oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 10:26:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

cleanup the rest of the page

Browse source
This commit is contained in:
midas 2025-01-22 16:46:49 +01:00
parent 71c08752af
commit 3e5040ef88
1 changed files with 9 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

47
opsec/cloud_provider_adversary/index.html
View file

@ -133,12 +133,6 @@ in this post we are going to do a threat modelling exercise:<br><br>
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<p>
<h2> <b>How can high availability help?</b> </h2>
In the above scenario if the onion service operator had setup a <b>redundant, highly available server then connections would have been seamlessly sent to another server</b> in the redundancy pool, thus preventing the adversary
from extracting location information based on their operation. This works best with a server in a <b>different country or region</b>, making a coordinated attack by several adversaries a requirement in order to use this method for deanonymization.
</p>
</div>
</div><!-- /row -->
@ -149,41 +143,18 @@ from extracting location information based on their operation. This works best w
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<p>
<h2> <b>Adversary Attack Flow</b> </h2>
Below is a chart depicting an adversary attack flow. As shown, high availability will prevent the adversary from progressing beyond their initial step of uptime-based target acquisition.
<br>
<br>
<img src="ha_attack_flow.png" width="75%" height="75%">
<br>
As you can see the adversarie's playbook is quite simple:
<br><br>
<ol>
<li>Identify a list of potential suspects</li>
<li>Cut them off the internet</li>
<li>Check whether this action made the hidden service unreachable</li>
</ol>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
Those actions are easily perpetrated by law enforcement as they only require: <br>
<ul>
<li>DSLAM level access to the internet backbone used by the suspects (impacting a perimeter like a city block)</li>
<li>City block level access to the power grid in order to run disruptive actions</li>
</ul>
<br>
Both of those are trival to obtain for LEOs (law enforcement officers).
<br><br>
<img src="attack_diagram.svg">
<br>
This Diagram shows where the attack takes place and how a redundant setup prevent such attacks from confirming the physical location of the hidden service.
<br>
<br>
<b>In conclusion, your hidden service is one downtime away from having its location disclosed to an adversary, so you need to make sure it has High Availability</b>
</p>
<div id="anon3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
</div>
</div><!-- /row -->