1. ACPEnw 2014
Internet Anonymity Using “Tor”
or
“On the Internet, nobody knows you’re a dog”
Jack Maynard, CISSP, CRISC, CCSK, C|EH
Principal Security Consultant
Prevail Security
jack@prevailsecurity.com
www.prevailsecurity.net
Don’t let your security fail, Prevail!

2. Speaker Bio – Jack Maynard
• Jack Maynard, CISSP, CRISC, CCSK, CEH, is an Information Security Manager with
18 years of national and international security experience working in a variety of
information security roles.
• Previous security experience includes delivery of Red Team services including
ethical hacking/penetration testing, threat & vulnerability management, secure
software development, infrastructure hardening and UNIX/Linux operating
systems.
• Prior to his current position, Jack held a number of security positions with
Hewlett-Packard Company (HP), including R&D Security Architect and Security
Strategist reporting to the HP Services CTO.
• Jack is owner and Principal Consultant of a private information security firm
“Prevail Security”, a company he uses to speak freely about interesting and
sometimes controversial security topics.
• LinkedIn: https://www.linkedin.com/in/jackmaynard
• Twitter: @PREVAILSecurity

3. Full Disclosure

4. Session Goals (agenda)
• Figure out how to make this session applicable to educational technology
• Learn something interesting about technology
• Provide a general introduction to:
o Internet anonymity using Tor
o How to block Tor at the Firewall
o Deep Web
o Tor Hidden Services
o Silk Road Anonymous Marketplace (Hidden Service)
o Bitcoin (decentralized digital currency)

5. Disclaimer – pay attention to this part ;)
1. This presentation is provided for informational and technical training
purposes only.
2. It is intended to familiarize you with some of the methods, tools and
services used to provide Internet anonymity.
3. It may at times “pull back the veil” and offer a look at the darker side of the
Internet. If your senses are easily offended, this session may not be for you.
4. Neither I, the ACPEnw Board, or anyone who employs me, in any way
encourage or support using the information presented in this session for
illegal, or unethical purposes.
5. Individuals should have the authorization of the system and network
owners before using any of the tools or techniques demonstrated or
described here on any systems, networks, or applications.

6. “On the Internet, nobody knows you’re a dog”

7. “On the Internet, nobody knows you’re a dog”
• "On the Internet, nobody knows you're a dog" is a popular saying used to
describe the anonymity of the Internet.
• It began as the caption of a cartoon by Peter Steiner, published in The New
Yorker on July 5, 1993 and is still used today over 20 years later, when talking
about the issues around online identity.
• Mr. Steiner has stated that he has earned over $50,000 over 20 years from
this one cartoon drawing alone, which he didn’t really like all that much.
• http://en.wikipedia.org/wiki/On_the_Internet,_nobody_knows_you're_a_dog
• http://www.washingtonpost.com/blogs/comic-riffs/post/nobody-knows-youre-a-dog-as-iconic-internet-cartoon-turns-20-creator-
peter-steiner-knows-the-joke-rings-as-relevant-as-ever/2013/07/31/73372600-f98d-11e2-8e84-c56731a202fb_blog.html

8. “On the Internet, nobody knows you’re a dog”

9. Time Magazine –
The Secret Web, November 11, 2013

10. Tor

11. What is Tor?
• Tor is free open source software that helps defend against network
surveillance (for good or bad)
• Tor enables bypassing Internet content filtering
• Ding! Connection to educational technology ;)
• If Tor is used by students on your district network, this is probably
not a good thing
• The Tor Network is a volunteer run world-wide network of relay servers
• An open network of virtual private network tunnels permitting people
and groups to browse the Internet with anonymity.
• A Tor bridge relay instance can be run on Amazon Web Service (AWS) at
a cost of about $20 month

12. What can Tor be used for?
• To violate “Acceptable Use Policies”
• Bypassing Internet filtering that uses destination Blacklists
• To do legal stuff
• Surf the Internet anonymously
• Look at LOL Cats (anonymously of course)
• Bypass Internet censorship intended to defeat the free exchange of
ideas and speech (e.g. Russia, China media censorship)
• Anonymous Government Whistleblowers
• To do illegal stuff (anonymously)
• Buy illegal drugs
• Buy real fake passports
• Exchange child porn
• Hire an asassin

13. Who invented Tor?
• Tor was originally developed as project of the U.S. Naval Research Lab.
• It was originally developed for the primary purpose of protecting
government communications.
• Today, it is an open source software project used every day for a wide variety
of purposes by normal people, the military, journalists, law enforcement
officers, activists, and criminals.
• High visibility uses of Tor include WikiLeaks and Silk Road:
• Used by WikiLeaks to receive government documents anonymously
from Whistleblowers.
• Used by Silk Road to host anonymous marketplace for sale of illegal
items.

