From 1a5daa1371dc7cd64282b19731164db8f63ee614 Mon Sep 17 00:00:00 2001
From: midas <midas@mullsec>
Date: Tue, 21 Jan 2025 14:29:28 +0100
Subject: [PATCH] create article file and get started on the intro

---
 opsec/cloud_provider_adversary/index.html | 218 ++++++++++++++++++++++
 1 file changed, 218 insertions(+)
 create mode 100644 opsec/cloud_provider_adversary/index.html

diff --git a/opsec/cloud_provider_adversary/index.html b/opsec/cloud_provider_adversary/index.html
new file mode 100644
index 0000000..8a1e760
--- /dev/null
+++ b/opsec/cloud_provider_adversary/index.html
@@ -0,0 +1,218 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="High Availability and anonymity">
+    <meta name="author" content="MulliganSecurity">
+    <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
+
+    <title>Why is High Availability Important for Deniability ?</title>
+
+    <!-- Bootstrap core CSS -->
+    <link href="../../assets/css/bootstrap.css" rel="stylesheet">
+	<link href="../../assets/css/xt256.css" rel="stylesheet">
+    
+    
+
+    <!-- Custom styles for this template -->
+    <link href="../../assets/css/main.css" rel="stylesheet">
+
+    
+
+    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
+    <!--[if lt IE 9]>
+      <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
+      <script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
+    <![endif]-->
+  </head>
+
+  <body>
+
+    <!-- Static navbar -->
+    <div class="navbar navbar-inverse-anon navbar-static-top">
+      <div class="container">
+        <div class="navbar-header">
+          <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+          </button>
+          <a class="navbar-brand-anon" href="\index.html">The Nihilism Blog</a>
+        </div>
+        <div class="navbar-collapse collapse">
+          <ul class="nav navbar-nav navbar-right">
+
+            <li><a  href="/about.html">About</a></li>
+            <li><a  href="/blog.html">Categories</a></li>
+<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
+            <li><a  href="/contact.html">Contact</a></li>
+          </ul>
+        </div><!--/.nav-collapse -->
+        
+      </div>
+    </div>
+
+	<!-- +++++ Posts Lists +++++ -->
+	<!-- +++++ First Post +++++ -->
+	<div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/mulligan_sec.jpeg" width="50px" height="50px"> <ba>Mulligan Security - 21 / 01 / 2025</ba></p>
+<p>
+<h1> How safe am I from my cloud provider? </h1>
+
+Since the 2010's VPS have become cheaper and widely available. From your local mom and pop datacenter where you can rent a baremetal Pi equivalent to highly secured Amazon datacenters and on-demand cpu/bandwidth allocation you can now find a broad range of options for your operational and security needs.
+
+<br>
+<br>
+If clandestinity is a requirement, there also are cryptocurrency-based options in jurisdictions without LEO cooperation treatises with your own.
+
+<br><br>
+
+But, <b>what if the adversary is already inside?<b><br>
+
+in this post we are going to do a threat modelling exercise:<br><br>
+
+<ol>
+    <li>Context and assumptions: what are the capabilities of our adversary? what about our own OPSEC requirments?</li>
+    <li>Threats: what the adversary might want to acomplish (their goal)</li>
+    <li>Attack Scenarii: a quick list of possible attacks</li>
+    <li>Mitigation measures: what we can do to make those attack uneconomical, harder</li>
+</ol>
+          
+	       </div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /grey -->
+
+
+	<div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+<p>
+<h2> <b>Attack Scenario</b> </h2>
+
+The adversary has identified a probable city of residence for the administrator of a hidden service. In order to narrow down their search perimeter they will do the following:
+
+<br>
+
+<ol>
+    <li>Target 1 group of city block and send someone to the internet backbone for this city block to cut it off from the internet</li>
+    <li>Check whether the onion service <b>is still up</b></li>
+    <li>If it goes down, add it to the suspect pool</li>
+</ol>
+
+</p>
+          
+	       </div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /grey -->
+
+
+	<div id="anon3">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+<p>
+<h2> <b>How can high availability help?</b> </h2>
+In the above scenario if the onion service operator had setup a <b>redundant, highly available server then connections would have been seamlessly sent to another server</b> in the redundancy pool, thus preventing the adversary
+from extracting location information based on their operation. This works best with a server in a <b>different country or region</b>, making a coordinated attack by several adversaries a requirement in order to use this method for deanonymization.
+
+</p>
+          
+	       </div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /grey -->
+
+	<div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+<p>
+<h2> <b>Adversary Attack Flow</b> </h2>
+Below is a chart depicting an adversary attack flow. As shown, high availability will prevent the adversary from progressing beyond their initial step of uptime-based target acquisition.
+<br>
+<br>
+<img src="ha_attack_flow.png" width="75%" height="75%">
+<br>
+
+As you can see the adversarie's playbook is quite simple:
+<br><br>
+<ol>
+    <li>Identify a list of potential suspects</li>
+    <li>Cut them off the internet</li>
+    <li>Check whether this action made the hidden service unreachable</li>
+</ol>
+
+
+Those actions are easily perpetrated by law enforcement as they only require: <br>
+<ul>
+    <li>DSLAM level access to the internet backbone used by the suspects (impacting a perimeter like a city block)</li>
+    <li>City block level access to the power grid in order to run disruptive actions</li>
+</ul>
+<br>
+Both of those are trival to obtain for LEOs (law enforcement officers).
+
+<br><br>
+
+<img src="attack_diagram.svg">
+
+<br>
+This Diagram shows where the attack takes place and how a redundant setup prevent such attacks from confirming the physical location of the hidden service.
+<br>
+<br>
+<b>In conclusion, your hidden service is one downtime away from having its location disclosed to an adversary, so you need to make sure it has High Availability</b>
+</p>
+          
+	       </div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /grey -->
+
+
+	<!-- +++++ Footer Section +++++ -->
+
+	<div id="anonb">
+		<div class="container">
+			<div class="row">
+				<div class="col-lg-4">
+					<h4>Nihilism</h4>
+          <p>
+						Until there is Nothing left.</p></br></br><p>Creative Commons Zero: <a href="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><img src="\CC0.png">
+						
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4>My Links</h4>
+					<p>
+
+						<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FL5jrGV2L_Bb20Oj0aE4Gn-m5AHet9XdpYDotiqpcpGc%3D%40nowhere.moe%2FH4g7zPbitSLV5tDQ51Yz-R6RgOkMEeCc%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAkts5T5AMxHGrZCCg12aeKxWcpXaxbB_XqjrXmcFYlDQ%253D&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22c3Y-iDaoDCFm6RhptSDOaw%3D%3D%22%7D">SimpleX Chat</a><br/>
+
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4>About Mulligan Security</h4>
+                    <p style="word-wrap: break-word;"><u>Donate XMR:</u><br>86NCojqYmjwim4NGZzaoLS2ozbLkMaQTnd3VVa9MdW1jVpQbseigSfiCqYGrM1c5rmZ173mrp8RmvPsvspG8jGr99yK3PSs</p></br><p><u>Contact:</u> mulligansecurity@riseup.net <br><a href="http://msec2nnqtbwh5c5yxpiswzwnqperok5k33udj7t6wmqcleu3ifj34sqd.onion">website</a></p>
+
+				</div><!-- /col-lg-4 -->
+
+			</div>
+
+		</div>
+	</div>
+
+
+    <!-- Bootstrap core JavaScript
+    ================================================== -->
+    <!-- Placed at the end of the document so the pages load faster -->
+    
+  </body>
+</html>