Prism Break

[Peter Lemkin]

Hacking attack on Tor allegedly linked to SAIC and NSA

Posted on August 5, 2013 by admin

The IP address hardcoded into the 0-day Firefox javascript, used to compromise the Tor network via a version of Tor bundle, has been traced back to Science Applications International Corp (a company investigated by Blue Cabinet) which has worked with former Edward Snowden employer Booz Allen Hamilton, is an NSA contractor, has supplied communications technology to the Assad regime, and also developed a tool for the NSA called wait for it PRISM.
It is alleged the FBI with Verizon are behind this attack but CryptoCloudpoints out that this may be a ruse and that the real culprit is probably the NSA, who regularly contract out to SAIC and who are basically waging war overt and covert, using any means at its disposal, against all-comers in this case, using O-day browser malware. See below for more, plus CryptoCloud via aforementioned link…
The IP address in question is 65.222.202.%. C block. Seehttp://www.domaintools.com/research/ip-explorer/?ip=65.222.202.53 for more on this. Note: according to Baneki Privacy the whole C Block is nsa.gov though Wired reckons the block is shared by several US Government agencies.
UPDATE: Tor advises that the attack was specifically aimed at Windows users and was fixed via June and July upgrades of Tor.
A. The hacking attack
According to Hacker News … "The FBI appears to have gained access to Freedom Hosting and injected malicious HTML code that checks the visitor's browser to see if he is using Firefox 17. Some visitors looking at the source code of the maintenance page realized that it included a hidden iframe tag that loaded a mysterious clump of Javascript code from a Verizon Business internet address located in eastern Virginia.
"The Openwatch reported that the execution of malicious JavaScript inside the Tor Browser Bundle, perhaps the most commonly used Tor client, comes as a surprise to many users. Previously, the browser disabled JavaScript execution by default for security purposes, however this change was recently reverted by developers in order to make the product more useful for average internet users. As a result, however, the applications have become vastly more vulnerable to attacks such as this.
The JavaScript code's payload analyzed by reverse engineering and exploit developer Vlad Tsyrklevich, who reveals that it briefly connects to a server and sends the hostname and MAC address of the victim. "Briefly, this payload connects to 65.222.202.54:80 and sends it an HTTP request that includes the host name (via gethostname gethostname) and the MAC address of the local host (via calling SendARP on gethostbyname gethostbyname ->h_addr_list). After that it cleans up the state and appears to deliberately crash."
Microsoft used to provide the US government with an early start on its security vulnerabilities, which was reportedly used to aid its cyber espionage programs. But here no idea at this point, that Mozilla worked with the government in this case."

B. SAIC
Investigated by Blue Cabinet , "Science Applications International Corp. is a major intelligence, military, aerospace, engineering and systems contractor. It is involved in defense/military (DoD), intelligence community, and homeland security contracting, as well as selected commercial markets." But that's not all…
SAIC offers a range of scientific, engineering, and technology applications for national security, energy and the environment, critical infrastructure, and health. The company employs around 45,000 people and its customers include the Department of Defense, the intelligence community (e.g. the CIA, NSA, etc), the Department of Homeland Security, other U.S. Government civil agencies and selected commercial markets. It offers a full suite of intelligence, surveillance and reconnaissance (ISR) and cyber security solutions across a broad spectrum of national security programs. According to its website, its capabilities "support the entire intelligence lifecycle, from the collection of vital information across all domains, to the processing of data into intelligence products, and to the employment of people supporting national and military intelligence agencies as well as other federal and civilian customers within the national security arena… Quick reaction capabilities (QRC) in airborne, maritime, and space-based solutions are enhanced by processing, exploitation, and dissemination technologies; and worldwide mission support helps our customers in the intelligence community and the Department of Defense tackle the toughest global ISR challenges."
And then there is…
The "Planning tool for Resource Integration, Synchronization and Management" or PRISM (according to NSA this is a different PRISM to the one revealed by Edward Snowden) is a web-based tool and despite its name is supposedly used by US military intelligence to send tasking instructions to data collection platforms, deployed to military operations. It was developed by SAIC , first mentioned in 2002 and since then has featured in many job descriptions on the internet.
According to Top Level Communications … "The earliest document which mentions the Planning tool for Resource Integration, Synchronization and Management (PRISM) is a paper (pdf) from July 2002, which was prepared by the MITRE Corporation Center for Integrated Intelligence Systems. The document describes the use of web browsers for military operations, the so-called "web-centric warfare", for which intelligence collection management programs were seen as the catalyst. These programs fuse battlefield intelligence information with the national data that they already possess, in order to provide a complete picture to their users. The program was originally prototyped and fielded for the US European Command, but is also being used in other military operation areas such as Iraq… The application was first developed for use on JWICS, the highly secure intelligence community network, but is now also being used on SIPRNet, the secure internet used by the US military."
SAIC was also selected to lead the 2002 TRAILBLAZER program for analyzing network data. The NSA selected the SAIC-led Digital Network Intelligence (DNI) Enterprise team that included Northrop Grumman Corporation, Booz Allen Hamilton Inc., The Boeing Company (NYSE:BA), Computer Sciences Corporation (NYSE:CSC) and SAIC wholly-owned subsidiary Telcordia Technologies to contribute to the modernization of the NSA's signals intelligence capabilities. However, the program was canceled in 2006 and wasreported to have been "one of the worst failures in US intelligence history."
And more…
Some believe that SAIC was the joint developer with DHS and MIT of the Imaging System for Immersive Surveillance or ISIS a prototype Trapwire-style camera that spots suspicious objects and there is a theory that the late Aaron Swartz was looking into ISIS at the time he was being charged.
And finally…
Just over three years, ago at its Plenary Conference in Rome, the NATO Industrial Advisory Group (NIAG) elected SAIC'S Senior Vice President, Robert G. Bell as its Chairman for 2010-201. Bell succeeded Dr. Raffaele Esposito of Finmeccanica's Selex Communications company (which was supplying communications technology to the Syrian military revealed thanks to Anonymous and Wikileaks and the Syria Files and Darker Net see here , here and here .). NIAG provides the CNAD with industry advice on how to better foster government-to-industry and industry-to-industry cooperation concerning defense equipment and services; and assisting NATO's Main Armaments Groups in exploring opportunities for international collaboration. Previously Bell served as SAIC Account Manager for NATO and the U.S. European Command. Prior to that Bell worked at NATO Headquarters as Assistant Secretary General for Defense Investment and at the White House as the National Security Council Senior Director for Defense Policy and Arms Control.
Posted from darker.net