14. Is Tor evil or bad (or illegal)?
• Technology is inherently neutral
• Nothing is inherently evil or bad
• Like anything, Tor can be used by bad people to do bad things
• Tor can also be used by good people to do good things
• Use of Tor for Internet anonymity is perfectly legal, though its use is
overshadowed by the common belief that if you are using Tor, you must be
doing something illegal.

15. How does Tor work?
• Tor provides anonymity by bouncing your Internet traffic around a
distributed network of encrypted relays run by volunteers around the
world.
• It prevents somebody watching your Internet connection from learning
what sites you visit (masks destination IP)
• ISPs
• IT department (including District IT)
• Foreign & domestic governments
• NSA
• Law Enforcement
• It prevents sites you visit from learning your physical location (masks
source IP)
• Useful for free exchange of speech, hacking, Illegal downloads
(torrents),and other criminal activity

16. What is Onion Routing?
• Onion routing encrypts and
decrypts your network traffic
typically 3 separate times,
once for each Tor node it
passes through on the way to
the destination, the entry
node, the relay node, and the
exit node.
• It does this using the public-
key of the router (Tor Server),
which only the router’s
private-key can decrypt.
• No single router knows the
entire network path from
source IP to destination IP.

17. Installing Tor
https://www.torproject.org

18. Installing Tor

19. Installing Tor

20. Tor Bridge Relays
• Bridge relays are Tor relays that aren't listed in the main Tor directory.
• Since there is no complete public list of them, even if your ISP is filtering
connections to all the known Tor relays, they probably won't be able to
block all the bridges.
• If you suspect your access to the Tor network is being blocked, you may
want to use the bridge feature of Tor.
• Finding more bridges for Tor:
• Send mail to bridges@bridges.torproject.org with the line "get bridges"
by itself in the body of the mail. You'll need to send this request from a
gmail account.
• Almost instantly, you'll receive a reply that includes:
Here are your bridge relays:
bridge 60.16.182.53:9001
bridge 87.237.118.139:444
bridge 60.63.97.221:443

21. Installing Tor

22. Installing Tor

23. How Tor Works – Step 1
• To create a private network pathway with Tor, Alice’s Tor client first queries a global
directory Dave to discover where on the Internet all the Tor servers are.

24. How Tor Works – Step 2
• Tor Client then incrementally builds a circuit of encrypted connections through Tor
servers on the network.
• The Tor software negotiates a separate set of encryption keys for each hop along the
circuit to ensure that each hop can't trace these connections as they pass through.

25. How Tor Works – Step 3
• No individual server ever knows the complete path to Bob or Jane that a data packet
has taken.

26. Data visible to eavesdroppers when you don't
use Tor or HTTPS
Potentially visible
data includes:
• the site you are
visiting
(SITE.COM)
• your username
and password
(USER/PW)
• the data you are
transmitting
(DATA)
• your true ISP IP
address
(LOCATION)
• whether or not
you are using Tor

27. Data visible to eavesdroppers when you use
HTTPS only
Potentially visible
data includes:
• the site you are
visiting
(SITE.COM)
• your username
and password
(USER/PW)
• the data you are
transmitting
(DATA)
• your true ISP IP
address
(LOCATION)
• whether or not
you are using Tor

28. Data visible to eavesdroppers when you use
Tor only
Potentially visible
data includes:
• the site you are
visiting
(SITE.COM)
• your username
and password
(USER/PW)
• the data you are
transmitting
(DATA)
• your Tor Exit IP
address
(LOCATION)
• whether or not
you are using
Tor

29. Data visible to eavesdroppers when you use
Tor & HTTPS
Potentially visible
data includes:
• the site you are
visiting
(SITE.COM)
• your username
and password
(USER/PW)
• the data you are
transmitting
(DATA)
• your Tor Exit IP
address
(LOCATION)
• whether or not
you are using
Tor

