on October 22, 2014 at 5:54 AM •
The Guardian has reported that the app Whisper tracks users, and then published a second article explaining what it knows after Whisper denied the story. Here’s Whisper’s denial; be sure to also read the first comment from Moxie Marlinspike.
Slashdot thread. Hacker News thread.
EDITED TO ADD (10/22): Another Whisper explanation, and another Guardian article. An analysis.
Posted on October 21, 2014 at 12:07 PM •
Russia has put out a tender on its official government procurement website for anyone who can identify Tor users. The reward of $114,000 seems pretty cheap for this capability. And we now get to debate whether 1) Russia cannot currently deaonymize Tor users, or 2) Russia can, and this is a ruse to make us think they can’t.
Posted on July 28, 2014 at 6:06 AM •
I’d like more information on this.
EDITED TO ADD (8/13): Response from Tails.
Posted on July 23, 2014 at 11:58 AM •
This is not good news.
Widely known as the “bloggers law,” the new Russian measure specifies that any site with more than 3,000 visitors daily will be considered a media outlet akin to a newspaper and be responsible for the accuracy of the information published.
Besides registering, bloggers can no longer remain anonymous online, and organizations that provide platforms for their work such as search engines, social networks and other forums must maintain computer records on Russian soil of everything posted over the previous six months.
Posted on May 9, 2014 at 6:14 AM •
There’s speculation that the FBI is responsible for an exploit that compromised the Tor anonymity service. Note that Tor
nodes Browser Bundles installed or updated after June 26 are secure.
Posted on August 6, 2013 at 1:42 PM •
Sidebar photo of Bruce Schneier by Joe MacInnis.