The Rest Of The Internet: Anonymity

Many of the debates that rage around the internet today have to do with anonymity. Most of the time, on the national news networks, you see people referring to it in relation to oppressive regimes that regulate internet use in an attempt to keep their people stupid, China and north Korea being the classic examples. People living under these regimes need to stay anonymous when they use the internet to express their opinions or they’re going to vanish forever, Stalin style.

However, many other people that don’t live under regimes like this also need anonymity. The act of whistle blowing (betraying a corporate misdemeanour) requires anonymity in many cases, as do intelligence agencies at most levels. Most of the time, a person wishing to remain anonymous can only trust his own abilities to do so (for obvious reasons), and therefore looks to use some kind of cell network.

You may have heard of cell networks in the news. The concept is rather simple. In order for person A to transmit a message to person F anonymously, that person seals the letter and hands it to person B. B has no idea whether the message originated from A or some other member of this network. All he knows is that he’s been handed a sealed envelope, and when this happens, he is to hand it to C. The same is true of D and E. In this way, only F and A will ever know a message has been received or sent, or the content of the message. The other cells in the network have no idea, and indeed most networks employ a large amount of fake messages. The key, though, is that F and A do not know each other. This means that if someone wanted to trace the message, he would have to capture every single member of the cell network to be absolutely sure who sent and received it. F and A have become anonymous to each other.

“What does that have to do with computers? I thought that was Osama’s gig.” I hear you say. Well, the connection, if you’ll excuse the pun, is simple. The internet is the largest most complicated cell network in existence by several orders of magnitude. Anonymity no longer requires romantic resistance heroes sprinting through enemy camps, AK47 in one hand, vital documents in the other; anyone with enough knowledge can transmit the plans for an atomic bomb from California to Pyongyang
without getting a shred of exercise.

The way this is usually done brings us to another frequent news item, botnets. In order for a “Cyber-Dissident” (as the BBC dubbed them) to transmit information anonymously, they must first build their own cell network. This is done by infecting a large number of PCs owned by the kind of people who leave every appliance in their house flashing 12:00 with pieces of software that allow the cyber-dissident to do a variety of illegal things.

Typically, these software packages allow remote control of that computer to a varying degree, and most importantly in this case, message relay. The software is naturally capable of erasing it’s own tracks in the computer if it even leaves any, so the unwary owner hardly ever notices until the FBI or Mossad demolish their front room. The PCs the cyber-dissident has infected are collectively referred to as a botnet, and can number in the tens or thousands depending on the skill of the dissident.

To make his anonymous communication, the dissident then sends his message to the first of these computers, which then passes it on to the next and so on and so forth until it reaches it’s destination. If the message is sensitive enough, a given government will probably try to track it back, but will usually fail since every single computer in the network will seem like the originator, giving no indication that the rest of the network exists, just like a terrorist cell. Unlike a terrorist cell, however, it is possible to retrieve the deleted records from each and every computer in the botnet, but the more effort the dissident puts into deleting them, the more money one has to invest to
retrieve them.

The only way to fully delete anything on a hard drive is to physically put that hard drive beyond reconstruction by melting it, dissolving it, or just loosing it in the Pacific, (magnets do NOT work, contrary to popular belief) and since this is impossible for a botnet without making it woefully obvious; “sorry mam, I need to wrap some thermite around your Tesco PC…council business.” it is theoretically possible to trace a botnet completely and find the originator. It’s hard to gauge how often this happens, but the FBI in particular is known to try very hard, very often. This method is what gives rise to the popular media image of “hacking”, as seen in the 1995 film Goldeneye, of someone playing a luminous global join-the-dots puzzle.

There are several available legal botnets for cyber dissidents to use, although these are necessarily far less secure since every owner of every bot knows exactly what’s going on. Tor and the Freenet Project are good examples of this, and the first at least suffers from a problem in that the last bot in any communication is instantly traceable, and whoever happens to own that bot is going to need either diplomatic
immunity, his own pet government or superhuman lawyers to defend himself
from what appears to be his computer carrying out bomb threats, instructions for political assassinations, transmitting troop movements in Afghanistan, distributing industrial child porn and other equally sensitive activities. The most common form of anonymity, so called “Anonymising Proxy Servers” are effectively botnets made of a single other computer. All a person has to do to trace you through one is to look at the proxy server’s hard drive. However, since you need a search warrant to do this, a single proxy server is usually sufficient for separating yourself from your sexual fetish du jour, or blackmailing a co-worker.