30. “Why” block Tor at the Firewall?
• Not debating what is right or wrong about Internet content filtering
• K-12 E-Rate program subsidized?
• Internet usage must comply with CIPA (Child Internet Protection Act)
• Could risk losing federal subsidized funding for Internet access and transit
• AUP’s (Acceptable Use Policies) are a management control
• Firewall rules are a technical control

31. “How” to block Tor at the Firewall
• Use a Layer-7 Firewall (Palo Alto Networks) or Web Application Proxy to
perform deep packet inspection (DPI) at the application layer of protocols
passing through the firewall and block Tor.
• Use a Tor Blacklist to create Tor blocking ACLs
• Block Tor Exit Nodes
• Refresh your Tor Exit Node Blacklist regularly:
• Query for Tor Exit Nodes:
• https://check.torproject.org/cgi-bin/TorBulkExitList.py

32. Tor Exit Nodes - Global

33. Tor Exit Nodes - USA

34. Tor Hidden Services

35. What are Tor “Hidden Services”?
• Tor makes it possible for users to hide their locations while offering various
kinds of services.
• Tor can provide anonymity to website stores and other server services.
• Rather than revealing a server's IP address (and thus its network location), a
hidden service is accessed through its 16 character “onion address” (.onion)
derived from the services public-key.
• The Tor network understands these .onion addresses and can route data to
and from hidden services, even to those hosted behind firewalls or network
address translators (NAT), while preserving the anonymity of both parties.
• Tor Browser is necessary to access hidden services.
• A good example of a hidden service is “Silk Road” Anonymous Marketplace.
• https://www.torproject.org/docs/hidden-services.html

36. Deep Web

37. What is Deep Web?

38. Silk Road

39. Silk Road Marketplace – Tor Hidden Service

40. Silk Road Marketplace – Tor Hidden Service

41. Silk Road Marketplace – Seized by FBI

42. Silk Road Marketplace – Seized by FBI

43. Tor Demo

44. Bitcoin

45. Bitcoin Introduction

46. Thanks for Attending 
Presentation Slides @ http://bit.ly/QeNrQb

47. Appendix

48. How Tor Works – The Onion Router
• To create a private network pathway with Tor, Alice’s Tor client first queries a
global directory Dave to discover where on the Internet all the Tor servers
are.
• Tor then incrementally builds a circuit of encrypted connections through Tor
servers on the network.
• The circuit is extended one hop at a time, and each server along the way
knows only which server gave it data, and which server it is giving data to.
• No individual server ever knows the complete path to Bob that a data
packet has taken.
• The Tor software negotiates a separate set of encryption keys for each hop
along the circuit to ensure that each hop can't trace these connections as
they pass through.

49. Anonymous Internet Using Tor
1. Start Tor - When you run Tor browser software to access the Internet, all
your data, including your web searches are wrapped in layers of
encryption.
2. Tor Relays - To hide your source and destination IPs, Tor sends your data
through a network of relays (other computers using Tor). Each relay strips
a layer of encryption before passing it on to the next Tor Relay. Tor
changes your relay path frequently. Each Tor relay knows only the IP
address of the relay before and after it, never your true IP address.
3. Final Destination - Tor has more than 4,000 relays. Your encrypted data
passes through three of them. Once the last layer of encryption is
stripped, the Tor exit relay connects you to the website you want to visit.
4. Hidden Services - If the website you want to visit is a hidden service
(.onion address, example Silk Road) then you never exit the Tor Network.
5. Payment - At checkout, you use a digital currency called Bitcoin, which is
exchanged via digital wallets on the buyer's and seller's computers, which
provides anonymous payment services.

50. Anonymous Internet Using Tor
6. Delivery - Sellers ship goods. After you receive the merchandise an
escrow account releases Bitcoin payment to the seller.
7. BUYER --> Encrypted Data --> ISP --> Tor Entry Relay --> Tor Relay --> Tor
Exit Relay --> Website Server --> ISP --> Decrypted Data -- SELLER

51. Tor Example –
Bypassing Internet Censorship of Free Speech

52. Tor Example –
Bypassing Internet Censorship of Free Speech

53. Tor Example –
Bypassing Internet Censorship of Free Speech