Botnets aren’t the only thing to consider when it comes to anonymity though. The second is 128 bit public key encryption. This previously considered unbreakable tactic is, given the right conditions and a complicated enough key, truly unbreakable. there was a panic a short time ago when the technique was first introduced, because intelligence agencies simply don’t like unbreakable encryption, however flaws have
since been found that allow this method to be broken, and an ongoing area of research is finding and securing against these flaws before someone really screws the world over. The problem is that this is the encryption standard for all secure online transmissions, including those between banks and their customers and those between military units (although in practice the latter sometimes uses less secure methods to
save on computing power). This method of encryption has two strengths. First, the key is so large that it’s statistically ridiculous to even imagine guessing it, and second, that in public key encryption, the key used to encrypt the data cannot be used to decrypt it, and thus is free to be given to anyone (the public key) This means that no method of decryption is actually transmitted, and therefore can never be intercepted. How this works is the subject of a later article.

Exporting cryptography of this magnitude actually counts as exporting weaponry in various countries due to it’s strength, and cyber dissidents have certainly noticed this. although encryption does not make you anonymous, it does mean that the authorities cannot prove you were doing anything naughty. Plans for an Anthrax bomb can’t be differentiated from a school uniform shopping list. Many cyber-dissidents have escaped jail despite using flawed methods of anonymity because of this rather useful
fact.

Another, hugely important yet often overlooked element of anonymity is your internet service provider. Another news buzzword for you: Network Neutrality. This is the principle that an ISP should never limit your access to any part of the internet for any reason, and should do their best to keep the information that links your personal details to your IP address (the “you” on the internet) as safe and secure as possible.
Google recently came under fire, for example, for tracking user’s search terms. Although it didn’t record IPs, it was possible to look through the history for user 142656 and deduce that he was to get engaged in about three weeks, and was looking for ways to tell his partner about his foot fetish. Your ISP can hold an incredible amount of power over you, so much so that most good cyber-dissidents make sure that their internet account is registered to a completely fictitious user with an offshore credit card. Your ISP will generally only divulge the ultimate information on who you are if they are requested to by the police, or you start transmitting or receiving blatantly illegal things without encryption. If the data is encrypted, the ISP can legally wash their hands of the whole thing, and in the past some have been known to lie
about that, simply because they don’t want to come under fire for helping terrorists.

Lastly, before this article finishes, I want to take a paragraph to respond to the oft used argument “anonymity is a bad thing because only people with something to hide would use it.” Granted, people use anonymity to hide things that a body more powerful then them would punish them for. If we lived in a perfect world where the government, doctors, graduates, experts, parents, teachers, generals and myriad other professions never got anything wrong, then we could probably trust the above. However, since they do, it is frequently necessary to disagree with them, and as Voltaire said, it is dangerous to be right in matters on which the established authorities are wrong. If you honestly believe that every law in this country is fair and accurate, you probably have no place reading the Hashmark.

If you find yourself needing anonymity, you can throw some of the key words in this article into Google, and possibly even find yourself a proxy server that hasn’t already been criminalised. There are several programs available to help cyber dissidents communicate, some already mentioned, and recently a handbook was published by Reporters sans frontières containing everything you need to know to talk anonymously, a definite addition to every terrorist’s study material.

So, until whenever the hell I write the next article, why not try admitting your deepest, darkest secrets to a forum full of strangers under the veil of anonymity? Group therapy has never been so easy.

By Tristan Goss

Advertisements

5 Comments

Filed under Blogging, internet, The Rest Of The Internet

5 responses to “The Rest Of The Internet: Anonymity

  1. TaintedAl

    Tristan, you just get better and better. some really good articles

  2. Thanks to you Tristan, i can now anonymously chat on my cellotape fetish forums unheeded. Very useful (and interesting).

  3. Willy

    fascinating- very worrying and yet reasuring at the same time.

  4. reverendmark

    How do these people go about setting up ‘botnets’ ie: enslaving a computer without the owner knowing (an article on this allowed the Sunday Times its very first usage of the phrase ‘how do we stop these zombie armies?’)? I’m currently terrified the FBI are about to demolish said room of my house due to me being an absolute pillock with computers…

  5. jim

    fantastic work tristan, its rare that so much text is so easy to read on a computer

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s